Opera 12.00 has been pushed to mga1+mga2 nonfree/updates_testing. Suggested advisory =================== Opera 12.00 fixes several security and stability issues found in previous versions and contains new and improved features. Fixed an issue where hidden keyboard navigation could allow cross site scripting or code execution, as reported by Jordi Chancel. http://www.opera.com/support/kb/view/1021/ Fixed an issue where a combination of clicks and key presses could lead to cross site scripting or code execution, as reported by Jordi Chancel. http://www.opera.com/support/kb/view/1020/ Fixed an issue where cross-domain JSON resources may be exposed as JavaScript variable data. http://www.opera.com/support/kb/view/1019/ Fixed an issue where carefully timed reloads, redirects, and navigation could spoof the address field, as reported by Jordi Chancel. http://www.opera.com/support/kb/view/1018/ Fixed an issue where pages could prevent navigation to a target page, spoofing the address field, as reported by Code Audit Labs of vulnhunt.com. http://www.opera.com/support/kb/view/1022/ For a complete list of changes including the non-security fixes, see http://www.opera.com/docs/changelogs/unix/1200/ ==================== Packages: opera-12.00-1.mga1.nonfree opera-12.00-1.mga2.nonfree
Currently testing Mageia 1 i586, using pop3, imap, nntp, rss, irc, and web browsing.
CC: (none) => davidwhodgins
Testing complete on Mageia 1. There's a problem with Mageia 2 i586. The rpm package is not showing up on the mirrors, such as http://twiska.zarb.org/mageia/distrib/2/i586/media/core/updates_testing
It is in nonfree/updates_testing, not core.
Whiteboard: (none) => mga1-32-OK
All OK on Mga2 x86_64 Installing Opera pulled in new dependencies libx11_6 libxau6 libxcb1 libxdmcp6 libxext6 libxt6 Does that mean all these will have to go into NonFree/Updates to get around Bug 2317 ?
CC: (none) => derekjennWhiteboard: mga1-32-OK => mga1-32-OK mga2-64-OK
Its when the update installs new dependencies Derek. It's also added suggests. Depcheck says opera is ok though.
There is something not right here. Installing 64bit Opera installs a bunch of 32 bit dependencies. The 64 bit version of all these libraries is already installed. # urpmi opera To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Nonfree Updates Testing (distrib15)") opera 12.00 1.mga2.nonfr> x86_64 (medium "Core 32bit Release (distrib31)") libice6 1.0.8 1.mga2 i586 libsm6 1.2.1 1.mga2 i586 libx11_6 1.4.99.1 4.mga2 i586 libxau6 1.0.7 1.mga2 i586 libxcb1 1.8.1 1.mga2 i586 libxdmcp6 1.1.1 1.mga2 i586 libxext6 1.3.1 1.mga2 i586 libxt6 1.1.2 2.mga2 i586 45MB of additional disk space will be used. 14MB of packages will be retrieved. Proceed with the installation of the 9 packages? (Y/n) y Unvalidating for mga2-64 for the moment.
Whiteboard: mga1-32-OK mga2-64-OK => mga1-32-OK
(In reply to comment #3) > It is in nonfree/updates_testing, not core. Yes. I'd forgotten to enable Nonfree Updates Testing in my Mga 2 install. Testing complete for Mageia 2 i586.
Whiteboard: mga1-32-OK => mga1-32-OK, mga2-32-OK
(In reply to comment #6) > There is something not right here. Installing 64bit Opera installs a bunch of > 32 bit dependencies. The 64 bit version of all these libraries is already > installed. ftp://ftp.opera.com/pub/opera/linux/1200/ Opera does have 64 bit versions, so it shouldn't need 32 bit libraries.
(In reply to comment #6) > There is something not right here. Installing 64bit Opera installs a bunch of > 32 bit dependencies. The 64 bit version of all these libraries is already > installed. Can you check to see if the Core Release version pulls in the 32 bit libraries? Opera may need those for compatibility with 32 bit plugins. If the Core Release version also pulls them in, and opera:about in the address bar shows 64 bit for the system, after installing the updates testing version, then the bug should be revalidated for mga2-64.
I confirm comment 6 in mga1: [root@vosdook ~]# LC_ALL=C urpmi --searchmedia "Nonfree Updates" opera installing opera-11.64-1.mga1.nonfree.x86_64.rpm from /mnt/data/var/pub/1/x86_64/media/nonfree/updates Preparing... ############################################# 1/1: opera ############################################# [root@vosdook ~]# LC_ALL=C urpmi --searchmedia "Nonfree Updates Testing" opera To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Nonfree Updates Testing") opera 12.00 1.mga1.nonfr> x86_64 (medium "Core 32bit Release") libice6 1.0.7 2.mga1 i586 libsm6 1.2.0 2.mga1 i586 libx11_6 1.4.3 1.mga1 i586 libxau6 1.0.6 1.mga1 i586 libxcb1 1.7 1.mga1 i586 libxdmcp6 1.1.0 1.mga1 i586 libxext6 1.2.0 2.mga1 i586 libxt6 1.1.1 2.mga1 i586 6.8MB of additional disk space will be used. 14MB of packages will be retrieved. Proceed with the installation of the 9 packages? (Y/n) Was working fine before
CC: (none) => qa-bugs, sysadmin-bugsComponent: RPM Packages => Release (media or process)Assignee: qa-bugs => anssi.hannula
Component: Release (media or process) => Security
sorry :/
CC: sysadmin-bugs => (none)
New packages have been submitted to nonfree/updates_testing with the requirement regression on x86_64 fixed: opera-12.00-1.1.mga1.nonfree opera-12.00-1.1.mga2.nonfree Advisory is unchanged.
Assignee: anssi.hannula => qa-bugs
Thats better. Thanks opera-12.00-1.1.mga2.nonfree validated for mga2 x86_64
Whiteboard: mga1-32-OK, mga2-32-OK => mga1-32-OK, mga2-32-OK mga2-64-OK
Depcheck still says it's ok. Testing x86_64 mga1
Tested on i586 mga2 so far so go, and I also tested on x86_64 mga2 and it seem to work fine also.
CC: (none) => pham182b
Tested flash, java, email, checked libs All seems ok x86_64 mga1 It should be rechecked on mga1 i586 before validating, removing that whiteboard keyword. opera-12.00-1.1.mga1.nonfree opera-12.00-1.1.mga2.nonfree
Whiteboard: mga1-32-OK, mga2-32-OK mga2-64-OK => mga2-32-OK mga2-64-OK mga1-64-OK
Testing complete on Mageia 1 i586. Validating the update. Could someone from the sysadmin team push the srpm opera-12.00-1.1.mga2.nonfree from Mageia 2 Nonfree Updates Testing to Nonfree Updates and push the srpm opera-12.00-1.1.mga1.nonfree from Mageia 1 Nonfree Updates Testing to Nonfree Updates. Advisory: Opera 12.00 fixes several security and stability issues found in previous versions and contains new and improved features. Fixed an issue where hidden keyboard navigation could allow cross site scripting or code execution, as reported by Jordi Chancel. http://www.opera.com/support/kb/view/1021/ Fixed an issue where a combination of clicks and key presses could lead to cross site scripting or code execution, as reported by Jordi Chancel. http://www.opera.com/support/kb/view/1020/ Fixed an issue where cross-domain JSON resources may be exposed as JavaScript variable data. http://www.opera.com/support/kb/view/1019/ Fixed an issue where carefully timed reloads, redirects, and navigation could spoof the address field, as reported by Jordi Chancel. http://www.opera.com/support/kb/view/1018/ Fixed an issue where pages could prevent navigation to a target page, spoofing the address field, as reported by Code Audit Labs of vulnhunt.com. http://www.opera.com/support/kb/view/1022/ For a complete list of changes including the non-security fixes, see http://www.opera.com/docs/changelogs/unix/1200/ https://bugs.mageia.org/show_bug.cgi?id=6465
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: mga2-32-OK mga2-64-OK mga1-64-OK => mga2-32-OK mga2-64-OK mga1-64-OK, mga1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0121
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED