From: PCMan <pcm...@gm...> - 2009-11-08 15:20:21
|
This is an important bug-fix release. Packagers, please update your packages immeidateyl if possible. Previous versions causes crashes when called by several different programs. Related bugs also cause the crash of libfm-demo when browsing installed applications. Reference to invalid pointers and memory leaks were found and were fixed. Please upgrade to the latest version of libmenu-cache 0.2.6. For distro packagers, this bug should be marked as security issue and immediately upgrading to the latest version of menu-cache is highly recommended. Thanks |
From: Andrew L. <aj...@de...> - 2009-11-09 11:19:33
|
PCMan wrote: > This is an important bug-fix release. > Packagers, please update your packages immeidateyl if possible. Thanks for the notice. The Debian package has been uploaded. Best regards, -Andrew |
From: Andrea F. <an...@op...> - 2009-11-09 11:55:15
|
Il 09/11/2009 12:19, Andrew Lee ha scritto: > PCMan wrote: > >> This is an important bug-fix release. >> Packagers, please update your packages immeidateyl if possible. >> > Thanks for the notice. The Debian package has been uploaded. > > Best regards, > > -Andrew > > openSUSE ones too (since few minutes after announcement...) btw... libfm still crash even if the crash looks less problematic than "multiple segfault" i had with menu-cache 0.2.5 Andrea -- ------------------------------------------ Andrea Florio QSI International School of Brindisi Sys Admin openSUSE-Education Administrator openSUSE Official Member (anubisg1) Email: an...@op... Packman Packaging Team Email: an...@li... Web: http://packman.links2linux.org/ Cell: +39-328-7365667 ------------------------------------------ |
From: Ben de G. <yn...@ge...> - 2009-11-09 12:35:02
|
2009/11/9 Andrea Florio <an...@op...>: > Il 09/11/2009 12:19, Andrew Lee ha scritto: >> PCMan wrote: >> >>> This is an important bug-fix release. >>> Packagers, please update your packages immeidateyl if possible. >>> >> Thanks for the notice. The Debian package has been uploaded. > > openSUSE ones too (since few minutes after announcement...) Gentoo the same. Cheers, -- Ben de Groot Gentoo Linux developer (qt, media, lxde, desktop-misc) ______________________________________________________ |
From: Klaus K. <lx...@kn...> - 2009-11-09 13:02:21
|
Hi, On Mon, Nov 09, 2009 at 07:19:12PM +0800, Andrew Lee wrote: > PCMan wrote: > > This is an important bug-fix release. > > Packagers, please update your packages immeidateyl if possible. > > Thanks for the notice. The Debian package has been uploaded. > > Best regards, > > -Andrew May I ask WHERE it has been uploaded to? apt-cache policy libmenu-cache0 still shows: libmenu-cache0: Installed: 0.2.5-1 Candidate: 0.2.5-1 Version table: *** 0.2.5-1 0 500 http://ftp.debian.org testing/main Packages 500 http://ftp.debian.org unstable/main Packages 100 /var/lib/dpkg/status after an aptitude update, of course. Regards -Klaus |
From: Andrew L. (李健秋) <aj...@de...> - 2009-11-09 13:03:20
|
It was uploaded to FTP-master.d.o and I guess it's still now sitting at incoming. It will appear in sid soon and you will get it in the mirror site evntually. -Andrew 在 2009/11/9 13:34 時,Klaus Knopper <lx...@kn...> 寫到: > Hi, > > On Mon, Nov 09, 2009 at 07:19:12PM +0800, Andrew Lee wrote: >> PCMan wrote: >>> This is an important bug-fix release. >>> Packagers, please update your packages immeidateyl if possible. >> >> Thanks for the notice. The Debian package has been uploaded. >> >> Best regards, >> >> -Andrew > > May I ask WHERE it has been uploaded to? > > apt-cache policy libmenu-cache0 still shows: > > libmenu-cache0: > Installed: 0.2.5-1 > Candidate: 0.2.5-1 > Version table: > *** 0.2.5-1 0 > 500 http://ftp.debian.org testing/main Packages > 500 http://ftp.debian.org unstable/main Packages > 100 /var/lib/dpkg/status > > after an aptitude update, of course. > > Regards > -Klaus |
From: Martin B. / b. <br...@bs...> - 2009-11-09 13:09:22
|
On Mon, 9 Nov 2009, "Andrew Lee (李健秋)" wrote: > It was uploaded to FTP-master.d.o and I guess it's still now sitting > at incoming. It will appear in sid soon and you will get it in the > mirror site evntually. Indeed. http://incoming.debian.org libmenu-cache-dev_0.2.6-1_alpha.deb 09-Nov-2009 12:49 15K libmenu-cache-dev_0.2.6-1_i386.deb 09-Nov-2009 11:32 11K libmenu-cache0_0.2.6-1_alpha.deb 09-Nov-2009 12:49 62K libmenu-cache0_0.2.6-1_i386.deb 09-Nov-2009 11:32 51K -- brother |
From: Christoph W. <chr...@go...> - 2009-11-10 18:55:00
|
Am Sonntag, den 08.11.2009, 23:20 +0800 schrieb PCMan: > For distro packagers, this bug should be marked as security issue and > immediately upgrading to the latest version of menu-cache is highly recommended. Can you elaborate this a little? I read the comment in configure about adding rpaths for security reasons. IMO adding rpaths does not increase security, in fact there are also insecure rpaths (fortunately not in menu-cache-gen) that may make things worse. This is one of the reasons why rpaths are strictly forbidden in Fedora [1]. Because of that, I could not yet update the package. So was the rpath in menu-cache-gen added on purpose and is this the problem you were talking about? > Thanks Redards, Christop |
From: Christoph W. <chr...@go...> - 2009-11-10 19:04:26
|
Am Dienstag, den 10.11.2009, 19:54 +0100 schrieb Christoph Wickert: > [...]This is one of the reasons > why rpaths are strictly forbidden in Fedora [1]. Oops, I forgot the link: https://fedoraproject.org/wiki/Packaging/Guidelines#Beware_of_Rpath Thanks to brother for pointing this out. ;) Regards, Christoph |
From: Jürgen H. <ju...@ar...> - 2009-11-11 10:43:21
|
Hi Chistoph, 2009/11/10 Christoph Wickert <chr...@go...> Am Sonntag, den 08.11.2009, 23:20 +0800 schrieb PCMan: > > > For distro packagers, this bug should be marked as security issue and > > immediately upgrading to the latest version of menu-cache is highly > recommended. > > Can you elaborate this a little? I read the comment in configure about > adding rpaths for security reasons. IMO adding rpaths does not increase > security, in fact there are also insecure rpaths (fortunately not in > menu-cache-gen) that may make things worse. This is one of the reasons > why rpaths are strictly forbidden in Fedora [1]. Because of that, I > could not yet update the package. > > So was the rpath in menu-cache-gen added on purpose and is this the > problem you were talking about? > > Any references? menu-cache-gen doesn't use rpath for loading DSOs. Jürgen |
From: Christoph W. <chr...@go...> - 2009-11-11 13:13:03
|
Am Mittwoch, den 11.11.2009, 11:10 +0100 schrieb Jürgen Hötzel: > Hi Chistoph, > > > menu-cache-gen doesn't use rpath for loading DSOs. According to check-rpatch it does: $ rpmbuild -ba menu-cache.spec Ausführung(%prep): /bin/sh -e /var/tmp/rpm-tmp.NIN9K8 + umask 022 + cd /home/chris/fedora/rpmbuild/BUILD + LANG=C + export LANG + unset DISPLAY + cd /home/chris/fedora/rpmbuild/BUILD + rm -rf menu-cache-0.2.6 + /usr/bin/gzip -dc /home/chris/fedora/rpmbuild/SOURCES/menu-cache-0.2.6.tar.gz [snipped] + /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot ******************************************************************************* * * WARNING: 'check-rpaths' detected a broken RPATH and will cause 'rpmbuild' * to fail. To ignore these errors, you can set the '$QA_RPATHS' * environment variable which is a bitmask allowing the values * below. The current value of QA_RPATHS is 0x0000. * * 0x0001 ... standard RPATHs (e.g. /usr/lib); such RPATHs are a minor * issue but are introducing redundant searchpaths without * providing a benefit. They can also cause errors in multilib * environments. * 0x0002 ... invalid RPATHs; these are RPATHs which are neither absolute * nor relative filenames and can therefore be a SECURITY risk * 0x0004 ... insecure RPATHs; these are relative RPATHs which are a * SECURITY risk * 0x0008 ... the special '$ORIGIN' RPATHs are appearing after other * RPATHs; this is just a minor issue but usually unwanted * 0x0010 ... the RPATH is empty; there is no reason for such RPATHs * and they cause unneeded work while loading libraries * 0x0020 ... an RPATH references '..' of an absolute path; this will break * the functionality when the path before '..' is a symlink * * * Examples: * - to ignore standard and empty RPATHs, execute 'rpmbuild' like * $ QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild my-package.src.rpm * - to check existing files, set $RPM_BUILD_ROOT and execute check-rpaths like * $ RPM_BUILD_ROOT=<top-dir> /usr/lib/rpm/check-rpaths * ******************************************************************************* ERROR 0001: file '/usr/libexec/menu-cache-gen' contains a standard rpath '/usr/lib64' in [/usr/lib64] Fehler: Fehler-Status beim Beenden von /var/tmp/rpm-tmp.tusQTN (%install) Regards, Christoph |
From: Jürgen H. <ju...@ar...> - 2009-11-13 10:26:17
|
2009/11/11 Christoph Wickert <chr...@go...> > ERROR 0001: file '/usr/libexec/menu-cache-gen' contains a standard rpath > '/usr/lib64' in [/usr/lib64] > Fehler: Fehler-Status beim Beenden von /var/tmp/rpm-tmp.tusQTN (%install) > > I see. "rpath" seems to be added by libtool wrapper on you platform. Jürgen |