https://bugzilla.redhat.com/show_bug.cgi?id=2121894
Bug ID: 2121894
Summary: builtins.h requires mpc.h from libmpc-devel
Product: Fedora
Version: 36
Hardware: x86_64
OS: Linux
Status: NEW
Component: cross-gcc
Severity: medium
Assignee: dhowells(a)redhat.com
Reporter: elliott(a)hpe.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dan(a)danny.cz, dhowells(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
lkundrak(a)v3.sk
Target Milestone: ---
Classification: Fedora
Description of problem:
Cross compiles of the linux kernel 6.0-rc1 allmodconfig fail for arm, arm64,
mips, powerpc, and s390.
This originates in scripts/gcc-plugins/Kconfig, which has this entry:
menuconfig GCC_PLUGINS
bool "GCC plugins"
depends on HAVE_GCC_PLUGINS
depends on CC_IS_GCC
depends on $(success,test -e $(shell,$(CC)
-print-file-name=plugin)/include/plugin-version.h)
default y
depends on $(success,test -e $(shell,$(CC)
-print-file-name=plugin)/include/plugin-version.h)
arch/sparc/Kconfig does not include
select HAVE_GCC_PLUGINS
but all the others do.
The -print-file-name tests passes for all the cross-compilers, but does not
for native x86:
$ gcc -print-file-name=plugin
plugin
$ powerpc64-linux-gnu-gcc -print-file-name=plugin
/usr/lib/gcc/powerpc64-linux-gnu/12/plugin
$ aarch64-linux-gnu-gcc -print-file-name=plugin
/usr/lib/gcc/aarch64-linux-gnu/12/plugin
$ find /usr/lib/gcc -name plugin-version.h
/usr/lib/gcc/s390x-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/aarch64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/powerpc64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/sparc64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/arm-linux-gnueabi/12/plugin/include/plugin-version.h
/usr/lib/gcc/mips64-linux-gnu/12/plugin/include/plugin-version.h
so the .x86 .config file only gets:
CONFIG_HAVE_GCC_PLUGINS=y
while the others get that, CONFIG_GCC_PLUGINS, and a several
specific plugins:
build-arm64/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-arm64/.config:CONFIG_GCC_PLUGINS=y
build-arm64/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-arm64/.config:CONFIG_GCC_PLUGIN_STACKLEAK=y
build-arm64/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-arm/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-arm/.config:CONFIG_GCC_PLUGINS=y
build-arm/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-arm/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-mips/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-mips/.config:CONFIG_GCC_PLUGINS=y
build-mips/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-mips/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-powerpc/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-powerpc/.config:CONFIG_GCC_PLUGINS=y
build-powerpc/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-powerpc/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-s390/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-s390/.config:CONFIG_GCC_PLUGINS=y
build-s390/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-s390/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-x86/.config:CONFIG_HAVE_GCC_PLUGINS=y
A header included by each of the plugins, scripts/gcc-plugins/gcc-common.h,
includes a GCC header file called builtins.h that includes <mpc.h>, which
does not exist anywhere on my system. That causes errors early in the build on
all of those architectures.
Version-Release number of selected component (if applicable):
gcc-[each architecture]-linux-gnu 12.1.1
How reproducible:
100%
Steps to Reproduce:
Example for arm 32-bit:
1. make ARCH=arm O=build-arm CROSS_COMPILE=arm-linux-gnu- allmodconfig
2. make ARCH=arm O=build-arm CROSS_COMPILE=arm-linux-gnu- -j 55
Actual results:
For each "GCC plugin", an error like this terminates the make:
In file included from ../scripts/gcc-plugins/gcc-common.h:95,
from ../scripts/gcc-plugins/latent_entropy_plugin.c:78:
/usr/lib/gcc/aarch64-linux-gnu/12/plugin/include/builtins.h:23:10: fatal error:
mpc.h: No such file or directory
23 | #include <mpc.h>
| ^~~~~~~
compilation terminated.
Expected results:
no errors
Additional info:
That mpc.h file is provided by the libmpc-devel package.
1. Please add a dependency for the libmpc-devel package from each gcc
cross-compiler package that includes a builtins.h file
2. Please investigate whether the native gcc package not having plugins is
correct, despite the kernel x86 allmodconfig expecting them by specifying
CONFIG_HAVE_GCC_PLUGINS=y
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2121894
https://bugzilla.redhat.com/show_bug.cgi?id=2128335
Bug ID: 2128335
Summary: Please port your pcre dependency to pcre2. Pcre has
been deprecated
Product: Fedora
Version: rawhide
Status: NEW
Component: ngrep
Assignee: dcavalca(a)fb.com
Reporter: ljavorsk(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cickumqt(a)gmail.com, dcavalca(a)fb.com,
epel-packagers-sig(a)lists.fedoraproject.org, me(a)fale.io
Target Milestone: ---
Classification: Fedora
Pcre has been deprecated since Fedora 38.
Please consider porting to the new pcre2 version.
Fedora change that describes the pcre deprecation is located here:
https://fedoraproject.org/wiki/PcreDeprecation
FESCo approval is located here: https://pagure.io/fesco/issue/2862
If your component has already ported to pcre2 or you don't Require/BuildRequire
any pcre subpackage, feel free to close this Bugzilla.
