Good Morning Everyone,
Tomorrow we are planning on deploying a new version of pagure and
pagure-dist-git on production.
These changes come with two changes to the packager workflow:
* Anitya integration in dist-git
Something we lost when loosing pkgdb was the easy integration to anitya
(https://release-monitoring.org). With the coming changes we are getting them
back.
On the left hand-side column, there will be a drop-down button allowing to
change the settings for anitya for the project.
Existing status will be migrated from the fedora-scm-requests repo on pagure to
use this drop-down.
Using the fedora-scm-requests repo for the anitya integration will no longer be
supported.
* Change in the de-orphaning process
Currently if a package is orphaned, one has to open a ticket against the releng
project to adopt it. With these changes, anyone will be able to adopt orphaned
projects (not retired on master) directly from dist-git's UI.
If the project is retired or has been orphaned for too long, a ticket on the
releng project will still be required though.
Both of these changes can already be reviewed in staging at:
https://src.stg.fedoraproject.org
Looking forward for your feedback!
Pierre
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Tuesday, November 26, 2019
Monday, November 25, 2019
[USN-4200-1] Redmine vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4200-1
November 26, 2019
redmine vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in redmine.
Software Description:
- redmine: flexible project management web application
Details:
It was discovered that Redmine incorrectly handle certain inputs that could
cause textile formatting errors. An attacker could possibly use this issue to
cause a XSS attack. (CVE-2019-17427)
It was discovered that an SQL injection could allow users to access protected
information via a crafted object query. (CVE-2019-18890)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
redmine 4.0.1-2ubuntu0.1
redmine-mysql 4.0.1-2ubuntu0.1
redmine-pgsql 4.0.1-2ubuntu0.1
redmine-sqlite 4.0.1-2ubuntu0.1
Ubuntu 18.04 LTS:
redmine 3.4.4-1ubuntu0.1
redmine-mysql 3.4.4-1ubuntu0.1
redmine-pgsql 3.4.4-1ubuntu0.1
redmine-sqlite 3.4.4-1ubuntu0.1
Ubuntu 16.04 LTS:
redmine 3.2.1-2ubuntu0.2
redmine-mysql 3.2.1-2ubuntu0.2
redmine-pgsql 3.2.1-2ubuntu0.2
redmine-sqlite 3.2.1-2ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4200-1
CVE-2019-17427, CVE-2019-18890
Package Information:
https://launchpad.net/ubuntu/+source/redmine/4.0.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/redmine/3.4.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/redmine/3.2.1-2ubuntu0.2
Ubuntu Security Notice USN-4200-1
November 26, 2019
redmine vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in redmine.
Software Description:
- redmine: flexible project management web application
Details:
It was discovered that Redmine incorrectly handle certain inputs that could
cause textile formatting errors. An attacker could possibly use this issue to
cause a XSS attack. (CVE-2019-17427)
It was discovered that an SQL injection could allow users to access protected
information via a crafted object query. (CVE-2019-18890)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
redmine 4.0.1-2ubuntu0.1
redmine-mysql 4.0.1-2ubuntu0.1
redmine-pgsql 4.0.1-2ubuntu0.1
redmine-sqlite 4.0.1-2ubuntu0.1
Ubuntu 18.04 LTS:
redmine 3.4.4-1ubuntu0.1
redmine-mysql 3.4.4-1ubuntu0.1
redmine-pgsql 3.4.4-1ubuntu0.1
redmine-sqlite 3.4.4-1ubuntu0.1
Ubuntu 16.04 LTS:
redmine 3.2.1-2ubuntu0.2
redmine-mysql 3.2.1-2ubuntu0.2
redmine-pgsql 3.2.1-2ubuntu0.2
redmine-sqlite 3.2.1-2ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4200-1
CVE-2019-17427, CVE-2019-18890
Package Information:
https://launchpad.net/ubuntu/+source/redmine/4.0.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/redmine/3.4.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/redmine/3.2.1-2ubuntu0.2
Fedora 32 Self-Contained Change proposal: Build Python with -fno-semantic-interposition for better performance
https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup
Simplified version of another change proposal|This change was
originally proposed for [[Releases/32|Fedora 32]] as
[[Changes/PythonStaticSpeedup]], however based on
[https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/NWPVQSKVWDKA75PDEIJNJIFL5C5SJXB2/
community feedback], it has been significantly reduced.
== Summary ==
We add the <code>-fno-semantic-interposition</code> compiler/linker
flag when building Python interpreters, as it provides significant
performance improvement, up to 27% depending on the workload. Users
will no longer be able to use LD_PRELOAD to override a symbol from
libpython, which we consider a good trade off for the speedup.
== Owner ==
* Name: [[User:Cstratak| Charalampos Stratakis]], [[User:Vstinner|
Victor Stinner]], [[User:Churchyard| Miro Hrončok]]
* Email: python-maint@redhat.com
* Shout-out: [[User:Jankratochvil|Jan Kratochvíl]] for first
suggesting this instead of the original proposal, followed by
[[User:Kkofler|Kevin Kofler]]. [[User:Fweimer|Florian Weimer]] for
providing answers to our questions. David Gray for originally
suggesting to link Python statically to gain performance.
== Detailed Description ==
When we build the Python interpreter with the
<code>-fno-semantic-interposition</code> compiler/linker flag, we can
achieve a performance gain of 5% to 27% depending on the workload.
Link time optimizations and profile guided optimizations also have a
greater impact when python3 is built this way.
As a negative side effect, it disables the LD_PRELOAD feature: it's no
longer possible to override symbols in libpython with LD_PRELOAD.
Interposition is enabled by default in compilers like GCC: function
calls to a library goes through a "Procedure Linkage Table" (PLT).
This indirection is required to allow a library loaded by LD_PRELOAD
environment variable to override a function. The indirection puts more
pressure on the CPU level 1 cache (instruction cache). In term of
performance, the main drawback is that function calls from a library
to the same library cannot be inlined, to respect the interposition
semantics. Inlining is usually a big win in term of performance.
Disabling interposition for libpython removes the overhead on function
calls by avoiding the PLT indirection, and allows to inline more
function calls. We're describing function calls from libpython to
libpython, something which is very common in Python: almost all
function calls are calls from libpython to libpython.
If Fedora users need to use LD_PRELOAD to override symbols in
libpython, the recommend way is to build a custom Python without
<code>-fno-semantic-interposition</code>.
It is still possible to use LD_PRELOAD to override symbols in other
libraries (for example in glibc).
=== Affected Pythons ===
Primarily, we will change the interpreter in the {{package|python3}}
package, that is Python 3.8 in Fedora 32 and any later version of
Python in future Fedora releases.
Impact on other Python packages (and generally software using Python)
is not anticipated (other than the possible speedup).
We will also change the
[https://developer.fedoraproject.org/tech/languages/python/multiple-pythons.html
alternate Python interpreters] where possible and useful, primarily
the upstream supported versions of CPython, such as
{{package|python39}} (if already packaged), {{package|python37}} and
{{package|python36}}.
=== Affected Fedora releases ===
This is a Fedora 32 change and it will be implemented in Rawhide
(Fedora 32) only. Any future versions of Fedora will inherit the
change until it is reverted for some reason.
If it turns out that there are absolutely no issues, we might consider
backporting the speedup to already released Fedora versions (for
example Fedora 31). Such action would be separately coordinated with
[https://docs.fedoraproject.org/en-US/fesco/ FESCo].
== Benefit to Fedora ==
Python's performance will increase significantly depending on the
workload. Since many core components of the OS also depend on Python
this could lead to an increase in their performance as well, however
individual benchmarks will need to be conducted to verify the
performance gain for those components.
[https://pyperformance.readthedocs.io/ pyperformance] results,
ignoring differences smaller than 5%:
(See change proposal)
== Scope ==
* Proposal owners:
** Review and merge the
[https://src.fedoraproject.org/rpms/python3/pull-request/151 pull
request with the implementation].
** Monitor Koschei for significant problems.
** Backport the change to alternate Python versions.
* Other developers are encouraged to check if their package works as expected
* Release engineering: N/A (not needed for this Change) -- this change
does not require a mass rebuild nor any other special releng work
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Python package maintainers should verify that their packages work as
expected and the only impact the end users should see is a performance
increase for workloads relying on Python.
== How To Test ==
Test that everything Python related in Fedora works as usual.
=== Was the flag applied test ===
You can test whether the <code>-fno-semantic-interposition</code> flag
was applied for your Python build:
<pre>
>>> import sysconfig
>>> '-fno-semantic-interposition' in (sysconfig.get_config_var('PY_CFLAGS') + sysconfig.get_config_var('PY_CFLAGS_NODIST'))
True
>>> '-fno-semantic-interposition' in (sysconfig.get_config_var('PY_LDFLAGS') + sysconfig.get_config_var('PY_LDFLAGS_NODIST'))
True
</pre>
Before the change, you would see <code>False</code>, <code>False</code>.
=== Performance test ===
The performance speedup can be measured using the official Python
benchmark suite [https://pyperformance.readthedocs.io/ pyperformance]:
see [https://pyperformance.readthedocs.io/usage.html#run-benchmarks
Run benchmarks].
== User Experience ==
Python based workloads should see a performance gain of up to 27%.
== Dependencies ==
This change is not dependent on anything else.
== Contingency Plan ==
* Contingency mechanism: If issues appear that cannot be fixed in a
timely manner the change can be easily reverted and will be considered
again for the next fedora release.
* Contingency deadline: Before the beta freeze of Fedora 32 (2020-02-25)
* Blocks release? Yes
* Blocks product? None
== Documentation ==
This change proposal has all the documentation.
See the [[Changes/PythonStaticSpeedup|previous change proposal]] and
the [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/NWPVQSKVWDKA75PDEIJNJIFL5C5SJXB2/
thread about it on the devel mailing list] for more relevant
information about what we are not doing
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Simplified version of another change proposal|This change was
originally proposed for [[Releases/32|Fedora 32]] as
[[Changes/PythonStaticSpeedup]], however based on
[https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/NWPVQSKVWDKA75PDEIJNJIFL5C5SJXB2/
community feedback], it has been significantly reduced.
== Summary ==
We add the <code>-fno-semantic-interposition</code> compiler/linker
flag when building Python interpreters, as it provides significant
performance improvement, up to 27% depending on the workload. Users
will no longer be able to use LD_PRELOAD to override a symbol from
libpython, which we consider a good trade off for the speedup.
== Owner ==
* Name: [[User:Cstratak| Charalampos Stratakis]], [[User:Vstinner|
Victor Stinner]], [[User:Churchyard| Miro Hrončok]]
* Email: python-maint@redhat.com
* Shout-out: [[User:Jankratochvil|Jan Kratochvíl]] for first
suggesting this instead of the original proposal, followed by
[[User:Kkofler|Kevin Kofler]]. [[User:Fweimer|Florian Weimer]] for
providing answers to our questions. David Gray for originally
suggesting to link Python statically to gain performance.
== Detailed Description ==
When we build the Python interpreter with the
<code>-fno-semantic-interposition</code> compiler/linker flag, we can
achieve a performance gain of 5% to 27% depending on the workload.
Link time optimizations and profile guided optimizations also have a
greater impact when python3 is built this way.
As a negative side effect, it disables the LD_PRELOAD feature: it's no
longer possible to override symbols in libpython with LD_PRELOAD.
Interposition is enabled by default in compilers like GCC: function
calls to a library goes through a "Procedure Linkage Table" (PLT).
This indirection is required to allow a library loaded by LD_PRELOAD
environment variable to override a function. The indirection puts more
pressure on the CPU level 1 cache (instruction cache). In term of
performance, the main drawback is that function calls from a library
to the same library cannot be inlined, to respect the interposition
semantics. Inlining is usually a big win in term of performance.
Disabling interposition for libpython removes the overhead on function
calls by avoiding the PLT indirection, and allows to inline more
function calls. We're describing function calls from libpython to
libpython, something which is very common in Python: almost all
function calls are calls from libpython to libpython.
If Fedora users need to use LD_PRELOAD to override symbols in
libpython, the recommend way is to build a custom Python without
<code>-fno-semantic-interposition</code>.
It is still possible to use LD_PRELOAD to override symbols in other
libraries (for example in glibc).
=== Affected Pythons ===
Primarily, we will change the interpreter in the {{package|python3}}
package, that is Python 3.8 in Fedora 32 and any later version of
Python in future Fedora releases.
Impact on other Python packages (and generally software using Python)
is not anticipated (other than the possible speedup).
We will also change the
[https://developer.fedoraproject.org/tech/languages/python/multiple-pythons.html
alternate Python interpreters] where possible and useful, primarily
the upstream supported versions of CPython, such as
{{package|python39}} (if already packaged), {{package|python37}} and
{{package|python36}}.
=== Affected Fedora releases ===
This is a Fedora 32 change and it will be implemented in Rawhide
(Fedora 32) only. Any future versions of Fedora will inherit the
change until it is reverted for some reason.
If it turns out that there are absolutely no issues, we might consider
backporting the speedup to already released Fedora versions (for
example Fedora 31). Such action would be separately coordinated with
[https://docs.fedoraproject.org/en-US/fesco/ FESCo].
== Benefit to Fedora ==
Python's performance will increase significantly depending on the
workload. Since many core components of the OS also depend on Python
this could lead to an increase in their performance as well, however
individual benchmarks will need to be conducted to verify the
performance gain for those components.
[https://pyperformance.readthedocs.io/ pyperformance] results,
ignoring differences smaller than 5%:
(See change proposal)
== Scope ==
* Proposal owners:
** Review and merge the
[https://src.fedoraproject.org/rpms/python3/pull-request/151 pull
request with the implementation].
** Monitor Koschei for significant problems.
** Backport the change to alternate Python versions.
* Other developers are encouraged to check if their package works as expected
* Release engineering: N/A (not needed for this Change) -- this change
does not require a mass rebuild nor any other special releng work
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Python package maintainers should verify that their packages work as
expected and the only impact the end users should see is a performance
increase for workloads relying on Python.
== How To Test ==
Test that everything Python related in Fedora works as usual.
=== Was the flag applied test ===
You can test whether the <code>-fno-semantic-interposition</code> flag
was applied for your Python build:
<pre>
>>> import sysconfig
>>> '-fno-semantic-interposition' in (sysconfig.get_config_var('PY_CFLAGS') + sysconfig.get_config_var('PY_CFLAGS_NODIST'))
True
>>> '-fno-semantic-interposition' in (sysconfig.get_config_var('PY_LDFLAGS') + sysconfig.get_config_var('PY_LDFLAGS_NODIST'))
True
</pre>
Before the change, you would see <code>False</code>, <code>False</code>.
=== Performance test ===
The performance speedup can be measured using the official Python
benchmark suite [https://pyperformance.readthedocs.io/ pyperformance]:
see [https://pyperformance.readthedocs.io/usage.html#run-benchmarks
Run benchmarks].
== User Experience ==
Python based workloads should see a performance gain of up to 27%.
== Dependencies ==
This change is not dependent on anything else.
== Contingency Plan ==
* Contingency mechanism: If issues appear that cannot be fixed in a
timely manner the change can be easily reverted and will be considered
again for the next fedora release.
* Contingency deadline: Before the beta freeze of Fedora 32 (2020-02-25)
* Blocks release? Yes
* Blocks product? None
== Documentation ==
This change proposal has all the documentation.
See the [[Changes/PythonStaticSpeedup|previous change proposal]] and
the [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/NWPVQSKVWDKA75PDEIJNJIFL5C5SJXB2/
thread about it on the devel mailing list] for more relevant
information about what we are not doing
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Fedora 32 Self-Contained Change proposal: Rebase apt package from apt-rpm to Debian's apt
https://fedoraproject.org/wiki/Changes/Move_apt_package_from_RPM_to_DPKG_backend
== Summary ==
Currently the apt package in Fedora actually installs apt-rpm,
starting with Fedora 32 it will provide the regular apt software
backed by DPKG.
== Owner ==
* Name: [[User:dridi| Dridi Boukelmoune]], [[User:ngompa | Neal Gompa]]
* Email: dridi@fedoraproject.org, ngompa13@gmail.com
== Detailed Description ==
The apt package in Fedora does not ship the mainline apt software from
Debian, but rather the apt-rpm fork instead. This allows a user to
copy and paste apt or apt-get commands often found in "Linux"
tutorials. This will usually work, apt-rpm will resolve dependencies
from the Yum/DNF repositories and since our package naming guidelines
often lead to the same package names as apt-based distributions like
Debian and Ubuntu.
The apt-rpm software is dead upstream and doesn't support rich
dependencies or modules. It also has known vulnerabilities and
according to its author other bugs that are never going to be fixed.
== Benefit to Fedora ==
By switching the Fedora apt package from apt-rpm to regular apt we
move from a dead to a living upstream. We also close security holes
and introduce a critical dependency for more packages from the DPKG
ecosystem. It is already possible to build Deb packages in Fedora,
including with pbuilder, an equivalent for mock in the DPKG ecosystem,
however pbuilder uses debootstrap to provision a build environment.
While we may lose the ability to "apt-get install" Fedora packages
from the command line, we also open the gate for sbuild, another mock
equivalent to build Debs in a clean environment. This change offers
more options to target Debian and derivative systems without leaving
the Fedora comfort zone.
== Scope ==
* Proposal owners: re-review of the apt package with the proper
upstream ([https://bugzilla.redhat.com/show_bug.cgi?id=1764813
RH#1764813]), and optionally more dependent packages.
* Other developers: N/A (not a System Wide Change)
* Release engineering: N/A (not needed for this Change)
* Policies and guidelines: As apt would conflict with DNF for the host
system, we may want to ship it without pre-configured repositories.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Any user actively relying on apt-rpm will lose functionality that
cannot be replaced. Because apt-rpm's version is much lower than the
current apt version, this change will follow the natural upgrade path.
== How To Test ==
If sbuild is packaged in time for the beta, performing builds with
sbuild should be enough to confirm that apt was able to provision a
build root.
== User Experience ==
Anyone used to paste apt-get commands in a terminal will no longer be
able to install or remove Fedora packages this way.
On the other hand anyone needing regular apt tooling will be able to
work with it directly from Fedora.
== Dependencies ==
Apt shouldn't bring more dependencies, it will be the dependency for
more packages from the DPKG ecosystem.
== Contingency Plan ==
* Contingency mechanism: Simply retire apt (apt-rpm)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A
== Documentation ==
Once installed, apt ships multiple manual pages available in several
languages. There will no longer be any references in the shipped apt
package documentation of handling RPMs.
== Release Notes ==
The apt package has been rebased from apt-rpm to Debian's apt. This
means that apt no longer supports handling RPMs or managing RPM-based
systems. Please use dnf for software management of RPM-based systems
and containers.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Currently the apt package in Fedora actually installs apt-rpm,
starting with Fedora 32 it will provide the regular apt software
backed by DPKG.
== Owner ==
* Name: [[User:dridi| Dridi Boukelmoune]], [[User:ngompa | Neal Gompa]]
* Email: dridi@fedoraproject.org, ngompa13@gmail.com
== Detailed Description ==
The apt package in Fedora does not ship the mainline apt software from
Debian, but rather the apt-rpm fork instead. This allows a user to
copy and paste apt or apt-get commands often found in "Linux"
tutorials. This will usually work, apt-rpm will resolve dependencies
from the Yum/DNF repositories and since our package naming guidelines
often lead to the same package names as apt-based distributions like
Debian and Ubuntu.
The apt-rpm software is dead upstream and doesn't support rich
dependencies or modules. It also has known vulnerabilities and
according to its author other bugs that are never going to be fixed.
== Benefit to Fedora ==
By switching the Fedora apt package from apt-rpm to regular apt we
move from a dead to a living upstream. We also close security holes
and introduce a critical dependency for more packages from the DPKG
ecosystem. It is already possible to build Deb packages in Fedora,
including with pbuilder, an equivalent for mock in the DPKG ecosystem,
however pbuilder uses debootstrap to provision a build environment.
While we may lose the ability to "apt-get install" Fedora packages
from the command line, we also open the gate for sbuild, another mock
equivalent to build Debs in a clean environment. This change offers
more options to target Debian and derivative systems without leaving
the Fedora comfort zone.
== Scope ==
* Proposal owners: re-review of the apt package with the proper
upstream ([https://bugzilla.redhat.com/show_bug.cgi?id=1764813
RH#1764813]), and optionally more dependent packages.
* Other developers: N/A (not a System Wide Change)
* Release engineering: N/A (not needed for this Change)
* Policies and guidelines: As apt would conflict with DNF for the host
system, we may want to ship it without pre-configured repositories.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Any user actively relying on apt-rpm will lose functionality that
cannot be replaced. Because apt-rpm's version is much lower than the
current apt version, this change will follow the natural upgrade path.
== How To Test ==
If sbuild is packaged in time for the beta, performing builds with
sbuild should be enough to confirm that apt was able to provision a
build root.
== User Experience ==
Anyone used to paste apt-get commands in a terminal will no longer be
able to install or remove Fedora packages this way.
On the other hand anyone needing regular apt tooling will be able to
work with it directly from Fedora.
== Dependencies ==
Apt shouldn't bring more dependencies, it will be the dependency for
more packages from the DPKG ecosystem.
== Contingency Plan ==
* Contingency mechanism: Simply retire apt (apt-rpm)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A
== Documentation ==
Once installed, apt ships multiple manual pages available in several
languages. There will no longer be any references in the shipped apt
package documentation of handling RPMs.
== Release Notes ==
The apt package has been rebased from apt-rpm to Debian's apt. This
means that apt no longer supports handling RPMs or managing RPM-based
systems. Please use dnf for software management of RPM-based systems
and containers.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default
https://fedoraproject.org/wiki/Changes/DisallowEmptyPasswordsByDefault
== Summary ==
Remove ''nullok'' parameter from pam_unix module in default PAM
configuration in order to disallow authentication with empty password.
== Owner ==
* Name: [[User:pbrezina| Pavel Březina]]
* Email: <pbrezina@redhat.com>
== Detailed Description ==
Current default configuration allows users to login with an empty
password by setting nullok parameter to pam_unix module. This affects
only logins to local machine, it does not affect ssh logins as this
must be explicitly allowed in sshd_config. We want to disallow empty
password by default for local logins as well to improve system
hardening.
Note: It is possible to disallow empty passwords with authselect call
(authselect enable-feature without-nullok) or by removing nullok
manually, however it creates possible issues in other components that
must be addressed.
=== Affected Components ===
* '''passwd''' - calling passwd -d to remove users password must be
denied if empty passwords are disallowed otherwise the user will be
locked out of the system
* '''AccountService''' - D-Bus methods ''SetPassword'' and
''SetPasswordMode'' on ''org.freedesktop.Accounts.User'' interface can
remove user's password and lock the user out of the system if empty
password is disallowed. These calls must be denied in this case.
Additionally, these methods can be run by normal users as opposed to
''passwd -d'' and ''chage -d 0'' which can be run only by root.
Therefore only root should be able to call these methods.
* '''Gnome's Control Center''' - when creating new users, it provides
an option to "require password to be set on first login" which creates
user with expired empty password. This would again lock the user out
of the system.
* '''Other Desktop Environments''' - may have the same issue as Gnome
Control Center
=== Solution Step by Step ===
==== Step 1) Provide a unified way to read if nullok is enabled or not ====
We will create an authselect library call that would parse existing
PAM configuration (not necessarily generated by authselect) and return
list of enabled/disabled features. We will implement only ''nullok''
feature in the scope of this change but if needed it can be extended
in the future.
==== Step 2) Fix passwd -d ====
Calling ''passwd -d'' to remove user's password will fail if
''nullok'' is disabled.
==== Step 3) Fix AccountService ====
These methods on ''org.freedesktop.Accounts.User'' D-Bus interface
will be callable only by ''root'' and must return an error if
''nullok'' is disabled.
SetPasswordMode
SetPassword("", hint)
==== Step 4) Fix Desktop Environments ====
"Require password change on next login" must keep working. This
feature currently relies on setting an empty password. A new option
''nullresetok'' will be implemented for ''pam_unix'' module that will
allow user to authenticate with empty password only if a password
change for this user is enforced upon login. Authentication with empty
passwords which are not expired will be prohibited (unless ''nullok''
is set).
==== Step 5) Update PAM configuration to disable nullok by default ====
In authselect and pam components for new installations. Upgrading from
older systems will keep nullok present.
== Benefit to Fedora ==
Changes in described components (Step 1 - Step 4) are necessary to
implement in order to make sure that user accounts and tools works
correctly when authentication with empty password is disabled by
system administrator. Changing system default to disallow
authentication with empty passwords (Step 5) improves system
hardening.
== Scope ==
* Proposal owners: Coordinate the work. Make sure all required changes
are implemented.
* Other developers: All affected component must be fixed. Changes are
described in ''Detailed Description''
* Release engineering: [https://pagure.io/releng/issue/9038 #9038] (a
check of an impact with Release Engineering is needed) <!-- REQUIRED
FOR SYSTEM WIDE CHANGES -->
<!-- Does this feature require coordination with release engineering
(e.g. changes to installer image generation or update package
delivery)? Is a mass rebuild required? include a link to the releng
issue.
The issue is required to be filed prior to feature submission, to
ensure that someone is on board to do any process development work and
testing, and that all changes make it into the pipeline; a bullet
point in a change is not sufficient communication -->
* Policies and guidelines: No updates needed.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
This does not affect system upgrades because only new installation
will have changed default.
== How To Test ==
* Calling ''passwd -d user'' as root must fail with default configuration.
* Calling ''org.freedesktop.Accounts.User.SetPassword("", hint)'' and
''org.freedesktop.Accounts.User.SetPasswordMode(x)'' must fail with
default configuration.
* "require password reset on first login" must keep working when
creating users from Desktop Environment's GUI tools
== User Experience ==
Users will no longer be able to use empty passwords by default.
== Dependencies ==
None.
== Contingency Plan ==
* Contingency mechanism: Default behavior will not be changed.
* Contingency deadline: Beta
* Blocks release? No
* Blocks product? No
== Documentation ==
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Remove ''nullok'' parameter from pam_unix module in default PAM
configuration in order to disallow authentication with empty password.
== Owner ==
* Name: [[User:pbrezina| Pavel Březina]]
* Email: <pbrezina@redhat.com>
== Detailed Description ==
Current default configuration allows users to login with an empty
password by setting nullok parameter to pam_unix module. This affects
only logins to local machine, it does not affect ssh logins as this
must be explicitly allowed in sshd_config. We want to disallow empty
password by default for local logins as well to improve system
hardening.
Note: It is possible to disallow empty passwords with authselect call
(authselect enable-feature without-nullok) or by removing nullok
manually, however it creates possible issues in other components that
must be addressed.
=== Affected Components ===
* '''passwd''' - calling passwd -d to remove users password must be
denied if empty passwords are disallowed otherwise the user will be
locked out of the system
* '''AccountService''' - D-Bus methods ''SetPassword'' and
''SetPasswordMode'' on ''org.freedesktop.Accounts.User'' interface can
remove user's password and lock the user out of the system if empty
password is disallowed. These calls must be denied in this case.
Additionally, these methods can be run by normal users as opposed to
''passwd -d'' and ''chage -d 0'' which can be run only by root.
Therefore only root should be able to call these methods.
* '''Gnome's Control Center''' - when creating new users, it provides
an option to "require password to be set on first login" which creates
user with expired empty password. This would again lock the user out
of the system.
* '''Other Desktop Environments''' - may have the same issue as Gnome
Control Center
=== Solution Step by Step ===
==== Step 1) Provide a unified way to read if nullok is enabled or not ====
We will create an authselect library call that would parse existing
PAM configuration (not necessarily generated by authselect) and return
list of enabled/disabled features. We will implement only ''nullok''
feature in the scope of this change but if needed it can be extended
in the future.
==== Step 2) Fix passwd -d ====
Calling ''passwd -d'' to remove user's password will fail if
''nullok'' is disabled.
==== Step 3) Fix AccountService ====
These methods on ''org.freedesktop.Accounts.User'' D-Bus interface
will be callable only by ''root'' and must return an error if
''nullok'' is disabled.
SetPasswordMode
SetPassword("", hint)
==== Step 4) Fix Desktop Environments ====
"Require password change on next login" must keep working. This
feature currently relies on setting an empty password. A new option
''nullresetok'' will be implemented for ''pam_unix'' module that will
allow user to authenticate with empty password only if a password
change for this user is enforced upon login. Authentication with empty
passwords which are not expired will be prohibited (unless ''nullok''
is set).
==== Step 5) Update PAM configuration to disable nullok by default ====
In authselect and pam components for new installations. Upgrading from
older systems will keep nullok present.
== Benefit to Fedora ==
Changes in described components (Step 1 - Step 4) are necessary to
implement in order to make sure that user accounts and tools works
correctly when authentication with empty password is disabled by
system administrator. Changing system default to disallow
authentication with empty passwords (Step 5) improves system
hardening.
== Scope ==
* Proposal owners: Coordinate the work. Make sure all required changes
are implemented.
* Other developers: All affected component must be fixed. Changes are
described in ''Detailed Description''
* Release engineering: [https://pagure.io/releng/issue/9038 #9038] (a
check of an impact with Release Engineering is needed) <!-- REQUIRED
FOR SYSTEM WIDE CHANGES -->
<!-- Does this feature require coordination with release engineering
(e.g. changes to installer image generation or update package
delivery)? Is a mass rebuild required? include a link to the releng
issue.
The issue is required to be filed prior to feature submission, to
ensure that someone is on board to do any process development work and
testing, and that all changes make it into the pipeline; a bullet
point in a change is not sufficient communication -->
* Policies and guidelines: No updates needed.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
This does not affect system upgrades because only new installation
will have changed default.
== How To Test ==
* Calling ''passwd -d user'' as root must fail with default configuration.
* Calling ''org.freedesktop.Accounts.User.SetPassword("", hint)'' and
''org.freedesktop.Accounts.User.SetPasswordMode(x)'' must fail with
default configuration.
* "require password reset on first login" must keep working when
creating users from Desktop Environment's GUI tools
== User Experience ==
Users will no longer be able to use empty passwords by default.
== Dependencies ==
None.
== Contingency Plan ==
* Contingency mechanism: Default behavior will not be changed.
* Contingency deadline: Beta
* Blocks release? No
* Blocks product? No
== Documentation ==
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Fedora 32 System-Wide Change proposal: The GNU C Library version 2.31
https://fedoraproject.org/wiki/Changes/GLIBC231
== Summary ==
Switch glibc in Fedora 32 to glibc version 2.31.
== Owner ==
* Name: [[User:submachine|Arjun Shankar]]
* Email: arjun@redhat.com
== Detailed Description ==
The GNU C Library version 2.31 will be released at the beginning of
February 2020; we have started closely tracking the glibc 2.31
development code in Fedora Rawhide and are addressing any issues as
they arise. Given the present schedule Fedora 32 will branch after the
GLIBC 2.31 upstream release. However, the mass rebuild schedule means
Fedora 32 will mass rebuild (if required) after GLIBC 2.31 upstream
freezes ABI for release, but before the actual release, so careful
attention must be paid to any last minute ABI changes.
== Benefit to Fedora ==
Stays up to date with latest security and bug fixes from glibc upstream.
== Scope ==
* Proposal owners: Update glibc to 2.31.
* Other developers: Developers need to ensure that rawhide is stable
and ready for the Fedora 32 branch. Given that glibc is backwards
compatible and we have been testing the new glibc in rawhide it should
make very little impact when updated, except for the occasional
deprecation warnings and removal of legacy interfaces from public
header files.
* Release engineering: [https://pagure.io/releng/issue/9040 #9040]
* Policies and guidelines: The policies and guidelines do not need to
be updated.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
The library is backwards compatible with the version of glibc that was
shipped in Fedora 31.
Some packaging changes required, see:
https://sourceware.org/glibc/wiki/Release/2.31#Packaging_Changes
We fully expect to fix all packaging changes in Fedora Rawhide given
that glibc in Rawhide is tracking what will become glibc 2.31.
== How To Test ==
The GNU C Library has its own testsuite, which is run during the
package build and examined by the glibc developers before being
uploaded. This test suite has over 6200 tests that run to verify the
correct operation of the library. In the future may also run the
microbenchmark to look for performance regressions.
== User Experience ==
Users will see improved performance, many bugfixes and improvements to
POSIX compliance, additional locales, etc. The glibc 2.31 NEWS update
will include more details.
== Dependencies ==
All packages do not need to be rebuilt.
== Contingency Plan ==
* Contingency mechanism: Given that Rawhide has started tracking glibc
2.31, no show-stopper problems are expected. At this point, we can
still revert to upstream version 2.30 if insurmountable problems
appear, but to do so may require a mass rebuild to remove new symbols
from the ABI/API.
* Contingency deadline: Upstream ABI freeze deadline of 2020-01-01.
* Blocks release? Yes, upgrading glibc does block the release. We
should not ship without a newer glibc, there will be gcc and language
features that depend on glibc being upgraded. Thus without the upgrade
some features will be disabled or fall back to less optimal
implementations.
== Documentation ==
The glibc manual contains the documentation for the release and
doesn't need any more additional work.
== Release Notes ==
The GNU C Library version 2.31 will be released at the beginning of
February 2020. The current NEWS notes can be seen here as they are
added: https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;hb=HEAD
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Switch glibc in Fedora 32 to glibc version 2.31.
== Owner ==
* Name: [[User:submachine|Arjun Shankar]]
* Email: arjun@redhat.com
== Detailed Description ==
The GNU C Library version 2.31 will be released at the beginning of
February 2020; we have started closely tracking the glibc 2.31
development code in Fedora Rawhide and are addressing any issues as
they arise. Given the present schedule Fedora 32 will branch after the
GLIBC 2.31 upstream release. However, the mass rebuild schedule means
Fedora 32 will mass rebuild (if required) after GLIBC 2.31 upstream
freezes ABI for release, but before the actual release, so careful
attention must be paid to any last minute ABI changes.
== Benefit to Fedora ==
Stays up to date with latest security and bug fixes from glibc upstream.
== Scope ==
* Proposal owners: Update glibc to 2.31.
* Other developers: Developers need to ensure that rawhide is stable
and ready for the Fedora 32 branch. Given that glibc is backwards
compatible and we have been testing the new glibc in rawhide it should
make very little impact when updated, except for the occasional
deprecation warnings and removal of legacy interfaces from public
header files.
* Release engineering: [https://pagure.io/releng/issue/9040 #9040]
* Policies and guidelines: The policies and guidelines do not need to
be updated.
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
The library is backwards compatible with the version of glibc that was
shipped in Fedora 31.
Some packaging changes required, see:
https://sourceware.org/glibc/wiki/Release/2.31#Packaging_Changes
We fully expect to fix all packaging changes in Fedora Rawhide given
that glibc in Rawhide is tracking what will become glibc 2.31.
== How To Test ==
The GNU C Library has its own testsuite, which is run during the
package build and examined by the glibc developers before being
uploaded. This test suite has over 6200 tests that run to verify the
correct operation of the library. In the future may also run the
microbenchmark to look for performance regressions.
== User Experience ==
Users will see improved performance, many bugfixes and improvements to
POSIX compliance, additional locales, etc. The glibc 2.31 NEWS update
will include more details.
== Dependencies ==
All packages do not need to be rebuilt.
== Contingency Plan ==
* Contingency mechanism: Given that Rawhide has started tracking glibc
2.31, no show-stopper problems are expected. At this point, we can
still revert to upstream version 2.30 if insurmountable problems
appear, but to do so may require a mass rebuild to remove new symbols
from the ABI/API.
* Contingency deadline: Upstream ABI freeze deadline of 2020-01-01.
* Blocks release? Yes, upgrading glibc does block the release. We
should not ship without a newer glibc, there will be gcc and language
features that depend on glibc being upgraded. Thus without the upgrade
some features will be disabled or fall back to less optimal
implementations.
== Documentation ==
The glibc manual contains the documentation for the release and
doesn't need any more additional work.
== Release Notes ==
The GNU C Library version 2.31 will be released at the beginning of
February 2020. The current NEWS notes can be seen here as they are
added: https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;hb=HEAD
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
[USN-4199-1] libvpx vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3b7LwACgkQZWnYVadE
vpNAtQ//ctYufz1CRR+MehWLEbI4Ux5GCtQNXIyjKdwM+vY0OEy5yhQXrdfBqm4c
489B+OAkxqD608fDUUjPoW3jdxtQeBQqx1XCK504d4b+JK0WzDxmbSt/jNh4OAzc
Jvtvbw8eZr9+hQUDNzuJEj6Ff39XO3QhE/YEBHpiSoHbrz/M3bvYWrJaCJWr/iJp
jJl0wZNWINk2VQxTDJm5f+R59n9vGqhYO0eO/Wu+ysD2VhokjdfImzjGXY5Z1zcN
lhFSVxFUb6olEMn73LuehXJ4tRrr5hOTonXOCGO7y8iEP1n72SCVWRlp6Savl/Iw
tOD6egR1EP/qqxHYwz/F14uci2BDvJkx5DFHi+GHanBWFWnvRnmXdmX4yns79XSe
MOUx8ly6iaIse9pVsZ1fdfLz/mGo4IuLwhqx/0oRRaXk14tVacn+pO0J9hgrV2R4
/PrkQxelePAD/T4pg15Ynqas5KXtGU8WbY5yOPm2SitsbTW+c901Zf0N6S2nib8h
M3Dqema9m6xG7fSM8oM3fSyYiin5UFwQFStvTMBzhKa1CO0AUJ5obBt/t7pkkYGZ
fdTPfJj+iKp00hcAbSFaZOIGII5L7uCXT4ku9O0TyIQkn+a8Jdu/W+jCA0BWh7FF
3TOEeA+5BDzs0HpL548XFhJo5qCckjUopSkGIHlaoTx0+CTdHYM=
=xuWp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4199-1
November 25, 2019
libvpx vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in libvpx.
Software Description:
- libvpx: VP8 and VP9 video codec
Details:
It was discovered that libvpx did not properly handle certain malformed
WebM media files. If an application using libvpx opened a specially crafted
WebM file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libvpx5 1.7.0-3ubuntu0.19.04.1
Ubuntu 18.04 LTS:
libvpx5 1.7.0-3ubuntu0.18.04.1
Ubuntu 16.04 LTS:
libvpx3 1.5.0-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4199-1
CVE-2017-13194, CVE-2019-2126, CVE-2019-9232, CVE-2019-9325,
CVE-2019-9371, CVE-2019-9433
Package Information:
https://launchpad.net/ubuntu/+source/libvpx/1.7.0-3ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/libvpx/1.7.0-3ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/libvpx/1.5.0-2ubuntu1.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3b7LwACgkQZWnYVadE
vpNAtQ//ctYufz1CRR+MehWLEbI4Ux5GCtQNXIyjKdwM+vY0OEy5yhQXrdfBqm4c
489B+OAkxqD608fDUUjPoW3jdxtQeBQqx1XCK504d4b+JK0WzDxmbSt/jNh4OAzc
Jvtvbw8eZr9+hQUDNzuJEj6Ff39XO3QhE/YEBHpiSoHbrz/M3bvYWrJaCJWr/iJp
jJl0wZNWINk2VQxTDJm5f+R59n9vGqhYO0eO/Wu+ysD2VhokjdfImzjGXY5Z1zcN
lhFSVxFUb6olEMn73LuehXJ4tRrr5hOTonXOCGO7y8iEP1n72SCVWRlp6Savl/Iw
tOD6egR1EP/qqxHYwz/F14uci2BDvJkx5DFHi+GHanBWFWnvRnmXdmX4yns79XSe
MOUx8ly6iaIse9pVsZ1fdfLz/mGo4IuLwhqx/0oRRaXk14tVacn+pO0J9hgrV2R4
/PrkQxelePAD/T4pg15Ynqas5KXtGU8WbY5yOPm2SitsbTW+c901Zf0N6S2nib8h
M3Dqema9m6xG7fSM8oM3fSyYiin5UFwQFStvTMBzhKa1CO0AUJ5obBt/t7pkkYGZ
fdTPfJj+iKp00hcAbSFaZOIGII5L7uCXT4ku9O0TyIQkn+a8Jdu/W+jCA0BWh7FF
3TOEeA+5BDzs0HpL548XFhJo5qCckjUopSkGIHlaoTx0+CTdHYM=
=xuWp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4199-1
November 25, 2019
libvpx vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in libvpx.
Software Description:
- libvpx: VP8 and VP9 video codec
Details:
It was discovered that libvpx did not properly handle certain malformed
WebM media files. If an application using libvpx opened a specially crafted
WebM file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libvpx5 1.7.0-3ubuntu0.19.04.1
Ubuntu 18.04 LTS:
libvpx5 1.7.0-3ubuntu0.18.04.1
Ubuntu 16.04 LTS:
libvpx3 1.5.0-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4199-1
CVE-2017-13194, CVE-2019-2126, CVE-2019-9232, CVE-2019-9325,
CVE-2019-9371, CVE-2019-9433
Package Information:
https://launchpad.net/ubuntu/+source/libvpx/1.7.0-3ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/libvpx/1.7.0-3ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/libvpx/1.5.0-2ubuntu1.1
[USN-4189-2] DPDK regression
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3b06wACgkQZWnYVadE
vpMNPA//VxP2TCurLyMov+jeOC5TFFVXQkaC+Kx8WxTQ2L00UDluGiRrgk342ugI
0cOuzY/XmpPnX2vHgq8mnVYQwj/VxHikZyNcz0VcbERJX5pM6ERTI2JR9G4q3+Fk
RdMRuMjIXKW4boxSdNgL2ki+Lx/Q9RgqG5V+IDMTz/589fmDtWs9pXQlqU5wLViR
bWJru99P24QmxYYD9NKbmbK6dC2/ALlR9jDTvCU3TuMA5EOQmozMhjtXFf5m66K8
HKo4iLgA/MTeNsEf75DKVTZEIr/b6VEAn5EmvxsRPxddVJv8rysfWKuptegPRSRm
1PfzwUxcRD/60PMgYMGkxCPSpket6LQN7TANVh25LZz671jLSepOC7zLRjaNkthd
BdH20vseamU09bv7FrXN9ph64hwKls5Uwn82J4Ec/9gnA/KRb+Kfj7OfIAybCoSk
ldq4zRNMgGmtEvkBS+fOaTRUBForeK44LH99fT0ljtomVPOqlT38f+Fmnce1QucI
8NY2t5kmAPDjE3OEJxTJlFrViFTdoV4psnSZhZyl0s69AsOornfzVarCqKxEJJbf
99FrTBuKJK5jY0qdXovIsoZWgmUfDHNicHKBwN3c70GJ+uZk1TKm/xaotvA4nuya
XIelvqZlRsre3YUXGs1Q6jnh3byxGZ7bMGWoIc6deVaR8vBADx8=
=T+WY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4189-2
November 25, 2019
dpdk regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 19.04
- Ubuntu 18.04 LTS
Summary:
USN-4189-1 introduced a regression in DPDK.
Software Description:
- dpdk: set of libraries for fast packet processing
Details:
USN-4189-1 fixed a vulnerability in DPDK. The new version introduced a
regression in certain environments. This update fixes the problem.
Original advisory details:
Jason Wang discovered that DPDK incorrectly handled certain messages. An
attacker in a malicious container could possibly use this issue to cause
DPDK to leak resources, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
dpdk 18.11.5-0ubuntu0.19.10.1
Ubuntu 19.04:
dpdk 18.11.5-0ubuntu0.19.04.1
Ubuntu 18.04 LTS:
dpdk 17.11.9-0ubuntu18.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/4189-2
https://usn.ubuntu.com/4189-1
https://launchpad.net/bugs/1853463
Package Information:
https://launchpad.net/ubuntu/+source/dpdk/18.11.5-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/dpdk/18.11.5-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/dpdk/17.11.9-0ubuntu18.04.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3b06wACgkQZWnYVadE
vpMNPA//VxP2TCurLyMov+jeOC5TFFVXQkaC+Kx8WxTQ2L00UDluGiRrgk342ugI
0cOuzY/XmpPnX2vHgq8mnVYQwj/VxHikZyNcz0VcbERJX5pM6ERTI2JR9G4q3+Fk
RdMRuMjIXKW4boxSdNgL2ki+Lx/Q9RgqG5V+IDMTz/589fmDtWs9pXQlqU5wLViR
bWJru99P24QmxYYD9NKbmbK6dC2/ALlR9jDTvCU3TuMA5EOQmozMhjtXFf5m66K8
HKo4iLgA/MTeNsEf75DKVTZEIr/b6VEAn5EmvxsRPxddVJv8rysfWKuptegPRSRm
1PfzwUxcRD/60PMgYMGkxCPSpket6LQN7TANVh25LZz671jLSepOC7zLRjaNkthd
BdH20vseamU09bv7FrXN9ph64hwKls5Uwn82J4Ec/9gnA/KRb+Kfj7OfIAybCoSk
ldq4zRNMgGmtEvkBS+fOaTRUBForeK44LH99fT0ljtomVPOqlT38f+Fmnce1QucI
8NY2t5kmAPDjE3OEJxTJlFrViFTdoV4psnSZhZyl0s69AsOornfzVarCqKxEJJbf
99FrTBuKJK5jY0qdXovIsoZWgmUfDHNicHKBwN3c70GJ+uZk1TKm/xaotvA4nuya
XIelvqZlRsre3YUXGs1Q6jnh3byxGZ7bMGWoIc6deVaR8vBADx8=
=T+WY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4189-2
November 25, 2019
dpdk regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 19.04
- Ubuntu 18.04 LTS
Summary:
USN-4189-1 introduced a regression in DPDK.
Software Description:
- dpdk: set of libraries for fast packet processing
Details:
USN-4189-1 fixed a vulnerability in DPDK. The new version introduced a
regression in certain environments. This update fixes the problem.
Original advisory details:
Jason Wang discovered that DPDK incorrectly handled certain messages. An
attacker in a malicious container could possibly use this issue to cause
DPDK to leak resources, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
dpdk 18.11.5-0ubuntu0.19.10.1
Ubuntu 19.04:
dpdk 18.11.5-0ubuntu0.19.04.1
Ubuntu 18.04 LTS:
dpdk 17.11.9-0ubuntu18.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/4189-2
https://usn.ubuntu.com/4189-1
https://launchpad.net/bugs/1853463
Package Information:
https://launchpad.net/ubuntu/+source/dpdk/18.11.5-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/dpdk/18.11.5-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/dpdk/17.11.9-0ubuntu18.04.1
[arch-announce] primus_vk>=1.3-1 update requires manual intervention
The primus_vk package prior to version 1.3-1 was missing some soname links. This has been fixed in 1.3-1 so the upgrade will need to overwrite the untracked soname links. If you get an error like:
primus_vk: /usr/lib/libnv_vulkan_wrapper.so.1 exists in filesystem
primus_vk: /usr/lib/libprimus_vk.so.1 exists in filesystem
when updating, use:
`pacman -Syu --overwrite=/usr/lib/libnv_vulkan_wrapper.so.1,/usr/lib/libprimus_vk.so.1`
to perform the upgrade.
URL: https://www.archlinux.org/news/primus_vk13-1-update-requires-manual-intervention/
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
primus_vk: /usr/lib/libnv_vulkan_wrapper.so.1 exists in filesystem
primus_vk: /usr/lib/libprimus_vk.so.1 exists in filesystem
when updating, use:
`pacman -Syu --overwrite=/usr/lib/libnv_vulkan_wrapper.so.1,/usr/lib/libprimus_vk.so.1`
to perform the upgrade.
URL: https://www.archlinux.org/news/primus_vk13-1-update-requires-manual-intervention/
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
Orphaned packages looking for new maintainers
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will be retired when the affected package gets retired.
Request package ownership via releng issues:
https://pagure.io/releng/issues
Full report available at:
https://churchyard.fedorapeople.org/orphans-2019-11-25.txt
grep it for your FAS username and follow the dependency chain.
Package (co)maintainers Status Change
================================================================================
ExchangeIR orphan 1 weeks ago
FUR orphan 2 weeks ago
airsnort orphan 2 weeks ago
apache-logging-parent mizdebsk, orphan 1 weeks ago
apache-mime4j orphan 4 weeks ago
apt-cacher-ng orphan 1 weeks ago
archaius orphan 1 weeks ago
archmage lbazan, orphan 0 weeks ago
audit-viewer mitr, orphan 0 weeks ago
avalon-logkit jerboaa, mizdebsk, orphan 0 weeks ago
base64coder jcapik, mizdebsk, orphan 2 weeks ago
batik jvanek, mizdebsk, orphan 2 weeks ago
buildnumber-maven-plugin orphan 0 weeks ago
bval orphan 1 weeks ago
camotics orphan 1 weeks ago
cduce orphan 1 weeks ago
clapham orphan 1 weeks ago
classmate lef, orphan 3 weeks ago
cli-parser lef, orphan 3 weeks ago
csstidy orphan 1 weeks ago
delve go-sig, orphan 1 weeks ago
dillo aarem, orphan 2 weeks ago
eclipse-anyedit eclipse-sig, orphan, swagiaal 1 weeks ago
eclipse-avr orphan 1 weeks ago
eclipse-cdt akurtakov, eclipse-sig, 4 weeks ago
jjohnstn, kdaniel, orphan,
rgrunber
eclipse-checkstyle akurtakov, eclipse-sig, orphan 1 weeks ago
eclipse-color-theme eclipse-sig, orphan 1 weeks ago
eclipse-dltk akurtakov, eclipse-sig, 1 weeks ago
kdaniel, orphan, rgrunber
eclipse-egit akurtakov, arobinso, eclipse- 1 weeks ago
sig, jerboaa, jjohnstn,
kdaniel, nguzman, orphan,
rgrunber
eclipse-emf akurtakov, eclipse-sig, 1 weeks ago
jjohnstn, kdaniel, orphan,
rgrunber
eclipse-epic eclipse-sig, orphan 1 weeks ago
eclipse-gef akurtakov, eclipse-sig, 1 weeks ago
kdaniel, orphan, rgrunber
eclipse-launchbar eclipse-sig, orphan, sopotc 3 weeks ago
eclipse-license eclipse-sig, orphan 1 weeks ago
eclipse-m2e-antlr eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-apt eclipse-sig, orphan 1 weeks ago
eclipse-m2e-buildhelper eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-core eclipse-sig, galileo, 1 weeks ago
mizdebsk, orphan
eclipse-m2e-cxf eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-egit eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-maven-dependency- mizdebsk, orphan 1 weeks ago
plugin
eclipse-m2e-mavenarchiver eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-mavendev eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-modello eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-plexus eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-sisu eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-takari mizdebsk, orphan 1 weeks ago
eclipse-m2e-tycho eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-workspace eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-wtp eclipse-sig, orphan 1 weeks ago
eclipse-nls orphan 1 weeks ago
eclipse-pdt eclipse-sig, orphan 1 weeks ago
eclipse-quickrex eclipse-sig, orphan 1 weeks ago
eclipse-remote eclipse-sig, orphan 1 weeks ago
eclipse-sgx orphan 1 weeks ago
eclipse-subclipse eclipse-sig, kdaniel, orphan 1 weeks ago
eclipse-testng eclipse-sig, orphan 1 weeks ago
eclipse-usage eclipse-sig, orphan 1 weeks ago
eclipse-webtools eclipse-sig, galileo, orphan 1 weeks ago
extra166y orphan 5 weeks ago
fabric orphan 1 weeks ago
fbdesk orphan 2 weeks ago
felix-osgi-foundation orphan 5 weeks ago
ferm orphan, slankes 1 weeks ago
forge-parent huwang, mizdebsk, orphan 0 weeks ago
giis orphan 1 weeks ago
gipfel orphan 1 weeks ago
glassfish-gmbal orphan 3 weeks ago
glassfish-management-api orphan 3 weeks ago
glassfish-pfl orphan 3 weeks ago
glob2 cheese, orphan 1 weeks ago
glusterd2 kkeithle, orphan 1 weeks ago
gns3-gui orphan 1 weeks ago
gns3-net-converter orphan 1 weeks ago
gns3-server orphan 1 weeks ago
golang-github-10gen-openssl go-sig, jchaloup, mskalick, 1 weeks ago
orphan
graphite-web jamielinux, orphan, piotrp 1 weeks ago
grizzly orphan 3 weeks ago
grizzly-npn orphan 3 weeks ago
guestfs-browser orphan 1 weeks ago
hamcrest akurtakov, jerboaa, mizdebsk, 0 weeks ago
orphan
hibernate-jpa-2.0-api orphan 1 weeks ago
ht orphan 2 weeks ago
hystrix orphan 0 weeks ago
ioprocess dougsland, nsoffer, orphan, 1 weeks ago
smizrahi
isight-firmware-tools jmontleon, orphan 4 weeks ago
jackson mizdebsk, orphan 1 weeks ago
jackson-dataformat-xml dchen, lef, orphan 3 weeks ago
jandex orphan 1 weeks ago
jandex-maven-plugin lef, orphan 3 weeks ago
java-oauth lef, orphan 3 weeks ago
jboss-connector-1.6-api gil, lef, orphan 3 weeks ago
jboss-jaspi-1.1-api lef, orphan 3 weeks ago
jboss-jsp-2.3-api orphan 2 weeks ago
jboss-transaction-1.1-api orphan 1 weeks ago
jcsp orphan 5 weeks ago
jdo-api gil, lef, moceap, orphan 1 weeks ago
jersey dchen, gwei3, orphan 3 weeks ago
jogl2 orphan 1 weeks ago
jove orphan 1 weeks ago
lcms ajax, alexl, caillon, caolanm, 2 weeks ago
gnome-sig, johnp, mbarnes,
orphan, rhughes, rstrode, ssp
libee mbartos, orphan 0 weeks ago
libetpan orphan, simo 2 weeks ago
libgovirt orphan 1 weeks ago
libktorrent kde-sig, liquidat, nucleo, 4 weeks ago
orphan, rdieter, tuxbrewr
libmimedir orphan 2 weeks ago
libnxml orphan 2 weeks ago
libopensync-plugin-evolution2 mcrha, orphan 2 weeks ago
libopensync-plugin-file orphan 2 weeks ago
libopensync-plugin-gpe orphan 2 weeks ago
libopensync-plugin-moto orphan 2 weeks ago
libopensync-plugin-opie orphan 2 weeks ago
libopensync-plugin-synce orphan 2 weeks ago
libpolyxmass orphan 2 weeks ago
libpqxx daveisfera, orphan, rdieter 2 weeks ago
libsynce orphan 2 weeks ago
libx86 jcpunk, orphan 1 weeks ago
lv2-abGate orphan 1 weeks ago
lv2-kn0ck0ut orphan 1 weeks ago
maven-checkstyle-plugin lef, mizdebsk, orphan 1 weeks ago
maven-deploy-plugin orphan 0 weeks ago
maven-eclipse-plugin orphan 1 weeks ago
maven-invoker-plugin mizdebsk, orphan 0 weeks ago
maven-war-plugin mizdebsk, orphan 0 weeks ago
memoryfilesystem orphan 0 weeks ago
mimepull java-sig, lef, orphan 3 weeks ago
msynctool orphan 2 weeks ago
multibit-commons orphan 1 weeks ago
multibit-hardware orphan 1 weeks ago
multiverse orphan 5 weeks ago
munge orphan 1 weeks ago
mustache-java dchen, lef, mizdebsk, orphan 3 weeks ago
netty3 jerboaa, lef, orphan 3 weeks ago
nm-tray lxqt-sig, orphan 1 weeks ago
nodejs-buffertools nodejs-sig, orphan 1 weeks ago
nodejs-compressible nodejs-sig, orphan, patches 1 weeks ago
nodejs-dateformat nodejs-sig, orphan, patches 1 weeks ago
nodejs-encodeurl nodejs-sig, orphan 1 weeks ago
nodejs-eyes nodejs-sig, orphan, patches 1 weeks ago
nodejs-finalhandler nodejs-sig, orphan 1 weeks ago
nodejs-grunt-legacy-util nodejs-sig, orphan, patches, 1 weeks ago
piotrp
nodejs-load-grunt-tasks nodejs-sig, orphan, patches 1 weeks ago
nodejs-method-override nodejs-sig, orphan, patches 1 weeks ago
nodejs-moment nodejs-sig, orphan, patches 1 weeks ago
nodejs-negotiator nodejs-sig, orphan, patches 1 weeks ago
nodejs-raw-body nodejs-sig, orphan, patches 1 weeks ago
nodejs-send nodejs-sig, orphan, patches 1 weeks ago
nodejs-stylus nodejs-sig, orphan, patches 1 weeks ago
nodejs-tilejson jamielinux, nodejs-sig, orphan 1 weeks ago
nodejs-tilelive jamielinux, nodejs-sig, orphan 1 weeks ago
ocaml-bin-prot orphan 1 weeks ago
ocaml-bisect orphan 1 weeks ago
ocaml-bitstring orphan 1 weeks ago
ocaml-deriving orphan 1 weeks ago
ocaml-json-static orphan 1 weeks ago
ocaml-mikmatch orphan 1 weeks ago
ocaml-openin orphan 1 weeks ago
ocaml-pa-monad orphan 1 weeks ago
ocaml-pgocaml orphan 1 weeks ago
ocaml-sexplib orphan 1 weeks ago
ocaml-type-conv orphan 1 weeks ago
ocamldsort orphan 1 weeks ago
ohc acaringi, hhorak, orphan 0 weeks ago
orange orphan 2 weeks ago
owncloud adamwill, ignatenkobrain, 3 weeks ago
jhogarth, kwizart, orphan,
siwinski
parboiled mizdebsk, orphan 2 weeks ago
paulstretch orphan 1 weeks ago
pdfbox java-sig, orphan 2 weeks ago
perdition orphan 1 weeks ago
perl-CGI-FormBuilder orphan 2 weeks ago
picketbox gil, lef, orphan 3 weeks ago
picketbox-commons gil, lef, orphan 3 weeks ago
picketbox-xacml gil, lef, orphan 3 weeks ago
plexus-cli mizdebsk, orphan 5 weeks ago
python-alchimia orphan 1 weeks ago
python-cattrs orphan 1 weeks ago
python-fluidity-sm orphan 1 weeks ago
python-gfm orphan 1 weeks ago
python-invoke orphan 1 weeks ago
python-k8sclient orphan 1 weeks ago
python-lexicon orphan 1 weeks ago
python-nose-ignore-docstring orphan 0 weeks ago
python-ripozo churchyard, orphan, python-sig 4 weeks ago
python-sanic orphan 1 weeks ago
python-zipstream orphan 1 weeks ago
redeclipse orphan 1 weeks ago
resiprocate orphan 1 weeks ago
rgbds orphan 1 weeks ago
rubygem-apipie-bindings orphan 2 weeks ago
rxjava orphan 3 weeks ago
rxvt orphan 2 weeks ago
sassc orphan 1 weeks ago
scamper orphan 1 weeks ago
scilab orphan 1 weeks ago
simple orphan 3 weeks ago
sonatype-plugins-parent mizdebsk, orphan 1 weeks ago
swt-chart orphan 1 weeks ago
synce-gnomevfs orphan 2 weeks ago
synce-software-manager orphan 2 weeks ago
synce-trayicon orphan 2 weeks ago
trac-authopenid-plugin orphan 2 weeks ago
trac-doxygen-plugin orphan 1 weeks ago
trac-xmlrpc-plugin orphan 1 weeks ago
treecc orphan 2 weeks ago
tycho eclipse-sig, kdaniel, 1 weeks ago
mizdebsk, orphan
tycho-extras eclipse-sig, kdaniel, 1 weeks ago
mizdebsk, orphan
unshield orphan 2 weeks ago
utop orphan 1 weeks ago
vim-vimoutliner orphan 3 weeks ago
wine-docs orphan 2 weeks ago
zookeeper ctubbsii, greghellings, 1 weeks ago
mluscon, orphan, skottler
The following packages require above mentioned packages:
See https://churchyard.fedorapeople.org/orphans-2019-11-25.txt
Grep it for your username and follow the dependency chain.
Affected (co)maintainers
aarem: dillo
abbot: maven-invoker-plugin
abompard: pdfbox, batik
acaringi: ohc, maven-invoker-plugin
adamwill: owncloud
ajax: lcms
akurtakov: java-oauth, eclipse-dltk, hamcrest, eclipse-checkstyle,
eclipse-remote, maven-invoker-plugin, tycho, eclipse-license, eclipse-cdt,
avalon-logkit, eclipse-launchbar, tycho-extras, eclipse-egit,
buildnumber-maven-plugin, eclipse-gef, eclipse-emf, batik
alexl: sassc, lcms
alvesadrian: sassc
ankursinha: munge
anvil: pdfbox, batik
arobinso: hamcrest, maven-invoker-plugin, tycho, eclipse-license, avalon-logkit,
tycho-extras, eclipse-egit, eclipse-emf, batik
astro-sig: pdfbox, batik
atim: pdfbox, sassc, batik
awood: maven-invoker-plugin
bagnara: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
bbockelm: munge
bcotton: munge
benc: pdfbox, batik
berrange: libgovirt
besser82: sassc
blackfile: maven-invoker-plugin
bonzini: pdfbox, sassc, batik
bowlofeggs: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
brendt: lcms
brolley: hamcrest
bubeck: hamcrest
caillon: sassc, lcms
caniszczyk: maven-invoker-plugin, tycho, hamcrest
caolanm: sassc, avalon-logkit, lcms
cheese: glob2
cheeselee: pdfbox, batik
choeger: avalon-logkit
churchyard: hamcrest, maven-invoker-plugin, forge-parent, nodejs-moment,
avalon-logkit, python-ripozo
cicku: munge, pdfbox, batik
cipherboy: maven-invoker-plugin, avalon-logkit
cjatherton: lcms
clalance: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
buildnumber-maven-plugin, nodejs-raw-body
clime: nodejs-dateformat, nodejs-grunt-legacy-util
corsepiu: munge
cquad: hamcrest, bval, maven-invoker-plugin, buildnumber-maven-plugin,
avalon-logkit, jboss-jsp-2.3-api, hibernate-jpa-2.0-api
crobinso: libgovirt
ctubbsii: zookeeper, netty3
cwickert: dillo, pdfbox, batik, libetpan
daveisfera: libpqxx
davidcl: pdfbox, avalon-logkit, batik
dbhole: hamcrest, maven-invoker-plugin, tycho, eclipse-license, avalon-logkit,
tycho-extras, eclipse-egit, eclipse-emf, batik
dchen: grizzly-npn, simple, cli-parser, mimepull, hamcrest, rxjava,
glassfish-pfl, maven-invoker-plugin, mustache-java, grizzly, jersey,
glassfish-management-api, glassfish-gmbal, jackson-dataformat-xml, avalon-logkit
decathorpe: maven-invoker-plugin, avalon-logkit, hamcrest
deji: munge, hamcrest
denisarnaud: munge
dgoodwin: maven-invoker-plugin
diehlpk: munge
dledford: munge
dmlb2000: munge
dmoluguw: maven-invoker-plugin, avalon-logkit, hamcrest
dodji: munge
domcleal: buildnumber-maven-plugin
dominik: jackson
dougsland: ioprocess
dturecek: nodejs-dateformat, nodejs-grunt-legacy-util
duffy: lcms
dvratil: pdfbox, sassc, batik
dwalluck: avalon-logkit
ebaron: hamcrest, tycho, eclipse-license, avalon-logkit, tycho-extras,
eclipse-egit, eclipse-emf, batik
eclipse-sig: batik, eclipse-checkstyle, eclipse-anyedit, eclipse-m2e-workspace,
eclipse-m2e-egit, eclipse-license, eclipse-cdt, eclipse-quickrex,
eclipse-m2e-mavenarchiver, eclipse-m2e-cxf, eclipse-epic, hamcrest,
eclipse-m2e-buildhelper, maven-war-plugin, tycho-extras, eclipse-m2e-wtp,
eclipse-emf, eclipse-m2e-sisu, eclipse-color-theme, eclipse-m2e-tycho,
eclipse-remote, maven-invoker-plugin, eclipse-usage, tycho, forge-parent,
eclipse-launchbar, eclipse-m2e-plexus, eclipse-egit, eclipse-pdt,
eclipse-subclipse, eclipse-webtools, eclipse-gef, eclipse-m2e-apt,
avalon-logkit, eclipse-m2e-antlr, eclipse-dltk, eclipse-m2e-core,
eclipse-testng, eclipse-m2e-modello, eclipse-m2e-mavendev
eclipseo: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
pdfbox, nodejs-raw-body, batik
edewata: maven-invoker-plugin, avalon-logkit
eerlands: munge
eischmann: pdfbox, batik
ellert: nodejs-load-grunt-tasks, hamcrest, maven-invoker-plugin,
nodejs-grunt-legacy-util, nodejs-dateformat, nodejs-raw-body,
maven-deploy-plugin, avalon-logkit
ellio167: munge
elmarco: libgovirt
elsupergomez: pdfbox, batik
eseyman: perl-CGI-FormBuilder
f1ash: pdfbox, batik
fab: sassc
fcami: avalon-logkit, hamcrest
fche: munge
fidencio: libgovirt
filiperosset: hamcrest
fmuellner: sassc
fnasser: maven-invoker-plugin, avalon-logkit
frostyx: nodejs-dateformat, nodejs-grunt-legacy-util
fsimonce: jackson
galileo: eclipse-m2e-core, eclipse-m2e-workspace, maven-invoker-plugin,
forge-parent, tycho, eclipse-license, tycho-extras, eclipse-webtools,
eclipse-gef, eclipse-emf
gbcox: pdfbox, batik
germano: pdfbox, batik
ggillies: buildnumber-maven-plugin
giallu: sassc, avalon-logkit, batik
gicmo: sassc
gil: java-oauth, picketbox-commons, jboss-transaction-1.1-api, hamcrest,
jboss-jaspi-1.1-api, picketbox, maven-invoker-plugin, picketbox-xacml,
jboss-connector-1.6-api, jdo-api
gnome-sig: sassc, lcms
go-sig: golang-github-10gen-openssl, delve
goldmann: maven-invoker-plugin
golfu: pdfbox, batik
greghellings: zookeeper, netty3
guidograzioli: maven-invoker-plugin
gwei3: grizzly-npn, simple, cli-parser, mimepull, hamcrest, rxjava,
glassfish-pfl, maven-invoker-plugin, mustache-java, grizzly, jersey,
glassfish-management-api, glassfish-gmbal
hanecak: lcms
hannes: munge
hedayat: pdfbox, batik
heliocastro: pdfbox, batik
hguemar: munge
hhorak: ohc, maven-invoker-plugin, pdfbox, avalon-logkit, batik
hobbes1069: munge
hubbitus: netty3, cli-parser, mustache-java
huwang: avalon-logkit, forge-parent
iarnell: perl-CGI-FormBuilder
icon: pdfbox, batik
ignatenkobrain: munge, maven-invoker-plugin, owncloud, hamcrest
itamarjp: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, munge,
nodejs-dateformat, pdfbox, nodejs-raw-body, batik
jackorp: buildnumber-maven-plugin
jadahl: sassc
jakub: munge
jamielinux: nodejs-finalhandler, nodejs-tilelive, maven-invoker-plugin,
nodejs-grunt-legacy-util, nodejs-tilejson, nodejs-negotiator,
perl-CGI-FormBuilder, nodejs-dateformat, graphite-web, nodejs-encodeurl,
nodejs-eyes, avalon-logkit
jaruga: buildnumber-maven-plugin
java-sig: pdfbox, avalon-logkit, mimepull
jcapik: hamcrest, maven-invoker-plugin, forge-parent, base64coder, avalon-logkit
jchaloup: golang-github-10gen-openssl, munge
jcline: python-lexicon, python-fluidity-sm, python-invoke, libpqxx
jcpunk: libx86
jerboaa: batik, hamcrest, eclipse-emf, maven-invoker-plugin, tycho,
eclipse-license, tycho-extras, eclipse-egit, avalon-logkit, netty3
jfearn: pdfbox, batik
jgrulich: pdfbox, batik
jgu: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, munge,
nodejs-dateformat, nodejs-raw-body
jhladky: munge
jhogarth: owncloud
jjames: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
jjanco: maven-invoker-plugin, avalon-logkit
jjelen: hamcrest, bval, maven-invoker-plugin, buildnumber-maven-plugin,
avalon-logkit, jboss-jsp-2.3-api, hibernate-jpa-2.0-api
jjohnstn: eclipse-license, eclipse-cdt, glassfish-gmbal, mimepull, hamcrest,
glassfish-pfl, jersey, glassfish-management-api, tycho-extras, eclipse-emf,
simple, eclipse-remote, maven-invoker-plugin, tycho, mustache-java, grizzly,
eclipse-launchbar, eclipse-egit, avalon-logkit, grizzly-npn, cli-parser, rxjava,
batik
jkang: maven-invoker-plugin
jkastner: munge
jmlich: maven-invoker-plugin
jmontleon: isight-firmware-tools
jngrad: munge
johnp: sassc, lcms
jonny: hamcrest
jplesnik: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util,
perl-CGI-FormBuilder, nodejs-dateformat, nodejs-raw-body
jreznik: pdfbox, batik
jskarvad: munge
jsmith: nodejs-finalhandler, nodejs-moment, nodejs-buffertools,
nodejs-grunt-legacy-util, nodejs-dateformat, nodejs-encodeurl, nodejs-eyes
jspaleta: munge
jstribny: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
buildnumber-maven-plugin, nodejs-raw-body
jujens: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
junghans: munge
jussilehtola: munge
jvanek: cli-parser, hamcrest, maven-invoker-plugin, mustache-java, pdfbox,
buildnumber-maven-plugin, netty3, avalon-logkit, batik
jwakely: munge
jwrdegoede: buildnumber-maven-plugin
kalev: sassc
karsten: pdfbox, batik
kdaniel: java-oauth, eclipse-dltk, eclipse-remote, hamcrest,
maven-invoker-plugin, tycho, maven-war-plugin, eclipse-license, eclipse-cdt,
avalon-logkit, tycho-extras, eclipse-launchbar, eclipse-egit, eclipse-subclipse,
eclipse-gef, eclipse-emf, buildnumber-maven-plugin
kde-sig: batik, sassc, pdfbox, libktorrent
ke4qqq: avalon-logkit
kkeithle: glusterd2
kkofler: pdfbox, batik
konradm: munge
korkeala: maven-invoker-plugin
krege: munge, pdfbox, batik
kwizart: pdfbox, owncloud, batik, libpqxx
kwright: avalon-logkit
lbalhar: pdfbox, batik
lbazan: archmage, netty3, cli-parser, mustache-java
lberk: hamcrest
lcons: maven-checkstyle-plugin
lef: picketbox-commons, jboss-transaction-1.1-api, jandex-maven-plugin,
jboss-jaspi-1.1-api, jandex, maven-checkstyle-plugin, eclipse-license,
jackson-dataformat-xml, jdo-api, mimepull, hamcrest, picketbox, bval,
picketbox-xacml, tycho-extras, eclipse-emf, jboss-jsp-2.3-api,
hibernate-jpa-2.0-api, classmate, maven-invoker-plugin, tycho, mustache-java,
eclipse-egit, netty3, avalon-logkit, java-oauth, cli-parser,
jboss-connector-1.6-api, buildnumber-maven-plugin, batik
liangsuilong: pdfbox, batik
limb: pdfbox, batik
liquidat: batik, pdfbox, libktorrent
lkundrak: munge, pdfbox, batik, buildnumber-maven-plugin
loveshack: munge
lupinix: pdfbox, batik
lxqt-sig: nm-tray
maha: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
marcdeop: pdfbox, batik
marcindulak: munge
marionline: pdfbox, batik
mathstuf: perl-CGI-FormBuilder
matt: munge
mattia: pdfbox, batik
matyas: munge
maxamillion: pdfbox, batik
mbaldessari: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
mbarnes: sassc, lcms
mbartos: libee
mbooth: hamcrest, maven-invoker-plugin, tycho, maven-war-plugin,
eclipse-license, sassc, avalon-logkit, tycho-extras, eclipse-egit, eclipse-emf,
batik
mbriza: pdfbox, batik
mck182: pdfbox, batik
mclasen: sassc
mcrha: libopensync-plugin-evolution2, sassc
mef: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
melmorabity: pdfbox, sassc, batik
mgoodwin: hamcrest
mharmsen: avalon-logkit
mich181189: pdfbox, batik
michelmno: sassc
michich: munge
minh: pdfbox, batik
mitr: audit-viewer
mizdebsk: batik, eclipse-m2e-workspace, nodejs-grunt-legacy-util,
eclipse-m2e-egit, eclipse-m2e-maven-dependency-plugin, maven-checkstyle-plugin,
eclipse-license, nodejs-raw-body, eclipse-m2e-takari, eclipse-m2e-mavenarchiver,
eclipse-m2e-cxf, parboiled, nodejs-load-grunt-tasks, hamcrest,
eclipse-m2e-buildhelper, maven-war-plugin, nodejs-dateformat, tycho-extras,
eclipse-emf, eclipse-m2e-sisu, eclipse-m2e-tycho, sonatype-plugins-parent,
maven-invoker-plugin, forge-parent, tycho, mustache-java, plexus-cli, pdfbox,
eclipse-m2e-plexus, base64coder, eclipse-egit, eclipse-webtools, eclipse-gef,
avalon-logkit, eclipse-m2e-antlr, eclipse-m2e-core, cli-parser, jackson,
apache-logging-parent, buildnumber-maven-plugin, eclipse-m2e-modello,
eclipse-m2e-mavendev
mjakubicek: munge, avalon-logkit
mjia: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
mjw: munge
mkyral: pdfbox, batik
mluscon: zookeeper, netty3
mmorsi: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, maven-invoker-plugin,
nodejs-dateformat, buildnumber-maven-plugin, nodejs-raw-body
mmraka: jboss-jsp-2.3-api
moceap: jdo-api, pdfbox, batik
mpaladin: maven-checkstyle-plugin
mrceresa: munge
mschorm: maven-invoker-plugin, avalon-logkit
mschwendt: dillo, libetpan
msimacek: nodejs-load-grunt-tasks, hamcrest, nodejs-grunt-legacy-util,
maven-invoker-plugin, nodejs-dateformat, nodejs-raw-body, avalon-logkit
mskalick: golang-github-10gen-openssl
msrb: maven-invoker-plugin, buildnumber-maven-plugin
msuchy: nodejs-dateformat, nodejs-grunt-legacy-util
mtasaka: libetpan
musuruan: pdfbox, batik
mycae: munge
nathans: hamcrest
nb: pdfbox, batik
nbecker: pdfbox, batik
neugens: hamcrest
neuro-sig: munge
ngompa: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
pdfbox, nodejs-raw-body, batik
nguzman: tycho, eclipse-egit, eclipse-license
nodejs-sig: nodejs-load-grunt-tasks, nodejs-method-override,
nodejs-finalhandler, nodejs-moment, nodejs-buffertools, nodejs-compressible,
nodejs-tilelive, nodejs-grunt-legacy-util, nodejs-negotiator, nodejs-tilejson,
nodejs-dateformat, nodejs-raw-body, nodejs-encodeurl, nodejs-eyes,
nodejs-stylus, nodejs-send
nonamedotc: pdfbox, sassc, batik
nsoffer: ioprocess
nucleo: batik, pdfbox, libktorrent
oanson: python-lexicon, python-fluidity-sm, python-invoke
odubaj: classmate, maven-invoker-plugin, avalon-logkit, jandex
oliver: hamcrest, tycho, eclipse-license, avalon-logkit, tycho-extras,
eclipse-egit, eclipse-emf, batik
omajid: hamcrest
orion: eclipse-remote, hamcrest, maven-invoker-plugin, tycho, eclipse-license,
munge, eclipse-cdt, eclipse-launchbar, pdfbox, tycho-extras, batik
otaylor: sassc
patches: batik, nodejs-load-grunt-tasks, nodejs-method-override,
nodejs-finalhandler, nodejs-compressible, nodejs-grunt-legacy-util,
nodejs-negotiator, nodejs-encodeurl, nodejs-dateformat, avalon-logkit,
nodejs-raw-body, nodejs-moment, nodejs-eyes, nodejs-stylus, nodejs-send
pcpa: munge, maven-invoker-plugin
peter: pdfbox, maven-invoker-plugin, batik
petersen: perl-CGI-FormBuilder
pingou: maven-invoker-plugin
piotrp: nodejs-dateformat, nodejs-grunt-legacy-util, nodejs-eyes, graphite-web
pkajaba: maven-invoker-plugin
pkfed: munge
pkopkan: python-lexicon, python-fluidity-sm, python-invoke
plfiorini: pdfbox, batik
pmackinn: jdo-api, maven-invoker-plugin, base64coder
pnemade: sassc
ppisar: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, perl-CGI-FormBuilder,
nodejs-dateformat, nodejs-raw-body
praiskup: nodejs-grunt-legacy-util, nodejs-dateformat, maven-invoker-plugin
pvalena: buildnumber-maven-plugin
pwalter: sassc, lcms
pwu: pdfbox, sassc, batik
python-sig: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, munge,
nodejs-dateformat, nodejs-raw-body, nodejs-moment, python-ripozo
qulogic: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util,
perl-CGI-FormBuilder, nodejs-dateformat, nodejs-raw-body
rakesh: munge
raphgro: nodejs-load-grunt-tasks, hamcrest, nodejs-grunt-legacy-util,
nodejs-dateformat, pdfbox, nodejs-raw-body, batik
rathann: munge
rdieter: batik, pdfbox, libktorrent, libpqxx
rgrunber: eclipse-license, eclipse-cdt, glassfish-gmbal, mimepull, hamcrest,
glassfish-pfl, jersey, glassfish-management-api, tycho-extras, eclipse-emf,
simple, eclipse-remote, maven-invoker-plugin, tycho, mustache-java, grizzly,
eclipse-launchbar, eclipse-egit, eclipse-gef, avalon-logkit, grizzly-npn,
eclipse-dltk, cli-parser, rxjava, batik
rhughes: batik, sassc, pdfbox, lcms
rishi: sassc
rkennke: hamcrest
rlandmann: pdfbox, avalon-logkit, batik
rmattes: libpqxx
rnovacek: pdfbox, batik
robert: perl-CGI-FormBuilder
robotics-sig: libpqxx
rstrode: sassc, lcms
ruby-packagers-sig: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util,
nodejs-dateformat, buildnumber-maven-plugin, nodejs-raw-body
ryanlerch: sassc
s4504kr: pdfbox, batik
sagitter: nodejs-load-grunt-tasks, hamcrest, nodejs-grunt-legacy-util, munge,
nodejs-dateformat, nodejs-raw-body
sailer: libpqxx
salimma: pdfbox, sassc, batik
sbergmann: avalon-logkit
sbonazzo: buildnumber-maven-plugin
sdgathman: maven-invoker-plugin, avalon-logkit, hamcrest
sergiomb: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
pdfbox, nodejs-raw-body, batik
siddharths: pdfbox, batik
simo: libetpan
siwinski: owncloud
skottler: netty3, zookeeper, pdfbox, batik
slankes: pdfbox, batik, ferm
smani: munge, pdfbox, batik
smizrahi: ioprocess
sopotc: eclipse-remote, tycho, eclipse-license, eclipse-launchbar, eclipse-cdt,
tycho-extras
spike: maven-invoker-plugin, avalon-logkit, hamcrest
spot: munge
spstarr: munge
ssp: sassc, lcms
stefanb: pdfbox, batik
stevetraylen: maven-checkstyle-plugin, munge, buildnumber-maven-plugin
stewardship-sig: maven-invoker-plugin, avalon-logkit, hamcrest, forge-parent
svahl: pdfbox, batik
swagiaal: tycho, eclipse-anyedit
tc01: maven-invoker-plugin, nodejs-grunt-legacy-util, nodejs-dateformat, pdfbox,
nodejs-raw-body, nodejs-eyes, avalon-logkit, batik
tdawson: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
buildnumber-maven-plugin, nodejs-raw-body
tejas: pdfbox, batik
terjeros: pdfbox, sassc, batik
terrycloth: sassc
teuf: libgovirt
than: pdfbox, batik
thm: perl-CGI-FormBuilder
thozza: sassc, avalon-logkit, batik
tibbs: pdfbox, batik
timn: libpqxx
tnorth: pdfbox, batik
tomh: nodejs-finalhandler, nodejs-grunt-legacy-util, nodejs-dateformat,
nodejs-encodeurl, nodejs-eyes, nodejs-send
tomspur: munge
trepik: maven-invoker-plugin
tstclair: munge
ttheisen: munge
ttorling: libpqxx
tuxbrewr: batik, pdfbox, libktorrent
vakwetu: avalon-logkit
valtri: munge, buildnumber-maven-plugin
vascom: pdfbox, batik
victortoso: libgovirt
virtmaint-sig: libgovirt
vjancik: pdfbox, batik
vondruch: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util,
maven-invoker-plugin, nodejs-dateformat, buildnumber-maven-plugin, nodejs-raw-body
wakko666: buildnumber-maven-plugin
walters: sassc
wolnei: pdfbox, batik
xavierb: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
zbyszek: cli-parser, nodejs-load-grunt-tasks, maven-invoker-plugin,
nodejs-grunt-legacy-util, mustache-java, munge, nodejs-dateformat,
nodejs-raw-body, netty3
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/master/f/scripts/find_unblocked_orphans.py
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will be retired when the affected package gets retired.
Request package ownership via releng issues:
https://pagure.io/releng/issues
Full report available at:
https://churchyard.fedorapeople.org/orphans-2019-11-25.txt
grep it for your FAS username and follow the dependency chain.
Package (co)maintainers Status Change
================================================================================
ExchangeIR orphan 1 weeks ago
FUR orphan 2 weeks ago
airsnort orphan 2 weeks ago
apache-logging-parent mizdebsk, orphan 1 weeks ago
apache-mime4j orphan 4 weeks ago
apt-cacher-ng orphan 1 weeks ago
archaius orphan 1 weeks ago
archmage lbazan, orphan 0 weeks ago
audit-viewer mitr, orphan 0 weeks ago
avalon-logkit jerboaa, mizdebsk, orphan 0 weeks ago
base64coder jcapik, mizdebsk, orphan 2 weeks ago
batik jvanek, mizdebsk, orphan 2 weeks ago
buildnumber-maven-plugin orphan 0 weeks ago
bval orphan 1 weeks ago
camotics orphan 1 weeks ago
cduce orphan 1 weeks ago
clapham orphan 1 weeks ago
classmate lef, orphan 3 weeks ago
cli-parser lef, orphan 3 weeks ago
csstidy orphan 1 weeks ago
delve go-sig, orphan 1 weeks ago
dillo aarem, orphan 2 weeks ago
eclipse-anyedit eclipse-sig, orphan, swagiaal 1 weeks ago
eclipse-avr orphan 1 weeks ago
eclipse-cdt akurtakov, eclipse-sig, 4 weeks ago
jjohnstn, kdaniel, orphan,
rgrunber
eclipse-checkstyle akurtakov, eclipse-sig, orphan 1 weeks ago
eclipse-color-theme eclipse-sig, orphan 1 weeks ago
eclipse-dltk akurtakov, eclipse-sig, 1 weeks ago
kdaniel, orphan, rgrunber
eclipse-egit akurtakov, arobinso, eclipse- 1 weeks ago
sig, jerboaa, jjohnstn,
kdaniel, nguzman, orphan,
rgrunber
eclipse-emf akurtakov, eclipse-sig, 1 weeks ago
jjohnstn, kdaniel, orphan,
rgrunber
eclipse-epic eclipse-sig, orphan 1 weeks ago
eclipse-gef akurtakov, eclipse-sig, 1 weeks ago
kdaniel, orphan, rgrunber
eclipse-launchbar eclipse-sig, orphan, sopotc 3 weeks ago
eclipse-license eclipse-sig, orphan 1 weeks ago
eclipse-m2e-antlr eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-apt eclipse-sig, orphan 1 weeks ago
eclipse-m2e-buildhelper eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-core eclipse-sig, galileo, 1 weeks ago
mizdebsk, orphan
eclipse-m2e-cxf eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-egit eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-maven-dependency- mizdebsk, orphan 1 weeks ago
plugin
eclipse-m2e-mavenarchiver eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-mavendev eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-modello eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-plexus eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-sisu eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-takari mizdebsk, orphan 1 weeks ago
eclipse-m2e-tycho eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-workspace eclipse-sig, mizdebsk, orphan 1 weeks ago
eclipse-m2e-wtp eclipse-sig, orphan 1 weeks ago
eclipse-nls orphan 1 weeks ago
eclipse-pdt eclipse-sig, orphan 1 weeks ago
eclipse-quickrex eclipse-sig, orphan 1 weeks ago
eclipse-remote eclipse-sig, orphan 1 weeks ago
eclipse-sgx orphan 1 weeks ago
eclipse-subclipse eclipse-sig, kdaniel, orphan 1 weeks ago
eclipse-testng eclipse-sig, orphan 1 weeks ago
eclipse-usage eclipse-sig, orphan 1 weeks ago
eclipse-webtools eclipse-sig, galileo, orphan 1 weeks ago
extra166y orphan 5 weeks ago
fabric orphan 1 weeks ago
fbdesk orphan 2 weeks ago
felix-osgi-foundation orphan 5 weeks ago
ferm orphan, slankes 1 weeks ago
forge-parent huwang, mizdebsk, orphan 0 weeks ago
giis orphan 1 weeks ago
gipfel orphan 1 weeks ago
glassfish-gmbal orphan 3 weeks ago
glassfish-management-api orphan 3 weeks ago
glassfish-pfl orphan 3 weeks ago
glob2 cheese, orphan 1 weeks ago
glusterd2 kkeithle, orphan 1 weeks ago
gns3-gui orphan 1 weeks ago
gns3-net-converter orphan 1 weeks ago
gns3-server orphan 1 weeks ago
golang-github-10gen-openssl go-sig, jchaloup, mskalick, 1 weeks ago
orphan
graphite-web jamielinux, orphan, piotrp 1 weeks ago
grizzly orphan 3 weeks ago
grizzly-npn orphan 3 weeks ago
guestfs-browser orphan 1 weeks ago
hamcrest akurtakov, jerboaa, mizdebsk, 0 weeks ago
orphan
hibernate-jpa-2.0-api orphan 1 weeks ago
ht orphan 2 weeks ago
hystrix orphan 0 weeks ago
ioprocess dougsland, nsoffer, orphan, 1 weeks ago
smizrahi
isight-firmware-tools jmontleon, orphan 4 weeks ago
jackson mizdebsk, orphan 1 weeks ago
jackson-dataformat-xml dchen, lef, orphan 3 weeks ago
jandex orphan 1 weeks ago
jandex-maven-plugin lef, orphan 3 weeks ago
java-oauth lef, orphan 3 weeks ago
jboss-connector-1.6-api gil, lef, orphan 3 weeks ago
jboss-jaspi-1.1-api lef, orphan 3 weeks ago
jboss-jsp-2.3-api orphan 2 weeks ago
jboss-transaction-1.1-api orphan 1 weeks ago
jcsp orphan 5 weeks ago
jdo-api gil, lef, moceap, orphan 1 weeks ago
jersey dchen, gwei3, orphan 3 weeks ago
jogl2 orphan 1 weeks ago
jove orphan 1 weeks ago
lcms ajax, alexl, caillon, caolanm, 2 weeks ago
gnome-sig, johnp, mbarnes,
orphan, rhughes, rstrode, ssp
libee mbartos, orphan 0 weeks ago
libetpan orphan, simo 2 weeks ago
libgovirt orphan 1 weeks ago
libktorrent kde-sig, liquidat, nucleo, 4 weeks ago
orphan, rdieter, tuxbrewr
libmimedir orphan 2 weeks ago
libnxml orphan 2 weeks ago
libopensync-plugin-evolution2 mcrha, orphan 2 weeks ago
libopensync-plugin-file orphan 2 weeks ago
libopensync-plugin-gpe orphan 2 weeks ago
libopensync-plugin-moto orphan 2 weeks ago
libopensync-plugin-opie orphan 2 weeks ago
libopensync-plugin-synce orphan 2 weeks ago
libpolyxmass orphan 2 weeks ago
libpqxx daveisfera, orphan, rdieter 2 weeks ago
libsynce orphan 2 weeks ago
libx86 jcpunk, orphan 1 weeks ago
