Re: Orphaned packages looking for new maintainers
Now that this is solved, we do have Electrum for f39 and rawhide. But unfortunately, without updating protobuf, newer versions won't be possible. I tried just patching the version check to relax it to protobuf 3.19 and it won't work. Also note that in 4.4.x, it doesn't say 3.12 in requirements.txt anymore, but 3.20. -- Jonathan Am 07.09.23 um 13:58 schrieb Ben Beasley: It looks like the Electrum build is currently blocked not by protobuf, but by the failure of python-qdarkstyle to rebuild for Python 3.12[1][2]. That dependency is also currently orphaned. Grepping through the Electrum source, I see: Electrum-4.3.4/contrib/requirements/requirements.txt 2:protobuf>=3.12,<4 Electrum-4.3.4/contrib/requirements/requirements-hw.txt 32:protobuf>=3.12,<4 Electrum-4.3.4/contrib/deterministic-build/requirements-hw.txt 175:protobuf==3.20.3 \ Electrum-4.3.4/contrib/deterministic-build/requirements.txt 31:protobuf==3.20.3 \ Based on that, it looks like the minimum protobuf version should actually be 3.12 (we have 3.19), not 3.20; the latter should only be the preferred version for deterministic builds. So I suspect everything will be fine if you can get python-qdarkstyle fixed. [1] https://bugzilla.redhat.com/show_bug.cgi?id=2225768#c6 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2220472 On 9/7/23 05:52, Jonathan Schleifer wrote: Unfortunately, it is worse than this: Electrum FTI in F39. A newer Electrum version would fix that, but F39 still has no new enough protobuf. Is there any other solution here than saying packaging Electrum for Fedora 39 is just not possible and remove the package in F39, then reintroduce it in F40 (that is, if F40 finally gets a newer protobuf)? ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Review swap: objfw
Hi! Would someone be willing to review swap https://bugzilla.redhat.com/show_bug.cgi?id=2235768 with me? Thanks! -- Jonathan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Orphaned packages looking for new maintainers
Unfortunately, it is worse than this: Electrum FTI in F39. A newer Electrum version would fix that, but F39 still has no new enough protobuf. Is there any other solution here than saying packaging Electrum for Fedora 39 is just not possible and remove the package in F39, then reintroduce it in F40 (that is, if F40 finally gets a newer protobuf)? -- Jonathan Am 05.09.23 um 04:13 schrieb Ben Beasley: Interested parties have been grappling with the problem of getting protobuf updated to v4 (22.x, 23.x, etc.), but the number of impacted packages is tremendous and there are not enough people with time to work on it, so progress has been slow. The following PR represents the state of that work[1]. Note that I’m not a co-maintainer of protobuf, but I’ve been collaborating on it because it is an important dependency for grpc, and I can’t update grpc any more (including for security fixes) until we have protobuf v4. There was some sentiment that we should focus on working toward the protobuf v4 transition rather than on updating to newer 3.x branches during the F39 development cycle. However, I’m not sure if everyone really understood the full scope of that transition. At this point, and given the amount of work remaining to make protobuf v4 possible, it’s probably a good idea for protobuf to be updated to a current v3 release, ideally 3.24.2. Given the number of potentially impacted packages, and the huge list of packages that need to be rebuilt (minor version updates break ABI), it’s probably too late to land that in F39, but it should be possible for F40, and it would be a good hedge against the possibility that the v4 work drags on for another release cycle (or more?!). Input is welcome. Even more welcome is assistance working through unresolved protobuf v4 incompatibilities in dependent packages. [1] https://src.fedoraproject.org/rpms/protobuf/pull-request/25 On Mon, Sep 4, 2023, at 2:39 PM, Jonathan Schleifer wrote: Am 04.09.23 um 17:10 schrieb Miro Hrončok: electrum js, orphan 0 weeks ago Electrum isn't orphaned, but cannot be updated because protobuf is not being updated. Newer versions require at least protobuf 3.20. I contacted the protobuf maintainer on 2023-06-04 and never got a reply. -- Jonathan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Orphaned packages looking for new maintainers
Am 04.09.23 um 17:10 schrieb Miro Hrončok: electrum js, orphan 0 weeks ago Electrum isn't orphaned, but cannot be updated because protobuf is not being updated. Newer versions require at least protobuf 3.20. I contacted the protobuf maintainer on 2023-06-04 and never got a reply. -- Jonathan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Has anyone seen hno?
Has anyone seen or knows how to contact hno? hno maintains electrum and is unresponsive on bugs, PRs and direct e-mails. He seems to be unresponsive for other packages as well: https://bugzilla.redhat.com/buglist.cgi?bug_status=__open__=henrik%40henriknordstrom.net_to1=1=substring_id=12528739_format=advanced Bug as per policy: https://bugzilla.redhat.com/show_bug.cgi?id=2070893 -- Jonathan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Chromium security bugs remain unfixed for > 1 month
Hi! It looks like Chromium on Fedora is not receiving timely updates. It hasn't been updated in over a month and there were many bugs fixed upstream. At the very least, Chromium on Fedora is vulnerable to the following: CVE-2022-0452: Use after free in Safe Browsing. CVE-2022-0453: Use after free in Reader Mode. CVE-2022-0454: Heap buffer overflow in ANGLE. CVE-2022-0455: Inappropriate implementation in Full Screen Mode. CVE-2022-0456: Use after free in Web Search. CVE-2022-0457: Type Confusion in V8. CVE-2022-0458: Use after free in Thumbnail Tab Strip. CVE-2022-0459 Use after free in Screen Capture. CVE-2022-0603: Use after free in File Manager. CVE-2022-0604: Heap buffer overflow in Tab Groups. CVE-2022-0605: Use after free in Webstore API. CVE-2022-0606: Use after free in ANGLE. CVE-2022-0607: Use after free in GPU. CVE-2022-0608: Integer overflow in Mojo. CVE-2022-0609: Use after free in Animation. Google reports these as being actively exploited in the wild, which means: ** If you use Chromium on Fedora, stop using it NOW ** Can we fix this situation somehow? Browsers are the most critical thing to get security updates as fast as possible. Having bugs unfixed for a month that are exploited in the wild is *bad* and puts our users at serious risk. RPMFusion seems to push timely updates - can we reuse that? Should users be pointed towards RPMFusion instead in the meantime? Thoughts? ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Orphaned packages looking for new maintainers
Am 20.09.21 um 13:31 schrieb Miro Hrončok: 0ad ignatenkobrain, orphan, pwalter 1 weeks ago I would be interested in becoming a (co)maintainer for this, but would need sponsorship. Also, how is the flatpak package handled? I know how it works for RPM, but flatpak's all new to me and I see there's also a flatpak for 0ad. -- Jonathan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Self Introduction: Jonathan Schleifer
Hi! I started using Fedora a few month ago and it became my main system. Since open source also means contributing if I use something daily for me, here I am :). I'm also a pkgsrc developer where I maintain a few packages. Things I'll probably start with are a few packages that are in pkgsrc but are missing in Fedora - I will probably start with ft2-clone and pt2-clone, both music trackers. And eventually, I'd also like to maintain the package for my own software[1], once I finally find the time to release it as 1.0 ;). [1] https://objfw.nil.im ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure