Re: Fedora RISC-V port needs to put shared objects into /usr/lib64/lp64d

On Mon, Apr 22, 2024 at 12:07:38PM +0200, Florian Weimer wrote: > * Daniel P. Berrangé: > > > On Fri, Apr 19, 2024 at 02:21:57PM +0200, Florian Weimer wrote: > >> There are multiple PRs and patches floating around that make RISC-V use > >> the /usr/lib64 directory, like other 64-bit ports.

Re: Fedora RISC-V port needs to put shared objects into /usr/lib64/lp64d

On Sun, Apr 21, 2024 at 06:51:02AM +0300, David Abdurachmanov wrote: > On Sun, Apr 21, 2024 at 2:19 AM Kevin Kofler via devel > wrote: > > > > David Abdurachmanov wrote: > > > We currently use a symlink (as Richard) mentioned, but it's not ideal > > > and causes problems (e.g. meson generates

Re: Fedora RISC-V port needs to put shared objects into /usr/lib64/lp64d

On Fri, Apr 19, 2024 at 02:21:57PM +0200, Florian Weimer wrote: > There are multiple PRs and patches floating around that make RISC-V use > the /usr/lib64 directory, like other 64-bit ports. However, RISC-V > recommends to use /usr/lib64/lp64d for the Fedora ABI variant, and > various upstream

Re: clang: error: unsupported argument 'gnu2' to option '-mtls-dialect=' for target 'x86_64-redhat-linux-gnu'

On Mon, Apr 15, 2024 at 06:49:54AM -0700, Tom Stellard wrote: > On 4/15/24 02:55, Richard W.M. Jones wrote: > > > >Anyone got any idea about this build failure? > > > >https://koji.fedoraproject.org/koji/taskinfo?taskID=116395331 > > > >[+] All set and re

Re: Non-responsive maintainer check for aarapov

(Adding Eugene for increased visibility) On Mon, Apr 15, 2024 at 02:38:01PM +0200, Anton Arapov wrote: > Hello Lichen, > > I commented on the issue. Apologies, I didn’t spot it earlier; > https://pagure.io/find-inactive-packagers/issue/1695 > > https://pagure.io/user/esyr Eugene Syromiatnikov,

Re: clang: error: unsupported argument 'gnu2' to option '-mtls-dialect=' for target 'x86_64-redhat-linux-gnu'

On Mon, Apr 15, 2024 at 10:55:34AM +0100, Richard W.M. Jones wrote: > > Anyone got any idea about this build failure? > > https://koji.fedoraproject.org/koji/taskinfo?taskID=116395331 > > [+] All set and ready to build. > clang: warning: -Wl,-z,relro: 'linker' input unused

clang: error: unsupported argument 'gnu2' to option '-mtls-dialect=' for target 'x86_64-redhat-linux-gnu'

Anyone got any idea about this build failure? https://koji.fedoraproject.org/koji/taskinfo?taskID=116395331 [+] All set and ready to build. clang: warning: -Wl,-z,relro: 'linker' input unused [-Wunused-command-line-argument] clang: warning: -Wl,--as-needed: 'linker' input unused

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

On Fri, Apr 12, 2024 at 10:41:43PM +0100, Aoife Moloney wrote: > [https://github.com/keszybz/add-determinism add-determinism] is a Rust > program which, as its name suggests, adds determinism to files that > are given as input by attempting to standardize metadata contained in > binary or source

Re: F41 Change Proposal - Python Built with gcc -03 (self-contained)

On Sat, Apr 13, 2024 at 10:18:03AM +0200, Miro Hrončok wrote: > On 13. 04. 24 10:04, Miro Hrončok wrote: > >On 13. 04. 24 2:33, Kevin Kofler via devel wrote: > >>How much larger is Python at -O3 compared to -O2? And other packages? > > > >That is a good question, will measure. > > -O2 RPM size: >

Re: F41 Change Proposal - Python Built with gcc -03 (self-contained)

On Fri, Apr 12, 2024 at 07:08:36PM -0500, Neal Gompa wrote: > I would like for us to consider evaluating a global change to -O3. I > am not convinced that there's a good reason anymore to remain at -O2. FYI here are the optimizations added by gcc -O3 (over -O2), from

Re: Three steps we could take to make supply chain attacks a bit harder

On Fri, Apr 12, 2024 at 04:50:13PM -0500, Chris Adams wrote: > Once upon a time, Richard W.M. Jones said: > > So the problem with github is they don't allow you to have 2FA on a > > backup device (or rather, it *is* possible, but the process is > > ludicrous[1]). If you have

Re: Three steps we could take to make supply chain attacks a bit harder

On Fri, Apr 12, 2024 at 09:47:04AM -0700, Adam Williamson wrote: > On Thu, 2024-04-11 at 19:52 -0700, Carlos Rodriguez-Fernandez wrote: > > I was hesitant to have MFA for a while. Imagine losing a phone with tons > > of tokens. What a hassle to recover from that. I found it less than > > ideal

Re: "fedpkg local" builds fail for rust packages

On Fri, Apr 05, 2024 at 03:33:35PM +0200, Fabio Valentini wrote: > On Fri, Apr 5, 2024 at 9:51 AM Michael J Gruber > wrote: > > > > So you're saying that those packages are in the repos for everyone but > > not meant to be installed by anyone (besides mock chroots), and that is > > how and why

Re: convert everything to rpmautospec?

On Mon, Apr 08, 2024 at 12:22:35AM +0200, Kevin Kofler via devel wrote: > Emmanuel Seyman wrote: > > I've noticed a trend in proposed changes in the way Fedora works. > > I am fed up of this salami tactic as well. When we complain about the new > stuff, we invariably get told "don't worry, you

Re: Switching XZ for ZSTD?

On Thu, Apr 04, 2024 at 02:40:08PM +, Arnie T via devel wrote: > Hello Rich, > > > There's also the issue that liblzma is widely used and offers specific > > features which zstd does not[1]. > > > > [1] https://github.com/facebook/zstd/issues/395#issuecomment-535875379 > > Is that about

Re: Switching XZ for ZSTD?

On Thu, Apr 04, 2024 at 01:45:45PM -, Daniel Alley wrote: > As long as there are existing xz-compressed files in the wild, > Fedora will need to support consuming them - as long as there is > software that expects xz compression, Fedora will need to support > creating them. It's not going to

Re: Three steps we could take to make supply chain attacks a bit harder

On Tue, Apr 02, 2024 at 08:59:32PM +0200, Kevin Kofler via devel wrote: > Matthew Miller wrote: > > I sometimes see unit test failures. The developer ran the tests, but not > > on S390. > > Why would I want a test failure on such an exotic architecture to fail my > build? The architecture is

Re: Three steps we could take to make supply chain attacks a bit harder

On Tue, Apr 02, 2024 at 12:45:18AM -0700, Gordon Messmer wrote: > On 2024-04-01 23:59, Gordon Messmer wrote: > >Now gdb can print the GOT with the paths providing the memory > >section containing a function.  For example, on a Debian 12 system > >with liblzma 5.6: > > > Purely as trivia, and as

Re: Three steps we could take to make supply chain attacks a bit harder

On Tue, Apr 02, 2024 at 05:09:18PM +0200, Kilian Hanich via devel wrote: > Am 02.04.24 um 10:22 schrieb Florian Weimer: > >> - Can some wrappers be developed to make it both easier and safer? > >GCC already provides function multi-versioning/target clones as a > >higher-level interface. > > >

Re: Three steps we could take to make supply chain attacks a bit harder

On Tue, Apr 02, 2024 at 10:59:10AM +0200, Florian Weimer wrote: > * Richard W. M. Jones: > > In the xz case this wouldn't have been enough, it turns out we would > > also have to delete m4/build-to-host.m4, which then autoreconf > > regenerates. I don't fully understand why that is. > > I would

Re: Three steps we could take to make supply chain attacks a bit harder

On Tue, Apr 02, 2024 at 07:40:33AM +0200, Andreas Schneider wrote: > On Saturday, 30 March 2024 10:37:44 CEST Richard W.M. Jones wrote: > > These are just my thoughts on a Saturday morning. Feedback welcome of > > course. > > I find the use of the ifunc attribute is really u

Re: Three steps we could take to make supply chain attacks a bit harder

On Sun, Mar 31, 2024 at 09:39:43AM -0700, Kevin Fenzi wrote: > On Sun, Mar 31, 2024 at 09:12:30AM -0700, Adam Williamson wrote: > > Thanks Arthur, yes, that was *exactly* the point. > > > > I would argue there's a danger of getting too tied up in very specific > > technical details of this

Re: Three steps we could take to make supply chain attacks a bit harder

On Sat, Mar 30, 2024 at 11:53:07AM -0400, Neal Gompa wrote: > On Sat, Mar 30, 2024 at 11:36 AM Zbigniew Jędrzejewski-Szmek > wrote: > > > > On Sat, Mar 30, 2024 at 10:02:42AM -0500, Michael Catanzaro wrote: > > > On Sat, Mar 30 2024 at 02:55:21 PM +00:00:00, Zbigniew Jędrzejewski-Szmek > > >

