Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ximi1970:Servers:OBS:2.10
obs-server
obs-server.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File obs-server.changes of Package obs-server
------------------------------------------------------------------- Thu Mar 16 15:46:39 UTC 2023 - Daniel Donisa <daniel.donisa@suse.com> - Update to version 2.10.21 Bugfixes ======== Frontend: * Update rack to version 2.2.6.4 - Fixes CVE-2023-27539 Avoid ReDoS (https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) in header parsing. - Fixes CVE-2023-27530 Possible DoS Vulnerability in Multipart MIME parsing.+ ------------------------------------------------------------------- Fri Jan 27 12:42:48 UTC 2023 - Lukas Krause <lukas.krause@suse.com> - Update to version 2.10.20 Bugfixes ======== Frontend: * Update globalid gem from 1.0.0 to 1.0.1 - Fixes CVE-2023-22799 ReDoS based DoS vulnerability in the GlobalID gem * Update rack gem from 2.2.4 to 2.2.6.2 - Fixes CVE-2022-44571 Denial of service vulnerability in the Content-Disposition parsing component of Rack. - Fixes CVE-2022-44572 Denial of service vulnerability in the multipart parsing component of Rack. - Fixes CVE-2022-44570 Possible denial of service vulnerability in the Range header parsing component of Rack. ------------------------------------------------------------------- Thu Dec 15 12:04:22 UTC 2022 - Daniel Donisa <daniel.donisa@suse.com> - Update to version 2.10.19 Bugfixes ======== Frontend: * Update rails-html-sanitizer to 1.4.4 - CVE-2022-32209 Rails::Html::Sanitizer vulnerable to Cross-site Scripting * Fix support for qemu system emulated builds via bs_worker ------------------------------------------------------------------- Mon Jul 18 12:51:04 UTC 2022 - Daniel Donisa <daniel.donisa@suse.com> - Update to version 2.10.17 Bugfixes ======== Frontend: * Bug fix session leaking during BsRequest auto accept - See https://github.com/openSUSE/open-build-service/pull/12821 * Update rails to 5.2.8.1 - CVE-2022-32224 Possible RCE escalation bug with Serialized Columns in Active Record * Update tzinfo from 1.2.9 to 1.2.10 - CVE-2022-31163 TZInfo relative path traversal vulnerability allows loading of arbitrary files ------------------------------------------------------------------- Thu May 26 09:03:14 UTC 2022 - Saray Cabrera Padron <scabrerapadron@suse.de> - Update to version 2.10.16 Features ======== Backend: * Support for qemu system emulated worker instances Bugfixes ======== Frontend: * Update Nokogiri to version 1.13.6 to fix two security issues: - CVE-2022-29181 Improper Handling of Unexpected Data Type. * Update rack to 2.2.3.1 - CVE-2022-30122 Denial of Service Vulnerability in Rack Multipart Parsing - CVE-2022-30123 Possible shell escape sequence injection ------------------------------------------------------------------- Thu May 5 10:00:35 UTC 2022 - Lukas Krause <lukas.krause@suse.com> - Update to version 2.10.15 Bugfixes ======== * Frontend: - Fix CVE-2022-22577: There is a possible XSS vulnerability in Rails / Action Pack. CSP headers were only sent along with responses that Rails considered as "HTML" responses. This left API requests without CSP headers, which could possibly expose users to XSS attacks. - Fix CVE-2022-27777: There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability ------------------------------------------------------------------- Wed Apr 27 08:10:54 UTC 2022 - Adrian Schröter <adrian@suse.de> - Update to version 2.10.14 - support zstd preinstallimages as produced by new build script ------------------------------------------------------------------- Tue Apr 19 15:05:49 UTC 2022 - Hendrik Vogelsang <hvogel@suse.com> Update to version 2.10.13 - Fix XML external entity (XXE) injection in xmlhash CVE-2022-21949 - Update to Ruby 2.7 - Fix heap memory corruption in yajl-ruby gem https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm - Fix excessive backtracking in nokogiri gem https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 - Fix priviledge escalation issue in ProjectDoProjectReleaseJob (#12407) ------------------------------------------------------------------- Thu Feb 25 12:26:06 UTC 2021 - Hendrik Vogelsang <hvogel@suse.com> - Update to version 2.10.10 Bugfixes ======== * frontend: - CVE-2020-15169: Potential XSS vulnerability in Action View - CVE-2020-8184: Percent-encoded cookies can be used to overwrite existing prefixed cookie names - GHSA-g6wq-qcwm-j5g2: ReDoS vulnerability in Sec-WebSocket-Extensions parser - GHSA-vr8q-g5c7-m54m: Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability ------------------------------------------------------------------- Tue Jan 12 11:45:06 UTC 2021 - Daniel Donisa <daniel.donisa@suse.com> - Update to version 2.10.9 Bugfixes ======== * Frontend: - Update redcarpet gem to fix a security vulnerability. ------------------------------------------------------------------- Thu Dec 3 13:20:13 UTC 2020 - Saray Cabrera Padron <scabrerapadron@suse.de> - Update to version 2.10.8 Bugfixes ======== * Frontend: - CVE-2020-8031: Potential Cross-Site Scripting in markdown rendering. ------------------------------------------------------------------- Mon Jun 29 11:47:03 UTC 2020 - Eduardo Navarro <enavarro@suse.com> - Update to version 2.10.7 Bugfixes ======== * Frontend: - CVE-2020-8184: Percent-encoded cookies can be used to overwrite existing prefixed cookie names ------------------------------------------------------------------- Mon Jun 29 11:45:46 UTC 2020 - Eduardo Navarro <enavarro@suse.com> - Remove unneeded files, after retrieving them with the services. ------------------------------------------------------------------- Mon Jun 29 11:40:08 UTC 2020 - Eduardo Navarro <enavarro@suse.com> - Remove 'mode="disabled"' for obs_scm and bundle_gems services. ------------------------------------------------------------------- Wed Jun 3 10:31:21 UTC 2020 - David Kang <dkang@suse.com> - Update to version 2.10.6 Bugfixes ======== * frontend: - CVE-2020-8165: Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore - CVE-2020-11082: Potential Cross Site Scripting in Kaminari gem ------------------------------------------------------------------- Tue May 19 11:49:26 UTC 2020 - Adrian Schröter <adrian@suse.de> - Update to version 2.10.5 Bugfixes ======== Backend * CVE-2020-8021: unauthorized read access to files where sourceacess is disabled via a crafted _service (bsc#1171649) ------------------------------------------------------------------- Wed May 13 14:06:54 UTC 2020 - Victor Pereira <vpereira@suse.com> - Update to version 2.10.4 Bugfixes ======== Frontend * CVE-2020-8020: Possible stored XSS attack on comments markdown ------------------------------------------------------------------- Tue Apr 28 09:26:10 UTC 2020 - Adrian Schröter <adrian@suse.de> - Update to version 2.10.3 Frontend: * Support recent MySQL/MariaDB releases Backend: * Fix redis service restart behaviour Shipment: * Support for openSUSE Leap 15.2 and SLES 15 SP2 ------------------------------------------------------------------- Thu Apr 2 11:24:02 UTC 2020 - Eduardo Navarro <enavarro@suse.com> - Update to version 2.10.2 Features ======== Backend: * Support for zstd compressed Arch Linux packages Bugfixes ======== Frontend: * Security update for gem rails (CVE-2020-5267) ------------------------------------------------------------------- Thu Apr 2 11:21:54 UTC 2020 - Eduardo Navarro <enavarro@suse.com> - Add missing changes made in 2.10.1 Features ======== Backend: * EXPERIMENTAL: Add support for rpm-md modules (RHEL/CentOS 8 only). Modules can get enabled via· ExpandFlags: module:$MODULE_NAME in build configuration. Note: they tend to conflict. * bs_publish: support Debian's InRelease file * support zchunk compression for rpm-md metadata * new systemd-nspawn backend * Support zstd compression for rpm and deb Bugfixes ======== Frontend: * Fix partial editor option hash defaults (obs#8018) * Fixed inconsistent data on package undelete * Sphinx startup fixes * Fix maintained projects link Backend: * Support openssl 1.1 and newer * fix publisher sleeping behaviour (obs#8276) * bs_publish: fix $rsync_extra_options handling (obs#8384) * service expansion: tweak oldfiles handling (obs#7596) * fix publishing of containers when no registry is configured Shipment: * obsdodup starts after obsapisetup Bugfixes: * Make cleanup_scm_cache cron job work again * Fix LogRotate setup ------------------------------------------------------------------- Thu Jul 4 12:08:40 UTC 2019 - Hendrik Vogelsang <hvogel@suse.com> - Update to version 2.10 Features ======== Generic: * replaced sysv init scripts with systemd files * Add binary release tracking data for containers. * Add support to collect performance metrics with InfluxDB * Amazon EC2/ Microsoft Azure cloud upload support * Text fields are stored as 4 byte UTF-8 which allows to use emojis. To use this feature, switch database.yml to utf8mb4 encoding * Added `beta` environment in 'config/feature.yml' to toggle features in the beta program. * Bugowners of a project/package now receive notifications about new comments * Request pre-approval support. Requests will be accepted when last review gets accepted. * Support webhooks from gitlab * Send requests creation to rabbitmq bus * Admins can write Terms of Services, via the API, and they will be shown in the WebUI to users unless they acknowledge them. User Interface: * Improved UI/UX for package live build log (hints & start/stop loading) * Do not show excluded entries in package build results by default. * Refactored the view of the binaries page that before was just a list of links that pointed to the details page. Now you can download the files and upload images to the cloud directly from here. * Limit results for autocompletion queries to 50 * Include all results for autocompletion that match with the search string. * Hide disabled repositories by default * Excluded entries in package build results are not shown by default anymore. * Use full author identities in generating changes entries * Request descriptions are now mandatory to avoiding unnecessary requets Backend & build support: * new publisher features - vagrant box publishing - zchunk compressed files in rpm-md metadata * binary tracking improvements - tracking of appliances and containers * container improvements - support multi-arch container manifest generation - kiwi profile handling - improved parsing of Dockerfiles - new OBS-AddTag and OBS-Imagerepo directives - take container with the highest version/release if there is a conflict over a tag - disk space savings with container layer deduplication - integrated container registry * speed improvements - faster repository publishing and product generation - incremental project updates in the scheduler - reducred interconnect load due to a lastevents proxy * odds and ends - obs-build: shell support in KVM - prjconf package exclude feature ("onlybuild") - sysrq and core dump support for KVM builds - support rpm's new '^' separator in version comparison - milestone numbering support in release handling Shipment: * Require system gems (rake and rack) in api-deps package Bugfixes: * Binary view now shows correct data for multibuild packages * Source diffs with mixed encoding were causing failures when processing notification mails. This is fixed now. * Improved explanatory text for role changes on request review page. * Rails security update was patched (CVE-2019-5419). * Added upper-limit to range to avoid long running queries in Webui::MonitorController. * In WebUI, only admins are allowed to create DoD repositories. * In WebUI, only admins are allowed to create sourceaccess/access repositories flags. * Added missing authorization to move repository path in Webui::ProjectController. * Require sourceaccess by default in `require_package`. Intentional changes: ==================== * always run services on expanded link sources * The format of the OBS options.yml is now distinguishing between Rails environments. You can convert your old configuration by running: (cd /srv/www/obs/api/; rake migrate_options_yml) * OBS is now using the lograge gem to generate production logs. We are now logging (in one line per request): * Timestamp * Request: Method + Controller + Action + Path + Params * Response status * Duration: Overall / View / DB * Remote IP * User login * In previous releases it was possible to delete attributes through /source/<project>/_attribute/?namespace=OBS&name=VeryImportantProject (or similiar for packages). You need to follow the documentation now and the proper route is /source/<project>/_attribute/OBS:VeryImportantProject * GET '/attribute/:attribute' route responded with a 400 when the attribute type did not exist. It now returns a 404 status. * GET '/source/<project>/_attribute' allowed to filter by namespace. This was never documented and was removed now. '/_attribute' will return all attributes, while '/_attribute/:attribute' keeps returning only the given attribute (as documented) * The 'commenter' and 'commenters' payload of Comment events used to contain user ids. They now contain the user login name instead. Run the data migrations to convert events in the old format: 'rails data:migrate RAILS_ENV=production' * Messages (for projects/packages) deprecated. The API routes below /message/ are deprecated and will be removed in the next version. * Deprecated Ratings. The following API routes are deprecated and will be removed in the next version: - GET /statistics/highest_rated?limit=<limit> - GET /statistics/rating/<project>/<package> - PUT /statistics/rating/<project>/<package> * Project and package release operations used to return a 403 permission error also on configuration errors. This is a 404 now: - POST /source/<project>?cmd=release - POST /source/<project>/<package>?cmd=release * Public route dropped for reading patchinfo - GET 'patchinfo/read_patchinfo' ------------------------------------------------------------------- Mon Apr 1 12:48:29 UTC 2019 - David Kang <dkang@suse.com> - Update to version 2.9.6 Bugfixes ======== Frontend: * Rails security update was patched (CVE-2019-5419). * Added upper-limit to range to avoid long running queries in Webui::MonitorController. * In WebUI, only admins are allowed to create DoD repositories. * In WebUI, only admins are allowed to create sourceaccess/access repositories flags. * Added missing authorization to move repository path in Webui::ProjectController * Require sourceaccess by default in `require_package`. ------------------------------------------------------------------- Mon Oct 8 11:01:40 UTC 2018 - Hendrik Vogelsang <hvogel@suse.com> - Update to version 2.9.5 Bugfixes ======== Frontend: * Do not allow null characters in comments * Prevent creation of a request with an ID attribute Backend: * avoid wipebinaries in locked projects * fixes for new genmeta scheduling strategy * fixed usage of preinstallimages Features ======== Backend: * obs_admin can trigger DoD repository meta data updates via --recheck-dod option ------------------------------------------------------------------- Tue Jul 24 08:23:52 UTC 2018 - bgeuken@suse.com - Release of OBS – 2.9.4 Bugfixes ======== Frontend: * Fixes permission check for bs requests with source projects that link to another project (bsc#1098934) * Fixes permission check in the InitializeDevelPackage attribute codepath (bsc#1100217) * Fix permission check of linked projects in BsRequestAction.check_action_permission ------------------------------------------------------------------- Wed Jun 6 07:56:29 UTC 2018 - bgeuken@suse.com - 2.9.3 release: Features ======= Backend: * Allow to use different scheduling strategy which handles large build dependency cycles better. Enable it via project config: BuildFlags: genmetaalgo:1 Bugfixes ======== Frontend: * Fixes permission issue that allowd unpermitted users to trigger services via the webui. * Permits setting the initial bs request state. This prevents setting the initial state to something else than 'new' (CVE-2018-7689). * Fixes permission check for project with 'InitializeDevelPackage' attribute (CVE-2018-7688). * Fixes rendering of requests with multiple submit requests. Previously switching tabs would not trigger a reload of the request content for the selected request. Backend: * Debian fixes to 2.9 - publish ONIE binary and hashsum, enable Secure Boot EFI signing for Debian packages. * New regex needssslcertforbuild for Debian builds * Support publishing via rsync syntax (allows to specify port numbers) * Make project config parser errors always visible * Fix corner case on wiping binaries * Improved .changes merge handling * Don't publish unneeded files of appdata in meta data * Fixing lost events on restarting schedulers * Make errors by not reachable remote instances better visible. ------------------------------------------------------------------- Wed Jun 6 07:56:29 UTC 2018 - bgeuken@suse.com - 2.9.2 release: Features ======== Frontend: * Admins can now mark user to be managed locally instead via LDAP * Cloud uploads can be managed (started, aborted and listed) via API Bugfixes ======== Frontend: * Fixed issue in live build log that caused parts of the log being duplicated * Upgrading from 2.8 to 2.9 caused remote repositories with same name to get deleted - If the instance got already upgraded and an interconnect is configured, it might be necessary to restore the database with data from the backend - This can be done with 'rake.ruby2.5 fix_project <project>' ------------------------------------------------------------------- Wed Jun 6 07:56:29 UTC 2018 - bgeuken@suse.com - 2.9.1 release (= initial 2.9 release): Generic: * image and container maintenance support, including binary tracking * riscv64 hardware architecture support Frontend: * New Kerberos authentication mode. Read how to setup Kerberos in the OBS Admin Guide: http://openbuildservice.org/help/manuals/obs-admin-guide/ * New job history page to see why a package was built. * New GPG key details dialog. * RSS Feeds for User's Notifications is now available. * New Studio Express feature: * New central page to branch image templates from. * Add and edit repository and package lists in kiwi files. * Edit kiwi image details: name, author, contact, specification. * RabbitMQ support. OBS admins can configure their instance to send messages to a RabbitMQ server. Read more in the OBS Admin Guide. * Receive email notifications for projects that are in your watchlist. Configure at /user/notifications. * Improved UI/UX for configuration of notifications page. Now it shows a better layout and explanations to make this complex page easy to understand. * Allow users to view the full diff of large changes. * Remove the unused api_relative_url_root option from the options.yml file. * release mechanism improvements: - manual maintenance release support (avoiding requests) - operation happen atomic for entire project now - support release of single multibuild container * Ec2 cloud upload support for ec2 images (currently only available for OBS installations based on openSUSE 42.3) Backend: * support showing source files in blame view (works also via links) * support project copy with makeoriginolder option Backend: * support showing source files in blame view (works also via links) * support project copy with makeoriginolder option Backend: * New build formats: - native container build based on DockerFile (beside exiting kiwi support) - FISSILE build format - AppImage build format * freezelink command to freeze current sources accessed via project link * support showing source files in blame view (works also via links) * support project copy with makeoriginolder option * support automatic vrev extending via project links * Improved container support: - support build of layered containers by reusing existing contaienrs - support publishing to docker registry server - support container signing via notary server * cloud upload server supporting Amazon EC2 and Microsoft Azure * improved bootstrap cycle handling * additional SHA256 checksum in source commit handling for security * projects can be temporary suspended to avoid scheduling between multiple changes * support AirBrake for reporting problems * support new debian repository format * support for building in openstack cloud * Many smaller improvements in DownloadOnDemand and multibuild handling Shipment: * To make use of the ec2 cloud upload feature you need to: - Install the obs-cloud-uploader package. Major bugfixes: * Fix deletion of groups with users. * Fix notification generation with very big payloads. * Create history element on priority raise of request. * Fix huge bottleneck in notification emails. * Fix setting of new attributes to a project or package. Wanted changes: =============== * creating of repositories on branching has changed if repositories of the source refer each other. This gets recreated in new project. * project copy is not adding the user anymore * service dispatcher is used by default now * The editing of a user's realname, email adress or password is no longer possible if LDAP mode is activated * Unused ldap options in options.yml were dropped: - ldap_update_support - ldap_object_class - ldap_entry_base - ldap_sn_attr_required * dropping of the project/package tag functionality/api * password hashing algorithm was changed to bcrypt (blowfish) * The backend notification plugin system is not used anymore. The RabbitMQ plugin is replaced with a RabbitMQ message bus implementation in the frontend, you can find details about this in the admin manual. The Hermes plugin is dropped without replacement as it was only used for notifications which the OBS is doing on it's own since quite some time. * publish hook failures are handled as fatal failures now. => publisher will retry to publish ------------------------------------------------------------------- Fri Sep 22 11:19:59 UTC 2017 - esrolfe@suse.de - openSUSE Build Service 2.8.4 Feature backports: ================== * None Changes: ======== * None Bugfixes: ========= * [webui][api] In LDAP mode if the LDAP server closed the connection to obs and a user tried to login they would get an unauthorized response. This is fixed by reconnecting automatically. ------------------------------------------------------------------- Wed Aug 30 07:51:50 UTC 2017 - bgeuken@suse.com - Update code and release notes ------------------------------------------------------------------- Tue Aug 29 08:25:01 UTC 2017 - bgeuken@suse.com - OBS 2.8.3 release Feature backports: ================== * [webui] All global roles are now shown on the admin user edit page and can be added / removed from user accounts * [webui] LDAP Authentication is now officially supported Changes: ======== * Realname and email address of users can not be edited in LDAP mode Bugfixes: ========= * [webui] Admins that edited their accounts via the user/show page lost their admin role * [api] fix config change of some /configuration values * [backend] fix for new linux version format in bs_worker Notes for OBS setups with LDAP authentication: ============================================== Once LDAP mode is activated users can only log in via LDAP. To give admin rights to newly created LDAP users run following commands: 'cd /srv/www/obs/api' 'bundle exec rake user:give_admin_rights tux RAILS_ENV=production' See also http://openbuildservice.org/help/manuals/obs-admin-guide/obs.cha.administration.html#_obs_ldap_configuration ------------------------------------------------------------------- Tue Jun 27 13:36:00 UTC 2017 - bgeuken@suse.com - OBS 2.8.2 release Feature backports: ================== * None Changes: ======== * None Bugfixes: ========= * [webui] Fixes abort, rebuild and wipe commands which could operate on a package of a linked project instead of the local one. ------------------------------------------------------------------- Tue May 9 14:39:55 UTC 2017 - enavarro@suse.com - OBS 2.8.1 release Feature backports: ================== * [api][webui] Copy repositories when branching from a remote project Changes: ======== * Removed obsolete option api_relative_url_root * [backend] Implements 'donotcreatecert' option for _keyinfo Bugfixes: ========= * [webui] Fixes a bug in branch and submit dialog * [webui] Fixes a bug in live build log when no architecture or repository parameter was given * [webui] Fixes a bug in live build log when the package is a multibuild * [backend] Handles arch dependencies correctly ------------------------------------------------------------------- Fri Mar 31 08:15:11 UTC 2017 - ammartinez@suse.com - OBS 2.8.0 release Features ======== UI: * Allow triggering services from the UI. * Show a hint to project maintainers, when he/she is not a package maintainer of the target package of a request * Main projects list is now filtered based on a configurable (by the admin) regular expression * Users can download the public key and SSL certificate for a project via the project home page * import of kiwi build descriptions is supported (obs-service-kiwi_import) API: * Allow admins to lock or delete users and their home projects via new command * Users can be declared as sub accounts of other users. Useful for automated scripts. * New API route to get public key and SSL certificate: GET /source/:project_name/_keyinfo * New feature toggle config file. Use config/feature.yml to enable/disable features in the OBS. Backend: * multibuild: allow to build multiple jobs from one source package without the need of creating local links * experimental support of snap package format * workers are now also tracked when they went away (new states "down", "away" and "dead") * worker capabilities can be requested * usable workers can be requested with uncommited constraints * functionality to remove published packages (osc unpublish) * New obsservicedispatch service to handle source service runs in a queue and asynchron. * preinstall images can be used for local building * improved speed of diffing sources * Support caching of pulled git sources Shipment: * optional docker container to run source services is provided Wanted changes: =============== * kiwi builds: build configuration changes from the project where the kiwi file is stored have always an effect now. * maintenance_release requests are locking only the source packages on creation now. They don't lock the patchinfos. The project gets locked on release now. * service wrapper script for LXC got replaced by a docker alternative Other changes ============= * Server side pagination on user show page for improving the performance. * The way to identify spiders got changed. A separate configuration via apache is no longer required. See the Administration Guide. * Frontend stack is using ruby 2.4 and rails 5.0.1 now ------------------------------------------------------------------- Tue Mar 14 09:38:21 UTC 2017 - bgeuken@suse.com - OBS 2.7.4 release Feature backports: ================== * none Changes: ======== * none Bugfixes: ========= * [api] Fix API permission check for creating and changing (POST) attributes * [api] Fix API permission check for deleting (DELETE) attributes * [webui] Invalidate cached session in LDAP mode * [api][webui] Fail ldap authentification with empty password * [webui] Fix repository removal when updating project meta fails with an error ------------------------------------------------------------------- Fri Dec 23 14:13:03 UTC 2016 - cbruckmayer@suse.com - OBS 2.7.3 release Feature backports: ================== * none Changes: ======== * Compability with OBS 2.8 remote instances Bugfixes: ========= * [api] Project meta data was corrupted after undelete * [api] Raising access and sourceaccess permissions as admin is working again * [backend] Download on demand sync fixes * [webui] Fixed revert to a specified source revision ------------------------------------------------------------------- Thu Aug 25 10:45:41 UTC 2016 - cbruckmayer@suse.com - OBS 2.7.2 release Feature backports: ================== * none Changes: ======== * none Bugfixes: ========= * [webui][api] Sets bs_request_counter correctly * [backend] bs_publish: unpublished hook added ------------------------------------------------------------------- Fri Aug 12 09:26:38 UTC 2016 - cbruckmayer@suse.com - OBS 2.7.1 relase Feature backports: ================== * none Changes: ======== * none Bugfixes: ========= * [webui][api] Update rails to version 4.2.7.1 to fix CVE-2016-6316 and CVE-2016-6317 * [webui] Users in not 'confirmed' state were allowed to login * [api] Users in not 'confirmed' state were allowed to run services via former created token * [backend] Fixing project copy which includes binaries * [backend] worker supports jobs from OBS 2.8 scheduler * [backend] support publishing of .vdi (VirtualBox image) files ------------------------------------------------------------------- Tue May 31 06:37:38 UTC 2016 - adrian@suse.de - OBS 2.7.0 release ------------------------------------------------------------------- Fri Apr 8 12:50:11 UTC 2016 - adrian@suse.de - prepare OBS 2.7.0 beta release ------------------------------------------------------------------- Fri Jan 29 12:53:49 UTC 2016 - adrian@suse.de - OBS 2.6.8 release Feature backports: ================== * none Changes: ======== * none Bugfixes: ========= This release fixes several potential CVEs reported in Ruby on Rails http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/ * [webui] Fixes CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller. * [webui] Fixes CVE-2016-0751: Possible Object Leak and Denial of Service attack in Action Pack * [webui] Fixes CVE-2015-7577: Nested attributes rejection proc bypass in Active Record. * [webui] Fixes CVE-2016-0752: Possible Information Leak Vulnerability in Action View * [webui] Fixes CVE-2016-0753: Possible Input Validation Circumvention in Active Model * [webui] Fixes CVE-2015-7581: Object leak vulnerability for wildcard controller routes in Action Pack * [backend] fix local building inside a project on a remote OBS instance * [backend] fix lost events on scheduler restart ------------------------------------------------------------------- Fri Nov 6 12:32:20 UTC 2015 - cbruckmayer@suse.com - OBS 2.6.7 release Feature backports: ================== * none Changes: ======== * backend: compability support with Download-on-Demand definitions from OBS 2.7 Bugfixes: ========= * webui: drop hardcoded opensuse email adress and link * webui: fix XSS attack vector via User.realname (bnc#950932) * webui: fix XSS attack vector via Projec.title (bnc#950932) * webui: add spec & changes files code highlighting ------------------------------------------------------------------- Tue Oct 13 13:26:46 UTC 2015 - hvogel@suse.com - OBS 2.6.6 release Feature backports: ================== * none Changes: ======== * Keep enforce_project_keys/forceprojectkeys in sync Bugfixes: ========= * webui: fix XSS attack vector via project.title ------------------------------------------------------------------- Fri Oct 9 09:43:41 UTC 2015 - adrian@suse.de - OBS 2.6.5 release Feature backports: ================== * none Changes: ======== * webui: make the hint to interconnect more visible Bugfixes: ========= * webui: fix XSS attack vector via comments (bnc#947736 and CVE-2015-5966) * config: fixed apache 2.4 config in template file ------------------------------------------------------------------- Wed Sep 9 06:30:56 UTC 2015 - adrian@suse.de - OBS 2.6.4 release Feature backports: ================== * none Changes: ======== * none Bugfixes: ========= * webui: fix read access to local files on server * api: fix database connection leak caused by sphinx indexing * backend: fix blocking ajax handler on getbinaries ------------------------------------------------------------------- Wed Aug 12 07:37:50 UTC 2015 - adrian@suse.de - OBS 2.6.3 release Feature backports: ================== * backend: support using docker as build environment (not secure) Changes: ======== * none Bugfixes: ========= * backend: validate results of external patch command. could be used to modify packages without sufficiant permissions (bnc#941099, CVE-2015-0796) * backend: fixing create pattern call in publisher * backend: fix handling of host specific bsconfig.* files ------------------------------------------------------------------- Wed Apr 8 09:34:15 UTC 2015 - adrian@suse.de - OBS 2.6.2 release Feature backports: ================== * none Changes: ======== * dispatcher sends no armv7 jobs to aarch64 build hosts anymore Bugfixes: ========= * webui: depends on rubygem-redcarpet 3.2.3, fixes possible XSS attack (boo#926328) ------------------------------------------------------------------- Thu Mar 12 14:23:52 UTC 2015 - adrian@suse.de - OBS 2.6.1 release Feature backports: ================== * support static links for vmx/vmdk files Changes: ======== * none Bugfixes: ========= * api: fix handling of special chars in maintenance package names * api: do not allow to overwrite existing groups via wrong route * api: fix first time login when using LDAP * webui: fix user icon fetching as done by google bot * webui: fix display issues (github issues obs#320, obs#711, obs#806) * backend: fix arbitrary command execution in service daemon (CVE-2015-0778) * backend: fix lxc support in worker * backend: fix event handling when using multiple backend servers * backend: fix publishing of vmx files ------------------------------------------------------------------- Wed Feb 4 11:54:43 UTC 2015 - adrian@suse.de - OBS 2.6.0 release - details are in the release notes ------------------------------------------------------------------- Fri Dec 12 08:27:09 UTC 2014 - adrian@suse.de - update to OBS 2.6 RC 1 (2.5.95) ------------------------------------------------------------------- Tue Nov 4 09:21:33 UTC 2014 - adrian@suse.de - update to OBS 2.6 Beta 1 (2.5.90) ------------------------------------------------------------------- Tue Jul 2 15:39:07 UTC 2013 - adrian@suse.de - fix build - drop lighttpd configs - environment/*rb files are non-noreplace now, all config options went into options.yml and configuration.xml ------------------------------------------------------------------- Mon Jun 10 08:36:43 UTC 2013 - adrian@suse.de - starting OBS pre-2.5 snapshots - require the createrepo version which got used in the testsuite ------------------------------------------------------------------- Fri Jun 29 08:12:31 UTC 2012 - adrian@suse.de - update to OBS 2.3.2 Feature backports: ================== * none Changes: ======== * support xz compressed kiwi images * documentation and theming updates * do not leave out sourceaccess protected package on branching (bnc#766119) Bugfixes: ========= * fixed dieing source ajax source when doing OBS interconnect * removal of not expandable _link files is working now * package meta data on project copy takes all elements now, except person, group and devel. * initial webui database setup on appliance works now * no error when using appliance without OBS LVM volume group * webui is able to store OBS configuration now. ------------------------------------------------------------------- Thu May 31 13:39:32 UTC 2012 - adrian@suse.de - update to OBS 2.3.1 Feature backports: ================== * Support remote product build tree building * Make kiwi support packages configurable. Defaults are: Substitute: kiwi-setup:image kiwi createrepo tar Substitute: kiwi-setup:product kiwi Changes: ======== * Support Order: handling also during preinstall (for Fedora 17) * Added Fedora-17 default target * bnc and fate issue tags are also accepted with whitespace: bnc #123 (This requires to run migrations on api). * Increased timeouts for OBS inter connects Bugfixes: ========= * Use right architecture on spec file parsing when project configuration contains a "Target:" line * Fixed warning messages about 'nextstate' in dispatcher * Fixed urls in webui to www.open-build-service.org * Init script fixes for automatic deployment of workers * Fixed debian handling for exporting sources ------------------------------------------------------------------- Fri Apr 20 09:17:17 UTC 2012 - adrian@suse.de - OBS 2.3 RC5, (version 2.2.995) - various documentation updates - fixed request diffing for "updatelink" requests - fixed