Done for mga7 and mga6!

Advisory:
========================

Updated sigil package fixes security vulnerability:

Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files.
An attacker could use this vulnerability to write arbitrary files to the
filesystem (CVE-2019-14452).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14452
https://usn.ubuntu.com/4085-1/
========================

Updated packages in core/updates_testing:
========================
sigil-0.9.16-1.mga6
sigil-0.9.16-1.mga7

from SRPMS:
sigil-0.9.16-1.mga6.src.rpm
sigil-0.9.16-1.mga7.src.rpm

CC: (none) => geiger.david68210
Assignee: geiger.david68210 => qa-bugs

mga6, x86_64

sigil is an editor for ePub files.
No epub files here so I imported a random text file and assigned various header formats
to different sections then exported the result to epub format and read it back in.
It appears in the Office section in the system menus but does not launch.  It can be
launched from the cli with a number of errors.
There is nothing in ~/.config but a new entry appears in ~/.local/share called
sigil-ebook.
$ ls .local/share/sigil-ebook
sigil
$ tree
└── sigil
    ├── hunspell_dictionaries
    ├── local-storage
    ├── plugins
    ├── sigil_clips.ini
    ├── sigil_index.ini
    ├── sigil.ini
    ├── sigil_searches.ini
    └── user_dictionaries
        └── default

In sigil I added /home/lcl/qa/sigil/ to "lastfolderopen=" property, under the
[bookbrowser] section.  That did not help.

Version 0.9.8-1 updated cleanly to 0.9.16-1.

$ cd ~/qa/sigil
$ sigil
libGL error: No matching fbConfigs or visuals found
libGL error: failed to load driver: swrast
No XVisualInfo for format QSurfaceFormat(version 2.0, options QFlags<QSurfaceFormat::FormatOption>(), depthBufferSize -1, redBufferSize 1, greenBufferSize 1, blueBufferSize 1, alphaBufferSize -1, stencilBufferSize -1, samples -1, swapBehavior QSurfaceFormat::SwapBehavior(SingleBuffer), swapInterval 1, profile  QSurfaceFormat::OpenGLContextProfile(NoProfile))
Falling back to using screens root_visual.
Segmentation fault (core dumped)

That looks like a definite regression, unless it has something to do with the nvidia setup.

$ dmesg
[...]
[  161.836510] sigil[31684]: segfault at 8 ip 00007fc323c44ad1 sp 00007ffd91f3e130 error 4 in libQt5Gui.so.5.9.4[7fc323b53000+516000]

I tried removing the current nvidia driver and reinstalling it using dkms.
nvidia reboot failed.  Ended up in nouveau.
sigil worked fine under nouveau.  Reinstalled the proprietary graphics driver and
rebooted.  sigil failed to launch, with the same error and segfault as before.

There does not seem to be anything in the journal which refers to sigil.

As far as I could tell sigil is working with the nouveau driver so there may just be some
problem between Qt and the nvidia390.129 driver, in which case I would be inclined to
pass this because we are not investigating external graphics problems.

CC: (none) => tarazed25

mga7, x86_64

sigil updated cleanly.

$ sigil
libGL error: No matching fbConfigs or visuals found
libGL error: failed to load driver: swrast
Warning: WebEngineContext used before QtWebEngine::initialize() or OpenGL context creation failed.

In spite of that, the gui launched OK, displaying a template xhtml document between Book Browser and Table Of Contents.  It also launches from the Office section of the system menus.  The crude e-pub file created earlier opened fine in the editing window.  Not going to attempt to do anything with it.

It all looks OK.

Whiteboard: MGA6TOO MGA6-64-OK => MGA6TOO MGA6-64-OK MGA7-64-OK

Sounds OK to me, Len. Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0249.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED