https://bugzilla.redhat.com/show_bug.cgi?id=2121894
Bug ID: 2121894
Summary: builtins.h requires mpc.h from libmpc-devel
Product: Fedora
Version: 36
Hardware: x86_64
OS: Linux
Status: NEW
Component: cross-gcc
Severity: medium
Assignee: dhowells(a)redhat.com
Reporter: elliott(a)hpe.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dan(a)danny.cz, dhowells(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
lkundrak(a)v3.sk
Target Milestone: ---
Classification: Fedora
Description of problem:
Cross compiles of the linux kernel 6.0-rc1 allmodconfig fail for arm, arm64,
mips, powerpc, and s390.
This originates in scripts/gcc-plugins/Kconfig, which has this entry:
menuconfig GCC_PLUGINS
bool "GCC plugins"
depends on HAVE_GCC_PLUGINS
depends on CC_IS_GCC
depends on $(success,test -e $(shell,$(CC)
-print-file-name=plugin)/include/plugin-version.h)
default y
depends on $(success,test -e $(shell,$(CC)
-print-file-name=plugin)/include/plugin-version.h)
arch/sparc/Kconfig does not include
select HAVE_GCC_PLUGINS
but all the others do.
The -print-file-name tests passes for all the cross-compilers, but does not
for native x86:
$ gcc -print-file-name=plugin
plugin
$ powerpc64-linux-gnu-gcc -print-file-name=plugin
/usr/lib/gcc/powerpc64-linux-gnu/12/plugin
$ aarch64-linux-gnu-gcc -print-file-name=plugin
/usr/lib/gcc/aarch64-linux-gnu/12/plugin
$ find /usr/lib/gcc -name plugin-version.h
/usr/lib/gcc/s390x-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/aarch64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/powerpc64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/sparc64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/arm-linux-gnueabi/12/plugin/include/plugin-version.h
/usr/lib/gcc/mips64-linux-gnu/12/plugin/include/plugin-version.h
so the .x86 .config file only gets:
CONFIG_HAVE_GCC_PLUGINS=y
while the others get that, CONFIG_GCC_PLUGINS, and a several
specific plugins:
build-arm64/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-arm64/.config:CONFIG_GCC_PLUGINS=y
build-arm64/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-arm64/.config:CONFIG_GCC_PLUGIN_STACKLEAK=y
build-arm64/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-arm/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-arm/.config:CONFIG_GCC_PLUGINS=y
build-arm/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-arm/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-mips/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-mips/.config:CONFIG_GCC_PLUGINS=y
build-mips/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-mips/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-powerpc/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-powerpc/.config:CONFIG_GCC_PLUGINS=y
build-powerpc/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-powerpc/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-s390/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-s390/.config:CONFIG_GCC_PLUGINS=y
build-s390/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-s390/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-x86/.config:CONFIG_HAVE_GCC_PLUGINS=y
A header included by each of the plugins, scripts/gcc-plugins/gcc-common.h,
includes a GCC header file called builtins.h that includes <mpc.h>, which
does not exist anywhere on my system. That causes errors early in the build on
all of those architectures.
Version-Release number of selected component (if applicable):
gcc-[each architecture]-linux-gnu 12.1.1
How reproducible:
100%
Steps to Reproduce:
Example for arm 32-bit:
1. make ARCH=arm O=build-arm CROSS_COMPILE=arm-linux-gnu- allmodconfig
2. make ARCH=arm O=build-arm CROSS_COMPILE=arm-linux-gnu- -j 55
Actual results:
For each "GCC plugin", an error like this terminates the make:
In file included from ../scripts/gcc-plugins/gcc-common.h:95,
from ../scripts/gcc-plugins/latent_entropy_plugin.c:78:
/usr/lib/gcc/aarch64-linux-gnu/12/plugin/include/builtins.h:23:10: fatal error:
mpc.h: No such file or directory
23 | #include <mpc.h>
| ^~~~~~~
compilation terminated.
Expected results:
no errors
Additional info:
That mpc.h file is provided by the libmpc-devel package.
1. Please add a dependency for the libmpc-devel package from each gcc
cross-compiler package that includes a builtins.h file
2. Please investigate whether the native gcc package not having plugins is
correct, despite the kernel x86 allmodconfig expecting them by specifying
CONFIG_HAVE_GCC_PLUGINS=y
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2121894
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
Bug ID: 2052682
Summary: CVE-2022-24303 python-pillow: temporary directory with
a space character allows removal of unrelated file
after im.show() and related action
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
If the path to the temporary directory on Linux or macOS contained a space,
this would break removal of the temporary image file after im.show() (and
related actions), and potentially remove an unrelated file. This been present
since PIL.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
Bug ID: 2042527
Summary: CVE-2022-22817 python-pillow: PIL.ImageMath.eval
allows evaluation of arbitrary expressions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary
expressions, such as ones that use the Python exec method.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-bu…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Bug ID: 2042522
Summary: CVE-2022-22816 python-pillow: buffer over-read during
initialization of ImagePath.Path in path_getbbox() in
path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during
initialization of ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
Bug ID: 2042511
Summary: CVE-2022-22815 python-pillow: improperly initializes
ImagePath.Path in path_getbbox() in path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes
ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
https://bugzilla.redhat.com/show_bug.cgi?id=2093731
Bug ID: 2093731
Summary: zbarimg does not read a Code 128 barcode
Product: Fedora
Version: 36
Status: NEW
Component: zbar
Severity: high
Assignee: gwync(a)protonmail.com
Reporter: cristian.ciupitu(a)yahoo.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dougsland(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
gwync(a)protonmail.com, mchehab(a)infradead.org,
mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com
Target Milestone: ---
Classification: Fedora
Created attachment 1886898
--> https://bugzilla.redhat.com/attachment.cgi?id=1886898&action=edit
Code 128 barcode
Description of problem:
zbarimg does not read a Code 128 barcode
Version-Release number of selected component (if applicable):
zbar-0.23.90-1.fc36.x86_64
How reproducible:
Every time
Steps to Reproduce:
1. zbarimg barcode.png
Actual results:
scanned 0 barcode symbols from 1 images in 0 seconds
WARNING: barcode data was not detected in some image(s)
Things to check:
- is the barcode type supported? Currently supported symbologies are:
. EAN/UPC (EAN-13, EAN-8, EAN-2, EAN-5, UPC-A, UPC-E, ISBN-10, ISBN-13)
. DataBar, DataBar Expanded
. Code 128
. Code 93
. Code 39
. Codabar
. Interleaved 2 of 5
. QR code
. SQ code
. PDF 417
- is the barcode large enough in the image?
- is the barcode mostly in focus?
- is there sufficient contrast/illumination?
- If the symbol is split in several barcodes, are they combined in one image?
- Did you enable the barcode type?
some EAN/UPC codes are disabled by default. To enable all, use:
$ zbarimg -S*.enable <files>
Please also notice that some variants take precedence over others.
Due to that, if you want, for example, ISBN-10, you should do:
$ zbarimg -Sisbn10.enable <files>
Expected results:
(Code 128) 755897201062022179.73
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093731
https://bugzilla.redhat.com/show_bug.cgi?id=2120537
Bug ID: 2120537
Summary: 'bodhi updates new' does not report error/warning when
setting karma limit below minimal value for package in
critical path
Product: Fedora
Version: rawhide
Status: NEW
Component: bodhi-client
Assignee: thrcka(a)redhat.com
Reporter: zdohnal(a)redhat.com
CC: aurelien(a)bompard.org,
epel-packagers-sig(a)lists.fedoraproject.org,
lenka(a)sepu.cz, thrcka(a)redhat.com
Target Milestone: ---
Classification: Fedora
Hi,
I was surprised why my bodhi update (
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6f5e420e52 ) doesn't show
an option for pushing into stable or why the update is not in stable already,
because the positive karma limit (1) is reached.
On #fedora-devel IRC channel kalev answered:
(09:34:34 AM) zdohnal: Hi all, do you have an idea what blocks this update
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6f5e420e52 from being
pushed to the stable?
(09:38:32 AM) kalev: zdohnal: looks like it's marked as critical path and
because of that, it needs minimum of +2 karma to be pushed to stable
(09:40:19 AM) GrannyGoose left the room (quit: Quit: Going offline, see ya!
(www.adiirc.com))
(09:41:00 AM) zdohnal: kalev: aha - good to know. However bodhi-client should
give me error when I set karma below this limit...
According to the conversation, there is karma limit for components in critical
path and it is higher - 2 - than the limit set by me - 1, which causes
confusion.
I use 'bodhi updates new' CLI command for creating updates, and I didn't see
any error/warning regarding setting the karma limit too low.
IMHO CLI command has to fail if user tries to set the limit too low, and bodhi
web UI should handle this in some way as well.
Would you mind looking into it?
Version-Release number of selected component (if applicable):
bodhi-client-6.0.1-4.fc37
How reproducible:
always
Steps to Reproduce:
1. $ bodhi updates new --type bugfix --close-bugs --request testing --autokarma
--autotime --stable-karma 1 --unstable-karma -1 --notes "Update for component
in critical path" <critical-component-1.2.3-1.fc37>
Actual results:
No error or warning, bodhi web ui shows user defined limit and the update has
karma to fulfill the limit, but the update is not pushed into stable.
Expected results:
Give error (in both interfaces - CLI and Web UI) if user wants to set lower
karma limit than it is required on the package.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2120537
https://bugzilla.redhat.com/show_bug.cgi?id=2065645
Bug ID: 2065645
Summary: Gmime 3.2.9 is available
Product: Fedora
Version: rawhide
Hardware: All
Status: NEW
Component: gmime30
Severity: medium
Assignee: klember(a)redhat.com
Reporter: mjg(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
klember(a)redhat.com
Target Milestone: ---
Link ID: Github jstedfast/gmime/releases/tag/3.2.9
Classification: Fedora
Description of problem:
Gmime 3.2.7 as packaged is outdated (Mar 2020).
Version-Release number of selected component (if applicable):
3.2.7-5
How reproducible:
always
Steps to Reproduce:
1. dnf list gmime30
Actual results:
gmime30-3.2.7
Expected results:
gmime30-3.2.9
Additional info:
The real upstream has been at https://github.com/jstedfast/gmime/ for quite
some time now (not on gnome any more, and never on gitlab).
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2065645
https://bugzilla.redhat.com/show_bug.cgi?id=2078238
Bug ID: 2078238
Summary: gssdp-1.5.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: gssdp
Keywords: FutureFeature, Triaged
Assignee: klember(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dcavalca(a)fb.com,
epel-packagers-sig(a)lists.fedoraproject.org,
klember(a)redhat.com, zeenix(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.5.0
Current version/release in rawhide: 1.4.0.1-2.fc36
URL: https://developer.gnome.org/gssdp/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/1262/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2078238