Description of problem: Opening the bugreport for upcoming update to KDE 4.10.5. Reproducible: Steps to Reproduce:
CC: (none) => balcaen.john, nicolas.lecureuil
Blocks: (none) => 10387
Blocks: (none) => 10388
Blocks: (none) => 10583
Blocks: (none) => 10342
Blocks: (none) => 7953
Depends on: (none) => 10702
Just a question: would this update also include Qt 4.8.5 (released last week) and qt-creator 4.8 (should be released soon) ?
CC: (none) => olegbosis
This update is for KDE & only KDE. Qt will be updated also but will require another bug report.
Blocks: (none) => 10428, 10702Depends on: 10702 => (none)
Depends on: (none) => 10766
Besides the libkdcraw security fix that will be included with this update (see Bug 10428), two other security issues were fixed in kdebase4-workspace, according to this: http://openwall.com/lists/oss-security/2013/07/16/4 As you can see, they were allocated CVE-2013-4132 and CVE-2013-4133. Mageia 2 is not affected by these new issues.
CVE-2013-4132 was in fact not fixed in 4.10.5, so an additional patch is needed: http://openwall.com/lists/oss-security/2013/07/16/7
Fedora has issued an advisory fixing CVE-2013-4132 and CVE-2013-4133: https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111883.html from http://lwn.net/Vulnerabilities/559475/
CC: (none) => luigiwalser
(In reply to David Walser from comment #4) > CVE-2013-4132 was in fact not fixed in 4.10.5, so an additional patch is > needed: > http://openwall.com/lists/oss-security/2013/07/16/7 I've just added the patch from KDE/4.10 http://svnweb.mageia.org/packages?view=revision&revision=456949
CC: (none) => inster.css
Now that Qt and QtWebkit have been pushed to updates, can we push this to QA?
Blocks: (none) => 10480
(In reply to David Walser from comment #7) > Now that Qt and QtWebkit have been pushed to updates, can we push this to QA? It's on the way.
Blocks: (none) => 10396
CC: (none) => matija
I was asked during the QA meeting today to inquire about the status of this again. I noticed there are a few packages that haven't been updated to 4.10.5: kdeedu4, kdegames4, kdegraphics4, kdeutils4, task-kde4, kdeaccessibility4 Those are all meta packages if I'm not mistaken.? Also there's ktuberling, maybe a build issue? I don't know if there's any that are completely missing. So is there anything other than updating the packages listed above that this is waiting on before pushing to QA? Thanks.
Sorry, real life is quite busy thoses days. I'll try to fix & finish it this later tonight (UTC-3) & on this week end. I'll provide the files list too with an update.
Created attachment 4265 [details] List of package for i586 arch Attached is the list of package for i586
Created attachment 4266 [details] List of package for x86_64 arch List of package for x86_64 arch
A temporary advisories (waiting for input from kde team) : « This update provides the last stable version of KDE for the 4.10.x branch. Some of the new packages fixes additional issues open on our tracker : - A memory leak has been fixed in kde-workspace (kde #314919 & mga #7953) - A memory leak in kmix ( mga #10702 & kde #309464 ) - A packaging issue affecting kdebase4-runtime (mga #10387) & another affecting kdegraphics-thumbnailers (mga #10388) - A crash of akonadi davgroupware ressource ( mga #10396) - Several security issues affecting libraw & so libkdcraw ( CVE-2013-2126, CVE-2013-2127, - Several security fixes affecting kdebase4-workspace ( CVE-2013-4132 & CVE-2013-4133 ) »
Looks like everything's updated to 4.10.5. Strange though, some of those metapackages I mentioned in my last comment are updated on the mirror as of last night, but I didn't see them on pkgsubmit. I also don't see them in the package list you attached.
(In reply to David Walser from comment #14) > Looks like everything's updated to 4.10.5. Strange though, some of those > metapackages I mentioned in my last comment are updated on the mirror as of > last night, but I didn't see them on pkgsubmit. I also don't see them in > the package list you attached. They're part of the task-kde4 package.
(In reply to John Balcaen from comment #15) > (In reply to David Walser from comment #14) > > Looks like everything's updated to 4.10.5. Strange though, some of those > > metapackages I mentioned in my last comment are updated on the mirror as of > > last night, but I didn't see them on pkgsubmit. I also don't see them in > > the package list you attached. > They're part of the task-kde4 package. Ahh, that makes sense. Well, don't forget to include them in the package lists, so the correct things get pushed for this update. Also, besides the package lists, a list of source packages is needed as well. Thanks John.
Created attachment 4267 [details] List of packages in active testing by Sander Testing with this list of packages.
CC: (none) => mageia
Is my understanding correct that this is ready to test, just that the advisory is a work in progress? If we could get a correct list of updated packages, this could be assigned to QA so that testing could begin.
Created attachment 4278 [details] List of package for x86_64 arch Updated list of package for x86_64 arch
Attachment 4266 is obsolete: 0 => 1
Created attachment 4279 [details] List of package for i586 arch Update list of package for i586 arch
Attachment 4265 is obsolete: 0 => 1
(In reply to David Walser from comment #18) > Is my understanding correct that this is ready to test, just that the > advisory is a work in progress? If we could get a correct list of updated > packages, this could be assigned to QA so that testing could begin. Yep it is. The advisory is a work in progress. The bug is now assigned to QA. Sorry again for the delay :/
Assignee: lmenut => qa-bugs
Thanks John. We'll need an updated list of SRPM's too at some point please.
Created attachment 4280 [details] List of SRPMS (In reply to claire robinson from comment #22) > Thanks John. We'll need an updated list of SRPM's too at some point please. List is attached, i forgot it yesterday night.
FWIW I'm trying out 4.10.5 since yesterday and haven't encountered a major problem yet. The only one I could find is that it seems the KWin transparency settings are (again) forgotten in the KWin per-window settings. But that's neither big nor new.
Testing complete for mga3_64, Ok for me nothing to report since many test days. Seems no regression.
CC: (none) => geiger.david68210
Testing complete for mga3_32, Ok for me nothing to report since many test days. Seems no regression too.
I've found that gtk apps like harddrake2 no longer allow the expansion of the items on the left side. It makes the app pretty much unusable. It works under gnome. I think this should be a blocker for this update.
CC: (none) => davidwhodginsWhiteboard: (none) => feedback
Also found kwin crashes if gnome is running in another tty with the following message in .xsession-errors ... kwin: unable to claim manager selection, another wm running? (try using --replace)
(In reply to Dave Hodgins from comment #27) > I've found that gtk apps like harddrake2 no longer allow the expansion > of the items on the left side. It makes the app pretty much unusable. > > It works under gnome. I think this should be a blocker for this update. I can't reproduce this one on a full installation (In reply to Dave Hodgins from comment #28) > Also found kwin crashes if gnome is running in another tty with the following > message in .xsession-errors ... > kwin: unable to claim manager selection, another wm running? (try using > --replace) i'll install gnome & check this one. Just to be try to narrow it a bit, which session manager are you using ? gdm ? kdm ? something else ?
(In reply to John Balcaen from comment #29) > (In reply to Dave Hodgins from comment #27) > > I've found that gtk apps like harddrake2 no longer allow the expansion > > of the items on the left side. It makes the app pretty much unusable. > > > > It works under gnome. I think this should be a blocker for this update. > > I can't reproduce this one on a full installation > > (In reply to Dave Hodgins from comment #28) > > Also found kwin crashes if gnome is running in another tty with the following > > message in .xsession-errors ... > > kwin: unable to claim manager selection, another wm running? (try using > > --replace) > i'll install gnome & check this one. > Just to be try to narrow it a bit, which session manager are you using ? gdm > ? kdm ? something else ? With gdm : if i start a first session with gnome & create a new session (and you're forced to use a new user not the same user...) with the default one set as kde, i don't encounter any problem, kde session is started without problem. so i can't reproduce your issue With kdm : if i start a first session with gnome, i'm not able to switch user because gnome implicity look for gdm & nothing else complaining about the missing dbus file for gdm so gnome does not give the hand back to kdm... Hum, how are you able to use a different session with gdm ?
(In reply to John Balcaen from comment #29) > (In reply to Dave Hodgins from comment #27) > > I've found that gtk apps like harddrake2 no longer allow the expansion > > of the items on the left side. It makes the app pretty much unusable. > > > > It works under gnome. I think this should be a blocker for this update. > > I can't reproduce this one on a full installation > > (In reply to Dave Hodgins from comment #28) > > Also found kwin crashes if gnome is running in another tty with the following > > message in .xsession-errors ... > > kwin: unable to claim manager selection, another wm running? (try using > > --replace) > i'll install gnome & check this one. > Just to be try to narrow it a bit, which session manager are you using ? gdm > ? kdm ? something else ? Booting to run level 3, and then using startx. I've been trying to get a backtrace, but the kde bug reporting tool was crashing too. I've finally got all of the recommended debuginfo packages installed, and have gdm attached to kwin from within a gnome session, and now it won't crash. :-) I'll keep trying to get more info.
(In reply to Dave Hodgins from comment #31) > Booting to run level 3, and then using startx. This doesn't sound like a supported way of doing things.. AFAIK startx isn't supported method at all..
Booting to run level 3, using startx to start the kde session, then using alt+ctrl+f2 to switch to a new login terminal, logging in, then using "startx GNOME -- :1". I'll switch to kdm, but still using alt+ctrl+f2 to log into a second session, which should be supported, as I understand it.
I'm now using kdm, have kde running on tty2, used alt+ctrl+f3 to login to tty3 as root, running gnome, and have gdb attached to kwin, switched back to tty2, used leave/switch user, activate new session (had to activate new session twice to get a login screen), logged into a "tester" account, and started gnome for that account, which is on tty4. Hopefully I'll be able to recreate the crash, with this running, and capture a good backtrace.
Any further crash Dave?
Whiteboard: feedback => (none)
No further crashes. Strange.
What is it for this update now? For me it is always right, no regression found.
I did not receive any objections for the advisory so i guess it's ok on this part too.
I just have to add the advisory to svn, then I'll validate it.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Validating the update. Could someone from the sysadmin team push 10600.adv to updates.
Update pushed: http://advisories.mageia.org/MGASA-2013-0269.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED