Bug 10600 - Update candidate for Mageia 3 : KDE 4.10.5
: Update candidate for Mageia 3 : KDE 4.10.5
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: RPM Packages
: 3
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
:
: MGA3-64-OK MGA3-32-OK
: validated_update
: 10766
: 7953 10342 10387 10388 10396 10428 10480 10583 10702
  Show dependency treegraph
 
Reported: 2013-06-23 15:30 CEST by Luc Menut
Modified: 2013-09-01 14:44 CEST (History)
11 users (show)

See Also:
Source RPM: KDE
CVE:
Status comment:


Attachments
List of package for i586 arch (35.58 KB, text/plain)
2013-08-17 12:57 CEST, John Balcaen
Details
List of package for x86_64 arch (37.37 KB, text/plain)
2013-08-17 12:57 CEST, John Balcaen
Details
List of packages in active testing by Sander (12.06 KB, text/plain)
2013-08-17 23:19 CEST, Sander Lepik
Details
List of package for x86_64 arch (37.81 KB, text/plain)
2013-08-23 01:47 CEST, John Balcaen
Details
List of package for i586 arch (36.04 KB, text/plain)
2013-08-23 01:48 CEST, John Balcaen
Details
List of SRPMS (4.70 KB, text/plain)
2013-08-23 12:43 CEST, John Balcaen
Details

Description Luc Menut 2013-06-23 15:30:33 CEST
Description of problem:
Opening the bugreport for upcoming update to KDE 4.10.5.


Reproducible: 

Steps to Reproduce:
Comment 1 Oleg Bosis 2013-07-08 10:59:39 CEST
Just a question: would this update also include Qt 4.8.5 (released last week) and qt-creator 4.8 (should be released soon) ?
Comment 2 John Balcaen 2013-07-09 00:04:25 CEST
This update is for KDE & only KDE.
Qt will be updated also but will require another bug report.
Comment 3 David Walser 2013-07-16 19:24:42 CEST
Besides the libkdcraw security fix that will be included with this update (see Bug 10428), two other security issues were fixed in kdebase4-workspace, according to this:
http://openwall.com/lists/oss-security/2013/07/16/4

As you can see, they were allocated CVE-2013-4132 and CVE-2013-4133.

Mageia 2 is not affected by these new issues.
Comment 4 David Walser 2013-07-16 22:14:33 CEST
CVE-2013-4132 was in fact not fixed in 4.10.5, so an additional patch is needed:
http://openwall.com/lists/oss-security/2013/07/16/7
Comment 5 David Walser 2013-07-18 22:21:24 CEST
Fedora has issued an advisory fixing CVE-2013-4132 and CVE-2013-4133:
https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111883.html

from http://lwn.net/Vulnerabilities/559475/
Comment 6 Luc Menut 2013-07-21 22:28:01 CEST
(In reply to David Walser from comment #4)
> CVE-2013-4132 was in fact not fixed in 4.10.5, so an additional patch is
> needed:
> http://openwall.com/lists/oss-security/2013/07/16/7

I've just added the patch from KDE/4.10
http://svnweb.mageia.org/packages?view=revision&revision=456949
Comment 7 David Walser 2013-08-10 17:54:32 CEST
Now that Qt and QtWebkit have been pushed to updates, can we push this to QA?
Comment 8 John Balcaen 2013-08-10 22:48:49 CEST
(In reply to David Walser from comment #7)
> Now that Qt and QtWebkit have been pushed to updates, can we push this to QA?

It's on the way.
Comment 9 David Walser 2013-08-15 22:16:22 CEST
I was asked during the QA meeting today to inquire about the status of this again.

I noticed there are a few packages that haven't been updated to 4.10.5:
kdeedu4, kdegames4, kdegraphics4, kdeutils4, task-kde4, kdeaccessibility4

Those are all meta packages if I'm not mistaken.?

Also there's ktuberling, maybe a build issue?

I don't know if there's any that are completely missing.

So is there anything other than updating the packages listed above that this is waiting on before pushing to QA?  Thanks.
Comment 10 John Balcaen 2013-08-16 17:04:44 CEST
Sorry, real life is quite busy thoses days.
I'll try to fix & finish it this later tonight (UTC-3) & on this week end.
I'll provide the files list too with an update.
Comment 11 John Balcaen 2013-08-17 12:57:12 CEST
Created attachment 4265 [details]
List of package  for i586 arch

Attached is the list of package for i586
Comment 12 John Balcaen 2013-08-17 12:57:46 CEST
Created attachment 4266 [details]
List of package  for x86_64 arch

List of package for x86_64 arch
Comment 13 John Balcaen 2013-08-17 13:16:24 CEST
A temporary advisories (waiting for input from kde team) :
« This update provides the last stable version of KDE for the 4.10.x branch.
Some of the new packages fixes additional issues open on our tracker :
- A memory leak has been fixed in kde-workspace (kde #314919 & mga #7953)
- A memory leak in kmix ( mga #10702 & kde #309464 )
- A packaging issue affecting kdebase4-runtime (mga #10387) & another affecting  kdegraphics-thumbnailers (mga #10388) 
- A crash of akonadi davgroupware ressource ( mga #10396)
- Several security issues affecting libraw & so libkdcraw ( CVE-2013-2126, CVE-2013-2127,
- Several security fixes affecting kdebase4-workspace ( CVE-2013-4132 & CVE-2013-4133 )
»
Comment 14 David Walser 2013-08-17 16:08:22 CEST
Looks like everything's updated to 4.10.5.  Strange though, some of those metapackages I mentioned in my last comment are updated on the mirror as of last night, but I didn't see them on pkgsubmit.  I also don't see them in the package list you attached.
Comment 15 John Balcaen 2013-08-17 20:28:13 CEST
(In reply to David Walser from comment #14)
> Looks like everything's updated to 4.10.5.  Strange though, some of those
> metapackages I mentioned in my last comment are updated on the mirror as of
> last night, but I didn't see them on pkgsubmit.  I also don't see them in
> the package list you attached.
They're part of the task-kde4 package.
Comment 16 David Walser 2013-08-17 20:42:19 CEST
(In reply to John Balcaen from comment #15)
> (In reply to David Walser from comment #14)
> > Looks like everything's updated to 4.10.5.  Strange though, some of those
> > metapackages I mentioned in my last comment are updated on the mirror as of
> > last night, but I didn't see them on pkgsubmit.  I also don't see them in
> > the package list you attached.
> They're part of the task-kde4 package.

Ahh, that makes sense.  Well, don't forget to include them in the package lists, so the correct things get pushed for this update.  Also, besides the package lists, a list of source packages is needed as well.

Thanks John.
Comment 17 Sander Lepik 2013-08-17 23:19:18 CEST
Created attachment 4267 [details]
List of packages in active testing by Sander

Testing with this list of packages.
Comment 18 David Walser 2013-08-22 22:37:41 CEST
Is my understanding correct that this is ready to test, just that the advisory is a work in progress?  If we could get a correct list of updated packages, this could be assigned to QA so that testing could begin.
Comment 19 John Balcaen 2013-08-23 01:47:43 CEST
Created attachment 4278 [details]
List of package  for x86_64 arch

Updated list of package  for x86_64 arch
Comment 20 John Balcaen 2013-08-23 01:48:23 CEST
Created attachment 4279 [details]
List of package  for i586 arch

Update list of package  for i586 arch
Comment 21 John Balcaen 2013-08-23 01:49:43 CEST
(In reply to David Walser from comment #18)
> Is my understanding correct that this is ready to test, just that the
> advisory is a work in progress?  If we could get a correct list of updated
> packages, this could be assigned to QA so that testing could begin.
Yep it is.
The advisory is a work in progress.
The bug is now assigned to QA.
Sorry again for the delay :/
Comment 22 claire robinson 2013-08-23 07:44:57 CEST
Thanks John. We'll need an updated list of SRPM's too at some point please.
Comment 23 John Balcaen 2013-08-23 12:43:19 CEST
Created attachment 4280 [details]
List of SRPMS

(In reply to claire robinson from comment #22)
> Thanks John. We'll need an updated list of SRPM's too at some point please.
List is attached, i forgot it yesterday night.
Comment 24 Hook 2013-08-23 13:24:05 CEST
FWIW I'm trying out 4.10.5 since yesterday and haven't encountered a major problem yet. 

The only one I could find is that it seems the KWin transparency settings are (again) forgotten in the KWin per-window settings. But that's neither big nor new.
Comment 25 David GEIGER 2013-08-23 15:03:14 CEST
Testing complete for mga3_64, Ok for me nothing to report since many test days.

Seems no regression.
Comment 26 David GEIGER 2013-08-23 15:03:37 CEST
Testing complete for mga3_32, Ok for me nothing to report since many test days.

Seems no regression too.
Comment 27 Dave Hodgins 2013-08-24 07:22:08 CEST
I've found that gtk apps like harddrake2 no longer allow the expansion
of the items on the left side. It makes the app pretty much unusable.

It works under gnome.  I think this should be  a blocker for this update.
Comment 28 Dave Hodgins 2013-08-24 08:29:53 CEST
Also found kwin crashes if gnome is running in another tty with the following
message in .xsession-errors ...
kwin: unable to claim manager selection, another wm running? (try using --replace)
Comment 29 John Balcaen 2013-08-24 12:52:11 CEST
(In reply to Dave Hodgins from comment #27)
> I've found that gtk apps like harddrake2 no longer allow the expansion
> of the items on the left side. It makes the app pretty much unusable.
> 
> It works under gnome.  I think this should be  a blocker for this update.

I can't reproduce this one on a full installation

(In reply to Dave Hodgins from comment #28)
> Also found kwin crashes if gnome is running in another tty with the following
> message in .xsession-errors ...
> kwin: unable to claim manager selection, another wm running? (try using
> --replace)
i'll install gnome & check this one.
Just to be try to narrow it a bit, which session manager are you using ? gdm ? kdm ? something else ?
Comment 30 John Balcaen 2013-08-24 13:55:26 CEST
(In reply to John Balcaen from comment #29)
> (In reply to Dave Hodgins from comment #27)
> > I've found that gtk apps like harddrake2 no longer allow the expansion
> > of the items on the left side. It makes the app pretty much unusable.
> > 
> > It works under gnome.  I think this should be  a blocker for this update.
> 
> I can't reproduce this one on a full installation
> 
> (In reply to Dave Hodgins from comment #28)
> > Also found kwin crashes if gnome is running in another tty with the following
> > message in .xsession-errors ...
> > kwin: unable to claim manager selection, another wm running? (try using
> > --replace)
> i'll install gnome & check this one.
> Just to be try to narrow it a bit, which session manager are you using ? gdm
> ? kdm ? something else ?

With gdm : 
if i start a first session with gnome & create a new session (and you're forced to use a new user not the same user...) with the default one set as kde, i don't encounter any problem, kde session is started without problem.
so i can't reproduce your issue

With kdm :
if i start a first session with gnome, i'm not able to switch user because gnome implicity look for gdm & nothing else complaining about the missing dbus file for gdm so gnome does not give the hand back to kdm...



Hum, how are you able to use a different session with gdm ?
Comment 31 Dave Hodgins 2013-08-24 16:57:27 CEST
(In reply to John Balcaen from comment #29)
> (In reply to Dave Hodgins from comment #27)
> > I've found that gtk apps like harddrake2 no longer allow the expansion
> > of the items on the left side. It makes the app pretty much unusable.
> > 
> > It works under gnome.  I think this should be  a blocker for this update.
> 
> I can't reproduce this one on a full installation
> 
> (In reply to Dave Hodgins from comment #28)
> > Also found kwin crashes if gnome is running in another tty with the following
> > message in .xsession-errors ...
> > kwin: unable to claim manager selection, another wm running? (try using
> > --replace)
> i'll install gnome & check this one.
> Just to be try to narrow it a bit, which session manager are you using ? gdm
> ? kdm ? something else ?

Booting to run level 3, and then using startx.  I've been trying to get a backtrace, but the kde bug reporting tool was crashing too. I've finally got
all of the recommended debuginfo packages installed, and have gdm attached to
kwin from within a gnome session, and now it won't crash. :-) I'll keep trying
to get more info.
Comment 32 Sander Lepik 2013-08-24 16:59:31 CEST
(In reply to Dave Hodgins from comment #31)
> Booting to run level 3, and then using startx.

This doesn't sound like a supported way of doing things.. AFAIK startx isn't supported method at all..
Comment 33 Dave Hodgins 2013-08-24 17:01:06 CEST
Booting to run level 3, using startx to start the kde session, then
using alt+ctrl+f2 to switch to a new login terminal, logging in, then
using "startx GNOME -- :1".

I'll switch to kdm, but still using alt+ctrl+f2 to log into a second
session, which should be supported, as I understand it.
Comment 34 Dave Hodgins 2013-08-24 17:17:19 CEST
I'm now using kdm, have kde running on tty2, used alt+ctrl+f3 to login to tty3
as root, running gnome, and have gdb attached to kwin, switched back to tty2,
used leave/switch user, activate new session (had to activate new session twice
to get a login screen), logged into a "tester" account, and started gnome for
that account, which is on tty4.

Hopefully I'll be able to recreate the crash, with this running, and capture
a good backtrace.
Comment 35 claire robinson 2013-08-28 14:03:29 CEST
Any further crash Dave?
Comment 36 Dave Hodgins 2013-08-28 14:46:23 CEST
No further crashes. Strange.
Comment 37 David GEIGER 2013-09-01 12:03:20 CEST
What is it for this update now?

For me it is always right, no regression found.
Comment 38 John Balcaen 2013-09-01 12:10:50 CEST
I did not receive any objections for the advisory so i guess it's ok on this part too.
Comment 39 Dave Hodgins 2013-09-01 12:21:52 CEST
I just have to add the advisory to svn, then I'll validate it.
Comment 40 Dave Hodgins 2013-09-01 13:05:48 CEST
Validating the update.

Could someone from the sysadmin team push 10600.adv to updates.
Comment 41 Thomas Backlund 2013-09-01 14:44:09 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0269.html

Note You need to log in before you can comment on or make changes to this bug.