Bugzilla – Bug 1114605
pesign-obs-integration: repackaging mangles some bits
Last modified: 2023-04-10 15:46:57 UTC
This should be released as a maintenance-update to 15.0 so that 15.1 will be fixed, too: https://github.com/openSUSE/pesign-obs-integration/pull/8 And eventually, we might also want a solution for https://github.com/openSUSE/pesign-obs-integration/issues/9
SUSE-RU-2018:4164-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1114605 CVE References: Sources used: SUSE Linux Enterprise Module for Development Tools 15 (src): pesign-obs-integration-10.0-7.3.1
openSUSE-RU-2018:4250-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1114605 CVE References: Sources used: openSUSE Leap 15.0 (src): pesign-obs-integration-10.0-lp150.6.3.1
https://github.com/openSUSE/pesign-obs-integration/issues/9 is still open and affecting all our kmps Anything we can do to change virtualbox so that it no longer breaks from my change?
(In reply to Bernhard Wiedemann from comment #4) > https://github.com/openSUSE/pesign-obs-integration/issues/9 is still open > and affecting all our kmps > > Anything we can do to change virtualbox > so that it no longer breaks from my change? As long as we can get rid of the following lines in virtualbox.spec, my patch(*) can be applied: # Do not provide libGL.so symbols - they are owned by Mesa already and this could potentially confuse rpm/zypp %global __provides_exclude ^libE?GL.so.1.*$ (*) https://github.com/lcp/pesign-obs-integration/commit/b19e313c6c94a0d391d3ac1289f9b6fe5e5b2d9b
(In reply to Gary Ching-Pang Lin from comment #5) > (In reply to Bernhard Wiedemann from comment #4) > > https://github.com/openSUSE/pesign-obs-integration/issues/9 is still open > > and affecting all our kmps > > > > Anything we can do to change virtualbox > > so that it no longer breaks from my change? > > As long as we can get rid of the following lines in virtualbox.spec, my > patch(*) can be applied: > > # Do not provide libGL.so symbols - they are owned by Mesa already and this > could potentially confuse rpm/zypp > %global __provides_exclude ^libE?GL.so.1.*$ > > (*) > https://github.com/lcp/pesign-obs-integration/commit/ > b19e313c6c94a0d391d3ac1289f9b6fe5e5b2d9b Correction: It's your patch https://github.com/openSUSE/pesign-obs-integration/commit/42b934760a75cf077d3c5831aaa14d3d104ba5cd
Just an idea. If the virtualbox kmp can be split from virtualbox.spec, then maybe we don't have to worry about the customized provide anymore.
Status update: The change to split kmp from virtualbox main package has landed Virtualization repo and is making its way to Factory. If it doesn't break anything, then we can move forward to merge the pesign-obs-integration fix.
The virtualbox change for Factory: https://build.opensuse.org/request/show/820056
Virtualbox in Factory is now split into the main package and kmp package. Let's try the provides/requires patch again :)
The fix for find_provides/requires was merged into openSUSE:Factory. Closing this bug.
This is an autogenerated message for OBS integration: This bug (1114605) was mentioned in https://build.opensuse.org/request/show/834917 15.2 / virtualbox
openSUSE-SU-2020:1486-1: An update that fixes 25 vulnerabilities is now available. Category: security (moderate) Bug References: 1114605,1174075,1174159,1175201 CVE References: CVE-2020-14628,CVE-2020-14629,CVE-2020-14646,CVE-2020-14647,CVE-2020-14648,CVE-2020-14649,CVE-2020-14650,CVE-2020-14673,CVE-2020-14674,CVE-2020-14675,CVE-2020-14676,CVE-2020-14677,CVE-2020-14694,CVE-2020-14695,CVE-2020-14698,CVE-2020-14699,CVE-2020-14700,CVE-2020-14703,CVE-2020-14704,CVE-2020-14707,CVE-2020-14711,CVE-2020-14712,CVE-2020-14713,CVE-2020-14714,CVE-2020-14715 JIRA References: Sources used: openSUSE Leap 15.2 (src): virtualbox-6.1.14-lp152.2.5.1, virtualbox-kmp-6.1.14-lp152.2.5.1