Re: Three steps we could take to make supply chain attacks a bit harder

On Sat, Mar 30, 2024 at 02:44:32PM +, Zbigniew Jędrzejewski-Szmek wrote: > On Sat, Mar 30, 2024 at 08:23:48AM -0400, Neal Gompa wrote: > > On Sat, Mar 30, 2024 at 8:07 AM Kevin Kofler via devel > > wrote: > > > > (At which point I'd suggest it's probably faster to convert it all to > > > >

Re: Three steps we could take to make supply chain attacks a bit harder

On Sat, Mar 30, 2024 at 08:22:06PM +0900, Dominique Martinet wrote: > > the initial injection (original: > > https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=m4/build-to-host.m4;h=f928e9ab403b3633e3d1d974abcf478e65d4b0aa;hb=HEAD). > > (Honestly I did compare the backdoored script and

Three steps we could take to make supply chain attacks a bit harder

I'm not pretending these will solve everything, but they should make attacks a little harder in future. (1) We should routinely delete autoconf-generated cruft from upstream projects and regenerate it in %prep. It is easier to study the real source rather than dig through the convoluted,

Re: xz backdoor

On Fri, Mar 29, 2024 at 07:25:56PM -0500, Chris Adams wrote: > Once upon a time, Richard W.M. Jones said: > > (1) We built 5.6.0 for Fedora 40 & 41. Jia Tan was very insistent in > > emails that we should update. > > So this wasn't just a "hey, new upst

Re: xz backdoor

On Fri, Mar 29, 2024 at 04:46:54PM -0500, Michael Catanzaro wrote: > On Fri, Mar 29 2024 at 04:10:53 PM -05:00:00, Michael Catanzaro > wrote: > >OK, I am going to ask Product Security to edit their blog post to > >remove the incorrect information. I will CC you on that request. > > Or maybe I

Re: xz backdoor

On Fri, Mar 29, 2024 at 07:44:12PM +0100, Mikel Olasagasti wrote: > Hi, > > I'm seeing weird things. > > For whatever reason Source for xz was changed 2 months ago[1] to use > GH releases instead of tukaani.org site. > > The XZ page[2] has a note stating: > > "Note: GitHub automatically

Re: xz backdoor

On Fri, Mar 29, 2024 at 03:01:34PM -0500, Michael Catanzaro wrote: > On Fri, Mar 29 2024 at 07:56:49 PM +00:00:00, Richard W.M. Jones > wrote: > >secalert are already well aware and have approved the update. Kevin > >Fenzi, myself and others were working on it late last night

Re: xz backdoor

ple of machines from scratch and have regenerated my SSH keys. Rich. > Chris > > On 29/03/2024 19.37, Barry wrote: > >Has this shipped on f40 beta? > > > >Barry > > > >>On 29 Mar 2024, at 18:08, Richard W.M. Jones wrote: > >> > >> > &g

Re: xz backdoor

On Fri, Mar 29, 2024 at 02:40:48PM -0500, Michael Catanzaro wrote: > On Fri, Mar 29 2024 at 06:46:59 PM +00:00:00, Christopher Klooz > wrote: > >Yes, F40 beta is affected, along with rawhide, but not F38/F39. > > Unless I'm misunderstanding something, it looks xz-5.6.0-1.fc40 and > 5.6.0-2.fc40

Re: xz backdoor

On Fri, Mar 29, 2024 at 07:00:37PM +0100, Kevin Kofler via devel wrote: > Hi, > > wow: https://www.openwall.com/lists/oss-security/2024/ > > I think at this point we clearly cannot trust xz upstream anymore and should > probably fork the project. I kind of agree here, though it saddens me to

Re: Redis will no longer be OSS... now what?

On Wed, Mar 20, 2024 at 06:19:28PM -0400, Neal Gompa wrote: > Hey everyone, > > It looks like Redis, Inc. has announced that future versions of Redis > are no longer OSS and will be dual-licensed SSPL and RSAL[1]. Absent a > fork of Redis coming up, we will likely need to remove Redis from >

Re: Look for help: how to package Rust project

On Thu, Mar 21, 2024 at 11:04:13AM +0800, Ming Lei wrote: > Hello Richard and Guys, > > I plan to package rublk to Fedora, and it is one Rust project. Hi, I'm on holiday at the moment, but please do look at how we packaged libblkio in Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2124697

Re: Why can't I add karlowich as co-maintainer of this package?

On Mon, Mar 18, 2024 at 01:55:14PM +0100, Fabio Valentini wrote: > On Mon, Mar 18, 2024 at 1:51 PM Richard W.M. Jones wrote: > > > > On Mon, Mar 18, 2024 at 10:14:38AM +0000, Richard W.M. Jones wrote: > > > On Mon, Mar 18, 2024 at 10:05:42AM +, Daniel P. Berrangé wrote

Re: Why can't I add karlowich as co-maintainer of this package?

On Mon, Mar 18, 2024 at 10:14:38AM +, Richard W.M. Jones wrote: > On Mon, Mar 18, 2024 at 10:05:42AM +, Daniel P. Berrangé wrote: > > On Mon, Mar 18, 2024 at 09:57:58AM +, Richard W.M. Jones wrote: > > > > > > https://src.fedoraproject.org/rpms/xnvme/adduse

Re: Why can't I add karlowich as co-maintainer of this package?

On Mon, Mar 18, 2024 at 10:05:42AM +, Daniel P. Berrangé wrote: > On Mon, Mar 18, 2024 at 09:57:58AM +0000, Richard W.M. Jones wrote: > > > > https://src.fedoraproject.org/rpms/xnvme/adduser > > > > I try to add karlowich (https://accounts.fedoraproject.org/user/k

Why can't I add karlowich as co-maintainer of this package?

https://src.fedoraproject.org/rpms/xnvme/adduser I try to add karlowich (https://accounts.fedoraproject.org/user/karlowich/) but his name doesn't appear in the username field even though he's in the packager group. Why? Rich. -- Richard Jones, Virtualization Group, Red Hat

Re: Possible memory corruption in xz / liblzma in Fedora 40 & 41

An update ... This is fixed in xz 5.6.1. I tested the fix and it works for me. https://github.com/tukaani-project/xz/commit/82ecc53819 Rather than mess with Fedora 40 again, I did a build in Rawhide only: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7e9c14633a I guess if this goes well

So you can't just copy 'sources' from one package to another?

For mingw-* packages we (sometimes) have a separate package from the native package, eg. libgcrypt vs mingw-libgcrypt. Therefore two different packages are sometimes built with the exact same sources. However I discovered copying 'sources' (ie the file) from libgcrypt dist-git to mingw-libgcrypt

Re: reprodubible builds (re)introduction

On Thu, Mar 07, 2024 at 12:39:37PM +, Zbigniew Jędrzejewski-Szmek wrote: > Hi, > > The effort to make package builds in Fedora reproducible has picked > up steam again. We now have a new website: > https://docs.fedoraproject.org/en-US/reproducible-builds I read this page but it doesn't cover

Re: Possible intermittent lost mail from Pagure

On Thu, Mar 07, 2024 at 09:30:02AM -0800, Kevin Fenzi wrote: > On Wed, Mar 06, 2024 at 11:44:51AM +0000, Richard W.M. Jones wrote: > > I can't quite point to proper evidence, but I have a feeling that > > email notifications are being lost from Pagure. > > I'm guessin

Possible intermittent lost mail from Pagure

I can't quite point to proper evidence, but I have a feeling that email notifications are being lost from Pagure. One case where I'm about 90% sure this happened was with: https://src.fedoraproject.org/rpms/ogre/pull-request/3 where I did not receive the "cc @rjones" email. I don't think it

Re: Possible memory corruption in xz / liblzma in Fedora 40 & 41

On Mon, Mar 04, 2024 at 01:46:13PM +, Richard W.M. Jones wrote: > We updated xz to new version 5.6.0 last week. It was supposed to be a > safe change so we backported it to F40 at the request of the xz > author. But there's been a report of possible memory corruption: &

Possible memory corruption in xz / liblzma in Fedora 40 & 41

We updated xz to new version 5.6.0 last week. It was supposed to be a safe change so we backported it to F40 at the request of the xz author. But there's been a report of possible memory corruption: https://bugzilla.redhat.com/show_bug.cgi?id=2267598 I've not been able to reproduce this

Re: libxslxwriter (misspelled package) in zombie state

On Sun, Mar 03, 2024 at 10:55:54AM +0100, Miro Hrončok wrote: > On 02. 03. 24 23:28, Richard W.M. Jones wrote: > >On Sat, Mar 02, 2024 at 10:16:02PM +0100, Miro Hrončok wrote: > >>On 02. 03. 24 11:31, Richard W.M. Jones wrote: > >>>On Fri, Mar 01, 2024 at 10:00

Re: libxslxwriter (misspelled package) in zombie state

On Sat, Mar 02, 2024 at 10:16:02PM +0100, Miro Hrončok wrote: > On 02. 03. 24 11:31, Richard W.M. Jones wrote: > >On Fri, Mar 01, 2024 at 10:00:20AM -0800, Kevin Fenzi wrote: > >>On Fri, Mar 01, 2024 at 11:49:06AM +0000, Richard W.M. Jones wrote: > >>> > >>&

Re: libxslxwriter (misspelled package) in zombie state

On Fri, Mar 01, 2024 at 10:00:20AM -0800, Kevin Fenzi wrote: > On Fri, Mar 01, 2024 at 11:49:06AM +0000, Richard W.M. Jones wrote: > > > > We were discussing this on IRC, so just to bring the topic up on the > > mailing list ... > > > > (1) Package libxs

libxslxwriter (misspelled package) in zombie state

We were discussing this on IRC, so just to bring the topic up on the mailing list ... (1) Package libxslxwriter (note: "xslx") with only automated activity and no builds: https://src.fedoraproject.org/rpms/libxslxwriter/commits/rawhide

Re: dmesg restricted to root in Rawhide

On Wed, Feb 28, 2024 at 11:24:41AM +0100, Karel Zak wrote: > On Tue, Feb 27, 2024 at 08:15:49PM +0000, Richard W.M. Jones wrote: > > > > https://gitlab.com/cki-project/kernel-ark/-/commit/ed5ba266c61e01a52359b5793a627e7c9aae8854 > > > > Why wasn't this a Fedora cha

dmesg restricted to root in Rawhide

https://gitlab.com/cki-project/kernel-ark/-/commit/ed5ba266c61e01a52359b5793a627e7c9aae8854 Why wasn't this a Fedora change proposal? Also the justification given for such a major change is very thin. I'm sure product security can give us some more details of precisely what exploits will be

Re: rpmbuild problem with rust code

On Mon, Feb 26, 2024 at 04:25:02PM -0500, Steve Grubb wrote: > Hello, > > I've run across a strange problem building a package that has some rust files > in it. The build goes fine until the end when it starts to check for > shebangs. > It ends like this: > >

Some mozjs102.spec weirdness

There's a couple things about this spec file which are quite strange. Firstly the %autosetup directory parameter is not the top level directory: %prep %autosetup -n firefox-%{version}/js/src -N (https://src.fedoraproject.org/rpms/mozjs102/blob/rawhide/f/mozjs102.spec#_108) This means if

Re: Login issues to lists.* and src.*? Any outages?

On Thu, Feb 22, 2024 at 04:26:26PM -0800, Kevin Fenzi wrote: > On Thu, Feb 22, 2024 at 04:46:23PM -0500, Christopher wrote: > > On Thu, Feb 22, 2024 at 4:01 PM Gary Buhrmaster > > wrote: > > > > > > On Thu, Feb 22, 2024 at 8:20 PM Christopher > > > wrote: > > > > > > > > Are there any known

Re: Add risc-v to fedoraproject website?

On Wed, Feb 21, 2024 at 10:41:22PM +, Richard W.M. Jones wrote: > On Wed, Feb 21, 2024 at 08:38:20PM -, Ryan Bach via devel wrote: > > Ubuntu already has a sever risc-v iso. Thoughts? > > It's planned ... Join us on #fedora-riscv. I should say if you just want a disk

Re: Add risc-v to fedoraproject website?

On Wed, Feb 21, 2024 at 08:38:20PM -, Ryan Bach via devel wrote: > Ubuntu already has a sever risc-v iso. Thoughts? It's planned ... Join us on #fedora-riscv. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization

%global __pytest_addopts or export PYTEST_ADDOPTS?

For %{pytest} in Fedora there seem to be two possible ways to add options eg for skipping tests, both working. Either: %global __pytest_addopts --options ... (see attachment for example) Or: export PYTEST_ADDOPTS="--options ..." (example:

Re: temp symlink while building spec file?

On Fri, Feb 16, 2024 at 12:22:45PM -0600, Ron Olson wrote: > Hi all- > > Since Apple released Swift 5.9 it requires a previous version of Swift to > build; it seems it can’t be built from scratch anymore just using the source. > To make it more complicated, during compiling it’s expected that

Re: Modern C failures in Haskell stack

On Thu, Feb 15, 2024 at 12:57:21PM +0100, Florian Weimer wrote: > For the first issue, please try this GHC patch (only compile-tested with > the stage 0 compiler build this point): > > diff --git a/compiler/GHC/HsToCore/Foreign/C.hs > b/compiler/GHC/HsToCore/Foreign/C.hs > index

Re: Modern C failures in Haskell stack

I did a more thorough review of all the failed ghc-* packages by submitting scratch builds for every one of them (starting from this list: https://kojipkgs.fedoraproject.org/mass-rebuild/f40-failures.html). It turns out that there is only one "class" of modern C failure, of this form:

Re: Modern C failures in Haskell stack

On Thu, Feb 15, 2024 at 12:24:22PM +0100, Jakub Jelinek wrote: > On Thu, Feb 15, 2024 at 11:13:08AM +0000, Richard W.M. Jones wrote: > > We noticed that some ghc-* packages FTBFS with Modern C failures eg > > these two picked at random: > > > > https://koji.fedo

Modern C failures in Haskell stack

We noticed that some ghc-* packages FTBFS with Modern C failures eg these two picked at random: https://koji.fedoraproject.org/koji/taskinfo?taskID=113534568 https://koji.fedoraproject.org/koji/taskinfo?taskID=113534602 I think what's happening here is that ghc is generating C FFI code which

Re: Question about conditional BuildRequires lines

On Wed, Feb 14, 2024 at 03:21:38PM +, Tom Hughes wrote: > On 14/02/2024 14:54, Richard W.M. Jones wrote: > > >https://src.fedoraproject.org/rpms/rapidjson/pull-request/7 > > > >I don't think what Tom is saying there is correct, or is it? > > The answer is th

Question about conditional BuildRequires lines

https://src.fedoraproject.org/rpms/rapidjson/pull-request/7 I don't think what Tom is saying there is correct, or is it? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder

Re: A note about riscv64 changes

On Wed, Feb 14, 2024 at 10:27:53AM +, Peter Robinson wrote: > Hi Richard, > > > A quick note that you may be seeing pull requests for riscv64 changes > > against your packages, like these examples: > > > > https://src.fedoraproject.org/rpms/ghc/pull-request/7 > >

A note about riscv64 changes

A quick note that you may be seeing pull requests for riscv64 changes against your packages, like these examples: https://src.fedoraproject.org/rpms/ghc/pull-request/7 https://src.fedoraproject.org/rpms/zlib-ng/pull-request/11 https://src.fedoraproject.org/rpms/gdal/pull-request/21 For many

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

Re: pandoc, we managed to build it on RISC-V thanks to the changes you merged in ghc: $ uname -a Linux vf2.home.annexia.org 5.15.0-starfive #1 SMP Sun Jun 11 07:48:39 UTC 2023 riscv64 GNU/Linux $ rpm -q pandoc pandoc-3.1.3-27.fc41.riscv64 $ pandoc --version pandoc 3.1.3 Features:

Re: FYI: AFL++ now builds a GCC plugin

On Tue, Feb 06, 2024 at 01:46:28PM +0100, Florian Weimer wrote: > * Richard W. M. Jones: > > > https://koji.fedoraproject.org/koji/taskinfo?taskID=113035034 > > https://bugzilla.redhat.com/show_bug.cgi?id=2262539 > > > > The new AFL++ (American Fuzzy Lop, a fuzzing tool) in Rawhide appears >

Re: FYI: AFL++ now builds a GCC plugin

On Tue, Feb 06, 2024 at 01:23:48PM +0100, Jakub Jelinek wrote: > On Tue, Feb 06, 2024 at 11:54:23AM +0000, Richard W.M. Jones wrote: > > https://koji.fedoraproject.org/koji/taskinfo?taskID=113035034 > > https://bugzilla.redhat.com/show_bug.cgi?id=2262539 > > > > Th

FYI: AFL++ now builds a GCC plugin

https://koji.fedoraproject.org/koji/taskinfo?taskID=113035034 https://bugzilla.redhat.com/show_bug.cgi?id=2262539 The new AFL++ (American Fuzzy Lop, a fuzzing tool) in Rawhide appears to be building a GCC plugin, contained in one or all of these newly added files: %global afl_helper_path

Re: "noarch sysroot subpackages" commit breaks glibc compile on riscv64

On Thu, Feb 01, 2024 at 02:24:10PM +0100, Florian Weimer wrote: > * David Abdurachmanov: > > > Hi Florian, > > > > I was trying to build the latest glibc [0] in Fedora 40 for riscv64, > > but it failed. It seems to be related to your last commit. > > > > [..] > > + ln -s libBrokenLocale.so.1

Re: "noarch sysroot subpackages" commit breaks glibc compile on riscv64

[Adding Fedora devel] On Thu, Feb 01, 2024 at 02:29:41PM +0200, David Abdurachmanov wrote: > Hi Florian, > > I was trying to build the latest glibc [0] in Fedora 40 for riscv64, > but it failed. It seems to be related to your last commit. > > [..] > + ln -s libBrokenLocale.so.1

Re: just to let you know FESCo agreed to a preliminary injunction while we consider this issue

On Tue, Jan 30, 2024 at 08:38:51AM -0500, Stephen Gallagher wrote: > 3) Fedora has a long-standing and well-communicated stance that we are > a Wayland distribution first and foremost and that X11 support is > intended as a migration-support tool rather than a first-class > citizen. Does it?