various update and first start problems - fixed various crashes in webui - critical backend fix for sending data with trailing \0 after 8192 boundaries ------------------------------------------------------------------- Tue Apr 10 08:01:01 UTC 2012 - adrian@suse.de - OBS 2.3 RC4, (version 2.2.994) - serialized diffing, protects the server against DoS ------------------------------------------------------------------- Wed Apr 4 08:59:46 UTC 2012 - adrian@suse.de - OBS 2.3 RC3, (version 2.2.993) - fixed standalone obsworker installation - some init script fixes - minor webui fixes - _patchinfo creation fix on maintenance request accept ------------------------------------------------------------------- Fri Mar 30 10:56:13 UTC 2012 - adrian@suse.de - OBS 2.3 RC2, (version 2.2.992) - fixed regression in "none" repo type support - fixed database corruption for maintenance projects - fixes for webui patchinfo editor ------------------------------------------------------------------- Mon Mar 26 14:34:09 UTC 2012 - adrian@suse.de - OBS 2.3 RC2, (version 2.2.991) - "none" repo type support - fix for creating new user with local database - fix search publish functionality - fixed priority handling in scheduler ------------------------------------------------------------------- Wed Mar 21 13:59:57 UTC 2012 - adrian@suse.de - OBS 2.3 RC1, (version 2.2.990) ------------------------------------------------------------------- Mon Mar 19 15:59:56 UTC 2012 - adrian@suse.de - update to current git, version 2.2.131 * OBS 2.3 interconnect fix * fixed access-disabled maintenance handling * debian source publish handling fixes from "Hector Oron" ------------------------------------------------------------------- Thu Mar 15 16:44:20 UTC 2012 - adrian@suse.de - update to current git, version 2.2.130 * new unlock method via command instead of meta data edit * various maintenance handling fixes ------------------------------------------------------------------- Wed Mar 14 11:03:55 UTC 2012 - adrian@suse.de - update to current git, version 2.2.129 * support for publishing binaries in subdirectories * fixed handling of local linked packages on branching * release handling fixes * webui layout fixes ------------------------------------------------------------------- Fri Mar 9 19:03:58 UTC 2012 - adrian@suse.de - update to current git, version 2.2.128 * incident request expansion * additional protection against mass-assignment injection * further webui request view fine tuning * minor fixes in backend ------------------------------------------------------------------- Fri Mar 2 13:34:48 UTC 2012 - adrian@suse.de - update to current git, version 2.2.127 * fixed multiarch handling in aggregate * webui request view fixes * init script fixes ------------------------------------------------------------------- Thu Feb 23 17:03:29 UTC 2012 - adrian@suse.de - update to current git, version 2.2.126 * webui has new request view * patchinfo "stopped" and "issue undocumented" feature ------------------------------------------------------------------- Tue Feb 21 16:03:58 UTC 2012 - adrian@suse.de - update to current git, version 2.2.125 * fixed maintenance incident request merge * fixed urls in issue diffs ------------------------------------------------------------------- Fri Feb 17 10:19:12 UTC 2012 - adrian@suse.de - update to current git, version 2.2.124 * INCOMPATIBLE changes in issue handling api * webui support search for issues in packages * enhanced xpath query support for issues ------------------------------------------------------------------- Thu Feb 16 13:49:44 UTC 2012 - adrian@suse.de - update to current git, version 2.2.123 * fixed qemu cross build job assigning * new maintenance incident handling ------------------------------------------------------------------- Mon Feb 13 15:11:58 UTC 2012 - adrian@suse.de - update to current git, version 2.2.121 * various appliance and initial-setup fixes ------------------------------------------------------------------- Thu Feb 9 12:43:58 UTC 2012 - adrian@suse.de - update to current git, version 2.2.120 * fixed native build of arm, mips and sh4 * fixed service files on request handling * maintenance incident merge changes ------------------------------------------------------------------- Thu Feb 2 10:00:12 UTC 2012 - adrian@suse.de - update to current git, version 2.2.119 * critical api branch fix * webui maintenance improvements ------------------------------------------------------------------- Mon Jan 30 15:28:42 UTC 2012 - adrian@suse.de - update to current git, version 2.2.117 * webui maintenance fixes * recursive removal of repository * fixed issue tracker api ------------------------------------------------------------------- Thu Jan 26 10:13:52 UTC 2012 - adrian@suse.de - update to current git, version 2.2.116 * appliance fixes ------------------------------------------------------------------- Tue Jan 24 08:51:29 UTC 2012 - adrian@suse.de - update to current git, version 2.2.115 * improved issue tracking support * new webui testsuite got merged * a number of maintenance handling features ------------------------------------------------------------------- Thu Jan 12 09:30:15 UTC 2012 - adrian@suse.de - update to current git, version 2.2.114 * issue tracking support for all packages ------------------------------------------------------------------- Wed Jan 11 14:54:24 UTC 2012 - adrian@suse.de - update to current git, version 2.2.113 * support for releasing local linked packages ------------------------------------------------------------------- Tue Jan 10 11:17:45 UTC 2012 - adrian@suse.de - update to current git, version 2.2.112 * issue tracker fixes * rdoc task updates - require Rails 2.3.14 ------------------------------------------------------------------- Mon Jan 9 08:49:57 UTC 2012 - adrian@suse.de - update to current git, version 2.2.111 * branch code improvements for SLE like setups ------------------------------------------------------------------- Thu Dec 22 19:09:58 UTC 2011 - adrian@suse.de - update to current git, version 2.2.110 * bugfix christmas edition ------------------------------------------------------------------- Wed Dec 21 14:26:42 UTC 2011 - adrian@suse.de - update to current git, version 2.2.109 * fixed delayed job crash * fixed broken requests on re-open * fast product build ------------------------------------------------------------------- Tue Dec 20 08:10:32 UTC 2011 - adrian@suse.de - update to current git, version 2.2.108 * new declined -> revoked/reopen/superceded handling * bugfixes in maintenance area * drop sysconfig.obs-worker, merged with -server. * regression to satisfy 12.2 check: obs-worker MUST be installed now ------------------------------------------------------------------- Tue Dec 13 10:31:28 UTC 2011 - adrian@suse.de - update to current git, version 2.2.106 * improvements in issue tracker code * binary upload feature * supporting links for new packages (no existing target) ------------------------------------------------------------------- Mon Dec 5 15:55:12 UTC 2011 - adrian@suse.de - update to current git, version 2.2.105 * new, faster obs-worker product build code * maintenance release resign support ------------------------------------------------------------------- Thu Dec 1 14:59:44 UTC 2011 - adrian@suse.de - update to current git, version 2.2.104 * fixed special cases of branch command * fixed project copy with binaries ------------------------------------------------------------------- Wed Nov 30 14:51:23 UTC 2011 - adrian@suse.de - update to current git, version 2.2.103 * fdatasync also for solv files, requires new BSSolv ------------------------------------------------------------------- Mon Nov 28 20:23:59 UTC 2011 - adrian@suse.de - update to current git, version 2.2.102 * scheduler is using fdatasync now ------------------------------------------------------------------- Fri Nov 25 14:13:06 UTC 2011 - adrian@suse.de - update to current git, version 2.2.101 * fixed vrev handling on maintenance release ------------------------------------------------------------------- Fri Nov 25 09:03:53 UTC 2011 - adrian@suse.de - update to current git, version 2.2.100 * using issue_tracker data in backend ------------------------------------------------------------------- Tue Nov 22 16:14:04 UTC 2011 - adrian@suse.de - update to current git, version 2.2.98 * new branch code ------------------------------------------------------------------- Thu Nov 17 07:19:18 UTC 2011 - adrian@suse.de - update to current git, version 2.2.97 * fixing schema validation * issue tracker support ------------------------------------------------------------------- Sun Nov 13 21:06:09 UTC 2011 - mikhail.zabaluev@gmail.com - de-ghosted important configuration files for webui ------------------------------------------------------------------- Fri Nov 11 07:25:01 UTC 2011 - adrian@suse.de - update to current git, version 2.2.96 * many webui changes, esp. improved diff support * incompatible patchinfo format changes (was marked as experimental) ------------------------------------------------------------------- Mon Oct 31 13:08:26 UTC 2011 - adrian@suse.de - update to current git, version 2.2.95 * many cleanups, getting near to RC1 ... ------------------------------------------------------------------- Thu Oct 20 12:55:36 UTC 2011 - adrian@suse.de - update to current git, version 2.2.94 * distro release support ------------------------------------------------------------------- Tue Oct 18 12:22:42 UTC 2011 - adrian@suse.de - update to current git, version 2.2.93 * new source md5sum trigger mechanism. WARNING: this will trigger a rebuild of all packages with links! * fixes to support openSUSE 12.1 ------------------------------------------------------------------- Wed Oct 5 14:50:59 UTC 2011 - adrian@suse.de - update to current git, version 2.2.92 * fixed updateinfo.xml generation * added openSUSE:Factory:ARM as default target ------------------------------------------------------------------- Thu Sep 8 09:59:43 UTC 2011 - adrian@suse.de - update to current git, version 2.2.91 * fix for died schedulers on creating deltas ------------------------------------------------------------------- Fri Jul 22 12:50:27 UTC 2011 - adrian@suse.de - update to current git, version 2.2.90 * 2.3 Beta 3 * obs-common is part of obs-api package now * using nokigiri as XML handler to fix ruby crashes ------------------------------------------------------------------- Fri Jul 1 08:24:42 UTC 2011 - adrian@suse.de - update to current git, version 2.2.85 * large number of bugfixes after Beta 2 ------------------------------------------------------------------- Tue Jun 7 12:57:12 UTC 2011 - adrian@suse.de - update to current git, version 2.2.82 * new source service handling is used ------------------------------------------------------------------- Thu May 26 13:59:19 UTC 2011 - adrian@suse.de - update to current git, version 2.2.81 * new branding name Open Build Service is used ------------------------------------------------------------------- Mon May 16 12:24:01 UTC 2011 - adrian@suse.de - update to current git, version 2.2.81 * some important fixes after beta 1 to get openSUSE maintenance rolling ------------------------------------------------------------------- Mon May 9 15:42:55 UTC 2011 - adrian@suse.de - update to current git, version 2.2.77 * cleanup in maintenance are to become beta ready ------------------------------------------------------------------- Wed May 4 08:42:47 UTC 2011 - adrian@suse.de - update to current git, version 2.2.76 * bugfixes ------------------------------------------------------------------- Fri Apr 29 15:07:52 UTC 2011 - adrian@suse.de - update to current git, version 2.2.75 * delta rpm support for maintenance updates * new webui request views * regression fixes ------------------------------------------------------------------- Wed Apr 20 10:03:46 UTC 2011 - adrian@suse.de - update to current git, version 2.2.74 * support for generic authentification proxy * maintenance feature work * larger amount of bugfixes ------------------------------------------------------------------- Fri Apr 15 15:18:42 UTC 2011 - adrian@suse.de - update to current git, version 2.2.73 * fix crashes on large file uploads with mod_rails under apache ------------------------------------------------------------------- Tue Apr 12 11:12:02 UTC 2011 - adrian@suse.de - update to current git, version 2.2.72 - finalized the apache2 switch, please read README files for details ------------------------------------------------------------------- Wed Apr 6 11:35:23 UTC 2011 - adrian@suse.de - update to current git, version 2.2.71 - **** Change from lighttpd to apache2 as default web server **** ------------------------------------------------------------------- Mon Apr 4 14:32:46 UTC 2011 - adrian@suse.de - update to current git, version 2.2.70 * new architecture controller * new reject request feature * general cleanups in error handling ------------------------------------------------------------------- Mon Mar 28 10:36:49 UTC 2011 - adrian@suse.de - update to current git, version 2.2.69 * regression fixes, should work with old config files again ------------------------------------------------------------------- Thu Mar 24 17:19:57 UTC 2011 - adrian@suse.de - update to current git, version 2.2.68 * kvm appliance build fixes * maintenance release support ------------------------------------------------------------------- Thu Mar 24 10:49:32 UTC 2011 - adrian@suse.de - update to current git, version 2.2.67 * appliances fixes from Jan-Simon * releasetarget handling support ------------------------------------------------------------------- Mon Mar 21 07:18:53 UTC 2011 - adrian@suse.de - update to current git, version 2.2.66 * appliance updates from Jan-Simon ------------------------------------------------------------------- Fri Mar 18 15:49:12 UTC 2011 - adrian@suse.de - update to current git, version 2.2.65 ------------------------------------------------------------------- Thu Mar 3 16:59:48 UTC 2011 - adrian@suse.de - update to current git, version 2.2.64 * maintenance release handling support ------------------------------------------------------------------- Mon Feb 28 15:14:05 UTC 2011 - adrian@suse.de - update to current git, version 2.2.63 * backend support for maintenance features ------------------------------------------------------------------- Fri Feb 25 10:59:48 UTC 2011 - adrian@suse.de - update to current git, version 2.2.62 * more maintenance support work, api is in theory feature complete ------------------------------------------------------------------- Tue Feb 22 09:14:52 UTC 2011 - adrian@suse.de - update to current git, version 2.2.61 * more maintenance support work ------------------------------------------------------------------- Mon Feb 14 08:51:38 UTC 2011 - adrian@suse.de - update to current git, version 2.2.60 * we skip 2.2 release * more regression fixes for 2.2 features * first maintenance features * mobile handheld web view ------------------------------------------------------------------- Thu Jan 27 16:22:23 UTC 2011 - adrian@suse.de - update to current git, version 2.1.80 * more regression fixes * protect against loosing every binary on misconfigured source server * project wide source service support ------------------------------------------------------------------- Mon Jan 24 15:42:57 UTC 2011 - adrian@suse.de - update to current git, version 2.1.79 * plenty regression fixes ------------------------------------------------------------------- Sat Jan 22 10:55:27 UTC 2011 - adrian@suse.de - update to current git, version 2.1.78 * fix hangups of webui and lighttpd ------------------------------------------------------------------- Wed Jan 19 16:31:58 UTC 2011 - adrian@suse.de - update to current git, version 2.1.77 * fast search calls again, requires new and incompatible obs-common package ------------------------------------------------------------------- Tue Jan 18 15:54:00 UTC 2011 - adrian@suse.de - update to current git, version 2.1.76 * permission handling got bigger changes ------------------------------------------------------------------- Wed Jan 5 16:12:49 UTC 2011 - adrian@suse.de - update to current git, version 2.1.74 * a number of webui updates * appliance fixes ------------------------------------------------------------------- Mon Jan 3 14:55:11 UTC 2011 - adrian@suse.de - update to current git, version 2.1.72 ------------------------------------------------------------------- Wed Dec 29 12:18:53 UTC 2010 - adrian@suse.de - update to current git, version 2.1.71 ------------------------------------------------------------------- Thu Dec 9 08:52:13 UTC 2010 - adrian@suse.de - update to current git, version 2.1.69 * fixing file system permissions for new installations ------------------------------------------------------------------- Wed Dec 8 19:01:52 UTC 2010 - adrian@suse.de - update to current git, version 2.1.68. * obswebuidelayed is obsolete ------------------------------------------------------------------- Mon Dec 6 12:39:49 UTC 2010 - adrian@suse.de - update to current git, version 2.1.67. * plenty webui fixes and improvements from Sascha ------------------------------------------------------------------- Mon Nov 29 10:56:19 UTC 2010 - adrian@suse.de - update to current git, version 2.1.66. * OBS interconnect client fixed again ------------------------------------------------------------------- Mon Nov 29 08:49:33 UTC 2010 - adrian@suse.de - update to current git, version 2.1.65. * Jan-Simons project read access protection code got merged ------------------------------------------------------------------- Thu Nov 25 10:19:31 UTC 2010 - adrian@suse.de - update to current git, version 2.1.64. * new api content validation introduced ------------------------------------------------------------------- Thu Nov 18 13:39:30 UTC 2010 - adrian@suse.de - update to current git, version 2.1.63. ------------------------------------------------------------------- Fri Nov 12 14:02:24 UTC 2010 - adrian@suse.de - update to 2.1.62: * new dependencies to erubis and rails_xss ------------------------------------------------------------------- Thu Nov 11 16:54:20 UTC 2010 - adrian@suse.de - update to 2.1.61: * no major features ------------------------------------------------------------------- Tue Nov 9 09:10:47 UTC 2010 - adrian@suse.de - update to 2.1.60: * first 2.2 Alpha snapshot ------------------------------------------------------------------- Mon Oct 18 13:01:23 UTC 2010 - adrian@suse.de - update to final 2.1.0 * no code changes ------------------------------------------------------------------- Thu Oct 14 07:04:21 UTC 2010 - adrian@suse.de - update to current 2.1 branch snapshot, version 2.0.107 * 2.1 RC 2 - Fixing branch by attribute call, supporting also project links - scheduler cleanup for delayed project handling ------------------------------------------------------------------- Tue Oct 12 15:42:35 UTC 2010 - adrian@suse.de - update to current 2.1 branch snapshot, version 2.0.106 - 2.1 RC 1 * small fixes only ------------------------------------------------------------------- Thu Oct 7 11:23:05 UTC 2010 - adrian@suse.de - update to current 2.1 branch snapshot, version 2.0.105 - 2.1 Beta 3 * source access control fixes * user authentification fixes ------------------------------------------------------------------- Fri Oct 1 06:30:38 UTC 2010 - adrian@suse.de - update to current 2.1 branch snapshot, version 2.0.104 - 2.1 Beta 2 * source access control fixes * allow admin to control new user registration ------------------------------------------------------------------- Mon Sep 20 07:45:31 UTC 2010 - adrian@suse.de - update to current snapshot, version 2.0.102 last before 2.1 beta 1 ------------------------------------------------------------------- Thu Sep 9 15:25:45 UTC 2010 - adrian@suse.de - update to current snapshot, version 2.0.99 ------------------------------------------------------------------- Mon Sep 6 16:01:43 UTC 2010 - adrian@suse.de - update to current snapshot, version 2.0.96 ------------------------------------------------------------------- Fri Sep 3 13:22:59 UTC 2010 - adrian@suse.de - update to current snapshot, version 2.0.95 ------------------------------------------------------------------- Thu Sep 2 09:36:56 UTC 2010 - adrian@suse.de - update to current snapshot, version 2.0.94 ------------------------------------------------------------------- Fri Aug 27 09:48:58 UTC 2010 - adrian@suse.de - update to current git, version 2.0.92 * webui switches to MySQL default ------------------------------------------------------------------- Tue Aug 24 08:34:33 UTC 2010 - adrian@suse.de - update to current git, version 2.0.91 ------------------------------------------------------------------- Fri Aug 20 15:34:39 UTC 2010 - adrian@suse.de - update to current git, version 2.0.90 * still alpha state * webui: source history browser * webui: submit request creation ------------------------------------------------------------------- Mon Aug 16 11:51:24 UTC 2010 - adrian@suse.de - update to current git, version 2.0.89 ------------------------------------------------------------------- Thu Aug 5 13:41:20 UTC 2010 - adrian@suse.de - update to current git, version 2.0.88 ------------------------------------------------------------------- Fri Jul 30 06:40:46 UTC 2010 - adrian@suse.de - update to current git, version 2.0.87 ------------------------------------------------------------------- Wed Jul 21 14:44:35 UTC 2010 - adrian@suse.de - update to current git, version 2.0.86 ------------------------------------------------------------------- Tue Jul 13 15:26:13 UTC 2010 - adrian@suse.de - update to current git, version 2.0.85 ------------------------------------------------------------------- Mon Jul 5 08:05:48 UTC 2010 - adrian@suse.de - update to current git, version 2.0.84 * reworked flag handling in api * switch to rails 2.3.8 ------------------------------------------------------------------- Thu Jul 1 09:55:44 UTC 2010 - adrian@suse.de - update to current git, version 2.0.83 * lots of fixes after extending test suite * notification system is now pluggable ------------------------------------------------------------------- Mon Jun 28 07:22:39 UTC 2010 - adrian@suse.de - update to current git, version 2.0.82 ------------------------------------------------------------------- Fri Jun 25 13:18:56 UTC 2010 - adrian@suse.de - update to current git, version 2.0.81 ------------------------------------------------------------------- Mon Jun 14 13:43:43 UTC 2010 - adrian@suse.de - very first snapshot for 2.1 release * read permission control feature ------------------------------------------------------------------- Wed Jun 9 08:37:11 UTC 2010 - adrian@suse.de - 2.0 * fixed download file support in webui * fixed package checkout from remote instance ------------------------------------------------------------------- Mon Jun 7 10:27:57 UTC 2010 - adrian@suse.de - 1.9.92 (2.0 Beta 3) * basic proxy support for backend * signd setup support for appliance * bugfixes ------------------------------------------------------------------- Fri May 28 11:17:10 UTC 2010 - adrian@novell.com - 1.9.91 (2.0 Beta 2) * New patchinfo editor * bugfixes ------------------------------------------------------------------- Sat May 22 05:59:52 UTC 2010 - adrian@suse.de - 1.9.70 snapshot * feature complete 2.0 snapshot ------------------------------------------------------------------- Mon May 17 07:23:08 UTC 2010 - adrian@suse.de - 1.9.63 snapshot ------------------------------------------------------------------- Fri May 7 07:31:29 UTC 2010 - adrian@suse.de - 1.9.61 snapshot * obs-worker becomes noarch for openSUSE 11.2 and later ------------------------------------------------------------------- Thu Apr 29 15:23:29 UTC 2010 - adrian@suse.de - 1.9.60 snapshot ------------------------------------------------------------------- Tue Mar 16 09:11:38 UTC 2010 - adrian@suse.de - 1.7.53 snapshot ------------------------------------------------------------------- Mon Mar 8 16:42:59 UTC 2010 - adrian@suse.de - 1.7.52 snapshot * group handling support * attribute type permission handling * reworked permission handling * default reviewer support * product build cache support ------------------------------------------------------------------- Thu Mar 4 10:07:05 UTC 2010 - adrian@suse.de - 1.7.51 snapshot of 2.0(aka 1.8) * reworked LDAP support by David Greaves - ruby-ldap is used instead of rubygem-net-ldap now ------------------------------------------------------------------- Thu Feb 18 09:04:14 UTC 2010 - adrian@suse.de - very first 1.8 snapshot * first merges for new WEBUI * LDAP authentification support from Luke Imhoff(Cray) ------------------------------------------------------------------- Wed Feb 10 14:57:45 UTC 2010 - adrian@suse.de - apply current 1.7 Branch diff * fixes kvm check in worker init script * fix DoS when having binary data in build description files * fixes possible scheduler crash ------------------------------------------------------------------- Mon Feb 8 13:38:31 UTC 2010 - adrian@suse.de - OBS 1.7.0 ------------------------------------------------------------------- Wed Feb 3 12:23:06 UTC 2010 - adrian@suse.de - OBS 1.7.0 RC 1 ------------------------------------------------------------------- Tue Jan 26 12:06:35 UTC 2010 - adrian@suse.de - OBS 1.7.0 beta 3 ------------------------------------------------------------------- Tue Jan 19 09:41:08 UTC 2010 - adrian@suse.de - change SLP nameing theme from obs. to obs: to make obs browseable ------------------------------------------------------------------- Fri Jan 15 10:22:12 UTC 2010 - adrian@suse.de - OBS 1.7.0 beta 2 - Requires Ruby on Rails 2.3.5 now ------------------------------------------------------------------- Fri Nov 6 17:52:18 CET 2009 - mrueckert@suse.de - added rails_enforce_proper_version.patch: make sure we really require rails 2.1.2. using ~> 2.1 is just wrong. ------------------------------------------------------------------- Wed Oct 28 21:53:45 UTC 2009 - chris@computersalat.de - added bs_srcserver patch o needed for local obs when using openSUSE.org: projects and you want to do local builds via 'osc build' ------------------------------------------------------------------- Tue Aug 11 12:32:16 UTC 2009 - adrian@suse.de - Really handling the directory -> symlink conversation correctly. ------------------------------------------------------------------- Thu Jun 25 15:19:49 CEST 2009 - mrueckert@novell.com - disable the broken part of the pre script - buildrequire "build" to avoid dangling symlink warnings ------------------------------------------------------------------- Fri Jun 19 10:15:53 CEST 2009 - adrian@localhost - Update to final 1.6.0 release ------------------------------------------------------------------- Wed Apr 22 09:52:01 CEST 2009 - adrian@suse.de - drop own build script version and reuse the version from build package instead. This drops also the unwanted dependency to bash-static again ------------------------------------------------------------------- Wed Apr 15 15:24:44 CET 2009 - adrian@suse.de - update to version 1.6 beta 2 ------------------------------------------------------------------- Thu Apr 9 12:39:32 CEST 2009 - froh@suse.de - take sysconfig template from svn to fix #490258 in the package. ------------------------------------------------------------------- Tue Feb 24 15:24:44 CET 2009 - adrian@suse.de - update to 1.5.1 * Workaround for Rails 2.1 bug ------------------------------------------------------------------- Tue Feb 24 15:24:44 CET 2009 - adrian@suse.de - fix dependency to rails version, require 2.1.2 now (#479039). - disable Download on Demand by default as security fix. ------------------------------------------------------------------- Mon Feb 23 11:53:56 CET 2009 - adrian@suse.de - update to final 1.5 candidate * fixed product generation without betaversion defined ------------------------------------------------------------------- Fri Feb 6 02:54:13 CET 2009 - mrueckert@suse.de - fixed rails requires: 1. added obs-1.5_rails_version.patch to make all rails apps require 2.0.5 2. fixed requires in the obs-api package ------------------------------------------------------------------- Tue Jan 12 13:06:47 CET 2009 - adrian@suse.de - Update to 1.5.rc2 - init script fixes - various kiwi image handling fixes - relsync fixes ------------------------------------------------------------------- Fri Dec 12 13:06:47 CET 2008 - froh@novell.com - branch to 1.5.rc1 - include bs_productconvert search path fix (bnc#458309) - add ReleaseNotes-1.5 file - rpmlint fixes: remove executable bit from perl libraries, add missing package descriptions, add missing %insserv_cleanup %postun calls, add missing $remote_fs init script dependencies, add (failing) reload command to signd init script. - do %fdupes only if the distro has it (fixes sle10 builds) ------------------------------------------------------------------- Thu Nov 20 11:48:42 CET 2008 - froh@novell.com - get setuid handling right (bnc#446164) - clean up fillup-templates - "sign" is not noarch, so the package isn't - use fdupes to hard link duplicate files - provide "Group" and "Summary" where missing - fix permissions handling - incorporate new Meta handling - get changelog and fixes from Factory ------------------------------------------------------------------- Tue Nov 11 17:12:46 CET 2008 - froh@novell.com - fix init scripts for stricter 11.1 requirements. - get rid of strict rails dependency. - there's no more rubygems-builder. use active_support instead. - fix file lists to satisfy 11.0 rpmlint checks - move log file creation from %post to %init and %files, where it belongs ------------------------------------------------------------------- Mon Nov 10 12:43:37 CET 2008 - froh@novell.com - add bs_productconvert and obs-productconvert subpackage as temporary kludge to make this tool available. ------------------------------------------------------------------- Fri Oct 24 12:07:20 CEST 2008 - froh@novell.com - fix webclient rails version requirement to be the same as the api one ------------------------------------------------------------------- Thu Oct 16 15:22:58 CEST 2008 - froh@novell.com update to svn branches/buildservice/1.0 -r5344: - add signd - webclient-EXTERNAL_FRONTEND_HOST.patch: adds optional EXTERNAL_FRONTEND_HOST config value for situations when FRONTEND_HOST isn't available publicly (ichain setups) - webclient-RAILS_GEM_VERSION.patch: enforce the right rails version - use cleaned up spec file from openSUSE:Tools:Unstable - make the download server setup in obs.conf a knowing decision, instead a secret default - satisfy rpmlint so it only warns and no longer fails - fix previous changelog entry ------------------------------------------------------------------- Thu Oct 9 10:41:46 CEST 2008 - froh@suse.de - reviewed for Factory submission ------------------------------------------------------------------- Wed Jun 11 12:42:39 CEST 2008 - martin.mohring@5etech.eu - update to svn trunc -r 4169 - heading toward OBS 1.0 - fixed requires again - dont copy doc files, they are packaged already in .tar.bz2 - put all docu files in obs-api package - some %pre / %post alignments - schemata and doc now mentioned in config - includes hermes fixes in config and the worker ------------------------------------------------------------------- Tue Jun 3 19:48:07 CEST 2008 - martin.mohring@5etech.eu - update to svn trunc -r 4091 - incl. bugfixes, see svn log - added hermes ------------------------------------------------------------------- Mon Jun 2 21:14:03 CEST 2008 - martin.mohring@5etech.eu - update to svn trunc -r 4074, bugfixes - added file of the spec file wizard now added - new debtransform features - build now has opensuse 11.0 config - osc develproj and branch support ------------------------------------------------------------------- Sat May 24 00:36:09 CEST 2008 - martin.mohring@5etech.eu - update to svn trunc -r 4026, bugfixes - exchanged dpkg package by deb package, provided by newer openSUSE Distros ------------------------------------------------------------------- Mon May 19 19:11:22 CEST 2008 - martin.mohring@5etech.eu - update to svn trunc -r 3996, bugfixes - incl. latest osc alignments for 1.0 release - added obs-server-test.spec for building osc, build, obs-server from one source ------------------------------------------------------------------- Fri May 16 21:45:37 CEST 2008 - martin.mohring@5etech.eu - update to svn trunc -r 3983, incl. all build/obs_worker changes - readded fix for changing download addresses in webclient ------------------------------------------------------------------- Thu May 15 12:29:47 CEST 2008 - martin.mohring@5etech.eu - added also old python written script obs_mirror_project.py from James Oakley ------------------------------------------------------------------- Thu May 15 11:16:05 CEST 2008 - martin.mohring@5etech.eu - made apidocs working (finally) - got back to old svn version numbering so that ./distribute generates all - updated to newer versions of rcobs scripts - switchable comment for x86_64 scheduler in sysconfig.obs-server - removed obsoleted files from svn and .spec file - updates of obs-server.changes from openSUSE:Tools:Unstable project ------------------------------------------------------------------- Wed May 14 08:13:46 CEST 2008 - adrian@suse.de - update to current svn trunk - avoid more hardcoded server names - bsworker can be installed on remote systems now and configured via sysconfig settings - add apidocs generation and correct installation ------------------------------------------------------------------- Fri Apr 25 16:54:20 CEST 2008 - adrian@suse.de - update to version 0.9.1 - fixes from the changelog entries before - Version 0.9.1 is required now to use the build service inter connect feature with api.opensuse.org ------------------------------------------------------------------- Wed Apr 23 19:35:42 CEST 2008 - mls@suse.de - increase timeouts in scheduler - fix circular reference in BSSSL - fix auto socket close in BSRPC ------------------------------------------------------------------- Thu Apr 17 17:39:21 CEST 2008 - adrian@suse.de - apply fix for * local osc support building for remote projects * fix ssl protocol handling ------------------------------------------------------------------- Thu Apr 17 00:02:43 CEST 2008 - mrueckert@suse.de - added perl-Net_SSLeay ------------------------------------------------------------------- Wed Apr 16 08:49:11 CEST 2008 - adrian@suse.de - update to version 0.9 release * Inter Build Service Connect support * rpmlint support * KIWI imaging support * baselibs build support * submission request support ------------------------------------------------------------------- Mon Nov 26 17:16:27 CET 2007 - froh@suse.de - use startproc - have correct "Should-Start" dependencies - ensure all services come up at boot ------------------------------------------------------------------- Thu Nov 15 17:45:05 CET 2007 - froh@suse.de - depend on exact rails version - generate package from buildservice/dist dir - update README.SETUP - add publisher and dispatcher ------------------------------------------------------------------- Fri Jan 26 16:20:12 CET 2007 - poeml@suse.de - implement status/restart in the init scripts ------------------------------------------------------------------- Fri Jan 26 09:48:48 CET 2007 - poeml@suse.de - added dependency on createrepo ------------------------------------------------------------------- Fri Jan 26 01:17:21 CET 2007 - poeml@suse.de - update to r1110 - revert last change, and do it the ruby way, by creating a new migration for it... so existing installations are upgraded - fix truncated line in sorting algorithm - add missing mkdir - add url to package metadata - fix build / install sysconfig files - fix copyright headers in init script - fix path in README where to copy packages to ------------------------------------------------------------------- Thu Jan 25 14:34:31 CET 2007 - poeml@suse.de - update to r1108 create a few more architectures, when initializing the database
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor