subject:"RFC\: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages"

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

2024-05-07 Thread Siteshwar Vashisht

On Wed, Apr 24, 2024 at 6:26 PM Siteshwar Vashisht 
wrote:

> Hello,
>
> This is a follow up on my previous email[1] about OpenScanHub Prototype
> for Fedora.
> Thank you to those who have provided early feedback. Your help is truly
> appreciated!
>
> I am writing this message to get feedback from the community on possibly
> new defects identified by static analyzers in Core Critical Path packages
> that have changed in Fedora 41.
>
> TLDR: This report[2] contains 14188 identified defects. Please review the
> report and provide feedback.
>
> A mass scan was performed this week on the packages that have changed in
> Fedora 41. This report[2] contains all the new defects that have been
> identified in the core packages listed in Critical Path Packages. Please
> review the report and fix or report any defects to upstream that may be
> real bugs. Not all defects reported by OpenScanHub may be actual bugs, so
> please verify reported defects before investing time into fixing or
> reporting them. We hope this is helpful for the packages you maintain and
> for the upstream projects. Questions can be asked on the OpenScanHub
> mailing list[3]. If you want to see the full logs of the scans, they are
> available on the tasks[4] page. User documentation for performing a scan is
> available on the Fedora wiki[5].
>
> If the feedback on this report is positive, there may be a possibility of
> increasing the scope of scans to cover a wider range of packages.
>

I plan to perform another mass scan this month. Please provide any
feedback, if you missed this message earlier.


>
> Please remember this is currently an early production stage for
> OpenScanHub scanning. Constructive feedback is appreciated. Thank you!
>
> [1]
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/
>
> [2] https://svashisht.fedorapeople.org/f41-22-Apr-2024/
>
> [3]
> https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/
>
> [4] https://openscanhub.fedoraproject.org/task/
>
> [5] https://fedoraproject.org/wiki/OpenScanHub
>
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

2024-04-25 Thread Siteshwar Vashisht

On Thu, Apr 25, 2024 at 2:18 AM Carlos Rodriguez-Fernandez <
carlosrodrifernan...@gmail.com> wrote:

> Actually, I see what the problem is.
>
> The task is for 2.69-8 [1], but the subtask runs for 2.69-3 first to
> then have a reference for the diff. So I guess it will work next time a
> new version of libcap goes out.
>

`koji latest-build f40 libcap` gives me: libcap-2.69-3.fc40

I used the mock profile from Fedora 41 to do the build, so probably that
caused the build failure.


>
> [1] https://openscanhub.fedoraproject.org/task/83/
>
> On 4/24/24 17:11, Carlos Rodriguez-Fernandez wrote:
> > Hi Siteshwar,
> >
> > Thank you for the report. The libcap subtask failed [1] for a known
> > issue, which is present in libcap 2.69-3 in Fedora rawhide, but was
> > already fixed two weeks ago. Fedora rawhide has 2.69-8, and I can
> > confirm it is the case when I run the fedora:41 images. 2.69-8 should
> > have been in the mirrors for more than one week. I'm surprised it wasn't
> > picked up when this report was run. Will the report be rerun eventually
> > with an updated version of Fedora 41?
> >
> > Thank you,
> > Carlos R.F.
> >
> > [1] https://openscanhub.fedoraproject.org/task/135/log/stdout.log
> >
> >
> > On 4/24/24 09:26, Siteshwar Vashisht wrote:
> >> Hello,
> >>
> >> This is a follow up on my previous email[1] about OpenScanHub
> >> Prototype for Fedora.
> >> Thank you to those who have provided early feedback. Your help is
> >> truly appreciated!
> >>
> >> I am writing this message to get feedback from the community on
> >> possibly new defects identified by static analyzers in Core Critical
> >> Path packages that have changed in Fedora 41.
> >>
> >> TLDR: This report[2] contains 14188 identified defects. Please review
> >> the report and provide feedback.
> >>
> >> A mass scan was performed this week on the packages that have changed
> >> in Fedora 41. This report[2] contains all the new defects that have
> >> been identified in the core packages listed in Critical Path Packages.
> >> Please review the report and fix or report any defects to upstream
> >> that may be real bugs. Not all defects reported by OpenScanHub may be
> >> actual bugs, so please verify reported defects before investing time
> >> into fixing or reporting them. We hope this is helpful for the
> >> packages you maintain and for the upstream projects. Questions can be
> >> asked on the OpenScanHub mailing list[3]. If you want to see the full
> >> logs of the scans, they are available on the tasks[4] page. User
> >> documentation for performing a scan is available on the Fedora wiki[5].
> >>
> >> If the feedback on this report is positive, there may be a possibility
> >> of increasing the scope of scans to cover a wider range of packages.
> >>
> >> Please remember this is currently an early production stage for
> >> OpenScanHub scanning. Constructive feedback is appreciated. Thank you!
> >>
> >> [1]
> >>
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/
> <
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/
> >
> >>
> >> [2] https://svashisht.fedorapeople.org/f41-22-Apr-2024/
> >> 
> >>
> >> [3]
> >>
> https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/
> <
> https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/
> >
> >>
> >> [4] https://openscanhub.fedoraproject.org/task/
> >> 
> >>
> >> [5] https://fedoraproject.org/wiki/OpenScanHub
> >> 
> >>
> >> --
> >> ___
> >> devel mailing list -- devel@lists.fedoraproject.org
> >> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> >> Fedora Code of Conduct:
> >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> >> List Archives:
> >>
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> >> Do not reply to spam, report it:
> >> https://pagure.io/fedora-infrastructure/new_issue
> --
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

2024-04-25 Thread Siteshwar Vashisht

On Thu, Apr 25, 2024 at 2:12 AM Carlos Rodriguez-Fernandez <
carlosrodrifernan...@gmail.com> wrote:

> Hi Siteshwar,
>
> Thank you for the report. The libcap subtask failed [1] for a known
> issue, which is present in libcap 2.69-3 in Fedora rawhide, but was
> already fixed two weeks ago. Fedora rawhide has 2.69-8, and I can
> confirm it is the case when I run the fedora:41 images. 2.69-8 should
> have been in the mirrors for more than one week. I'm surprised it wasn't
> picked up when this report was run. Will the report be rerun eventually
> with an updated version of Fedora 41?
>

I plan to run the mass scans again based on the feedback from the
community. Although, I do not have a timeline for that. I would appreciate
any suggestions on when it fits in the Fedora release schedule to run a
mass scan.


>
> Thank you,
> Carlos R.F.
>
> [1] https://openscanhub.fedoraproject.org/task/135/log/stdout.log
>
>
> On 4/24/24 09:26, Siteshwar Vashisht wrote:
> > Hello,
> >
> > This is a follow up on my previous email[1] about OpenScanHub Prototype
> > for Fedora.
> > Thank you to those who have provided early feedback. Your help is truly
> > appreciated!
> >
> > I am writing this message to get feedback from the community on possibly
> > new defects identified by static analyzers in Core Critical Path
> > packages that have changed in Fedora 41.
> >
> > TLDR: This report[2] contains 14188 identified defects. Please review
> > the report and provide feedback.
> >
> > A mass scan was performed this week on the packages that have changed in
> > Fedora 41. This report[2] contains all the new defects that have been
> > identified in the core packages listed in Critical Path Packages. Please
> > review the report and fix or report any defects to upstream that may be
> > real bugs. Not all defects reported by OpenScanHub may be actual bugs,
> > so please verify reported defects before investing time into fixing or
> > reporting them. We hope this is helpful for the packages you maintain
> > and for the upstream projects. Questions can be asked on the OpenScanHub
> > mailing list[3]. If you want to see the full logs of the scans, they are
> > available on the tasks[4] page. User documentation for performing a scan
> > is available on the Fedora wiki[5].
> >
> > If the feedback on this report is positive, there may be a possibility
> > of increasing the scope of scans to cover a wider range of packages.
> >
> > Please remember this is currently an early production stage for
> > OpenScanHub scanning. Constructive feedback is appreciated. Thank you!
> >
> > [1]
> >
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/
> <
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/
> >
> >
> > [2] https://svashisht.fedorapeople.org/f41-22-Apr-2024/
> > 
> >
> > [3]
> >
> https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/
> <
> https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/
> >
> >
> > [4] https://openscanhub.fedoraproject.org/task/
> > 
> >
> > [5] https://fedoraproject.org/wiki/OpenScanHub
> > 
> >
> > --
> > ___
> > devel mailing list -- devel@lists.fedoraproject.org
> > To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> > Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
> --
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

2024-04-24 Thread Carlos Rodriguez-Fernandez

Actually, I see what the problem is.

The task is for 2.69-8 [1], but the subtask runs for 2.69-3 first to
then have a reference for the diff. So I guess it will work next time a
new version of libcap goes out.

[1] https://openscanhub.fedoraproject.org/task/83/

On 4/24/24 17:11, Carlos Rodriguez-Fernandez wrote:

Hi Siteshwar,

Thank you for the report. The libcap subtask failed [1] for a known
issue, which is present in libcap 2.69-3 in Fedora rawhide, but was
already fixed two weeks ago. Fedora rawhide has 2.69-8, and I can
confirm it is the case when I run the fedora:41 images. 2.69-8 should
have been in the mirrors for more than one week. I'm surprised it wasn't
picked up when this report was run. Will the report be rerun eventually
with an updated version of Fedora 41?

Thank you,
Carlos R.F.

[1] https://openscanhub.fedoraproject.org/task/135/log/stdout.log

On 4/24/24 09:26, Siteshwar Vashisht wrote:

Hello,

This is a follow up on my previous email[1] about OpenScanHub
Prototype for Fedora.
Thank you to those who have provided early feedback. Your help is
truly appreciated!

I am writing this message to get feedback from the community on
possibly new defects identified by static analyzers in Core Critical
Path packages that have changed in Fedora 41.

TLDR: This report[2] contains 14188 identified defects. Please review
the report and provide feedback.

A mass scan was performed this week on the packages that have changed
in Fedora 41. This report[2] contains all the new defects that have
been identified in the core packages listed in Critical Path Packages.
Please review the report and fix or report any defects to upstream
that may be real bugs. Not all defects reported by OpenScanHub may be
actual bugs, so please verify reported defects before investing time
into fixing or reporting them. We hope this is helpful for the
packages you maintain and for the upstream projects. Questions can be
asked on the OpenScanHub mailing list[3]. If you want to see the full
logs of the scans, they are available on the tasks[4] page. User
documentation for performing a scan is available on the Fedora wiki[5].

If the feedback on this report is positive, there may be a possibility
of increasing the scope of scans to cover a wider range of packages.

Please remember this is currently an early production stage for
OpenScanHub scanning. Constructive feedback is appreciated. Thank you!

[1]
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/

[2] https://svashisht.fedorapeople.org/f41-22-Apr-2024/

[3]
https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/

[4] https://openscanhub.fedoraproject.org/task/

[5] https://fedoraproject.org/wiki/OpenScanHub

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

OpenPGP_signature.asc
Description: OpenPGP digital signature
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

2024-04-24 Thread Carlos Rodriguez-Fernandez

Hi Siteshwar,

Thank you,
Carlos R.F.

[1] https://openscanhub.fedoraproject.org/task/135/log/stdout.log

On 4/24/24 09:26, Siteshwar Vashisht wrote:

Hello,

This is a follow up on my previous email[1] about OpenScanHub Prototype
for Fedora.
Thank you to those who have provided early feedback. Your help is truly
appreciated!

I am writing this message to get feedback from the community on possibly
new defects identified by static analyzers in Core Critical Path
packages that have changed in Fedora 41.

TLDR: This report[2] contains 14188 identified defects. Please review
the report and provide feedback.

A mass scan was performed this week on the packages that have changed in
Fedora 41. This report[2] contains all the new defects that have been
identified in the core packages listed in Critical Path Packages. Please
review the report and fix or report any defects to upstream that may be
real bugs. Not all defects reported by OpenScanHub may be actual bugs,
so please verify reported defects before investing time into fixing or
reporting them. We hope this is helpful for the packages you maintain
and for the upstream projects. Questions can be asked on the OpenScanHub
mailing list[3]. If you want to see the full logs of the scans, they are
available on the tasks[4] page. User documentation for performing a scan
is available on the Fedora wiki[5].

If the feedback on this report is positive, there may be a possibility
of increasing the scope of scans to cover a wider range of packages.

Please remember this is currently an early production stage for
OpenScanHub scanning. Constructive feedback is appreciated. Thank you!

[1]
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/

[2] https://svashisht.fedorapeople.org/f41-22-Apr-2024/

[3]
https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/

[4] https://openscanhub.fedoraproject.org/task/

[5] https://fedoraproject.org/wiki/OpenScanHub

--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

2024-04-24 Thread Siteshwar Vashisht

Hello,

This is a follow up on my previous email[1] about OpenScanHub Prototype for
Fedora.
Thank you to those who have provided early feedback. Your help is truly
appreciated!

I am writing this message to get feedback from the community on possibly
new defects identified by static analyzers in Core Critical Path packages
that have changed in Fedora 41.

TLDR: This report[2] contains 14188 identified defects. Please review the
report and provide feedback.

A mass scan was performed this week on the packages that have changed in
Fedora 41. This report[2] contains all the new defects that have been
identified in the core packages listed in Critical Path Packages. Please
review the report and fix or report any defects to upstream that may be
real bugs. Not all defects reported by OpenScanHub may be actual bugs, so
please verify reported defects before investing time into fixing or
reporting them. We hope this is helpful for the packages you maintain and
for the upstream projects. Questions can be asked on the OpenScanHub
mailing list[3]. If you want to see the full logs of the scans, they are
available on the tasks[4] page. User documentation for performing a scan is
available on the Fedora wiki[5].

If the feedback on this report is positive, there may be a possibility of
increasing the scope of scans to cover a wider range of packages.

Please remember this is currently an early production stage for OpenScanHub
scanning. Constructive feedback is appreciated. Thank you!

[1]
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/

[2] https://svashisht.fedorapeople.org/f41-22-Apr-2024/

[3]
https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/

[4] https://openscanhub.fedoraproject.org/task/

[5] https://fedoraproject.org/wiki/OpenScanHub
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

Re: RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

RFC: Flaws detected by static analyzers in Fedora 41 Core Critical Path Packages

6 matches

Site Navigation

Mail list logo

Footer information