Re: just to let you know FESCo agreed to a preliminary injunction while we consider this issue

On Tue, Jan 30, 2024 at 12:47:44PM +, Sérgio Basto wrote: > Link to the FESCo ticket: https://pagure.io/fesco/issue/3165 > > and I'm very upset  Assume best intent first of all. An injunction is a temporary thing to allow some space for a decision to be made. (I added my personal opinion

Orphaned: ocaml-newt

This package contains OCaml bindings for newt, which is a kind of terminal-based windowing system (I think originally used in Anaconda back in the day). It doesn't build after the GCC 14 changes: https://koji.fedoraproject.org/koji/buildinfo?buildID=2377565 It's also obsolete (as is newt) and

Re: [rawhide] libavif soname bump

On Thu, Jan 25, 2024 at 11:14:04AM +0100, Frantisek Zatloukal wrote: > In about a week (after mass rebuild before branching), I'll start > with bumping libavif in rawhide from 0.11.x to 1.0.3 > ( https://src.fedoraproject.org/rpms/ libavif/pull-request/2 , > soname bump from 15 to 16). I'm

Re: Announcement: Retiring zlib and minizip-compat from Rawhide

On Wed, Jan 24, 2024 at 11:14:06AM -0300, Tulio Magno Quites Machado Filho wrote: > The zlib-ng-compat and minizip-ng-compat packages have been in Rawhide for > more than a month. > Considering things have been working well, we believe it's time to retire the > zlib and minizip-compat packages. >

Re: Another mass rebuild blocker: glibc qsort regression

On Tue, Jan 23, 2024 at 01:50:30PM +0100, Florian Weimer wrote: > There's a regression in qsort that needs to be fixed before the mass > rebuild can be restarted: > > > > I'm going to work on this with priority. > > Posting this here

Re: side-tag with GCC 14.0.1 snapshot for Fedora 40

On Mon, Jan 15, 2024 at 10:37:10PM +0100, Jakub Jelinek wrote: > On Mon, Jan 15, 2024 at 09:33:34PM +0000, Richard W.M. Jones wrote: > > On Mon, Jan 15, 2024 at 02:01:06PM +0100, Jakub Jelinek wrote: > > > Hi! > > > > > > The f40-build-side-81394 side-tag cont

Re: side-tag with GCC 14.0.1 snapshot for Fedora 40

On Mon, Jan 15, 2024 at 02:01:06PM +0100, Jakub Jelinek wrote: > Hi! > > The f40-build-side-81394 side-tag contains new > gcc, annobin, libtool and redhat-rpm-config for f40, meant to be > tagged into rawhide shortly before the mass rebuild. > > If there is anything you'd like to rebuild against

Re: libguestfs build failure (on riscv64, but seems general)

libguestfs-1.52.0-4.fc40 uses curl instead of wget{,2}: https://koji.fedoraproject.org/koji/taskinfo?taskID=111777873 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder

libguestfs build failure (on riscv64, but seems general)

David, Thanks for notifying me about this build failure that happened while I was on holiday last week: http://fedora.riscv.rocks/koji/getfile?taskID=1594179=DEFAULT=root.log http://fedora.riscv.rocks/koji/getfile?taskID=1594179=DEFAULT=build.log I copied the relevant part from root.log &

RISC-V ABI issue with ULEB128

I'm not sure exactly the effect on RISC-V binaries, but I wanted to raise it here to get the attention of the Fedora toolchain team ... Here's the bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31179 RISC-V: The SET/ADD/SUB fix breaks ABI compatibility with 2.41 objects It refers to this

Re: Update on the Modern C initiative

On Thu, Dec 21, 2023 at 01:59:59PM +0100, Florian Weimer wrote: > Based on my records, all issues that can lead to silent miscompilation > because of altered configure probes (autoconf/CMake and a few others) > have been addressed, or there are at least Bugzilla bugs filed for them. > There could

Re: F40 Change Proposal: F40 Change Proposal: Unify /usr/bin and /usr/sbin (System-Wide)

On Thu, Dec 21, 2023 at 06:58:37PM +0100, Florian Weimer wrote: > * Aoife Moloney: > > > == Detailed Description == > > The split between `/bin` and `/sbin` is not useful, and also unused. > > Programs in /usr/bin have their documentation in section 1 of the > manual, while programs /usr/sbin

Re: OCaml 5.1.1 rebuild in Rawhide

On Mon, Dec 18, 2023 at 10:50:11AM +, Richard W.M. Jones wrote: > On Mon, Dec 18, 2023 at 10:48:18AM +0000, Richard W.M. Jones wrote: > > On Thu, Dec 14, 2023 at 11:46:58AM +, Richard W.M. Jones wrote: > > > These are done now, bar waiting for a couple of

Re: Orphaned packages looking for new maintainers

On Mon, Dec 18, 2023 at 11:20:22AM +0100, Miro Hrončok wrote: > virtmeorphan 4 weeks ago I have no special knowledge of this package, but I did read the article below a few weeks ago about virtme-ng. In particular virtme-ng uses virtiofs

Re: OCaml 5.1.1 rebuild in Rawhide

On Mon, Dec 18, 2023 at 10:48:18AM +, Richard W.M. Jones wrote: > On Thu, Dec 14, 2023 at 11:46:58AM +0000, Richard W.M. Jones wrote: > > These are done now, bar waiting for a couple of builds to complete. > > ... or so we thought. > > It turns out that Jerry Ja

Re: OCaml 5.1.1 rebuild in Rawhide

On Thu, Dec 14, 2023 at 11:46:58AM +, Richard W.M. Jones wrote: > These are done now, bar waiting for a couple of builds to complete. ... or so we thought. It turns out that Jerry James identified a code generation bug on s390x: https://github.com/ocaml/ocaml/issues/12829 which is fi

Re: How to clone subpackages during koji build stage

On Wed, Dec 13, 2023 at 01:50:44PM -0300, Julio Faracco wrote: > Thanks Fabio! > > I presume the CMakeLists.txt of the project I'm working on needs some rebase. > But first, I would like to see what is recommended before taking any action. The recommended action is what Fabio said. What's the

Re: OCaml 5.1.1 rebuild in Rawhide

On Wed, Dec 13, 2023 at 10:18:03AM +, Richard W.M. Jones wrote: > On Mon, Dec 11, 2023 at 10:28:29PM +0000, Richard W.M. Jones wrote: > > > > .. is under way: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=2239227 > > > > Shouldn't tak

Re: OCaml 5.1.1 rebuild in Rawhide

On Mon, Dec 11, 2023 at 10:28:29PM +, Richard W.M. Jones wrote: > > .. is under way: > > https://bugzilla.redhat.com/show_bug.cgi?id=2239227 > > Shouldn't take more than a day or two, with any luck! > > In terms of the new version, nothing much to see here. T

OCaml 5.1.1 rebuild in Rawhide

.. is under way: https://bugzilla.redhat.com/show_bug.cgi?id=2239227 Shouldn't take more than a day or two, with any luck! In terms of the new version, nothing much to see here. There a three important regressions that are fixed, and one breaking change that is unlikely to be noticed:

Re: goal: booting with an empty /etc

On Sat, Dec 09, 2023 at 08:03:48AM +, Zbigniew Jędrzejewski-Szmek wrote: > I'm not entirely sure if you're just doing Friday trolling or if > you're serious. I'll reply for real, apologies if this was meant as > a joke. DJ has been hacking on free software since I was still at school, so no,

Re: Proven to be sickened

On Tue, Dec 05, 2023 at 10:35:35AM +, Daniel P. Berrangé wrote: > On Tue, Dec 05, 2023 at 11:18:57AM +0100, Vít Ondruch wrote: > > [snip] > > > Granted, these are dissimilar to initial Michaels's issue. But how can I be > > sure that if I touch some of the packages, I won't be told that they

Re: Update on the Modern C initiative

On Mon, Dec 04, 2023 at 02:28:03PM +0100, Florian Weimer wrote: > * Richard W. M. Jones: > > > On Sat, Dec 02, 2023 at 09:15:28PM +0000, Richard W.M. Jones wrote: > >> On Thu, Nov 30, 2023 at 06:09:55PM +0100, Florian Weimer wrote: > >> > nbdkit

Re: Update on the Modern C initiative

On Sat, Dec 02, 2023 at 09:15:28PM +, Richard W.M. Jones wrote: > On Thu, Nov 30, 2023 at 06:09:55PM +0100, Florian Weimer wrote: > > nbdkit rjones > > Can you help me to understand the build error in this log? > > https://gitlab.com/fweimer-rh/fedora-mo

Re: Update on the Modern C initiative

On Thu, Nov 30, 2023 at 06:09:55PM +0100, Florian Weimer wrote: > nbdkit rjones Can you help me to understand the build error in this log? https://gitlab.com/fweimer-rh/fedora-modernc-logs/-/raw/main/logs/n/nbdkit.log?ref_type=heads I'm not exactly sure what / where the error is

Re: Update on the Modern C initiative

On Thu, Nov 30, 2023 at 06:09:55PM +0100, Florian Weimer wrote: > * Integrate a backport of the GCC 14 changes into the rawhide GCC 13 > version (rawhide only, not Fedora 39 or 38). This will allow us > to isolate these issues from GCC 14 issues that typically occur > during the upcoming

  1   2   3   4   5   6   7   8   9   10   >