This Bugzilla was created automatically and some issues might have occurred
along the way.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2128335
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
Bug ID: 2052682
Summary: CVE-2022-24303 python-pillow: temporary directory with
a space character allows removal of unrelated file
after im.show() and related action
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
If the path to the temporary directory on Linux or macOS contained a space,
this would break removal of the temporary image file after im.show() (and
related actions), and potentially remove an unrelated file. This been present
since PIL.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
Bug ID: 2042527
Summary: CVE-2022-22817 python-pillow: PIL.ImageMath.eval
allows evaluation of arbitrary expressions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary
expressions, such as ones that use the Python exec method.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-bu…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Bug ID: 2042522
Summary: CVE-2022-22816 python-pillow: buffer over-read during
initialization of ImagePath.Path in path_getbbox() in
path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during
initialization of ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
Bug ID: 2042511
Summary: CVE-2022-22815 python-pillow: improperly initializes
ImagePath.Path in path_getbbox() in path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes
ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
https://bugzilla.redhat.com/show_bug.cgi?id=2093731
Bug ID: 2093731
Summary: zbarimg does not read a Code 128 barcode
Product: Fedora
Version: 36
Status: NEW
Component: zbar
Severity: high
Assignee: gwync(a)protonmail.com
Reporter: cristian.ciupitu(a)yahoo.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dougsland(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
gwync(a)protonmail.com, mchehab(a)infradead.org,
mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com
Target Milestone: ---
Classification: Fedora
Created attachment 1886898
--> https://bugzilla.redhat.com/attachment.cgi?id=1886898&action=edit
Code 128 barcode
Description of problem:
zbarimg does not read a Code 128 barcode
Version-Release number of selected component (if applicable):
zbar-0.23.90-1.fc36.x86_64
How reproducible:
Every time
Steps to Reproduce:
1. zbarimg barcode.png
Actual results:
scanned 0 barcode symbols from 1 images in 0 seconds
WARNING: barcode data was not detected in some image(s)
Things to check:
- is the barcode type supported? Currently supported symbologies are:
. EAN/UPC (EAN-13, EAN-8, EAN-2, EAN-5, UPC-A, UPC-E, ISBN-10, ISBN-13)
. DataBar, DataBar Expanded
. Code 128
. Code 93
. Code 39
. Codabar
. Interleaved 2 of 5
. QR code
. SQ code
. PDF 417
- is the barcode large enough in the image?
- is the barcode mostly in focus?
- is there sufficient contrast/illumination?
- If the symbol is split in several barcodes, are they combined in one image?
- Did you enable the barcode type?
some EAN/UPC codes are disabled by default. To enable all, use:
$ zbarimg -S*.enable <files>
Please also notice that some variants take precedence over others.
Due to that, if you want, for example, ISBN-10, you should do:
$ zbarimg -Sisbn10.enable <files>
Expected results:
(Code 128) 755897201062022179.73
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093731
https://bugzilla.redhat.com/show_bug.cgi?id=2120537
Bug ID: 2120537
Summary: 'bodhi updates new' does not report error/warning when
setting karma limit below minimal value for package in
critical path
Product: Fedora
Version: rawhide
Status: NEW
Component: bodhi-client
Assignee: thrcka(a)redhat.com
Reporter: zdohnal(a)redhat.com
CC: aurelien(a)bompard.org,
epel-packagers-sig(a)lists.fedoraproject.org,
lenka(a)sepu.cz, thrcka(a)redhat.com
Target Milestone: ---
Classification: Fedora
Hi,
I was surprised why my bodhi update (
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6f5e420e52 ) doesn't show
an option for pushing into stable or why the update is not in stable already,
because the positive karma limit (1) is reached.
On #fedora-devel IRC channel kalev answered:
(09:34:34 AM) zdohnal: Hi all, do you have an idea what blocks this update
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6f5e420e52 from being
pushed to the stable?
(09:38:32 AM) kalev: zdohnal: looks like it's marked as critical path and
because of that, it needs minimum of +2 karma to be pushed to stable
(09:40:19 AM) GrannyGoose left the room (quit: Quit: Going offline, see ya!
(www.adiirc.com))
(09:41:00 AM) zdohnal: kalev: aha - good to know. However bodhi-client should
give me error when I set karma below this limit...
According to the conversation, there is karma limit for components in critical
path and it is higher - 2 - than the limit set by me - 1, which causes
confusion.
I use 'bodhi updates new' CLI command for creating updates, and I didn't see
any error/warning regarding setting the karma limit too low.
IMHO CLI command has to fail if user tries to set the limit too low, and bodhi
web UI should handle this in some way as well.
Would you mind looking into it?
Version-Release number of selected component (if applicable):
bodhi-client-6.0.1-4.fc37
How reproducible:
always
Steps to Reproduce:
1. $ bodhi updates new --type bugfix --close-bugs --request testing --autokarma
--autotime --stable-karma 1 --unstable-karma -1 --notes "Update for component
in critical path" <critical-component-1.2.3-1.fc37>
Actual results:
No error or warning, bodhi web ui shows user defined limit and the update has
karma to fulfill the limit, but the update is not pushed into stable.
Expected results:
Give error (in both interfaces - CLI and Web UI) if user wants to set lower
karma limit than it is required on the package.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2120537
https://bugzilla.redhat.com/show_bug.cgi?id=2125734
Bug ID: 2125734
Summary: Please branch and build python-rpmautospec in epel8.
Product: Fedora EPEL
Version: epel8
Status: NEW
Component: python-rpmautospec
Assignee: asaleh(a)redhat.com
Reporter: gotmax(a)e.email
CC: asaleh(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name, nphilipp(a)redhat.com
Target Milestone: ---
Classification: Fedora
Please branch and build python-rpmautospec in epel8.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2125734