lv2-abGate orphan 1 weeks ago
lv2-kn0ck0ut orphan 1 weeks ago
maven-checkstyle-plugin lef, mizdebsk, orphan 1 weeks ago
maven-deploy-plugin orphan 0 weeks ago
maven-eclipse-plugin orphan 1 weeks ago
maven-invoker-plugin mizdebsk, orphan 0 weeks ago
maven-war-plugin mizdebsk, orphan 0 weeks ago
memoryfilesystem orphan 0 weeks ago
mimepull java-sig, lef, orphan 3 weeks ago
msynctool orphan 2 weeks ago
multibit-commons orphan 1 weeks ago
multibit-hardware orphan 1 weeks ago
multiverse orphan 5 weeks ago
munge orphan 1 weeks ago
mustache-java dchen, lef, mizdebsk, orphan 3 weeks ago
netty3 jerboaa, lef, orphan 3 weeks ago
nm-tray lxqt-sig, orphan 1 weeks ago
nodejs-buffertools nodejs-sig, orphan 1 weeks ago
nodejs-compressible nodejs-sig, orphan, patches 1 weeks ago
nodejs-dateformat nodejs-sig, orphan, patches 1 weeks ago
nodejs-encodeurl nodejs-sig, orphan 1 weeks ago
nodejs-eyes nodejs-sig, orphan, patches 1 weeks ago
nodejs-finalhandler nodejs-sig, orphan 1 weeks ago
nodejs-grunt-legacy-util nodejs-sig, orphan, patches, 1 weeks ago
piotrp
nodejs-load-grunt-tasks nodejs-sig, orphan, patches 1 weeks ago
nodejs-method-override nodejs-sig, orphan, patches 1 weeks ago
nodejs-moment nodejs-sig, orphan, patches 1 weeks ago
nodejs-negotiator nodejs-sig, orphan, patches 1 weeks ago
nodejs-raw-body nodejs-sig, orphan, patches 1 weeks ago
nodejs-send nodejs-sig, orphan, patches 1 weeks ago
nodejs-stylus nodejs-sig, orphan, patches 1 weeks ago
nodejs-tilejson jamielinux, nodejs-sig, orphan 1 weeks ago
nodejs-tilelive jamielinux, nodejs-sig, orphan 1 weeks ago
ocaml-bin-prot orphan 1 weeks ago
ocaml-bisect orphan 1 weeks ago
ocaml-bitstring orphan 1 weeks ago
ocaml-deriving orphan 1 weeks ago
ocaml-json-static orphan 1 weeks ago
ocaml-mikmatch orphan 1 weeks ago
ocaml-openin orphan 1 weeks ago
ocaml-pa-monad orphan 1 weeks ago
ocaml-pgocaml orphan 1 weeks ago
ocaml-sexplib orphan 1 weeks ago
ocaml-type-conv orphan 1 weeks ago
ocamldsort orphan 1 weeks ago
ohc acaringi, hhorak, orphan 0 weeks ago
orange orphan 2 weeks ago
owncloud adamwill, ignatenkobrain, 3 weeks ago
jhogarth, kwizart, orphan,
siwinski
parboiled mizdebsk, orphan 2 weeks ago
paulstretch orphan 1 weeks ago
pdfbox java-sig, orphan 2 weeks ago
perdition orphan 1 weeks ago
perl-CGI-FormBuilder orphan 2 weeks ago
picketbox gil, lef, orphan 3 weeks ago
picketbox-commons gil, lef, orphan 3 weeks ago
picketbox-xacml gil, lef, orphan 3 weeks ago
plexus-cli mizdebsk, orphan 5 weeks ago
python-alchimia orphan 1 weeks ago
python-cattrs orphan 1 weeks ago
python-fluidity-sm orphan 1 weeks ago
python-gfm orphan 1 weeks ago
python-invoke orphan 1 weeks ago
python-k8sclient orphan 1 weeks ago
python-lexicon orphan 1 weeks ago
python-nose-ignore-docstring orphan 0 weeks ago
python-ripozo churchyard, orphan, python-sig 4 weeks ago
python-sanic orphan 1 weeks ago
python-zipstream orphan 1 weeks ago
redeclipse orphan 1 weeks ago
resiprocate orphan 1 weeks ago
rgbds orphan 1 weeks ago
rubygem-apipie-bindings orphan 2 weeks ago
rxjava orphan 3 weeks ago
rxvt orphan 2 weeks ago
sassc orphan 1 weeks ago
scamper orphan 1 weeks ago
scilab orphan 1 weeks ago
simple orphan 3 weeks ago
sonatype-plugins-parent mizdebsk, orphan 1 weeks ago
swt-chart orphan 1 weeks ago
synce-gnomevfs orphan 2 weeks ago
synce-software-manager orphan 2 weeks ago
synce-trayicon orphan 2 weeks ago
trac-authopenid-plugin orphan 2 weeks ago
trac-doxygen-plugin orphan 1 weeks ago
trac-xmlrpc-plugin orphan 1 weeks ago
treecc orphan 2 weeks ago
tycho eclipse-sig, kdaniel, 1 weeks ago
mizdebsk, orphan
tycho-extras eclipse-sig, kdaniel, 1 weeks ago
mizdebsk, orphan
unshield orphan 2 weeks ago
utop orphan 1 weeks ago
vim-vimoutliner orphan 3 weeks ago
wine-docs orphan 2 weeks ago
zookeeper ctubbsii, greghellings, 1 weeks ago
mluscon, orphan, skottler
The following packages require above mentioned packages:
See https://churchyard.fedorapeople.org/orphans-2019-11-25.txt
Grep it for your username and follow the dependency chain.
Affected (co)maintainers
aarem: dillo
abbot: maven-invoker-plugin
abompard: pdfbox, batik
acaringi: ohc, maven-invoker-plugin
adamwill: owncloud
ajax: lcms
akurtakov: java-oauth, eclipse-dltk, hamcrest, eclipse-checkstyle,
eclipse-remote, maven-invoker-plugin, tycho, eclipse-license, eclipse-cdt,
avalon-logkit, eclipse-launchbar, tycho-extras, eclipse-egit,
buildnumber-maven-plugin, eclipse-gef, eclipse-emf, batik
alexl: sassc, lcms
alvesadrian: sassc
ankursinha: munge
anvil: pdfbox, batik
arobinso: hamcrest, maven-invoker-plugin, tycho, eclipse-license, avalon-logkit,
tycho-extras, eclipse-egit, eclipse-emf, batik
astro-sig: pdfbox, batik
atim: pdfbox, sassc, batik
awood: maven-invoker-plugin
bagnara: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
bbockelm: munge
bcotton: munge
benc: pdfbox, batik
berrange: libgovirt
besser82: sassc
blackfile: maven-invoker-plugin
bonzini: pdfbox, sassc, batik
bowlofeggs: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
brendt: lcms
brolley: hamcrest
bubeck: hamcrest
caillon: sassc, lcms
caniszczyk: maven-invoker-plugin, tycho, hamcrest
caolanm: sassc, avalon-logkit, lcms
cheese: glob2
cheeselee: pdfbox, batik
choeger: avalon-logkit
churchyard: hamcrest, maven-invoker-plugin, forge-parent, nodejs-moment,
avalon-logkit, python-ripozo
cicku: munge, pdfbox, batik
cipherboy: maven-invoker-plugin, avalon-logkit
cjatherton: lcms
clalance: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
buildnumber-maven-plugin, nodejs-raw-body
clime: nodejs-dateformat, nodejs-grunt-legacy-util
corsepiu: munge
cquad: hamcrest, bval, maven-invoker-plugin, buildnumber-maven-plugin,
avalon-logkit, jboss-jsp-2.3-api, hibernate-jpa-2.0-api
crobinso: libgovirt
ctubbsii: zookeeper, netty3
cwickert: dillo, pdfbox, batik, libetpan
daveisfera: libpqxx
davidcl: pdfbox, avalon-logkit, batik
dbhole: hamcrest, maven-invoker-plugin, tycho, eclipse-license, avalon-logkit,
tycho-extras, eclipse-egit, eclipse-emf, batik
dchen: grizzly-npn, simple, cli-parser, mimepull, hamcrest, rxjava,
glassfish-pfl, maven-invoker-plugin, mustache-java, grizzly, jersey,
glassfish-management-api, glassfish-gmbal, jackson-dataformat-xml, avalon-logkit
decathorpe: maven-invoker-plugin, avalon-logkit, hamcrest
deji: munge, hamcrest
denisarnaud: munge
dgoodwin: maven-invoker-plugin
diehlpk: munge
dledford: munge
dmlb2000: munge
dmoluguw: maven-invoker-plugin, avalon-logkit, hamcrest
dodji: munge
domcleal: buildnumber-maven-plugin
dominik: jackson
dougsland: ioprocess
dturecek: nodejs-dateformat, nodejs-grunt-legacy-util
duffy: lcms
dvratil: pdfbox, sassc, batik
dwalluck: avalon-logkit
ebaron: hamcrest, tycho, eclipse-license, avalon-logkit, tycho-extras,
eclipse-egit, eclipse-emf, batik
eclipse-sig: batik, eclipse-checkstyle, eclipse-anyedit, eclipse-m2e-workspace,
eclipse-m2e-egit, eclipse-license, eclipse-cdt, eclipse-quickrex,
eclipse-m2e-mavenarchiver, eclipse-m2e-cxf, eclipse-epic, hamcrest,
eclipse-m2e-buildhelper, maven-war-plugin, tycho-extras, eclipse-m2e-wtp,
eclipse-emf, eclipse-m2e-sisu, eclipse-color-theme, eclipse-m2e-tycho,
eclipse-remote, maven-invoker-plugin, eclipse-usage, tycho, forge-parent,
eclipse-launchbar, eclipse-m2e-plexus, eclipse-egit, eclipse-pdt,
eclipse-subclipse, eclipse-webtools, eclipse-gef, eclipse-m2e-apt,
avalon-logkit, eclipse-m2e-antlr, eclipse-dltk, eclipse-m2e-core,
eclipse-testng, eclipse-m2e-modello, eclipse-m2e-mavendev
eclipseo: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
pdfbox, nodejs-raw-body, batik
edewata: maven-invoker-plugin, avalon-logkit
eerlands: munge
eischmann: pdfbox, batik
ellert: nodejs-load-grunt-tasks, hamcrest, maven-invoker-plugin,
nodejs-grunt-legacy-util, nodejs-dateformat, nodejs-raw-body,
maven-deploy-plugin, avalon-logkit
ellio167: munge
elmarco: libgovirt
elsupergomez: pdfbox, batik
eseyman: perl-CGI-FormBuilder
f1ash: pdfbox, batik
fab: sassc
fcami: avalon-logkit, hamcrest
fche: munge
fidencio: libgovirt
filiperosset: hamcrest
fmuellner: sassc
fnasser: maven-invoker-plugin, avalon-logkit
frostyx: nodejs-dateformat, nodejs-grunt-legacy-util
fsimonce: jackson
galileo: eclipse-m2e-core, eclipse-m2e-workspace, maven-invoker-plugin,
forge-parent, tycho, eclipse-license, tycho-extras, eclipse-webtools,
eclipse-gef, eclipse-emf
gbcox: pdfbox, batik
germano: pdfbox, batik
ggillies: buildnumber-maven-plugin
giallu: sassc, avalon-logkit, batik
gicmo: sassc
gil: java-oauth, picketbox-commons, jboss-transaction-1.1-api, hamcrest,
jboss-jaspi-1.1-api, picketbox, maven-invoker-plugin, picketbox-xacml,
jboss-connector-1.6-api, jdo-api
gnome-sig: sassc, lcms
go-sig: golang-github-10gen-openssl, delve
goldmann: maven-invoker-plugin
golfu: pdfbox, batik
greghellings: zookeeper, netty3
guidograzioli: maven-invoker-plugin
gwei3: grizzly-npn, simple, cli-parser, mimepull, hamcrest, rxjava,
glassfish-pfl, maven-invoker-plugin, mustache-java, grizzly, jersey,
glassfish-management-api, glassfish-gmbal
hanecak: lcms
hannes: munge
hedayat: pdfbox, batik
heliocastro: pdfbox, batik
hguemar: munge
hhorak: ohc, maven-invoker-plugin, pdfbox, avalon-logkit, batik
hobbes1069: munge
hubbitus: netty3, cli-parser, mustache-java
huwang: avalon-logkit, forge-parent
iarnell: perl-CGI-FormBuilder
icon: pdfbox, batik
ignatenkobrain: munge, maven-invoker-plugin, owncloud, hamcrest
itamarjp: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, munge,
nodejs-dateformat, pdfbox, nodejs-raw-body, batik
jackorp: buildnumber-maven-plugin
jadahl: sassc
jakub: munge
jamielinux: nodejs-finalhandler, nodejs-tilelive, maven-invoker-plugin,
nodejs-grunt-legacy-util, nodejs-tilejson, nodejs-negotiator,
perl-CGI-FormBuilder, nodejs-dateformat, graphite-web, nodejs-encodeurl,
nodejs-eyes, avalon-logkit
jaruga: buildnumber-maven-plugin
java-sig: pdfbox, avalon-logkit, mimepull
jcapik: hamcrest, maven-invoker-plugin, forge-parent, base64coder, avalon-logkit
jchaloup: golang-github-10gen-openssl, munge
jcline: python-lexicon, python-fluidity-sm, python-invoke, libpqxx
jcpunk: libx86
jerboaa: batik, hamcrest, eclipse-emf, maven-invoker-plugin, tycho,
eclipse-license, tycho-extras, eclipse-egit, avalon-logkit, netty3
jfearn: pdfbox, batik
jgrulich: pdfbox, batik
jgu: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, munge,
nodejs-dateformat, nodejs-raw-body
jhladky: munge
jhogarth: owncloud
jjames: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
jjanco: maven-invoker-plugin, avalon-logkit
jjelen: hamcrest, bval, maven-invoker-plugin, buildnumber-maven-plugin,
avalon-logkit, jboss-jsp-2.3-api, hibernate-jpa-2.0-api
jjohnstn: eclipse-license, eclipse-cdt, glassfish-gmbal, mimepull, hamcrest,
glassfish-pfl, jersey, glassfish-management-api, tycho-extras, eclipse-emf,
simple, eclipse-remote, maven-invoker-plugin, tycho, mustache-java, grizzly,
eclipse-launchbar, eclipse-egit, avalon-logkit, grizzly-npn, cli-parser, rxjava,
batik
jkang: maven-invoker-plugin
jkastner: munge
jmlich: maven-invoker-plugin
jmontleon: isight-firmware-tools
jngrad: munge
johnp: sassc, lcms
jonny: hamcrest
jplesnik: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util,
perl-CGI-FormBuilder, nodejs-dateformat, nodejs-raw-body
jreznik: pdfbox, batik
jskarvad: munge
jsmith: nodejs-finalhandler, nodejs-moment, nodejs-buffertools,
nodejs-grunt-legacy-util, nodejs-dateformat, nodejs-encodeurl, nodejs-eyes
jspaleta: munge
jstribny: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
buildnumber-maven-plugin, nodejs-raw-body
jujens: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
junghans: munge
jussilehtola: munge
jvanek: cli-parser, hamcrest, maven-invoker-plugin, mustache-java, pdfbox,
buildnumber-maven-plugin, netty3, avalon-logkit, batik
jwakely: munge
jwrdegoede: buildnumber-maven-plugin
kalev: sassc
karsten: pdfbox, batik
kdaniel: java-oauth, eclipse-dltk, eclipse-remote, hamcrest,
maven-invoker-plugin, tycho, maven-war-plugin, eclipse-license, eclipse-cdt,
avalon-logkit, tycho-extras, eclipse-launchbar, eclipse-egit, eclipse-subclipse,
eclipse-gef, eclipse-emf, buildnumber-maven-plugin
kde-sig: batik, sassc, pdfbox, libktorrent
ke4qqq: avalon-logkit
kkeithle: glusterd2
kkofler: pdfbox, batik
konradm: munge
korkeala: maven-invoker-plugin
krege: munge, pdfbox, batik
kwizart: pdfbox, owncloud, batik, libpqxx
kwright: avalon-logkit
lbalhar: pdfbox, batik
lbazan: archmage, netty3, cli-parser, mustache-java
lberk: hamcrest
lcons: maven-checkstyle-plugin
lef: picketbox-commons, jboss-transaction-1.1-api, jandex-maven-plugin,
jboss-jaspi-1.1-api, jandex, maven-checkstyle-plugin, eclipse-license,
jackson-dataformat-xml, jdo-api, mimepull, hamcrest, picketbox, bval,
picketbox-xacml, tycho-extras, eclipse-emf, jboss-jsp-2.3-api,
hibernate-jpa-2.0-api, classmate, maven-invoker-plugin, tycho, mustache-java,
eclipse-egit, netty3, avalon-logkit, java-oauth, cli-parser,
jboss-connector-1.6-api, buildnumber-maven-plugin, batik
liangsuilong: pdfbox, batik
limb: pdfbox, batik
liquidat: batik, pdfbox, libktorrent
lkundrak: munge, pdfbox, batik, buildnumber-maven-plugin
loveshack: munge
lupinix: pdfbox, batik
lxqt-sig: nm-tray
maha: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
marcdeop: pdfbox, batik
marcindulak: munge
marionline: pdfbox, batik
mathstuf: perl-CGI-FormBuilder
matt: munge
mattia: pdfbox, batik
matyas: munge
maxamillion: pdfbox, batik
mbaldessari: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
mbarnes: sassc, lcms
mbartos: libee
mbooth: hamcrest, maven-invoker-plugin, tycho, maven-war-plugin,
eclipse-license, sassc, avalon-logkit, tycho-extras, eclipse-egit, eclipse-emf,
batik
mbriza: pdfbox, batik
mck182: pdfbox, batik
mclasen: sassc
mcrha: libopensync-plugin-evolution2, sassc
mef: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
melmorabity: pdfbox, sassc, batik
mgoodwin: hamcrest
mharmsen: avalon-logkit
mich181189: pdfbox, batik
michelmno: sassc
michich: munge
minh: pdfbox, batik
mitr: audit-viewer
mizdebsk: batik, eclipse-m2e-workspace, nodejs-grunt-legacy-util,
eclipse-m2e-egit, eclipse-m2e-maven-dependency-plugin, maven-checkstyle-plugin,
eclipse-license, nodejs-raw-body, eclipse-m2e-takari, eclipse-m2e-mavenarchiver,
eclipse-m2e-cxf, parboiled, nodejs-load-grunt-tasks, hamcrest,
eclipse-m2e-buildhelper, maven-war-plugin, nodejs-dateformat, tycho-extras,
eclipse-emf, eclipse-m2e-sisu, eclipse-m2e-tycho, sonatype-plugins-parent,
maven-invoker-plugin, forge-parent, tycho, mustache-java, plexus-cli, pdfbox,
eclipse-m2e-plexus, base64coder, eclipse-egit, eclipse-webtools, eclipse-gef,
avalon-logkit, eclipse-m2e-antlr, eclipse-m2e-core, cli-parser, jackson,
apache-logging-parent, buildnumber-maven-plugin, eclipse-m2e-modello,
eclipse-m2e-mavendev
mjakubicek: munge, avalon-logkit
mjia: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
mjw: munge
mkyral: pdfbox, batik
mluscon: zookeeper, netty3
mmorsi: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, maven-invoker-plugin,
nodejs-dateformat, buildnumber-maven-plugin, nodejs-raw-body
mmraka: jboss-jsp-2.3-api
moceap: jdo-api, pdfbox, batik
mpaladin: maven-checkstyle-plugin
mrceresa: munge
mschorm: maven-invoker-plugin, avalon-logkit
mschwendt: dillo, libetpan
msimacek: nodejs-load-grunt-tasks, hamcrest, nodejs-grunt-legacy-util,
maven-invoker-plugin, nodejs-dateformat, nodejs-raw-body, avalon-logkit
mskalick: golang-github-10gen-openssl
msrb: maven-invoker-plugin, buildnumber-maven-plugin
msuchy: nodejs-dateformat, nodejs-grunt-legacy-util
mtasaka: libetpan
musuruan: pdfbox, batik
mycae: munge
nathans: hamcrest
nb: pdfbox, batik
nbecker: pdfbox, batik
neugens: hamcrest
neuro-sig: munge
ngompa: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
pdfbox, nodejs-raw-body, batik
nguzman: tycho, eclipse-egit, eclipse-license
nodejs-sig: nodejs-load-grunt-tasks, nodejs-method-override,
nodejs-finalhandler, nodejs-moment, nodejs-buffertools, nodejs-compressible,
nodejs-tilelive, nodejs-grunt-legacy-util, nodejs-negotiator, nodejs-tilejson,
nodejs-dateformat, nodejs-raw-body, nodejs-encodeurl, nodejs-eyes,
nodejs-stylus, nodejs-send
nonamedotc: pdfbox, sassc, batik
nsoffer: ioprocess
nucleo: batik, pdfbox, libktorrent
oanson: python-lexicon, python-fluidity-sm, python-invoke
odubaj: classmate, maven-invoker-plugin, avalon-logkit, jandex
oliver: hamcrest, tycho, eclipse-license, avalon-logkit, tycho-extras,
eclipse-egit, eclipse-emf, batik
omajid: hamcrest
orion: eclipse-remote, hamcrest, maven-invoker-plugin, tycho, eclipse-license,
munge, eclipse-cdt, eclipse-launchbar, pdfbox, tycho-extras, batik
otaylor: sassc
patches: batik, nodejs-load-grunt-tasks, nodejs-method-override,
nodejs-finalhandler, nodejs-compressible, nodejs-grunt-legacy-util,
nodejs-negotiator, nodejs-encodeurl, nodejs-dateformat, avalon-logkit,
nodejs-raw-body, nodejs-moment, nodejs-eyes, nodejs-stylus, nodejs-send
pcpa: munge, maven-invoker-plugin
peter: pdfbox, maven-invoker-plugin, batik
petersen: perl-CGI-FormBuilder
pingou: maven-invoker-plugin
piotrp: nodejs-dateformat, nodejs-grunt-legacy-util, nodejs-eyes, graphite-web
pkajaba: maven-invoker-plugin
pkfed: munge
pkopkan: python-lexicon, python-fluidity-sm, python-invoke
plfiorini: pdfbox, batik
pmackinn: jdo-api, maven-invoker-plugin, base64coder
pnemade: sassc
ppisar: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, perl-CGI-FormBuilder,
nodejs-dateformat, nodejs-raw-body
praiskup: nodejs-grunt-legacy-util, nodejs-dateformat, maven-invoker-plugin
pvalena: buildnumber-maven-plugin
pwalter: sassc, lcms
pwu: pdfbox, sassc, batik
python-sig: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, munge,
nodejs-dateformat, nodejs-raw-body, nodejs-moment, python-ripozo
qulogic: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util,
perl-CGI-FormBuilder, nodejs-dateformat, nodejs-raw-body
rakesh: munge
raphgro: nodejs-load-grunt-tasks, hamcrest, nodejs-grunt-legacy-util,
nodejs-dateformat, pdfbox, nodejs-raw-body, batik
rathann: munge
rdieter: batik, pdfbox, libktorrent, libpqxx
rgrunber: eclipse-license, eclipse-cdt, glassfish-gmbal, mimepull, hamcrest,
glassfish-pfl, jersey, glassfish-management-api, tycho-extras, eclipse-emf,
simple, eclipse-remote, maven-invoker-plugin, tycho, mustache-java, grizzly,
eclipse-launchbar, eclipse-egit, eclipse-gef, avalon-logkit, grizzly-npn,
eclipse-dltk, cli-parser, rxjava, batik
rhughes: batik, sassc, pdfbox, lcms
rishi: sassc
rkennke: hamcrest
rlandmann: pdfbox, avalon-logkit, batik
rmattes: libpqxx
rnovacek: pdfbox, batik
robert: perl-CGI-FormBuilder
robotics-sig: libpqxx
rstrode: sassc, lcms
ruby-packagers-sig: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util,
nodejs-dateformat, buildnumber-maven-plugin, nodejs-raw-body
ryanlerch: sassc
s4504kr: pdfbox, batik
sagitter: nodejs-load-grunt-tasks, hamcrest, nodejs-grunt-legacy-util, munge,
nodejs-dateformat, nodejs-raw-body
sailer: libpqxx
salimma: pdfbox, sassc, batik
sbergmann: avalon-logkit
sbonazzo: buildnumber-maven-plugin
sdgathman: maven-invoker-plugin, avalon-logkit, hamcrest
sergiomb: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
pdfbox, nodejs-raw-body, batik
siddharths: pdfbox, batik
simo: libetpan
siwinski: owncloud
skottler: netty3, zookeeper, pdfbox, batik
slankes: pdfbox, batik, ferm
smani: munge, pdfbox, batik
smizrahi: ioprocess
sopotc: eclipse-remote, tycho, eclipse-license, eclipse-launchbar, eclipse-cdt,
tycho-extras
spike: maven-invoker-plugin, avalon-logkit, hamcrest
spot: munge
spstarr: munge
ssp: sassc, lcms
stefanb: pdfbox, batik
stevetraylen: maven-checkstyle-plugin, munge, buildnumber-maven-plugin
stewardship-sig: maven-invoker-plugin, avalon-logkit, hamcrest, forge-parent
svahl: pdfbox, batik
swagiaal: tycho, eclipse-anyedit
tc01: maven-invoker-plugin, nodejs-grunt-legacy-util, nodejs-dateformat, pdfbox,
nodejs-raw-body, nodejs-eyes, avalon-logkit, batik
tdawson: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util, nodejs-dateformat,
buildnumber-maven-plugin, nodejs-raw-body
tejas: pdfbox, batik
terjeros: pdfbox, sassc, batik
terrycloth: sassc
teuf: libgovirt
than: pdfbox, batik
thm: perl-CGI-FormBuilder
thozza: sassc, avalon-logkit, batik
tibbs: pdfbox, batik
timn: libpqxx
tnorth: pdfbox, batik
tomh: nodejs-finalhandler, nodejs-grunt-legacy-util, nodejs-dateformat,
nodejs-encodeurl, nodejs-eyes, nodejs-send
tomspur: munge
trepik: maven-invoker-plugin
tstclair: munge
ttheisen: munge
ttorling: libpqxx
tuxbrewr: batik, pdfbox, libktorrent
vakwetu: avalon-logkit
valtri: munge, buildnumber-maven-plugin
vascom: pdfbox, batik
victortoso: libgovirt
virtmaint-sig: libgovirt
vjancik: pdfbox, batik
vondruch: nodejs-load-grunt-tasks, nodejs-grunt-legacy-util,
maven-invoker-plugin, nodejs-dateformat, buildnumber-maven-plugin, nodejs-raw-body
wakko666: buildnumber-maven-plugin
walters: sassc
wolnei: pdfbox, batik
xavierb: nodejs-dateformat, nodejs-raw-body, nodejs-grunt-legacy-util,
nodejs-load-grunt-tasks
zbyszek: cli-parser, nodejs-load-grunt-tasks, maven-invoker-plugin,
nodejs-grunt-legacy-util, mustache-java, munge, nodejs-dateformat,
nodejs-raw-body, netty3
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/master/f/scripts/find_unblocked_orphans.py
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Thursday, November 21, 2019
OpenBSD Errata: November 22nd, 2019 (mesa)
Errata patches for Mesa have been released for OpenBSD 6.5 and 6.6.
Shared memory regions used by some Mesa drivers had permissions which
allowed others to access that memory.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata65.html
https://www.openbsd.org/errata66.html
Shared memory regions used by some Mesa drivers had permissions which
allowed others to access that memory.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata65.html
https://www.openbsd.org/errata66.html
OpenBSD Errata: November 22nd, 2019 (inteldrm)
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
A local user could cause the system to hang by reading specific registers
when Intel Gen8/Gen9 graphics hardware is in a low power state.
A local user could perform writes to memory that should be blocked with
Intel Gen9 graphics hardware.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata page:
https://www.openbsd.org/errata65.html
https://www.openbsd.org/errata66.html
As these affect the kernel, a reboot will be needed after patching.
A local user could cause the system to hang by reading specific registers
when Intel Gen8/Gen9 graphics hardware is in a low power state.
A local user could perform writes to memory that should be blocked with
Intel Gen9 graphics hardware.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata page:
https://www.openbsd.org/errata65.html
https://www.openbsd.org/errata66.html
As these affect the kernel, a reboot will be needed after patching.
Subscribe to:
Posts (Atom)