Comments

142 Comments

Why the truncated %changelog? What has happened?

This update has fixed a Pipewire problem for me --> bug 2000040

BZ#1907806 Lost audio after a logout when using pipewire-pulseaudio
BZ#1953136 there is no sound when logging in right after logout
BZ#1954504 No sound after logout/login with own userid
BZ#1960890 After Logging out/crashing gnome-shell, and logging back in, sound is broken

What @adamwill pointed out. The separate updates caused broken deps reports by koschei, which was unnecessarily alarming.

karma

Patches applied during build, and Claws Mail IMAP access continues to work.

BZ#1861071 CVE-2020-15953 libetpan: response injection via STARTTLS in IMAP [fedora-all]

@jpbn Please don't downvote an update just because it hasn't been picked up by your nearby mirror yet. Be patient and only submit karma when you've evaluated the update actually.

BZ#1640602 broken with latest alsa(1.1.7) release

Confirming the problem described in bug 1640602.

The "Changelog between 1.1.6 and 1.1.7 releases" don't mention anything about a change to snd_pcm_hw_params_set_period_time_near().

@avij

Not possible. CM uses GTK+2, webkitgtk3 is for GTK+3.

Just in case other testers run into this, too, and the trouble finding the update ticket for -27.fc28. That one crashes, while -28.fc28 seems to fix that.

$ easytag . easytag: symbol lookup error: /lib64/libid3tag.so.0: undefined symbol: id3_compat_fixup

Since booting with an added -d 9 debug level I haven't been able to reproduce the boot problem yet.

The new sssd.service fails to start in F28 and F27 for me causing a boot delay of around 1:53 minutes. Where would I started collecting useful data about that?

systemctl status sssd.service

‚óŹ sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: failed (Result: timeout) since Sat 2018-03-17 15:02:33 CET; 9min ago Process: 793 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=0/SUCCESS) Main PID: 793 (code=exited, status=0/SUCCESS)

Mar 17 15:01:03 localhost.localdomain systemd[1]: Starting System Security Services Daemon... Mar 17 15:01:08 localhost.localdomain sssd[793]: Starting up Mar 17 15:01:09 localhost.localdomain sssd[be[implicit_files]][827]: Starting up Mar 17 15:01:11 localhost.localdomain sssd[nss][843]: Starting up Mar 17 15:02:33 localhost.localdomain systemd[1]: sssd.service: Start operation timed out. Terminating. Mar 17 15:02:33 localhost.localdomain sssd[nss][843]: Shutting down Mar 17 15:02:33 localhost.localdomain sssd[be[implicit_files]][827]: Shutting down Mar 17 15:02:33 localhost.localdomain systemd[1]: sssd.service: Failed with result 'timeout'. Mar 17 15:02:33 localhost.localdomain systemd[1]: Failed to start System Security Services Daemon.

Nothing is missing. The dillo plugin hasn't been part of Claws Mail for quite some time. It's not considered ready yet, but it's being worked on and may reappear in the Claws Mail package some day.

You cannot unpush an update that has been released three years ago. It's never been possible to withdraw packages that have released into the stable updates repository already.

karma

Withdrawing my earlier -1 vote since the needed selinux-policy package has been made available and has been pushed to stable meanwhile.

@kparal : Indeed. This package is required by the older fprintd* update where I've reported the breakage that causes the delays: FEDORA-2017-65297dc913

This update strictly needs the newer selinux-policy package that has now been pushed, too: FEDORA-2017-a1b4dab97d

karma

Not only "su -" is affected, also "su USERNAME".

There's also SELinux errors. Since the downgrade works, I assume something is broken in this test update.

Sep 19 00:39:10 noname audit[4498]: AVC avc: denied { mounton } for pid=4498 comm="(fprintd)" path="/var/lib/fprint" dev="sda5" ino=793064 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fprin Sep 19 00:39:10 noname audit: SELINUX_ERR op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:fprintd_t:s0 Sep 19 00:39:10 noname audit[4498]: AVC avc: denied { map } for pid=4498 comm="fprintd" path="/usr/libexec/fprintd" dev="sda5" ino=1704831 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fprin Sep 19 00:39:10 noname audit[4498]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:init_t:s0 pid=4498 comm="fprintd" exe="/usr/libexec/fprintd" sig=11 res=1

SELinux is preventing (fprintd) from mounton access on the directory /var/lib/fprint.

* Plugin catchall (100. confidence) suggests ******

If you believe that (fprintd) should be allowed mounton access on the fprint directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing:

ausearch -c '(fprintd)' --raw | audit2allow -M my-fprintd

semodule -X 300 -i my-fprintd.pp

Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:fprintd_var_lib_t:s0 Target Objects /var/lib/fprint [ dir ] Source (fprintd) Source Path (fprintd) Port <Unknown> Host localhost.localdomain Source RPM Packages
Target RPM Packages fprintd-0.8.0-1.fc27.x86_64 Policy RPM selinux-policy-3.13.1-283.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name noname Platform Linux noname 4.13.0-0.rc7.git0.1.fc27.x86_64 #1 SMP Mon Aug 28 02:33:21 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-09-18 01:29:51 CEST Last Seen 2017-09-18 01:29:51 CEST Local ID 4aeb873a-c1c8-49bf-9c12-7dbc75c68ec5

Raw Audit Messages type=AVC msg=audit(1505690991.218:591): avc: denied { mounton } for pid=22890 comm="(fprintd)" path="/var/lib/fprint" dev="sda5" ino=793064 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fprintd_var_lib_t:s0 tclass=dir permissive=0

Hash: (fprintd),init_t,fprintd_var_lib_t,dir,mounton

After installing this update, "su -" in gnome-terminal suffers from a 15 seconds delay. Downgrading to 0.7.0-4.fc27 fixes it.

Would be enough for a -1, but maybe I'm missing something.