From mike.mccarty at sbcglobal.net Mon Aug 1 20:26:53 2005 From: mike.mccarty at sbcglobal.net (Mike McCarty) Date: Mon, 01 Aug 2005 15:26:53 -0500 Subject: Pulling updates for FC2 Message-ID: <42EE858D.5080100@sbcglobal.net> I followed (I thought) the instructions for making my FC2 machine pull from legacy, but I'm not getting any updates yet. I thought that I'd seem some notices go by. Is it just that the updates have been to packages I don't have installed? Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} This message made from 100% recycled bits. I can explain it for you, but I can't understand it for you. I speak only for myself, and I am unanimous in that! From cave.dnb at tiscali.fr Mon Aug 1 23:24:30 2005 From: cave.dnb at tiscali.fr (nigel henry) Date: Tue, 2 Aug 2005 00:24:30 +0100 Subject: Pulling updates for FC2 In-Reply-To: <42EE858D.5080100@sbcglobal.net> References: <42EE858D.5080100@sbcglobal.net> Message-ID: <200508020024.30635.cave.dnb@tiscali.fr> Hi Mike. I can't say thers been a lot for FC2 lately. The last ones I had were on Mon 18th July. Mozilla-nspr, Mozilla-nss, Mozilla, curl. curl-devel. And prior to that on the 13th July. A load of open ssh stuff, and ImageMagic. Nigel. On Monday 01 Aug 2005 9:26 pm, Mike McCarty wrote: > I followed (I thought) the instructions for making my FC2 machine > pull from legacy, but I'm not getting any updates yet. I thought > that I'd seem some notices go by. Is it just that the updates have > been to packages I don't have installed? > > Mike From mike.mccarty at sbcglobal.net Mon Aug 1 22:53:21 2005 From: mike.mccarty at sbcglobal.net (Mike McCarty) Date: Mon, 01 Aug 2005 17:53:21 -0500 Subject: Pulling updates for FC2 In-Reply-To: <200508020024.30635.cave.dnb@tiscali.fr> References: <42EE858D.5080100@sbcglobal.net> <200508020024.30635.cave.dnb@tiscali.fr> Message-ID: <42EEA7E1.6040002@sbcglobal.net> nigel henry wrote: > Hi Mike. I can't say thers been a lot for FC2 lately. The last ones I had were > on Mon 18th July. Mozilla-nspr, Mozilla-nss, Mozilla, curl. curl-devel. And > prior to that on the 13th July. A load of open ssh stuff, and ImageMagic. > Nigel. Thanks. Looks like I just don't have anything to pull, yet. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} This message made from 100% recycled bits. You have found the bank of Larn. I can explain it for you, but I can't understand it for you. I speak only for myself, and I am unanimous in that! From shiva at sewingwitch.com Mon Aug 1 22:56:05 2005 From: shiva at sewingwitch.com (Kenneth Porter) Date: Mon, 01 Aug 2005 15:56:05 -0700 Subject: Pulling updates for FC2 In-Reply-To: <42EE858D.5080100@sbcglobal.net> References: <42EE858D.5080100@sbcglobal.net> Message-ID: --On Monday, August 01, 2005 3:26 PM -0500 Mike McCarty wrote: > I followed (I thought) the instructions for making my FC2 machine > pull from legacy, but I'm not getting any updates yet. I thought > that I'd seem some notices go by. Is it just that the updates have > been to packages I don't have installed? I have this stanza in my /etc/yum.conf: [legacy-utils] gpgcheck=1 name=Fedora Legacy utilities for Fedora Core $releasever baseurl=http://download.fedoralegacy.org/fedora/$releasever/legacy-utils/$basearch On another server I've got a newer yum installed that uses per-repo files in /etc/yum.repos.d and that one just finished pulling a big PHP update from Legacy that appeared I think Friday. From sheltren at cs.ucsb.edu Tue Aug 2 20:56:41 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Tue, 2 Aug 2005 13:56:41 -0700 Subject: metadata for legacy repositories Message-ID: Jesse, there was a thread last month regarding the creation of the new metadata for the legacy repositories; but I don't think anything ever came of it. See: https://www.redhat.com/archives/fedora-legacy-list/2005-July/ msg00042.html I have mock working with rh73, rh9, fc1 & fc2, and I was thinking of writing some documentation on the wiki for it, however it requires the use of the newer metadata, so I wasn't sure if I would just be confusing people if the repositories don't actually have the metadata. I would guess that most people using mock would have local mirrors anyway, but it makes a lot more sense if the main download site had the information. Is this just a lack of time thing, or are there some technical issues that need to be worked out? If it's the latter, I would be glad to help (and I'm sure others would as well). Thanks, Jeff From skvidal at phy.duke.edu Tue Aug 2 21:05:41 2005 From: skvidal at phy.duke.edu (seth vidal) Date: Tue, 02 Aug 2005 17:05:41 -0400 Subject: metadata for legacy repositories In-Reply-To: References: Message-ID: <1123016741.12110.45.camel@cutter> > I have mock working with rh73, rh9, fc1 & fc2, and I was thinking of > writing some documentation on the wiki for it, however it requires > the use of the newer metadata, so I wasn't sure if I would just be > confusing people if the repositories don't actually have the > metadata. I would guess that most people using mock would have local > mirrors anyway, but it makes a lot more sense if the main download > site had the information. really? Feel like maybe commenting on this a bit further? Have you tested the results? -sv From sheltren at cs.ucsb.edu Tue Aug 2 21:37:00 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Tue, 2 Aug 2005 14:37:00 -0700 Subject: metadata for legacy repositories In-Reply-To: <1123016741.12110.45.camel@cutter> References: <1123016741.12110.45.camel@cutter> Message-ID: On Aug 2, 2005, at 2:05 PM, seth vidal wrote: > > really? Yes! :) > Feel like maybe commenting on this a bit further? Sure - but honestly I didn't do too much. I get the feeling you weren't expecting it to work? Basically I re-used the buildroots.xml from fc3 for all of them and it seems to work fine. After running creatrepo in the appropriate places in the repositories, it was just a matter of pointing the configs to the right place. For FC2 and lower I needed to change the mock config from: config_opts['runuser'] = '/sbin/runuser' to config_opts['runuser'] = '/bin/su' To get the dist tags working (buildsys-macros), I needed to use /etc/ rpm/macros instead of /etc/rpm/macros.disttag. I'm guessing that the older versions of rpmbuild only looked at '/etc/rpm/macros', but I haven't confirmed this yet. By the way, the host machine is FC4. > Have you tested the > results? > So far everything seems to work. I've tested out cfengine and a couple other packages. I'll put up my configs somewhere and write up a wiki page with the step-by-step details. -Jeff From sheltren at cs.ucsb.edu Tue Aug 2 22:24:07 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Tue, 2 Aug 2005 15:24:07 -0700 Subject: metadata for legacy repositories In-Reply-To: References: <1123016741.12110.45.camel@cutter> Message-ID: <2550A4C6-5914-473C-A0C9-339FE5499D13@cs.ucsb.edu> On Aug 2, 2005, at 2:37 PM, Jeff Sheltren wrote: > > So far everything seems to work. I've tested out cfengine and a > couple other packages. I'll put up my configs somewhere and write > up a wiki page with the step-by-step details. > And here it is: http://fedoraproject.org/wiki/Legacy/Mock Let me know if I missed something that could use more clarification (or, hell, it's a wiki, feel free to add/change things as needed). :) -Jeff From jkeating at j2solutions.net Tue Aug 2 22:36:11 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Tue, 02 Aug 2005 15:36:11 -0700 Subject: metadata for legacy repositories In-Reply-To: <2550A4C6-5914-473C-A0C9-339FE5499D13@cs.ucsb.edu> References: <1123016741.12110.45.camel@cutter> <2550A4C6-5914-473C-A0C9-339FE5499D13@cs.ucsb.edu> Message-ID: <1123022171.3479.1.camel@localhost.localdomain> On Tue, 2005-08-02 at 15:24 -0700, Jeff Sheltren wrote: > > > And here it is: > http://fedoraproject.org/wiki/Legacy/Mock > > Let me know if I missed something that could use more clarification > (or, hell, it's a wiki, feel free to add/change things as needed). :) This is good info Jeff. I had planned on setting up a plague server for Legacy use in the near future, so that we can easily to builds for FC on both archs. However I was informed that plague/mock wouldn't work so well for RHL. Can you do some more testing to prove/disprove this? I will re-examine creating the secondary metadata format if it could be used by mock. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From sheltren at cs.ucsb.edu Tue Aug 2 23:19:53 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Tue, 2 Aug 2005 16:19:53 -0700 Subject: metadata for legacy repositories In-Reply-To: <1123022171.3479.1.camel@localhost.localdomain> References: <1123016741.12110.45.camel@cutter> <2550A4C6-5914-473C-A0C9-339FE5499D13@cs.ucsb.edu> <1123022171.3479.1.camel@localhost.localdomain> Message-ID: On Aug 2, 2005, at 3:36 PM, Jesse Keating wrote: > > This is good info Jeff. I had planned on setting up a plague > server for > Legacy use in the near future, so that we can easily to builds for > FC on > both archs. However I was informed that plague/mock wouldn't work so > well for RHL. Can you do some more testing to prove/disprove this? I > will re-examine creating the secondary metadata format if it could be > used by mock. > > Well, I'm not sure how to prove that it works 100%, but so far it has worked for every package I've tried. I just rebuilt a few legacy packages I had: - fetchmail - gzip - cups as well as a few other packages for rh73, rh9, fc1 and fc2. They've all built, installed, and run OK. So far I've only tested i386 builds for these older distributions, but that's all we support now anyway (and I have no reason to believe that other architectures won't work). -Jeff From marcdeslauriers at videotron.ca Tue Aug 2 23:34:44 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Tue, 02 Aug 2005 19:34:44 -0400 Subject: Fedora Legacy Test Update Notification: httpd Message-ID: <42F00314.5080002@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-157701 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157701 2005-08-02 --------------------------------------------------------------------- Name : httpd Versions : rh73: apache-1.3.27-8.legacy Versions : rh9: httpd-2.0.40-21.18.legacy Versions : fc1: httpd-2.0.51-1.7.legacy Versions : fc2: httpd-2.0.51-2.9.2.legacy Summary : The httpd Web server Description : This package contains a powerful, full-featured, efficient, and freely-available Web server based on work done by the Apache Software Foundation. It is also the most popular Web server on the Internet. --------------------------------------------------------------------- Update Information: Updated Apache httpd packages to correct security issues are now available. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header. This caused Apache to incorrectly handle and forward the body of the request in a way that the receiving server processes it as a separate HTTP request. This could allow the bypass of Web application firewall protection or lead to cross-site scripting (XSS) attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-2088 to this issue. A buffer overflow was discovered in htdigest that may allow an attacker to execute arbitrary code. Since htdigest is usually only accessible locally, the impact of this issue is low. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-1344 to this issue. Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list (CRL). The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-1268 to this issue. Users of Apache httpd should update to these errata packages that contain backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Mon Aug 01 2005 Marc Deslauriers 1.3.27-8.legacy - Added security patch for CAN-2005-2088 * Sun Jul 31 2005 Marc Deslauriers 1.3.27-7.legacy - Added security patch for CAN-2005-1344 rh9: * Sun Jul 31 2005 Marc Deslauriers 2.0.40-21.18.legacy - Added security patches for CAN-2005-1268, CAN-2005-1344 and CAN-2005-2088 fc1: * Sat Jul 30 2005 Marc Deslauriers 2.0.51-1.7.legacy - Added security patches for CAN-2005-1268, CAN-2005-1344 and CAN-2005-2088 fc2: * Tue Aug 02 2005 Marc Deslauriers 2.0.51-2.9.2.legacy - added missing autoconf, libtool, zlib-devel, gdbm-devel BuildRequires * Sat Jul 30 2005 Marc Deslauriers 2.0.51-2.9.1.legacy - Added security patches for CAN-2005-1268, CAN-2005-1344 and CAN-2005-2088 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 0e3755cab97683d75987658b7de6ffe9c80a8b62 redhat/7.3/updates-testing/i386/apache-1.3.27-8.legacy.i386.rpm b9b201ebe088409ea9d8b0ea8437351744d8b03e redhat/7.3/updates-testing/i386/apache-devel-1.3.27-8.legacy.i386.rpm 9222e0121f0b39d336d5465967cc5e218a5487de redhat/7.3/updates-testing/i386/apache-manual-1.3.27-8.legacy.i386.rpm 3a6736e526c94f5e253860636a1986f8ca3cc972 redhat/7.3/updates-testing/SRPMS/apache-1.3.27-8.legacy.src.rpm rh9: cb1ae0ad7739bf0cd3eb7c56a8ba96a5bc7825e3 redhat/9/updates-testing/i386/httpd-2.0.40-21.18.legacy.i386.rpm 4468f5beed1cd89f0225bc8e253bfd4a73fb7732 redhat/9/updates-testing/i386/httpd-devel-2.0.40-21.18.legacy.i386.rpm cf259929dd2acb5423f611dc5955e801f6bc85fe redhat/9/updates-testing/i386/httpd-manual-2.0.40-21.18.legacy.i386.rpm 40ad84a4a01502aad2bccfbcd7fda81e8b24022b redhat/9/updates-testing/SRPMS/httpd-2.0.40-21.18.legacy.src.rpm f34762e151a8cbbe4dcf926c66dce6392dbac970 redhat/9/updates-testing/i386/mod_ssl-2.0.40-21.18.legacy.i386.rpm fc1: b19c5d34da8ef263e5b2f2dcfdd23b02a1a2dd36 fedora/1/updates-testing/i386/httpd-2.0.51-1.7.legacy.i386.rpm 3ca9ea9df6b5c4334909b8cbf63ea858385f81de fedora/1/updates-testing/i386/httpd-devel-2.0.51-1.7.legacy.i386.rpm d2a69419b943944e0d7557a500f86eb470d2c5e9 fedora/1/updates-testing/i386/httpd-manual-2.0.51-1.7.legacy.i386.rpm 3ff73a6a4607f5c7503ec36d9a3e901ab02131c2 fedora/1/updates-testing/SRPMS/httpd-2.0.51-1.7.legacy.src.rpm 2667ac96d7749d32255702430c0d04cf40620972 fedora/1/updates-testing/i386/mod_ssl-2.0.51-1.7.legacy.i386.rpm fc2: 6cf82576642dbb991a3253f4c2ef4ca485d7eea4 fedora/2/updates-testing/i386/httpd-2.0.51-2.9.2.legacy.i386.rpm e8ff1c406b0dd81c2e8f987df5b33dd6e56111e9 fedora/2/updates-testing/i386/httpd-devel-2.0.51-2.9.2.legacy.i386.rpm d432195a04f5423c0ca82c4fb99eff2a4efa04ee fedora/2/updates-testing/i386/httpd-manual-2.0.51-2.9.2.legacy.i386.rpm a041a7db3f6840e490c418856f86448b52769364 fedora/2/updates-testing/SRPMS/httpd-2.0.51-2.9.2.legacy.src.rpm a1d6ac70df1a9ac0eefa1d8c16078861cd61b282 fedora/2/updates-testing/i386/mod_ssl-2.0.51-2.9.2.legacy.i386.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From shiva at sewingwitch.com Wed Aug 3 02:19:21 2005 From: shiva at sewingwitch.com (Kenneth Porter) Date: Tue, 02 Aug 2005 19:19:21 -0700 Subject: New repository metadata format In-Reply-To: <20050713110022.GA8909@neu.nirvana> References: <382AE7E877C4CB520095C298@[10.0.0.14]> <1115226675.28515.11.camel@jkeating2.hq.pogolinux.com> <1115232781.28515.27.camel@jkeating2.hq.pogolinux.com> <1121241847.31376.0.camel@prometheus.gamehouse.com> <20050713110022.GA8909@neu.nirvana> Message-ID: <89F1E59355FC8602502B4B70@[10.169.6.233]> --On Wednesday, July 13, 2005 1:00 PM +0200 Axel Thimm wrote: > dl.atrpms.net has vendor and legacy updates with all three metadata > formats, apt, yum20 and yum. Until fedoralegacy introduces the new > metadata support, you can use ATrpms'. > > For FC2/i386 this is under > > http://dl.atrpms.net/fc2-i386/redhat/updates/ > http://dl.atrpms.net/fc2-i386/redhat/updates-legacy/ Any plans to update the updates-testing mirror? It doesn't seem to be getting the new files. The last package there is from March, but there are a number of newer packages available at the main repo (which lacks the new metadata): From skvidal at phy.duke.edu Wed Aug 3 05:19:35 2005 From: skvidal at phy.duke.edu (seth vidal) Date: Wed, 03 Aug 2005 01:19:35 -0400 Subject: metadata for legacy repositories In-Reply-To: <2550A4C6-5914-473C-A0C9-339FE5499D13@cs.ucsb.edu> References: <1123016741.12110.45.camel@cutter> <2550A4C6-5914-473C-A0C9-339FE5499D13@cs.ucsb.edu> Message-ID: <1123046375.16066.0.camel@cutter> On Tue, 2005-08-02 at 15:24 -0700, Jeff Sheltren wrote: > On Aug 2, 2005, at 2:37 PM, Jeff Sheltren wrote: > > > > So far everything seems to work. I've tested out cfengine and a > > couple other packages. I'll put up my configs somewhere and write > > up a wiki page with the step-by-step details. > > > > And here it is: > http://fedoraproject.org/wiki/Legacy/Mock > > Let me know if I missed something that could use more clarification > (or, hell, it's a wiki, feel free to add/change things as needed). :) > there's also another wiki page here: http://fedoraproject.org/wiki/Projects/Mock annotate away. -sv From skvidal at phy.duke.edu Wed Aug 3 05:24:13 2005 From: skvidal at phy.duke.edu (seth vidal) Date: Wed, 03 Aug 2005 01:24:13 -0400 Subject: metadata for legacy repositories In-Reply-To: References: <1123016741.12110.45.camel@cutter> Message-ID: <1123046654.16066.5.camel@cutter> > > Feel like maybe commenting on this a bit further? > Sure - but honestly I didn't do too much. I get the feeling you > weren't expecting it to work? not exactly, no. I was expecting the rpmdb to explode on itself. But then again we're only ever touching it from the outside so it should be okay. > Basically I re-used the buildroots.xml > from fc3 for all of them and it seems to work fine. After running > creatrepo in the appropriate places in the repositories, it was just > a matter of pointing the configs to the right place. For FC2 and > lower I needed to change the mock config from: > config_opts['runuser'] = '/sbin/runuser' > to > config_opts['runuser'] = '/bin/su' > Would you care to send me those configs. I could include them in the system. We could point them to the legacy download site so we know we'd have all of it and then others could easily test and build package updates, too. > To get the dist tags working (buildsys-macros), I needed to use /etc/ > rpm/macros instead of /etc/rpm/macros.disttag. I'm guessing that the > older versions of rpmbuild only looked at '/etc/rpm/macros', but I > haven't confirmed this yet. did you rebuild the buildsys-macros package? I could put it up at the buildgroups location on fedoraproject.org. > So far everything seems to work. I've tested out cfengine and a > couple other packages. I'll put up my configs somewhere and write up > a wiki page with the step-by-step details. great - but let's get it merged into the mock in cvs. You have a fedora cvs account, right? If I can get commit access enabled for you for mock would you be willing to throw them in? thanks, -sv From sebenste at weather.admin.niu.edu Wed Aug 3 05:25:23 2005 From: sebenste at weather.admin.niu.edu (Gilbert Sebenste) Date: Wed, 3 Aug 2005 00:25:23 -0500 (CDT) Subject: Updated httpd packages Message-ID: Hey gang, Just thought I'd let you know I tried the httpd packages and the mod_ssl, and all appears to be well after running for 3 hours. Give this a +VERIFY. ******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** Staff Meteorologist, Northern Illinois University **** E-mail: sebenste at weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** ******************************************************************************* From Axel.Thimm at ATrpms.net Wed Aug 3 07:17:50 2005 From: Axel.Thimm at ATrpms.net (Axel Thimm) Date: Wed, 3 Aug 2005 09:17:50 +0200 Subject: New repository metadata format In-Reply-To: <89F1E59355FC8602502B4B70@[10.169.6.233]> References: <382AE7E877C4CB520095C298@[10.0.0.14]> <1115226675.28515.11.camel@jkeating2.hq.pogolinux.com> <1115232781.28515.27.camel@jkeating2.hq.pogolinux.com> <1121241847.31376.0.camel@prometheus.gamehouse.com> <20050713110022.GA8909@neu.nirvana> <89F1E59355FC8602502B4B70@[10.169.6.233]> Message-ID: <20050803071750.GA23604@neu.nirvana> On Tue, Aug 02, 2005 at 07:19:21PM -0700, Kenneth Porter wrote: > wrote: > > >dl.atrpms.net has vendor and legacy updates with all three metadata > >formats, apt, yum20 and yum. Until fedoralegacy introduces the new > >metadata support, you can use ATrpms'. > > > >For FC2/i386 this is under > > > >http://dl.atrpms.net/fc2-i386/redhat/updates/ > >http://dl.atrpms.net/fc2-i386/redhat/updates-legacy/ > > Any plans to update the updates-testing mirror? It doesn't seem to be > getting the new files. I was only using Red Hat's updates-testing, I missed the legacy bits. I'll fix that and repost. Thanks for chatching this. :) > The last package there is from March, but there are a number of > newer packages available at the main repo (which lacks the new > metadata): > > > > -- Axel.Thimm at ATrpms.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From sheltren at cs.ucsb.edu Wed Aug 3 14:03:26 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Wed, 3 Aug 2005 07:03:26 -0700 (PDT) Subject: metadata for legacy repositories In-Reply-To: <1123046654.16066.5.camel@cutter> References: <1123016741.12110.45.camel@cutter> <1123046654.16066.5.camel@cutter> Message-ID: <49231.68.227.82.169.1123077806.squirrel@letters.cs.ucsb.edu> > not exactly, no. I was expecting the rpmdb to explode on itself. But > then again we're only ever touching it from the outside so it should be > okay. > Yeah, I was actually expecting the same but gave it a try anyway. Then, looking closer at it, we are only ever using the host system's yum to modify the rpmdb. Since the rpmbuild uses the --nodeps flag, it doesn't need access to the rpmdb, so everyone ends up happy :) > > Would you care to send me those configs. I could include them in the > system. We could point them to the legacy download site so we know we'd > have all of it and then others could easily test and build package > updates, too. > > did you rebuild the buildsys-macros package? I could put it up at the > buildgroups location on fedoraproject.org. > > great - but let's get it merged into the mock in cvs. You have a fedora > cvs account, right? If I can get commit access enabled for you for mock > would you be willing to throw them in? > Yes to all of those questions. I didn't post the configs since the ftp site I'm using in not accessable to the outside world, but I'll modify them to point at the legacy download site and add them to CVS. I rebuilt the buildsys-macros package for fc1 and fc2, and they are here: http://www.cs.ucsb.edu/~jeff/legacy/buildsys-macros/ If you can stick those on fedoraproject.org, I can update the configs to use them. -Jeff From pekkas at netcore.fi Wed Aug 3 15:26:05 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Wed, 3 Aug 2005 18:26:05 +0300 (EEST) Subject: Updated httpd packages In-Reply-To: References: Message-ID: On Wed, 3 Aug 2005, Gilbert Sebenste wrote: > Just thought I'd let you know I tried the httpd packages and the > mod_ssl, and all appears to be well after running for 3 hours. Give > this a +VERIFY. Could you put this (and also the OS version :) in bugzilla, preferably GPG signed? Thanks! https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157701 -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From sebenste at weather.admin.niu.edu Wed Aug 3 15:26:23 2005 From: sebenste at weather.admin.niu.edu (Gilbert Sebenste) Date: Wed, 3 Aug 2005 10:26:23 -0500 (CDT) Subject: Updated httpd packages In-Reply-To: References: Message-ID: On Wed, 3 Aug 2005, Gilbert Sebenste wrote: > Hey gang, > > Just thought I'd let you know I tried the httpd packages and the mod_ssl, and > all appears to be well after running for 3 hours. Give this a +VERIFY. Would it help if I told you I was running FC1? D'oh! Sorry about that. ******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** Staff Meteorologist, Northern Illinois University **** E-mail: sebenste at weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** Work phone: 815-753-5492 * ******************************************************************************* From terabite at bigpond.com Thu Aug 4 14:22:00 2005 From: terabite at bigpond.com (Frank Hamersley) Date: Fri, 5 Aug 2005 00:22:00 +1000 Subject: Building Fedora Legacy 2.4.20-43.7 for RH7.3 from sources. Message-ID: <008601c59900$0b156b50$22078a90@CPQ7380> Can anyone point me to a useful howto on building the latest Fedora RH73 legacy kernel from source? I have installed the src rpm (2.4.20-43.7) and unpacked the .tar.bz2 file. However I am confused about how to apply the .patch files (as they do not seem to be applied to the source). >From the base of the source I have tried ... # scripts/patch-kernel . .. ... but it doesn't find any patches to apply!!!! Can anyone provide enlightenment? Cheers, Frank. From ad+lists at uni-x.org Thu Aug 4 14:28:34 2005 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Thu, 04 Aug 2005 16:28:34 +0200 Subject: Building Fedora Legacy 2.4.20-43.7 for RH7.3 from sources. In-Reply-To: <008601c59900$0b156b50$22078a90@CPQ7380> References: <008601c59900$0b156b50$22078a90@CPQ7380> Message-ID: <1123165714.21238.725.camel@serendipity.dogma.lan> Am Do, den 04.08.2005 schrieb Frank Hamersley um 16:22: > Can anyone point me to a useful howto on building the latest Fedora RH73 > legacy kernel from source? Could you be specific about what you want to do differently than the FLP package does for the resulting kernel rpm? There must be a reason to compile your own, but with the legacy kernel source. > I have installed the src rpm (2.4.20-43.7) and unpacked the .tar.bz2 file. > However I am confused about how to apply the .patch files (as they do not > seem to be applied to the source). > Can anyone provide enlightenment? Cheers, Frank. Use the spec file which is located in SPECS. "rpmbuild --help" -> -bp build through %prep (unpack sources and apply patches) from Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 16:25:34 up 19 days, 20:58, load average: 0.17, 0.17, 0.16 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil URL: From terabite at bigpond.com Thu Aug 4 14:44:18 2005 From: terabite at bigpond.com (Frank Hamersley) Date: Fri, 5 Aug 2005 00:44:18 +1000 Subject: Building Fedora Legacy 2.4.20-43.7 for RH7.3 from sources. In-Reply-To: <1123165714.21238.725.camel@serendipity.dogma.lan> Message-ID: <008c01c59903$26419130$22078a90@CPQ7380> Thanks for the prompt reply Alexander .... > -----Original Message----- > From: fedora-legacy-list-bounces at redhat.com > [mailto:fedora-legacy-list-bounces at redhat.com]On Behalf Of Alexander > Dalloz > Sent: Friday, 5 August 2005 12:29 AM > To: Discussion of the Fedora Legacy Project > Subject: Re: Building Fedora Legacy 2.4.20-43.7 for RH7.3 > from sources. > > Am Do, den 04.08.2005 schrieb Frank Hamersley um 16:22: > > > Can anyone point me to a useful howto on building the > latest Fedora RH73 > > legacy kernel from source? > > Could you be specific about what you want to do differently > than the FLP > package does for the resulting kernel rpm? There must be a reason to > compile your own, but with the legacy kernel source. Partially a learning exercise, but mostly I want to freshen my iptables to the latest stable and decided that I should go all the way through from first principles ie. starting with the kernel. > > I have installed the src rpm (2.4.20-43.7) and unpacked the > .tar.bz2 file. > > However I am confused about how to apply the .patch files > (as they do not > > seem to be applied to the source). > > > Can anyone provide enlightenment? Cheers, Frank. > > Use the spec file which is located in SPECS. "rpmbuild --help" -> > > -bp build through %prep (unpack > sources and > apply > patches) from Just about to hit the sack here (12:41 AM Sydney). Will look at this tomorrow...but did not notice any SPECS directory after installing the rpm. Will check again in daylight. Cheers, Frank. From jkosin at beta.intcomgrp.com Thu Aug 4 15:23:17 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Thu, 04 Aug 2005 11:23:17 -0400 Subject: Building Fedora Legacy 2.4.20-43.7 for RH7.3 from sources. In-Reply-To: <008c01c59903$26419130$22078a90@CPQ7380> References: <008c01c59903$26419130$22078a90@CPQ7380> Message-ID: <42F232E5.6000808@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frank Hamersley wrote: | Thanks for the prompt reply Alexander .... | |> -----Original Message----- From: |> fedora-legacy-list-bounces at redhat.com |> [mailto:fedora-legacy-list-bounces at redhat.com]On Behalf Of |> Alexander Dalloz Sent: Friday, 5 August 2005 12:29 AM To: |> Discussion of the Fedora Legacy Project Subject: Re: Building |> Fedora Legacy 2.4.20-43.7 for RH7.3 from sources. |> |> Am Do, den 04.08.2005 schrieb Frank Hamersley um 16:22: |> |>> Can anyone point me to a useful howto on building the |> |> latest Fedora RH73 |> |>> legacy kernel from source? |> |> Could you be specific about what you want to do differently than |> the FLP package does for the resulting kernel rpm? There must be |> a reason to compile your own, but with the legacy kernel source. | | | Partially a learning exercise, but mostly I want to freshen my | iptables to the latest stable and decided that I should go all the | way through from first principles ie. starting with the kernel. | |>> I have installed the src rpm (2.4.20-43.7) and unpacked the |> |> .tar.bz2 file. |> |>> However I am confused about how to apply the .patch files |> |> (as they do not |> |>> seem to be applied to the source). |> |>> Can anyone provide enlightenment? Cheers, Frank. |> |> Use the spec file which is located in SPECS. "rpmbuild --help" -> |> |> |> -bp build through %prep (unpack sources |> and apply patches) from | | | Just about to hit the sack here (12:41 AM Sydney). Will look at | this tomorrow...but did not notice any SPECS directory after | installing the rpm. Will check again in daylight. | | Cheers, Frank. | | | -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com | http://www.redhat.com/mailman/listinfo/fedora-legacy-list | Frank, (1) Because you said you unpacked the .tar.bz2 file. We can safely assume you have the .src.rpm file was what you have. (2) Check for the files in /usr/src/redhat.... You should see directories: ~ (a) BUILD ... where the RPM builder unpacks the source to and applies patches to. ~ (b) SOURCES ... where the RPM builder gets the sources / patches / etc for the build process. ~ (c) SPECS ... where the RPM builder gets the spec files for building the package. NOTE: ~ The kernel package is not the easiest package to tackle your first time. It may be better to build from the sources in /usr/src/linux-2.4 directory first. If you updated the kernel-sources-*.rpm file then you have the latest patched kernel sources there. ~ Be careful, especially with the kernel. You can really cause problems if you don't know what you are doing. ~ First, read the documentation for the latest release of iptables... Look for dependencies on a specific kernel version or iptables modules. ~ Next, compare the source for the iptables modules with the patched sources for the 7.3 kernel and be sure you will not be breaking anything. ~ Next, try the patches you create on the /usr/src/linux-2.4 kernel directory by building a custom kernel you can boot from and try.... carefully. Good Luck, James Kosin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC8jLkkNLDmnu1kSkRApnoAJ0SCEWiLl2cuHt3IUfHMLPGd1mtcACePq60 upRSVzrrZhWUKEzhW+sjWnQ= =zFkJ -----END PGP SIGNATURE----- From jkosin at beta.intcomgrp.com Fri Aug 5 15:55:48 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Fri, 05 Aug 2005 11:55:48 -0400 Subject: Updates for FC1 Message-ID: <42F38C04.9020809@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Everyone, ******************************************************************************************************* GCC 3.3.6 - ------------ I need testers for the package if possible. This is a big one.... and I thought the kernel was BIG. I fixed the last of the packaging issues. c++filt is now part of binutils and is not part of this gcc package. See below for my updates to binutils. repository path: http://support.intcomgrp.com/mirror/fedora-core/beta/ SHA1SUMs - ---------------- 75e57c15e8372fd20ffc7317ba66cd418f34cd29 *cpp-3.3.6-1.fc1.i386.rpm 934755f58313fbb80bd4ab3fd01c30383ed7a2ec *gcc-3.3.6-1.fc1.i386.rpm cc85962102c9174cd1c1e2302626bfd4172117c3 *gcc-c++-3.3.6-1.fc1.i386.rpm 0dae171312c0fda8519a05857c62ec33bfae6e80 *gcc-g77-3.3.6-1.fc1.i386.rpm 715d1a01f811fe5bce8d380ee78689a36c6674c3 *gcc-gnat-3.3.6-1.fc1.i386.rpm 3a818fcca68727fa7797ad64d4412a8f348185af *gcc-java-3.3.6-1.fc1.i386.rpm 7eee2870769b7a89ec4eae2dc94891446e7c5c5d *gcc-objc-3.3.6-1.fc1.i386.rpm 6dcef6d5a7e621b3a7f44ae9617490e1ac68529b *libf2c-3.3.6-1.fc1.i386.rpm a1dc2831e2ae69cf1e2957033473025f99eb52af *libgcc-3.3.6-1.fc1.i386.rpm 359bf1328a3265e1eac370c625f33b017fe15296 *libgcj-3.3.6-1.fc1.i386.rpm 6c4e3b5b607081fd5789cc0525f24e50213f5fdc *libgcj-devel-3.3.6-1.fc1.i386.rpm 8432237fefab272f75beb766963e330438b6aff8 *libgnat-3.3.6-1.fc1.i386.rpm 92853fc220bcb543f4fc415214496941170d88fd *libobjc-3.3.6-1.fc1.i386.rpm a00ad0cbba4a47c0758e5b5add02c3cf75cc7f48 *libstdc++-3.3.6-1.fc1.i386.rpm ef1d89346cd3a4e8641675dc08215cac86398786 *libstdc++-devel-3.3.6-1.fc1.i386.rpm SOURCE file - -------------- http://support.intcomgrp.com/mirror/fedora-core/beta/src/gcc-3.3.6-1.fc1.src.rpm ******************************************************************************************************* BINUTILS 2.16.1 - --------------------- Contains utilities for compilers / etc. Added c++filt to the build for FC1. Needed for gcc-3.3.6. SHA1SUMs - -------------- 26024b433219ac53e2c2d1e9508948b577781173 *binutils-2.16.1-1.fc1.i386.rpm SOURCE file - -------------- http://support.intcomgrp.com/mirror/fedora-core/beta/src/binutils-2.16.1-1.fc1.src.rpm ******************************************************************************************************* DEJAGNU 1.4.3 - ------------------ Scripting utility for verifying applications.. Used when testing gcc-3.3.6, etc. SHA1SUMs - ------------- 8e0170a2baedf0ebdd21bcff071a75290f7b2899 *dejagnu-1.4.3-10.noarch.rpm SOURCE file - --------------- http://support.intcomgrp.com/mirror/fedora-core/beta/src/dejagnu-1.4.3-10.fc1.src.rpm ******************************************************************************************************* KERNEL 2.4.30-2.2 - ---------------------- Kernel for FC1 patched to 2.4.32-pre2 level SHA1SUMs - --------------- d964fac93eda079c78c1c4278808f04903004b3d *kernel-2.4.30-2.2.fc1.vanilla.i686.rpm 22a73fdd872b254371758ccdbc09560ef5ab26fc *kernel-doc-2.4.30-2.2.fc1.vanilla.i386.rpm 4ad2927b041ae4c4045218236cb20cfd0ea19d82 *kernel-smp-2.4.30-2.2.fc1.vanilla.i686.rpm 9f1683ee800f8b2b8510a0240ed11bec65e2e6e3 *kernel-source-2.4.30-2.2.fc1.vanilla.i386.rpm SOURCE file - -------------- http://support.intcomgrp.com/mirror/fedora-core/beta/src/kernel-2.4.30-2.2.fc1.src.rpm ******************************************************************************************************* The GCC update took a while, and I need to appologize to eveyone who waited for the update. I've only tested the update as far as my system has not crashed. All patches except for two I believe where kept from the old gcc version. One patch was already applied and one did not agree with the new changes. I fixed my problems building the package. The last thing was documentation being replaced. Thanks, James Kosin REMEBER, my updates are NOT SUPPORTED BY REDHAT or FEDORA CORE. If you have problems please kindly email me. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC84wDkNLDmnu1kSkRAnsaAJ9B+wSULpBHFEOqYwWzNs/VXusYEQCghAPw v5sAHR1pSVSVoSyMDqCAx7s= =+Y2j -----END PGP SIGNATURE----- From jkeating at j2solutions.net Fri Aug 5 16:21:01 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 05 Aug 2005 09:21:01 -0700 Subject: Updates for FC1 In-Reply-To: <42F38C04.9020809@beta.intcomgrp.com> References: <42F38C04.9020809@beta.intcomgrp.com> Message-ID: <1123258861.11730.37.camel@prometheus.gamehouse.com> On Fri, 2005-08-05 at 11:55 -0400, James Kosin wrote: > > REMEBER, my updates are NOT SUPPORTED BY REDHAT or FEDORA CORE. > If you have problems please kindly email me. > Nor are they supported by Fedora Legacy. I'm somewhat turning a blind eye to you posting updates here, but please make it a bit more verbose that these are _not_ Fedora Legacy updates, these are your packages for older releases and nothing more. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From jkosin at beta.intcomgrp.com Fri Aug 5 16:52:23 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Fri, 05 Aug 2005 12:52:23 -0400 Subject: Updates for FC1 In-Reply-To: <1123258861.11730.37.camel@prometheus.gamehouse.com> References: <42F38C04.9020809@beta.intcomgrp.com> <1123258861.11730.37.camel@prometheus.gamehouse.com> Message-ID: <42F39947.4090209@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jesse Keating wrote: |On Fri, 2005-08-05 at 11:55 -0400, James Kosin wrote: | |>REMEBER, my updates are NOT SUPPORTED BY REDHAT or FEDORA CORE. |>If you have problems please kindly email me. |> | |Nor are they supported by Fedora Legacy. I'm somewhat turning a blind |eye to you posting updates here, but please make it a bit more verbose |that these are _not_ Fedora Legacy updates, these are your packages for |older releases and nothing more. | Ok, I'm flexible on this issue. I've just never found how to supply people with patches to the latest and greatest without updating to FC4 or FC5. Since my server is stuck at FC1 for the moment due to hardware issues if I upgrade, I've had to roll a few packages myself. I've gotten quite good at it; though I'm not sure I'm ready yet for the BIG time. I would like to contribute .... and my posts are always small anouncements. If you rather I don't post them here; I can also do that. But, many people may find my packages useful. I'm also not as big as DAG or some of the others. Just one person. I've worked hard on these updates... although they may not be needed, I still like to offer them to the comunity. Is anyone interested in my updates? Supported or not? Sorry, I don't expect anyone to care.... I like the free feal of Linux and have supported it for many years. I've grown to like the features, extras, etc you can get for free or very little cost compared to some other companies. I've only gotten into updating the RPM packages, since many packages come out with newer versions; which in most cases are compatible with FC1... But most, don't offer the packages for FC or only provide generic packages. I've only been taking the original FC1 RPMs and repackaging them for the new or updated versions. Some of which add new features, support and other functions not applicable to urgent security concerns. Maybe, I'm doing this for the wrong reasons.... freely distributing what I can do and my time. I'll try to remember and add them to my next updates, if they become available. James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC85lHkNLDmnu1kSkRAppCAJ9b/S47/wL4LLfRLclgYlZy0S8bSACePe1R l8kJ5HpweZ1DU4gyVqsU2gA= =8Pn+ -----END PGP SIGNATURE----- From jkeating at j2solutions.net Fri Aug 5 16:58:05 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 05 Aug 2005 09:58:05 -0700 Subject: Updates for FC1 In-Reply-To: <42F39947.4090209@beta.intcomgrp.com> References: <42F38C04.9020809@beta.intcomgrp.com> <1123258861.11730.37.camel@prometheus.gamehouse.com> <42F39947.4090209@beta.intcomgrp.com> Message-ID: <1123261085.11730.46.camel@prometheus.gamehouse.com> On Fri, 2005-08-05 at 12:52 -0400, James Kosin wrote: > Ok, I'm flexible on this issue. I've just never found how to supply > people with patches to the latest and greatest without updating to FC4 > or FC5. > Since my server is stuck at FC1 for the moment due to hardware issues > if I upgrade, I've had to roll a few packages myself. I've gotten > quite good at it; though I'm not sure I'm ready yet for the BIG time. > > I would like to contribute .... and my posts are always small > anouncements. > > If you rather I don't post them here; I can also do that. But, many > people may find my packages useful. You are absolutely ok to post here. Just be clear that your packages are not Fedora Legacy supported packages. There is an audience here of older system users who may very well be interested in your packages, and I'm not going to prevent you from reaching them. > I'm also not as big as DAG or some of the others. Just one person. > > I've worked hard on these updates... although they may not be needed, > I still like to offer them to the comunity. I'm sure people do appreciate your efforts. Check your web logs to see if anybody is taking part in your packages. Again you're free to post here and I even mildly encourage it. Just be clear that your updates are from you and not from Fedora Legacy is all I ask. Perhaps adding a blurb that 'for support on these packages, please email me' would be good as well. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From pekkas at netcore.fi Sat Aug 6 04:40:42 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sat, 6 Aug 2005 07:40:42 +0300 (EEST) Subject: issues list(s) Message-ID: Remember, there's always a need for folks to do some QA testing. See the wiki for instructions and how to get started: http://www.fedoraproject.org/wiki/Legacy/QATesting In particular, IMHO the biggest need right now is having people take a look at "All packages lacking VERIFY" category especially for FC1/FC2. Secondarily "All packages lacking PUBLISH" (for example, a couple of my trivial packages have been sitting there for months, and I'm not inclined to create any more of them until these have gone forward). http://www.netcore.fi/pekkas/buglist.html (all) http://www.netcore.fi/pekkas/buglist-rhl73.html http://www.netcore.fi/pekkas/buglist-rhl9.html http://www.netcore.fi/pekkas/buglist-core1.html http://www.netcore.fi/pekkas/buglist-fc2.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From echoinie at umich.edu Sat Aug 6 16:10:31 2005 From: echoinie at umich.edu (Eric Choiniere) Date: Sat, 6 Aug 2005 12:10:31 -0400 (EDT) Subject: support of Fedora Core 2 for x86_64 Message-ID: Hello, does anyone know of any plans to support the x86_64 architecture as part of legacy support for FC2 ? Eric From jkeating at j2solutions.net Sat Aug 6 17:04:33 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Sat, 06 Aug 2005 10:04:33 -0700 Subject: support of Fedora Core 2 for x86_64 In-Reply-To: References: Message-ID: <1123347873.17349.1.camel@yoda.loki.me> On Sat, 2005-08-06 at 12:10 -0400, Eric Choiniere wrote: > Hello, > > does anyone know of any plans to support the x86_64 architecture as part > of legacy support for FC2 ? I am currently working on testing and evaluating a new build server setup that would allow for the building of x86_64 packages as well as i386 packages. Unfortunately this upgrade is probably a month or so away due to the amount of testing and whatnot that has to happen. We may not be in time to do any FC2 x86_64 but I do plan on supporting FC3 x86_64. We may be able to back-build all the FC2 updates as well at that time. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From echoinie at umich.edu Sat Aug 6 17:47:06 2005 From: echoinie at umich.edu (Eric Choiniere) Date: Sat, 6 Aug 2005 13:47:06 -0400 (EDT) Subject: support of Fedora Core 2 for x86_64 In-Reply-To: <1123347873.17349.1.camel@yoda.loki.me> Message-ID: That sounds great, Jesse, looking forward to it ! Eric On Sat, 6 Aug 2005, Jesse Keating wrote: > On Sat, 2005-08-06 at 12:10 -0400, Eric Choiniere wrote: > > Hello, > > > > does anyone know of any plans to support the x86_64 architecture as part > > of legacy support for FC2 ? > > I am currently working on testing and evaluating a new build server > setup that would allow for the building of x86_64 packages as well as > i386 packages. Unfortunately this upgrade is probably a month or so > away due to the amount of testing and whatnot that has to happen. We > may not be in time to do any FC2 x86_64 but I do plan on supporting FC3 > x86_64. We may be able to back-build all the FC2 updates as well at > that time. From sheltren at cs.ucsb.edu Sat Aug 6 18:16:03 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Sat, 6 Aug 2005 11:16:03 -0700 Subject: metadata for legacy repositories In-Reply-To: <1123022171.3479.1.camel@localhost.localdomain> References: <1123016741.12110.45.camel@cutter> <2550A4C6-5914-473C-A0C9-339FE5499D13@cs.ucsb.edu> <1123022171.3479.1.camel@localhost.localdomain> Message-ID: On Aug 2, 2005, at 3:36 PM, Jesse Keating wrote: > On Tue, 2005-08-02 at 15:24 -0700, Jeff Sheltren wrote: > >> >> >> And here it is: >> http://fedoraproject.org/wiki/Legacy/Mock >> >> Let me know if I missed something that could use more clarification >> (or, hell, it's a wiki, feel free to add/change things as needed). :) >> > > This is good info Jeff. I had planned on setting up a plague > server for > Legacy use in the near future, so that we can easily to builds for > FC on > both archs. However I was informed that plague/mock wouldn't work so > well for RHL. Can you do some more testing to prove/disprove this? I > will re-examine creating the secondary metadata format if it could be > used by mock. > Hi Jesse, it looks like things work fine on x86_64 build hosts (with target i386), but there is an issue with FC1 builds on a i686 build host. On x86_64, a mock install of fc1 i386 goes cleanly, but on an i686 32 bit machine, the %post section of the glibc install fails. I'm curious, what type of build machine are you using currently, and if it's not x86_64, did you experience anything like this under mach? Here's some output after doing a 'mock -r fedora-1-i386-core --debug init' and killing mock before it does the 'yum groupinstall build', so that I can do a test install of glibc. Basically, I get the same error message when doing a mock build, but this way I can avoid the wait when it downloads all packages in the build group :) This works perfectly on the x86_64 machine. I've been looking at the /usr/sbin/glibc_post_upgrade code (this is the only thing run in %post of the glibc rpm), and I can see where it's throwing the 115 exit code, but I'm not sure what is causing it. -Jeff ---------- $ /usr/sbin/mock-helper yum --installroot /var/lib/mock/fedora-1-i386- core/root install glibc ======================================================================== ===== Package Arch Version Repository Size ======================================================================== ===== Installing: glibc i686 2.3.2-101.4 updates- released 4.9 M Installing for dependencies: basesystem noarch 8.0-2 core 2.6 k filesystem i386 2.2.1-5 core 14 k glibc-common i386 2.3.2-101.4 updates- released 12 M libgcc i386 3.3.2-1 core 26 k setup noarch 2.5.27-1.1 core 28 k tzdata noarch 2004b-1.fc1 updates- released 403 k Transaction Summary ======================================================================== ===== Install 7 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 18 M warning: basesystem-8.0-2: Header V3 DSA signature: NOKEY, key ID db42a60e warning: libgcc-3.3.2-1: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 error: %post(glibc-2.3.2-101.4.i686) scriptlet failed, exit status 115 ---------- From philip at datafoundry.com Sat Aug 6 19:00:30 2005 From: philip at datafoundry.com (Philip Molter) Date: Sat, 06 Aug 2005 14:00:30 -0500 Subject: support of Fedora Core 2 for x86_64 In-Reply-To: <1123347873.17349.1.camel@yoda.loki.me> References: <1123347873.17349.1.camel@yoda.loki.me> Message-ID: <42F508CE.2050509@datafoundry.com> Jesse Keating wrote: > On Sat, 2005-08-06 at 12:10 -0400, Eric Choiniere wrote: > >>Hello, >> >>does anyone know of any plans to support the x86_64 architecture as part >>of legacy support for FC2 ? > > > I am currently working on testing and evaluating a new build server > setup that would allow for the building of x86_64 packages as well as > i386 packages. Unfortunately this upgrade is probably a month or so > away due to the amount of testing and whatnot that has to happen. We > may not be in time to do any FC2 x86_64 but I do plan on supporting FC3 > x86_64. We may be able to back-build all the FC2 updates as well at > that time. Will you take user-contributed back-builds of the FC2 updates until then? From jkeating at j2solutions.net Sat Aug 6 19:37:32 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Sat, 06 Aug 2005 12:37:32 -0700 Subject: support of Fedora Core 2 for x86_64 In-Reply-To: <42F508CE.2050509@datafoundry.com> References: <1123347873.17349.1.camel@yoda.loki.me> <42F508CE.2050509@datafoundry.com> Message-ID: <1123357052.17349.12.camel@yoda.loki.me> On Sat, 2005-08-06 at 14:00 -0500, Philip Molter wrote: > Will you take user-contributed back-builds of the FC2 updates until > then? I'd rather not publish builds not build on our build system. Just a security thing. However I won't stop you from advertising your community built 64bit packages from Legacy srpms. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From jkeating at j2solutions.net Sun Aug 7 17:33:23 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Sun, 07 Aug 2005 10:33:23 -0700 Subject: metadata for legacy repositories In-Reply-To: References: <1123016741.12110.45.camel@cutter> <2550A4C6-5914-473C-A0C9-339FE5499D13@cs.ucsb.edu> <1123022171.3479.1.camel@localhost.localdomain> Message-ID: <1123436003.17349.21.camel@yoda.loki.me> On Sat, 2005-08-06 at 11:16 -0700, Jeff Sheltren wrote: > Hi Jesse, it looks like things work fine on x86_64 build hosts (with > target i386), but there is an issue with FC1 builds on a i686 build > host. On x86_64, a mock install of fc1 i386 goes cleanly, but on an > i686 32 bit machine, the %post section of the glibc install fails. > > I'm curious, what type of build machine are you using currently, and > if it's not x86_64, did you experience anything like this under mach? Currently the system is an x86_64 box but a 32bit OS is installed. At the time putting it into service, mach couldn't build 64 and 32bit packages correctly on the same host. I don't believe we experienced this problem under the current server. New server will be the same x86_64 box (dual opteron) this time installed w/ CentOS4 x86_64. > Here's some output after doing a 'mock -r fedora-1-i386-core --debug > init' and killing mock before it does the 'yum groupinstall build', > so that I can do a test install of glibc. Basically, I get the same > error message when doing a mock build, but this way I can avoid the > wait when it downloads all packages in the build group :) This works > perfectly on the x86_64 machine. > > I've been looking at the /usr/sbin/glibc_post_upgrade code (this is > the only thing run in %post of the glibc rpm), and I can see where > it's throwing the 115 exit code, but I'm not sure what is causing it. Hrm, thats interesting. I'd recommend posting to the fedora-buildsys-list and see if they have any input. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From pekkas at netcore.fi Mon Aug 8 05:09:04 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Mon, 8 Aug 2005 08:09:04 +0300 (EEST) Subject: support of Fedora Core 2 for x86_64 In-Reply-To: References: Message-ID: On Sat, 6 Aug 2005, Eric Choiniere wrote: > That sounds great, Jesse, looking forward to it ! I wouldn't hope too much, though. Someone would have to QA those updates, and we've had a shortage of QA lately as it is. Personally, I'd say that if we go for x86_64, we shouldn't do any QA on them or at least their lack of QA must not hold up the other packages. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jkosin at beta.intcomgrp.com Mon Aug 8 14:21:08 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Mon, 08 Aug 2005 10:21:08 -0400 Subject: [FC1] Unofficial Updates to ZLIB Message-ID: <42F76A54.4020904@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 JAMES' Unofficial Unsupported by RedHat, Redhat Fedora Core, and Redhat Fedora Legacy Groups! ~ Any support for my packages, will only come from me! There is no bugzilla for the packages, groups may not know what version you are talking about. The biggest support can come from ME or the source creators of the program. Although, any patches kept over from the Fedora Core packages are not supported by the vendor of the software. ~ My packages are usually re-packaged new versions of many programs. ZLib 1.2.3 - ------------ This version fixes two security vulnerabilities and several bugs. See the sniped web-page notice below. This version also, seems to fix a problem I've been having with clamav-milter crashing on me. But, I've only been testing with this version for the weekend. RPMs: http://support.intcomgrp.com/mirror/fedora-core/beta/i386/zlib-1.2.3-1.fc1.i386.rpm SHA1SUM: fb4128e4ebf5a44e914808020395d1b7e3af0958 *zlib-1.2.3-1.fc1.src.rpm SOURCE: http://support.intcomgrp.com/mirror/fedora-core/beta/src/zlib-1.2.3-1.fc1.src.rpm WEB PAGE NOTICE - ------------------------ July 18, 2005 Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 and 1.2.2, so all users of those versions should upgrade immediately. The following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2: Eliminate a potential security vulnerability when decoding invalid compressed data Eliminate a potential security vulnerability when decoding specially crafted compressed data Fix a bug when decompressing dynamic blocks with no distance codes Fix crc check bug in gzread() after gzungetc() Do not return an error when using gzread() on an empty file goto: http://www.zlib.net for more information. Thanks, James Kosin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC92o7kNLDmnu1kSkRAh6PAJ9ckB42Od3z/oAet7luuS/XzmRe4gCfdSv1 JSYkLdnEMEvWINOoDKEbK6I= =GWe+ -----END PGP SIGNATURE----- From lsomike at futzin.com Mon Aug 8 15:23:03 2005 From: lsomike at futzin.com (Mike Klinke) Date: Mon, 8 Aug 2005 10:23:03 -0500 Subject: [FC1] Unofficial Updates to ZLIB Message-ID: <200508081023.03974.lsomike@futzin.com> On Monday 08 August 2005 09:21, James Kosin wrote: > JAMES' Unofficial Unsupported by RedHat, Redhat Fedora Core, and > Redhat Fedora Legacy Groups! > ~ Any support for my packages, will only come from me! There > is no bugzilla for the packages, groups may not know what version > you are talking about. The biggest support can come from ME or > the source creators of the program. Although, any patches kept > over from the Fedora Core packages are not supported by the > vendor of the software. ~ My packages are usually re-packaged > new versions of many programs. > > > ZLib 1.2.3 > ------------ Hmmmm, a private security fix? I was under the impression that this is the kind of thing that's supposed to be addressed by the Fedora Legacy Project. If so, isn't this going to be rather confusing? >Version 1.2.3 eliminates potential security vulnerabilities in > zlib 1.2.1 and 1.2.2, so all users of those versions should > upgrade immediately. The following important fixes are provided > in zlib 1.2.3 over 1.2.1 and 1.2.2: For example, why is this identified with FC1 when the "current" FC1 zlib package that's been released ( http://download.fedoralegacy.org/fedora/1/updates/i386/ ) is: rpm -qa | grep -i zlib zlib-1.2.0.7-2.1.legacy Regards, Mike Klinke From hjp+fedora-legacy at wsr.ac.at Mon Aug 8 15:40:13 2005 From: hjp+fedora-legacy at wsr.ac.at (Peter J. Holzer) Date: Mon, 8 Aug 2005 17:40:13 +0200 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <200508081023.03974.lsomike@futzin.com> References: <200508081023.03974.lsomike@futzin.com> Message-ID: <20050808154013.GB24755@wsr.ac.at> On 2005-08-08 10:23:03 -0500, Mike Klinke wrote: > On Monday 08 August 2005 09:21, James Kosin wrote: > > JAMES' Unofficial Unsupported by RedHat, Redhat Fedora Core, and > > Redhat Fedora Legacy Groups! > > ~ Any support for my packages, will only come from me! There > > is no bugzilla for the packages, groups may not know what version > > you are talking about. The biggest support can come from ME or > > the source creators of the program. Although, any patches kept > > over from the Fedora Core packages are not supported by the > > vendor of the software. ~ My packages are usually re-packaged > > new versions of many programs. Nice disclaimer. Unfortunately people don't seem to read it. > > ZLib 1.2.3 > > ------------ > > Hmmmm, a private security fix? I was under the impression that > this is the kind of thing that's supposed to be addressed by the > Fedora Legacy Project. If so, isn't this going to be rather > confusing? Fedora Legacy has a different policy for security fixes: Patches are generally backported to the released version, upgrades to the newest version are avoided. > >Version 1.2.3 eliminates potential security vulnerabilities in > > zlib 1.2.1 and 1.2.2, so all users of those versions should > > upgrade immediately. The following important fixes are provided > > in zlib 1.2.3 over 1.2.1 and 1.2.2: > > For example, why is this identified with FC1 Probably because it was built for FC1. > when the "current" FC1 zlib package that's been released > ( http://download.fedoralegacy.org/fedora/1/updates/i386/ ) is: > > rpm -qa | grep -i zlib > zlib-1.2.0.7-2.1.legacy So fedora legacy includes a patched version of zlib 1.2.0.7, and James offers a package for zlib 1.2.3. Where's the problem? hp -- _ | Peter J. Holzer | In our modern say,learn,know in a day |_|_) | Sysadmin WSR | world, perhaps being an expert is an | | | hjp at wsr.ac.at | outdated concept. __/ | http://www.hjp.at/ | -- Catharine Drozdowski on dbi-users. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 388 bytes Desc: not available URL: From lsomike at futzin.com Mon Aug 8 15:47:51 2005 From: lsomike at futzin.com (Mike Klinke) Date: Mon, 8 Aug 2005 10:47:51 -0500 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <20050808154013.GB24755@wsr.ac.at> References: <200508081023.03974.lsomike@futzin.com> <20050808154013.GB24755@wsr.ac.at> Message-ID: <200508081047.51674.lsomike@futzin.com> On Monday 08 August 2005 10:40, Peter J. Holzer wrote: > > Nice disclaimer. Unfortunately people don't seem to read it. Exactly .. > > Fedora Legacy has a different policy for security fixes: Patches > are generally backported to the released version, upgrades to the > newest version are avoided. Exactly .... > > Probably because it was built for FC1. Exactly ... > > So fedora legacy includes a patched version of zlib 1.2.0.7, and > James offers a package for zlib 1.2.3. Where's the problem? And all this doesn't seem confusing? 8) Regards, Mike Klinke From jkosin at beta.intcomgrp.com Mon Aug 8 15:55:49 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Mon, 08 Aug 2005 11:55:49 -0400 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <200508081023.03974.lsomike@futzin.com> References: <200508081023.03974.lsomike@futzin.com> Message-ID: <42F78085.2030006@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Klinke wrote: | On Monday 08 August 2005 09:21, James Kosin wrote: | |> JAMES' Unofficial Unsupported by RedHat, Redhat Fedora Core, and |> Redhat Fedora Legacy Groups! ~ Any support for my packages, |> will only come from me! There is no bugzilla for the packages, |> groups may not know what version you are talking about. The |> biggest support can come from ME or the source creators of the |> program. Although, any patches kept over from the Fedora Core |> packages are not supported by the vendor of the software. ~ My |> packages are usually re-packaged new versions of many programs. |> |> |> ZLib 1.2.3 ------------ | | | Hmmmm, a private security fix? I was under the impression that | this is the kind of thing that's supposed to be addressed by the | Fedora Legacy Project. If so, isn't this going to be rather | confusing? Yes, and No at the same time. These are repackaged versions of the ZLib package. The version of ZLib for FC1 you have is correct... although, I believe I've only seen one security fix in the current one. The BUG fixes are nice; but, not a requirement for Fedora Legacy. | |> Version 1.2.3 eliminates potential security vulnerabilities in |> zlib 1.2.1 and 1.2.2, so all users of those versions should |> upgrade immediately. The following important fixes are provided |> in zlib 1.2.3 over 1.2.1 and 1.2.2: | | | For example, why is this identified with FC1 when the "current" FC1 | zlib package that's been released ( | http://download.fedoralegacy.org/fedora/1/updates/i386/ ) is: | | rpm -qa | grep -i zlib zlib-1.2.0.7-2.1.legacy This is correct! Because the released packages for FC1 where based on the zlib-1.2.0 software release from ZLib or an equivalent snapshot. Not sure exactly which. Since that release only patches have been added to the RPM, which is correctly done.. Major version bumps are rarely done and in some cases frowned upon. Because as you pointed out it causes confusion. That said..... Did you read all of my message? | | | Regards, Mike Klinke | | -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com | http://www.redhat.com/mailman/listinfo/fedora-legacy-list | Thanks, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC94CEkNLDmnu1kSkRAqdNAJ0ebM/nF7xNkUw9cOLPHHBfph2cKACaAgEp rzEtyqAx59yL62NtihR9ssQ= =iO66 -----END PGP SIGNATURE----- From lsomike at futzin.com Mon Aug 8 17:57:46 2005 From: lsomike at futzin.com (Mike Klinke) Date: Mon, 8 Aug 2005 12:57:46 -0500 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <42F78085.2030006@beta.intcomgrp.com> References: <200508081023.03974.lsomike@futzin.com> <42F78085.2030006@beta.intcomgrp.com> Message-ID: <200508081257.46720.lsomike@futzin.com> On Monday 08 August 2005 10:55, JK wrote: > > Yes, and No at the same time. > These are repackaged versions of the ZLib package. > The version of ZLib for FC1 you have is correct... although, I > believe I've only seen one security fix in the current one. > The BUG fixes are nice; but, not a requirement for Fedora Legacy. > > |> Version 1.2.3 eliminates potential security vulnerabilities in > |> zlib 1.2.1 and 1.2.2, so all users of those versions should > |> upgrade immediately. The following important fixes are > |> provided in zlib 1.2.3 over 1.2.1 and 1.2.2: > | > | For example, why is this identified with FC1 when the "current" > | FC1 zlib package that's been released ( > | http://download.fedoralegacy.org/fedora/1/updates/i386/ ) is: > | > | rpm -qa | grep -i zlib zlib-1.2.0.7-2.1.legacy > > This is correct! Because the released packages for FC1 where > based on the zlib-1.2.0 software release from ZLib or an > equivalent snapshot. Not sure exactly which. > Since that release only patches have been added to the RPM, > which is correctly done.. Major version bumps are rarely done > and in some cases frowned upon. Because as you pointed out it > causes confusion. That said..... Did you read all of my message? > Well, maybe it's just me, but I find that a security fix released against a fedora-legacy supported version ( FC1 ) to fix a version of a package that was never released to FC1 in the first place and that will, presumably, not be able to be upgraded with a future release of the package by the fedora-legacy folks to the "real" FC1 version, should there be one, well, rather confusing. Perhaps what I'm missing is how this is adding value to Fedora-legacy? Regards, Mike Klinke From sheltren at cs.ucsb.edu Mon Aug 8 20:25:28 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Mon, 8 Aug 2005 13:25:28 -0700 Subject: Move to new wiki Message-ID: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> I think that the new wiki is well enough along that we should start linking to it from the main fedoralegacy site. Is there any reason we should still link to the old wiki? If not, I propose we start changing the links. Thanks, Jeff From cave.dnb at tiscali.fr Mon Aug 8 20:00:34 2005 From: cave.dnb at tiscali.fr (nigel henry) Date: Mon, 8 Aug 2005 21:00:34 +0100 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <200508081023.03974.lsomike@futzin.com> References: <200508081023.03974.lsomike@futzin.com> Message-ID: <200508082100.34948.cave.dnb@tiscali.fr> It's hardly going to be confusing as fedora legacy are not interested in updating packages to enable 3rd party apps like clamav to work. I'm not knocking Fedora Legacy, but it's nice to think that someones working on the problem. Nigel On Monday 08 Aug 2005 4:23 pm, Mike Klinke wrote: > On Monday 08 August 2005 09:21, James Kosin wrote: > > JAMES' Unofficial Unsupported by RedHat, Redhat Fedora Core, and > > Redhat Fedora Legacy Groups! > > ~ Any support for my packages, will only come from me! There > > is no bugzilla for the packages, groups may not know what version > > you are talking about. The biggest support can come from ME or > > the source creators of the program. Although, any patches kept > > over from the Fedora Core packages are not supported by the > > vendor of the software. ~ My packages are usually re-packaged > > new versions of many programs. > > > > > > ZLib 1.2.3 > > ------------ > > Hmmmm, a private security fix? I was under the impression that > this is the kind of thing that's supposed to be addressed by the > Fedora Legacy Project. If so, isn't this going to be rather > confusing? > > >Version 1.2.3 eliminates potential security vulnerabilities in > > zlib 1.2.1 and 1.2.2, so all users of those versions should > > upgrade immediately. The following important fixes are provided > > in zlib 1.2.3 over 1.2.1 and 1.2.2: > > For example, why is this identified with FC1 when the "current" FC1 > zlib package that's been released > ( http://download.fedoralegacy.org/fedora/1/updates/i386/ ) is: > > rpm -qa | grep -i zlib > zlib-1.2.0.7-2.1.legacy > > > Regards, Mike Klinke > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list From jkosin at beta.intcomgrp.com Mon Aug 8 19:04:15 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Mon, 08 Aug 2005 15:04:15 -0400 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <200508081257.46720.lsomike@futzin.com> References: <200508081023.03974.lsomike@futzin.com> <42F78085.2030006@beta.intcomgrp.com> <200508081257.46720.lsomike@futzin.com> Message-ID: <42F7ACAF.4060304@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Klinke wrote: |On Monday 08 August 2005 10:55, JK wrote: | | |><<-- SNIP -->> | | | |Well, maybe it's just me, but I find that a security fix released |against a fedora-legacy supported version ( FC1 ) to fix a version |of a package that was never released to FC1 in the first place and |that will, presumably, not be able to be upgraded with a future |release of the package by the fedora-legacy folks to the "real" FC1 |version, should there be one, well, rather confusing. | |Perhaps what I'm missing is how this is adding value to |Fedora-legacy? | | |Regards, Mike Klinke I don't want to add confusion, just a place to add updates for new versions of products. I'll refrane from posting until I straighten this mess out. James Kosin | |-- |fedora-legacy-list mailing list |fedora-legacy-list at redhat.com |http://www.redhat.com/mailman/listinfo/fedora-legacy-list | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC96yvkNLDmnu1kSkRAgxZAJsFS0YLPgd+VSSKPZnrRGvfiwdIyACfU62k AXAbWthK73e2QM7kU82Nt78= =j4T7 -----END PGP SIGNATURE----- From hjp+fedora-legacy at wsr.ac.at Mon Aug 8 18:38:47 2005 From: hjp+fedora-legacy at wsr.ac.at (Peter J. Holzer) Date: Mon, 8 Aug 2005 20:38:47 +0200 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <200508081047.51674.lsomike@futzin.com> References: <200508081023.03974.lsomike@futzin.com> <20050808154013.GB24755@wsr.ac.at> <200508081047.51674.lsomike@futzin.com> Message-ID: <20050808183847.GC24755@wsr.ac.at> On 2005-08-08 10:47:51 -0500, Mike Klinke wrote: > On Monday 08 August 2005 10:40, Peter J. Holzer wrote: > > So fedora legacy includes a patched version of zlib 1.2.0.7, and > > James offers a package for zlib 1.2.3. Where's the problem? > > > And all this doesn't seem confusing? 8) The only thing I find a bit confusing is that these announcements are posted on the fedora-legacy list, although they don't have anything to do with the fedora-legacy project. James' project is independent, and could be viewed as competing. But that's why Jesse asked James to add the disclaimer only a few days ago. hp -- _ | Peter J. Holzer | In our modern say,learn,know in a day |_|_) | Sysadmin WSR | world, perhaps being an expert is an | | | hjp at wsr.ac.at | outdated concept. __/ | http://www.hjp.at/ | -- Catharine Drozdowski on dbi-users. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 388 bytes Desc: not available URL: From matt.followers at gmail.com Tue Aug 9 14:08:36 2005 From: matt.followers at gmail.com (Matthew Nuzum) Date: Tue, 9 Aug 2005 09:08:36 -0500 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <42F7ACAF.4060304@beta.intcomgrp.com> Message-ID: <42f8b8e1.74202e6f.641f.ffffa40c@mx.gmail.com> > | > |Perhaps what I'm missing is how this is adding value to > |Fedora-legacy? > | > | > |Regards, Mike Klinke > > I don't want to add confusion, just a place to add updates for new > versions of products. > I'll refrane from posting until I straighten this mess out. > > James Kosin > Hi James, Maybe just changing the way you word the announcement will help. Redesigning your e-mail so that it looks a little less official and choosing a wording for the subject and/or opening lines that indicates this is an enhanced package designed for people who don't mind upgrading to newer package versions. The e-mail you sent for ZLib looked more like a security announcement than an enhanced package announcement. I realize that it was released because of security issues, but in this case, it might have been a little alarming to some. -- Matthew Nuzum www.followers.net - Makers of "Elite Content Management System" View samples of Elite CMS in action by visiting http://www.followers.net/portfolio/ From jkeating at j2solutions.net Tue Aug 9 16:12:41 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Tue, 09 Aug 2005 09:12:41 -0700 Subject: Move to new wiki In-Reply-To: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> References: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> Message-ID: <1123603962.15788.0.camel@localhost.localdomain> On Mon, 2005-08-08 at 13:25 -0700, Jeff Sheltren wrote: > I think that the new wiki is well enough along that we should start > linking to it from the main fedoralegacy site. Is there any reason > we should still link to the old wiki? If not, I propose we start > changing the links. > Yes, you're right. Eric, got your ears on? -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rostetter at mail.utexas.edu Tue Aug 9 17:29:51 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Tue, 9 Aug 2005 12:29:51 -0500 Subject: Move to new wiki In-Reply-To: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> References: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> Message-ID: <1123608591.8074b7df33f4e@mail.ph.utexas.edu> Quoting Jeff Sheltren : > I think that the new wiki is well enough along that we should start > linking to it from the main fedoralegacy site. Done. Let me know if I missed (or messed up) anything. Also, I assume the new wiki isn't php-wiki? Do we know what it is, and if it has a nice logo/icon I can use to replace the php-wiki icon in the top menu bar? > Is there any reason > we should still link to the old wiki? Probably not. But we should not remove the old wiki until all the docs in it are moved, or the group approves abandoning those which are not moved. > If not, I propose we start > changing the links. Done. > Thanks, > Jeff -- Eric Rostetter From skvidal at phy.duke.edu Tue Aug 9 17:37:40 2005 From: skvidal at phy.duke.edu (seth vidal) Date: Tue, 09 Aug 2005 13:37:40 -0400 Subject: Move to new wiki In-Reply-To: <1123608591.8074b7df33f4e@mail.ph.utexas.edu> References: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> <1123608591.8074b7df33f4e@mail.ph.utexas.edu> Message-ID: <1123609061.22025.0.camel@cutter> On Tue, 2005-08-09 at 12:29 -0500, Eric Rostetter wrote: > Quoting Jeff Sheltren : > > > I think that the new wiki is well enough along that we should start > > linking to it from the main fedoralegacy site. > > Done. Let me know if I missed (or messed up) anything. > > Also, I assume the new wiki isn't php-wiki? Do we know what it is, and > if it has a nice logo/icon I can use to replace the php-wiki icon in the > top menu bar? new wiki is using moinmoin. the logo will be the fedora project wiki logo - select sinorca4moin as your theme from 'userpreferences' in the new wiki to see a demo of the new theme. -sv From sheltren at cs.ucsb.edu Tue Aug 9 18:53:44 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Tue, 9 Aug 2005 11:53:44 -0700 Subject: Move to new wiki In-Reply-To: <1123609061.22025.0.camel@cutter> References: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> <1123608591.8074b7df33f4e@mail.ph.utexas.edu> <1123609061.22025.0.camel@cutter> Message-ID: <1D380370-BB9E-4849-8ED3-A1B8693D7DE3@cs.ucsb.edu> On Aug 9, 2005, at 10:37 AM, seth vidal wrote: > On Tue, 2005-08-09 at 12:29 -0500, Eric Rostetter wrote: > >> Quoting Jeff Sheltren : >> >> >>> I think that the new wiki is well enough along that we should start >>> linking to it from the main fedoralegacy site. >>> >> >> Done. Let me know if I missed (or messed up) anything. >> >> Also, I assume the new wiki isn't php-wiki? Do we know what it >> is, and >> if it has a nice logo/icon I can use to replace the php-wiki icon >> in the >> top menu bar? >> > > new wiki is using moinmoin. > > the logo will be the fedora project wiki logo - select sinorca4moin as > your theme from 'userpreferences' in the new wiki to see a demo of the > new theme. > > -sv > Eric, thanks - at first glance everything looks good. And if you want a really ugly logo, there seems to be one on the MoinMoin web page: http://moinmoin.wikiwikiweb.de/ I think either using the fedora project logo or none at all would be preferable to the guy with a big nose holding a 'moin moin' sign :) -Jeff From rostetter at mail.utexas.edu Tue Aug 9 19:24:02 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Tue, 9 Aug 2005 14:24:02 -0500 Subject: Move to new wiki In-Reply-To: <1D380370-BB9E-4849-8ED3-A1B8693D7DE3@cs.ucsb.edu> References: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> <1123608591.8074b7df33f4e@mail.ph.utexas.edu> <1123609061.22025.0.camel@cutter> <1D380370-BB9E-4849-8ED3-A1B8693D7DE3@cs.ucsb.edu> Message-ID: <1123615442.9b07efe43aab6@mail.ph.utexas.edu> Quoting Jeff Sheltren : > Eric, thanks - at first glance everything looks good. Thanks! > And if you want a really ugly logo, there seems to be one on the > MoinMoin web page: > http://moinmoin.wikiwikiweb.de/ Yeah, I know they are holding a contest for a new logo... > I think either using the fedora project logo or none at all would be > preferable to the guy with a big nose holding a 'moin moin' sign :) Problem is, if I go to http://www.fedoraproject.org/ there is no logo. So where do I get this mysterious Fedora Project logo, and how do I secure permission to use it for the Fedora Legacy web site? And is it really preferable to a wiki logo for linking to the wiki? > -Jeff -- Eric Rostetter From jkeating at j2solutions.net Tue Aug 9 19:43:10 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Tue, 09 Aug 2005 12:43:10 -0700 Subject: Move to new wiki In-Reply-To: <1123615442.9b07efe43aab6@mail.ph.utexas.edu> References: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> <1123608591.8074b7df33f4e@mail.ph.utexas.edu> <1123609061.22025.0.camel@cutter> <1D380370-BB9E-4849-8ED3-A1B8693D7DE3@cs.ucsb.edu> <1123615442.9b07efe43aab6@mail.ph.utexas.edu> Message-ID: <1123616590.18523.14.camel@localhost.localdomain> On Tue, 2005-08-09 at 14:24 -0500, Eric Rostetter wrote: > Problem is, if I go to http://www.fedoraproject.org/ there is no logo. > So where do I get this mysterious Fedora Project logo, and how do I secure > permission to use it for the Fedora Legacy web site? And is it really > preferable to a wiki logo for linking to the wiki? > The logo doesn't exist yet, still trying to get one created and approved. The Fedora-marketing mailing list has discussion going on, and a wiki page exists: http://fedoraproject.org/wiki/Marketing/LogoIdeas I wouldn't spend too much effort on a logo or theme for our wiki page. There is work being done on an overall default wiki theme that will use Fedora's color scheme and a logo when it is available. Once that is set our pages will just look like the rest, which is the goal. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rostetter at mail.utexas.edu Tue Aug 9 20:24:40 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Tue, 9 Aug 2005 15:24:40 -0500 Subject: Move to new wiki In-Reply-To: <1123616590.18523.14.camel@localhost.localdomain> References: <54303F21-3F21-41CE-A439-C09B97D32326@cs.ucsb.edu> <1123608591.8074b7df33f4e@mail.ph.utexas.edu> <1123609061.22025.0.camel@cutter> <1D380370-BB9E-4849-8ED3-A1B8693D7DE3@cs.ucsb.edu> <1123615442.9b07efe43aab6@mail.ph.utexas.edu> <1123616590.18523.14.camel@localhost.localdomain> Message-ID: <1123619080.4247a1e4166e2@mail.ph.utexas.edu> Quoting Jesse Keating : > The logo doesn't exist yet, still trying to get one created and > approved. The Fedora-marketing mailing list has discussion going on, > and a wiki page exists: > > http://fedoraproject.org/wiki/Marketing/LogoIdeas I don't think this would be an appropriate icon/logo for the link to the wiki anyway. What I'm looking for is something to convey the idea that it points to a wiki. > I wouldn't spend too much effort on a logo or theme for our wiki page. It isn't for our wiki page. It is for the toolbar link from our web site to the wiki. See the top right side of our web site for what I mean. The links have icons/logs/graphics/what-ever-you-want-to-call-them. The php-wiki image is not longer appropriate, and needs to be replaced by something. The replacement needs to convey that it is a wiki of some sort... It does not need to say anything about Fedora Project or Fedora Legacy. > There is work being done on an overall default wiki theme that will use > Fedora's color scheme and a logo when it is available. Once that is set > our pages will just look like the rest, which is the goal. Yes, but that has nothing to do with what I'm talking about. We've gotten off track... I guess what we have here is a failure to communicate... > -- > Jesse Keating RHCE (http://geek.j2solutions.net) > Fedora Legacy Team (http://www.fedoralegacy.org) > GPG Public Key > (http://geek.j2solutions.net/jkeating.j2solutions.pub) > > Was I helpful? Let others know: > http://svcs.affero.net/rm.php?r=jkeating > -- Eric Rostetter From lists at benjamindsmith.com Tue Aug 9 22:06:33 2005 From: lists at benjamindsmith.com (Benjamin Smith) Date: Tue, 9 Aug 2005 15:06:33 -0700 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <42f8b8e1.74202e6f.641f.ffffa40c@mx.gmail.com> References: <42f8b8e1.74202e6f.641f.ffffa40c@mx.gmail.com> Message-ID: <200508091506.33082.lists@benjamindsmith.com> It's easy to set up a yum server. I've posted instructions for hosting WBEL4 packages on a WBEL3 server http://effortlessis.com/wbel4yum.html Why not set up a yum repo on your RPM repository, and post announcements here, in a format easily recognized as such? Setup will take you an hour or so, I'd wager, and then your updates could be used by people automatically if they so desire it, by updating the yum config files. -Ben On Tuesday 09 August 2005 07:08, Matthew Nuzum wrote: > > | > > |Perhaps what I'm missing is how this is adding value to > > |Fedora-legacy? > > | > > | > > |Regards, Mike Klinke > > > > I don't want to add confusion, just a place to add updates for new > > versions of products. > > I'll refrane from posting until I straighten this mess out. > > > > James Kosin > > > > Hi James, > > Maybe just changing the way you word the announcement will help. Redesigning > your e-mail so that it looks a little less official and choosing a wording > for the subject and/or opening lines that indicates this is an enhanced > package designed for people who don't mind upgrading to newer package > versions. > > The e-mail you sent for ZLib looked more like a security announcement than > an enhanced package announcement. I realize that it was released because of > security issues, but in this case, it might have been a little alarming to > some. > > -- > Matthew Nuzum > www.followers.net - Makers of "Elite Content Management System" > View samples of Elite CMS in action by visiting > http://www.followers.net/portfolio/ > > > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > > -- "The best way to predict the future is to invent it." - XEROX PARC slogan, circa 1978 From marcdeslauriers at videotron.ca Tue Aug 9 23:54:18 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Tue, 09 Aug 2005 19:54:18 -0400 Subject: [UPDATED] Fedora Legacy Test Update Notification: zlib Message-ID: <42F9422A.3000603@videotron.ca> These packages were updated to fix CAN-2005-1849 also. --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-162680 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680 2005-08-09 --------------------------------------------------------------------- Name : zlib Versions : fc1: zlib-1.2.0.7-2.3.legacy Versions : fc2: zlib-1.2.1.2-0.fc2.2.legacy Summary : The zlib compression and decompression library. Description : Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs. --------------------------------------------------------------------- Update Information: Updated Zlib packages that fix a buffer overflow are now available. Zlib is a general-purpose lossless data compression library which is used by many different programs. Tavis Ormandy discovered a buffer overflow affecting Zlib version 1.2 and above. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file which would cause a web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2096 to this issue. Markus Oberhumer discovered additional ways a stream could trigger an overflow. An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. As an example, an attacker could create a malicious PNG image file that would cause a Web browser or mail viewer to crash if the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-1849 to this issue. All users should update to these erratum packages which contain a patch from Mark Adler which corrects this issue. --------------------------------------------------------------------- Changelogs fc1: * Tue Aug 09 2005 Marc Deslauriers 1.2.0.7-2.3.legacy - Added patch for CAN-2005-1849 * Wed Jul 13 2005 Jeff Sheltren 1.2.0.7-2.2.legacy - Patch for buffer overflow (#162680) CAN-2005-2096 fc2: * Tue Aug 09 2005 Marc Deslauriers 1.2.1.2-0.fc2.2.legacy - Added patch for CAN-2005-1849 * Wed Jul 13 2005 Jeff Sheltren 1.2.1.2-0.fc2.1.legacy - Patch buffer overflow (#162680), CAN-2005-2096 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) f242225e07d39648b0d7d6558150285ddf7f62d8 fedora/1/updates-testing/i386/zlib-1.2.0.7-2.3.legacy.i386.rpm 618d744e5a8f9a895b40f952a8593985c93fd6d6 fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.3.legacy.i386.rpm c812abcd0c5bcfccc86573e81d68ebff5b615ded fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.3.legacy.src.rpm d07c43de860f476302fcd1fc82d18db1835e1ba1 fedora/2/updates-testing/i386/zlib-1.2.1.2-0.fc2.2.legacy.i386.rpm f3326c134c6346ca8f120d86d28908ad45907bf9 fedora/2/updates-testing/i386/zlib-devel-1.2.1.2-0.fc2.2.legacy.i386.rpm 2d288f7b2dd848a4c3f36d3ff7c200b9b629c868 fedora/2/updates-testing/SRPMS/zlib-1.2.1.2-0.fc2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From shiva at sewingwitch.com Wed Aug 10 02:52:35 2005 From: shiva at sewingwitch.com (Kenneth Porter) Date: Tue, 09 Aug 2005 19:52:35 -0700 Subject: How to mirror? Message-ID: <32E41352D62F55CCECDEAEEE@[10.169.6.233]> I want to mirror updates-testing for FC2 to my server. What's the correct way to do that? I mostly need the new repo metadata format as I've updated yum to use the new FC3-style XML metadata, and downloads.fedoralegacy.org lacks that for the FC2 directories. I essentially want to script a fetch of the RPM's in and then run createrepo on the result. From jkosin at beta.intcomgrp.com Wed Aug 10 12:41:03 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Wed, 10 Aug 2005 08:41:03 -0400 Subject: [FC1] Unofficial Updates to ZLIB In-Reply-To: <200508091506.33082.lists@benjamindsmith.com> References: <42f8b8e1.74202e6f.641f.ffffa40c@mx.gmail.com> <200508091506.33082.lists@benjamindsmith.com> Message-ID: <42F9F5DF.3060903@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Benjamin Smith wrote: | It's easy to set up a yum server. I've posted instructions for | hosting WBEL4 packages on a WBEL3 server | http://effortlessis.com/wbel4yum.html | | Why not set up a yum repo on your RPM repository, and post | announcements here, in a format easily recognized as such? | | Setup will take you an hour or so, I'd wager, and then your updates | could be used by people automatically if they so desire it, by | updating the yum config files. | | -Ben | | On Tuesday 09 August 2005 07:08, Matthew Nuzum wrote: <<-- snip -->> Already done that long ago. Setting up a yum repository was easier than pie. The biggest problem was finding the information for the correct command. But, once you have that, it takes all of 5 minutes maybe less to setup. Like I said in a previous email, I think I'm going to redo my whole announcement thing to make it clearer for people what I'm doing. James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+fXfkNLDmnu1kSkRAilvAJwNvkGpvsXGwU1PSn3X04m6ic8QoACbBpbu BZwkFIVUCwkXcJ04Ej+tMVs= =qjRw -----END PGP SIGNATURE----- From sheltren at cs.ucsb.edu Wed Aug 10 16:04:57 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Wed, 10 Aug 2005 09:04:57 -0700 Subject: How to mirror? In-Reply-To: <32E41352D62F55CCECDEAEEE@[10.169.6.233]> References: <32E41352D62F55CCECDEAEEE@[10.169.6.233]> Message-ID: <6F1722E8-91E9-4B9C-BD4D-136336D68DCE@cs.ucsb.edu> On Aug 9, 2005, at 7:52 PM, Kenneth Porter wrote: > I want to mirror updates-testing for FC2 to my server. What's the > correct way to do that? I mostly need the new repo metadata format > as I've updated yum to use the new FC3-style XML metadata, and > downloads.fedoralegacy.org lacks that for the FC2 directories. > > I essentially want to script a fetch of the RPM's in download.fedoralegacy.org/fedora/2/updates-testing/i386/> and then > run createrepo on the result. > I'd say that using rsync is the easiest way. Check the mirror list for a rsync server near you: http://fedoralegacy.org/download/fedoralegacy-mirrors.php Then, run rsync to download the rpms locally. Subsequent runs of rsync will only download what is changed from your server's point of view. Then it's just a matter of running createrepo on your server. You'll only need to rsync the base packages once, since those don't change. Then just periodically update the updates directory and run createrepo on it. People will probably argue what the best rsync flags are, but you can't go too wrong using something like: rsync -azv rsync://some.server.org/mirrors/fedoralegacy/2/ /your/ local/dir/2 -Jeff From rostetter at mail.utexas.edu Wed Aug 10 16:18:37 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Wed, 10 Aug 2005 11:18:37 -0500 Subject: How to mirror? In-Reply-To: <6F1722E8-91E9-4B9C-BD4D-136336D68DCE@cs.ucsb.edu> References: <32E41352D62F55CCECDEAEEE@[10.169.6.233]> <6F1722E8-91E9-4B9C-BD4D-136336D68DCE@cs.ucsb.edu> Message-ID: <1123690717.9c8b887d82fa5@mail.ph.utexas.edu> Quoting Jeff Sheltren : > On Aug 9, 2005, at 7:52 PM, Kenneth Porter wrote: > > > I want to mirror updates-testing for FC2 to my server. What's the > > correct way to do that? I mostly need the new repo metadata format > > as I've updated yum to use the new FC3-style XML metadata, and > > downloads.fedoralegacy.org lacks that for the FC2 directories. > > > > I essentially want to script a fetch of the RPM's in > download.fedoralegacy.org/fedora/2/updates-testing/i386/> and then > > run createrepo on the result. > > > > I'd say that using rsync is the easiest way. Check the mirror list > for a rsync server near you: > http://fedoralegacy.org/download/fedoralegacy-mirrors.php > > Then, run rsync to download the rpms locally. Subsequent runs of > rsync will only download what is changed from your server's point of > view. > > Then it's just a matter of running createrepo on your server. You'll > only need to rsync the base packages once, since those don't change. > Then just periodically update the updates directory and run > createrepo on it. > > People will probably argue what the best rsync flags are, but you > can't go too wrong using something like: > rsync -azv rsync://some.server.org/mirrors/fedoralegacy/2/ /your/ > local/dir/2 > > -Jeff I use a slightly modified script that I got from the tutorial at: http://fedoranews.org/alex/tutorial/yum/ A good starting point IMHO. He provides the info, the scripts, etc. you need. Now, I don't know about the meta-data issue, since I only use this on the old RHL repos, not on Fedora Core repos, but I'd expect it could be made to work without too much effort, if any. -- Eric Rostetter From marcdeslauriers at videotron.ca Wed Aug 10 23:47:24 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 10 Aug 2005 19:47:24 -0400 Subject: [FLSA-2005:157701] Updated Apache httpd packages fix security issues Message-ID: <42FA920C.8030605@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated Apache httpd packages fix security issues Advisory ID: FLSA:157701 Issue date: 2005-08-10 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2005-1268 CAN-2005-1344 CAN-2005-2088 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated Apache httpd packages to correct security issues are now available. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header. This caused Apache to incorrectly handle and forward the body of the request in a way that the receiving server processes it as a separate HTTP request. This could allow the bypass of Web application firewall protection or lead to cross-site scripting (XSS) attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-2088 to this issue. A buffer overflow was discovered in htdigest that may allow an attacker to execute arbitrary code. Since htdigest is usually only accessible locally, the impact of this issue is low. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-1344 to this issue. Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list (CRL). The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-1268 to this issue. Users of Apache httpd should update to these errata packages that contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157701 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/apache-1.3.27-8.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/apache-1.3.27-8.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/apache-devel-1.3.27-8.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/apache-manual-1.3.27-8.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/httpd-2.0.40-21.18.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/httpd-2.0.40-21.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/httpd-devel-2.0.40-21.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/httpd-manual-2.0.40-21.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mod_ssl-2.0.40-21.18.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/httpd-2.0.51-1.7.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/httpd-2.0.51-1.7.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/httpd-devel-2.0.51-1.7.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/httpd-manual-2.0.51-1.7.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mod_ssl-2.0.51-1.7.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/httpd-2.0.51-2.9.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/httpd-2.0.51-2.9.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/httpd-devel-2.0.51-2.9.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/httpd-manual-2.0.51-2.9.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mod_ssl-2.0.51-2.9.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 0e3755cab97683d75987658b7de6ffe9c80a8b62 redhat/7.3/updates/i386/apache-1.3.27-8.legacy.i386.rpm b9b201ebe088409ea9d8b0ea8437351744d8b03e redhat/7.3/updates/i386/apache-devel-1.3.27-8.legacy.i386.rpm 9222e0121f0b39d336d5465967cc5e218a5487de redhat/7.3/updates/i386/apache-manual-1.3.27-8.legacy.i386.rpm 3a6736e526c94f5e253860636a1986f8ca3cc972 redhat/7.3/updates/SRPMS/apache-1.3.27-8.legacy.src.rpm cb1ae0ad7739bf0cd3eb7c56a8ba96a5bc7825e3 redhat/9/updates/i386/httpd-2.0.40-21.18.legacy.i386.rpm 4468f5beed1cd89f0225bc8e253bfd4a73fb7732 redhat/9/updates/i386/httpd-devel-2.0.40-21.18.legacy.i386.rpm cf259929dd2acb5423f611dc5955e801f6bc85fe redhat/9/updates/i386/httpd-manual-2.0.40-21.18.legacy.i386.rpm 40ad84a4a01502aad2bccfbcd7fda81e8b24022b redhat/9/updates/SRPMS/httpd-2.0.40-21.18.legacy.src.rpm f34762e151a8cbbe4dcf926c66dce6392dbac970 redhat/9/updates/i386/mod_ssl-2.0.40-21.18.legacy.i386.rpm b19c5d34da8ef263e5b2f2dcfdd23b02a1a2dd36 fedora/1/updates/i386/httpd-2.0.51-1.7.legacy.i386.rpm 3ca9ea9df6b5c4334909b8cbf63ea858385f81de fedora/1/updates/i386/httpd-devel-2.0.51-1.7.legacy.i386.rpm d2a69419b943944e0d7557a500f86eb470d2c5e9 fedora/1/updates/i386/httpd-manual-2.0.51-1.7.legacy.i386.rpm 3ff73a6a4607f5c7503ec36d9a3e901ab02131c2 fedora/1/updates/SRPMS/httpd-2.0.51-1.7.legacy.src.rpm 2667ac96d7749d32255702430c0d04cf40620972 fedora/1/updates/i386/mod_ssl-2.0.51-1.7.legacy.i386.rpm 6cf82576642dbb991a3253f4c2ef4ca485d7eea4 fedora/2/updates/i386/httpd-2.0.51-2.9.2.legacy.i386.rpm e8ff1c406b0dd81c2e8f987df5b33dd6e56111e9 fedora/2/updates/i386/httpd-devel-2.0.51-2.9.2.legacy.i386.rpm d432195a04f5423c0ca82c4fb99eff2a4efa04ee fedora/2/updates/i386/httpd-manual-2.0.51-2.9.2.legacy.i386.rpm a041a7db3f6840e490c418856f86448b52769364 fedora/2/updates/SRPMS/httpd-2.0.51-2.9.2.legacy.src.rpm a1d6ac70df1a9ac0eefa1d8c16078861cd61b282 fedora/2/updates/i386/mod_ssl-2.0.51-2.9.2.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1344 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Wed Aug 10 23:48:01 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 10 Aug 2005 19:48:01 -0400 Subject: [FLSA-2005:157696] Updated gzip package fixes security issues Message-ID: <42FA9231.4090403@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated gzip package fixes security issues Advisory ID: FLSA:157696 Issue date: 2005-08-10 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2005-0758 CAN-2005-0988 CAN-2005-1228 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated gzip package is now available. The gzip package contains the GNU gzip data compression program. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: A bug was found in the way zgrep processes file names. If a user can be tricked into running zgrep on a file with a carefully crafted file name, arbitrary commands could be executed as the user running zgrep. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0758 to this issue. A bug was found in the way gunzip modifies permissions of files being decompressed. A local attacker with write permissions in the directory in which a victim is decompressing a file could remove the file being written and replace it with a hard link to a different file owned by the victim, gunzip then gives the linked file the permissions of the uncompressed file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0988 to this issue. A directory traversal bug was found in the way gunzip processes the -N flag. If a victim decompresses a file with the -N flag, gunzip fails to sanitize the path which could result in a file owned by the victim being overwritten. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1228 to this issue. Users of gzip should upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157696 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gzip-1.3.3-1.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/gzip-1.3.3-1.2.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gzip-1.3.3-9.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/gzip-1.3.3-9.2.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/gzip-1.3.3-11.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/gzip-1.3.3-11.2.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/gzip-1.3.3-12.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/gzip-1.3.3-12.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 16a19e2142d83f1db86dbf5a9a5a0b4e35d50c92 redhat/7.3/updates/i386/gzip-1.3.3-1.2.legacy.i386.rpm 98e5fcc727442dd531277cffc2771b7bc8d5f1f8 redhat/7.3/updates/SRPMS/gzip-1.3.3-1.2.legacy.src.rpm 7960019da89fbdee222e71b7d9884e6dc9ed3056 redhat/9/updates/i386/gzip-1.3.3-9.2.legacy.i386.rpm de3e4e8dd934c383feb2a464b522c4e62bdd3f6d redhat/9/updates/SRPMS/gzip-1.3.3-9.2.legacy.src.rpm b5cc020182af4b945a461c35e1adc3ddb15e953b fedora/1/updates/i386/gzip-1.3.3-11.2.legacy.i386.rpm 28c8700ac53cb6f8110c744ffc8456095cf9d051 fedora/1/updates/SRPMS/gzip-1.3.3-11.2.legacy.src.rpm 3d056ec2af5e344ef56e22049e5bd196f0c27180 fedora/2/updates/i386/gzip-1.3.3-12.2.legacy.i386.rpm f6b4d52075528761fd56e44c8227c45130f959b0 fedora/2/updates/SRPMS/gzip-1.3.3-12.2.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Wed Aug 10 23:48:36 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 10 Aug 2005 19:48:36 -0400 Subject: [FLSA-2005:152889] Updated mc packages fix security issues Message-ID: <42FA9254.2000107@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated mc packages fix security issues Advisory ID: FLSA:152889 Issue date: 2005-08-10 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-0226 CAN-2004-0231 CAN-2004-0232 CAN-2004-0494 CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091 CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176 CAN-2005-0763 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated mc packages that fix several security issues are now available. Midnight Commander is a visual shell much like a file manager. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues. Shell escape bugs have been discovered in several of the mc vfs backend scripts. An attacker who is able to influence a victim to open a specially-crafted URI using mc could execute arbitrary commands as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue. Several format string bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1004 to this issue. Several buffer overflow bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted file or path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1005 to this issue. Several denial of service bugs were found in Midnight Commander. These bugs could cause Midnight Commander to hang or crash if a victim opens a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092, CAN-2004-1093 and CAN-2004-1174 to these issues. A filename quoting bug was found in Midnight Commander's FISH protocol handler. If a victim connects via embedded SSH support to a host containing a carefully crafted filename, arbitrary code may be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1175 to this issue. A buffer underflow bug was found in Midnight Commander. If a malicious local user is able to modify the extfs.ini file, it could be possible to execute arbitrary code as a user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1176 to this issue. A buffer overflow bug was found in the way Midnight Commander handles directory completion. If a victim uses completion on a maliciously crafted directory path, it is possible for arbitrary code to be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0763 to this issue. Users of mc are advised to upgrade to these packages, which contain backported security patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152889 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mc-4.5.55-12.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/mc-4.5.55-12.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mc-4.6.0-18.3.fc0.9.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/mc-4.6.0-18.3.fc0.9.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mc-4.6.0-18.3.fc1.0.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/mc-4.6.0-18.3.fc1.0.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mc-4.6.1-0.13.FC2.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/mc-4.6.1-0.13.FC2.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 7dd653902f620c9ab66fc187c92e1e8c70af4b6f redhat/7.3/updates/i386/mc-4.5.55-12.legacy.i386.rpm 94c75a0b0dcb60dd1df86b247af305b876d9a1e8 redhat/7.3/updates/SRPMS/mc-4.5.55-12.legacy.src.rpm 82c7263b65d3959003c6043131dad7248fa7c40e redhat/9/updates/i386/mc-4.6.0-18.3.fc0.9.legacy.i386.rpm df1385e379c96a306acfd106533cc2195b4ea39a redhat/9/updates/SRPMS/mc-4.6.0-18.3.fc0.9.legacy.src.rpm 14ba4a2f6f2096786ffc543f5e084ad1d69b3f1b fedora/1/updates/i386/mc-4.6.0-18.3.fc1.0.legacy.i386.rpm c17b32b79eba441aaf458036ac7dfa08d77c4bb7 fedora/1/updates/SRPMS/mc-4.6.0-18.3.fc1.0.legacy.src.rpm a8270921b5ded8b829c7fda54d7bac77145df129 fedora/2/updates/i386/mc-4.6.1-0.13.FC2.1.legacy.i386.rpm 30c732c47fb2c97743b492b0c41d8cfc4ff28b96 fedora/2/updates/SRPMS/mc-4.6.1-0.13.FC2.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0763 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Wed Aug 10 23:49:19 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 10 Aug 2005 19:49:19 -0400 Subject: [FLSA-2005:129284] Updated spamassassin package fixes security issue Message-ID: <42FA927F.9010001@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated spamassassin package fixes security issue Advisory ID: FLSA:129284 Issue date: 2005-08-10 Product: Fedora Core Keywords: Bugfix CVE Names: CAN-2004-0796 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated spamassassin package that fixes a denial of service bug when parsing malformed messages is now available. SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email. 2. Relevant releases/architectures: Fedora Core 2 - i386 3. Problem description: A denial of service bug has been found in SpamAssassin versions below 2.64. A malicious attacker could construct a message in such a way that would cause spamassassin to stop responding, potentially preventing the delivery or filtering of email. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0796 to this issue. Users of SpamAssassin should update to these updated packages which contain an updated version and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129284 6. RPMs required: Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/spamassassin-2.64-2.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/spamassassin-2.64-2.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 6b7fbf447dce761c6dc6c85df6cc336cb31a939a fedora/2/updates/i386/spamassassin-2.64-2.1.legacy.i386.rpm 8808655655b574f905a0308f0a0eca0c5e7d09c8 fedora/2/updates/SRPMS/spamassassin-2.64-2.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Aug 11 00:37:32 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 10 Aug 2005 20:37:32 -0400 Subject: Fedora Legacy Test Update Notification: squirrelmail Message-ID: <42FA9DCC.5080700@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-163047 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163047 2005-08-10 --------------------------------------------------------------------- Name : squirrelmail Versions : rh9: squirrelmail-1.4.3-0.f0.9.6.legacy Versions : fc1: squirrelmail-1.4.3-0.f1.1.5.legacy Versions : fc2: squirrelmail-1.4.4-1.FC2.2.legacy Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has a all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. --------------------------------------------------------------------- Update Information: An updated squirrelmail package that fixes two security issues is now available. SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1769 to this issue. All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues. --------------------------------------------------------------------- Changelogs rh9: * Wed Aug 10 2005 Marc Deslauriers 1.4.3-0.f0.9.6.legacy - Remove a backup file the patch left behind * Fri Aug 05 2005 Jeff Sheltren 1.4.3-0.f0.9.5.legacy - Updated patch for CAN-2005-1769 that doesn't break addressbook (#165094) * Wed Aug 03 2005 Jeff Sheltren 1.4.3-0.f0.9.4.legacy - Patches for CAN-2005-1769 and CAN-2005-2095 (#163047) fc1: * Wed Aug 10 2005 Marc Deslauriers 1.4.3-0.f1.1.5.legacy - Remove a backup file the patch left behind * Fri Aug 05 2005 Jeff Sheltren 1.4.3-0.f1.1.4.legacy - Updated patch for CAN-2005-1769 which doesn't break addressbook (#165094) * Wed Aug 03 2005 Jeff Sheltren 1.4.3-0.f1.1.3.legacy - Patches for CAN-2005-1769 and CAN-2005-2095 (#163047) fc2: * Wed Aug 10 2005 Marc Deslauriers 1.4.4-1.FC2.2.legacy - Don't create backup files when applying patches * Tue Jul 26 2005 Jeff Sheltren 1.4.4-1.FC2.1.legacy - Patches for CAN-2005-1769 and CAN-2005-2095 (#163047) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh9: 5182c295693a72d9602945a5985c39c125f2b422 redhat/9/updates-testing/i386/squirrelmail-1.4.3-0.f0.9.6.legacy.noarch.rpm 1aec842c861408106c2818cf4c58caf762367230 redhat/9/updates-testing/SRPMS/squirrelmail-1.4.3-0.f0.9.6.legacy.src.rpm fc1: 10dcfc4975cbe049df638ff43304e0a6a22f58a2 fedora/1/updates-testing/i386/squirrelmail-1.4.3-0.f1.1.5.legacy.noarch.rpm 5f0c54493ae619de8a85813947470bfedd5415f2 fedora/1/updates-testing/SRPMS/squirrelmail-1.4.3-0.f1.1.5.legacy.src.rpm fc2: 83e7c1b6a1f070894be5456b3dd850b3a6f090b2 fedora/2/updates-testing/i386/squirrelmail-1.4.4-1.FC2.2.legacy.noarch.rpm de4f2ef84e23b310f7f845ee8624360dadb7b74d fedora/2/updates-testing/SRPMS/squirrelmail-1.4.4-1.FC2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From jkosin at beta.intcomgrp.com Fri Aug 12 16:00:57 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Fri, 12 Aug 2005 12:00:57 -0400 Subject: [FC1] UNSUPPORTED UPDATES by James Message-ID: <42FCC7B9.2080809@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Again, - --------------------------------------------------------------------------------------------- JAMES' Unofficial Unsupported by RedHat, Redhat Fedora Core, and Redhat Fedora Legacy Groups! ~ Any support for my packages, will only come from me! There is no ~ bugzilla for the packages, groups may not know what version you are ~ talking about. The biggest support can come from ME or the source ~ creators of the program. Although, any patches kept over from the ~ Fedora Core packages are not supported by the vendor of the software. ~ My packages are usually re-packaged new versions of many programs. - --------------------------------------------------------------------------------------------- ClamAV 0.86.2-3 - --------------------- This is only a fixed version of the package. I've tightened the permissions on the /var/run/clamav directory to 700. This fixes the clamav-milter program from complaining at some point about the socket being insecure at some point. I've also submitted a patch to the development team at clamav.net.... The code for clamav-milter looks like it should support signing a message with the (default) signature; but, turns out the signature in the code is just a placeholder and you need to specify the - --singature-file parameter for signing to work. My patch is not in this version. I've also loosened the version for FC1 on the ZLib libraries to the latest released version from Fedora Legacy Group. I have not tested this.... RPM http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-0.86.2-3.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-milter-0.86.2-3.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-devel-0.86.2-3.fc1.i386.rpm SOURCE http://support.intcomgrp.com/mirror/fedora-core/beta/src/clamav-0.86.2-3.fc1.src.rpm - --------------------------------------------------------------------------------------------- - --------------------------------------------------------------------------------------------- Kernel 2.4.30-2.3 (VANILLA) - ---------------------------------- I've also built a new version of the kernel. This version is based on the latest patches to kernel version 2.3.32-pre3. Please keep all your old kernels, this is not an OFFICIAL RELEASE and your mileage will vary. RPM http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-2.4.30-2.3.fc1.vanilla.i686.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-smp-2.4.30-2.3.fc1.vanilla.i686.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-doc-2.4.30-2.3.fc1.vanilla.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-source-2.4.30-2.3.fc1.vanilla.i386.rpm SOURCE http://support.intcomgrp.com/mirror/fedora-core/beta/src/kernel-2.4.30-2.3.fc1.vanilla.src.rpm - --------------------------------------------------------------------------------------------- - --------------------------------------------------------------------------------------------- Samba-Vscan-ClamAv 0.4.0-0 - ---------------------------------- This is a snapshot version of version 0.4.0 for samba-vscan! He has made improvements and removed support for samba 2.x. So, this version is for samba 3.x and greater now. I have been running it for more than a week now without problems. RPM http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-vscan-clamav-0.4.0-0.fc1.i386.rpm SOURCE http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-0.fc1.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC/Me4kNLDmnu1kSkRAq7pAJ4wldZodG5yGR+ubMcXhi1i1BP9HgCdFTOx SsyXpOijoNiJXJY6hS1xhyY= =tXi6 -----END PGP SIGNATURE----- From marcdeslauriers at videotron.ca Fri Aug 12 20:51:12 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 12 Aug 2005 16:51:12 -0400 Subject: Fedora Legacy Test Update Notification: mozilla Message-ID: <42FD0BC0.8010705@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-160202 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202 2005-08-12 --------------------------------------------------------------------- Name : mozilla Versions : rh7.3: mozilla-1.7.10-0.73.1.legacy Versions : rh9: mozilla-1.7.10-0.90.1.legacy Versions : fc1: mozilla-1.7.10-1.1.1.legacy Versions : fc2: mozilla-1.7.10-1.2.1.legacy Summary : A Web browser. Description : Mozilla is an open-source Web browser, designed for standards compliance, performance, and portability. --------------------------------------------------------------------- Update Information: Updated mozilla packages that fix various security issues are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla handled synthetic events. It is possible that Web content could generate events such as keystrokes or mouse clicks that could be used to steal data or execute malicious Javascript code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2260 to this issue. A bug was found in the way Mozilla executed Javascript in XBL controls. It is possible for a malicious webpage to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261) A bug was found in the way Mozilla installed its extensions. If a user can be tricked into visiting a malicious webpage, it may be possible to obtain sensitive information such as cookies or passwords. (CAN-2005-2263) A bug was found in the way Mozilla handled certain Javascript functions. It is possible for a malicious webpage to crash the browser by executing malformed Javascript code. (CAN-2005-2265) A bug was found in the way Mozilla handled multiple frame domains. It is possible for a frame as part of a malicious website to inject content into a frame that belongs to another domain. This issue was previously fixed as CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937) A bug was found in the way Mozilla handled child frames. It is possible for a malicious framed page to steal sensitive information from its parent page. (CAN-2005-2266) A bug was found in the way Mozilla opened URLs from media players. If a media player opens a URL which is Javascript, the Javascript executes with access to the currently open webpage. (CAN-2005-2267) A design flaw was found in the way Mozilla displayed alerts and prompts. Alerts and prompts were given the generic title [JavaScript Application] which prevented a user from knowing which site created them. (CAN-2005-2268) A bug was found in the way Mozilla handled DOM node names. It is possible for a malicious site to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269) A bug was found in the way Mozilla cloned base objects. It is possible for Web content to traverse the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270) Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.7.10 and are not vulnerable to these issues. --------------------------------------------------------------------- Changelogs rh7.3: * Wed Jul 27 2005 Marc Deslauriers 37:1.7.10-0.73.1.legacy - Rebuild as a Fedora Legacy update for Red Hat Linux 7.3 - Added missing freetype-devel BuildRequires - Fix missing icons in desktop files rh9: * Thu Jul 28 2005 Marc Deslauriers 37:1.7.10-0.90.1.legacy - Rebuilt as a Fedora Legacy update for Red Hat Linux 9 - Disabled desktop-file-utils - Disabled gtk2 - Added missing BuildRequires - Force build with gcc296 to remain compatible with plugins - Added xft font preferences and patch back in - Removed mozilla-compose.desktop fc1: * Thu Jul 28 2005 Marc Deslauriers 37:1.7.10-1.1.1.legacy - Rebuilt as Fedora Legacy update for Fedora Core 1 - Changed useragent vendor tag to Fedora - Removed Network category from mozilla.desktop - Added missing gnome-vfs2-devel and desktop-file-utils to BuildRequires fc2: * Sat Jul 30 2005 Marc Deslauriers 37:1.7.10-1.2.1.legacy - Rebuilt as a Fedora Legacy update to Fedora Core 2 - Reverted to desktop-file-utils 0.4 - Removed desktop-update-database - Disabled pango support - Added missing gnome-vfs2-devel, desktop-file-utils and krb5-devel BuildPrereq --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 21ef0fc3fb4a4b1bab035a3ca39f05793980f96c redhat/7.3/updates-testing/i386/mozilla-1.7.10-0.73.1.legacy.i386.rpm bd577e6f2da710d29e4b80178c06824dc49f777e redhat/7.3/updates-testing/i386/mozilla-chat-1.7.10-0.73.1.legacy.i386.rpm ead8a39e3bf89266c46ad4416b7089b1685c1611 redhat/7.3/updates-testing/i386/mozilla-devel-1.7.10-0.73.1.legacy.i386.rpm f3cbc0d33c063472bd02836c5bb6fa1358a07144 redhat/7.3/updates-testing/i386/mozilla-dom-inspector-1.7.10-0.73.1.legacy.i386.rpm d80e8e4ca42908fcddb3fe210ca7e3239572d645 redhat/7.3/updates-testing/i386/mozilla-js-debugger-1.7.10-0.73.1.legacy.i386.rpm cd099e3c6886784093ab23fc4217c3d9c8202ddc redhat/7.3/updates-testing/i386/mozilla-mail-1.7.10-0.73.1.legacy.i386.rpm 7423c24f838e81e69f14363324bebad96c87bf87 redhat/7.3/updates-testing/i386/mozilla-nspr-1.7.10-0.73.1.legacy.i386.rpm 1b4d201829286b23cf6f86068e82e1f116f5e238 redhat/7.3/updates-testing/i386/mozilla-nspr-devel-1.7.10-0.73.1.legacy.i386.rpm afce419aeac48067ec55ba4c54b75a96b84ae248 redhat/7.3/updates-testing/i386/mozilla-nss-1.7.10-0.73.1.legacy.i386.rpm 9e2b0fc1e17b6a014fb78b1d4ed73aa9b33a6998 redhat/7.3/updates-testing/i386/mozilla-nss-devel-1.7.10-0.73.1.legacy.i386.rpm a055ace074f9d074f8dc24b8467ef03ab2a4f56d redhat/7.3/updates-testing/SRPMS/mozilla-1.7.10-0.73.1.legacy.src.rpm 9e617122c902d6a41fe8ab5a7541c6ad7d7a4274 redhat/7.3/updates-testing/i386/galeon-1.2.14-0.73.4.legacy.i386.rpm 9a09d9823313a758f7d73631e46d5fd44f018a04 redhat/7.3/updates-testing/SRPMS/galeon-1.2.14-0.73.4.legacy.src.rpm rh9: 361bb85b2bd856bb6f75a2067ca9f8b64740d55e redhat/9/updates-testing/i386/mozilla-1.7.10-0.90.1.legacy.i386.rpm 5b5331a02a50612518a9b04e8e25e1f0e61afbc9 redhat/9/updates-testing/i386/mozilla-chat-1.7.10-0.90.1.legacy.i386.rpm 1cef67b7101ca5ef94c2da52cf7e6fa1904ddab7 redhat/9/updates-testing/i386/mozilla-devel-1.7.10-0.90.1.legacy.i386.rpm ebfd6b8d96a12c32c8c32cd06a0eb29ce44ebd9c redhat/9/updates-testing/i386/mozilla-dom-inspector-1.7.10-0.90.1.legacy.i386.rpm 00a5dc6a4da814c68efa0e6f0bebaeb2e5af43e4 redhat/9/updates-testing/i386/mozilla-js-debugger-1.7.10-0.90.1.legacy.i386.rpm 3cff356510a48956b0ce9e7ab7cc158da2f37906 redhat/9/updates-testing/i386/mozilla-mail-1.7.10-0.90.1.legacy.i386.rpm 998feb261e696dcd5a08cfd2d884b30063944f78 redhat/9/updates-testing/i386/mozilla-nspr-1.7.10-0.90.1.legacy.i386.rpm 12d4caa735df18edaf636d30de98ab41b0c394ac redhat/9/updates-testing/i386/mozilla-nspr-devel-1.7.10-0.90.1.legacy.i386.rpm e20f1d5b4111a23b1f6ec30547ebd447c2c9eb54 redhat/9/updates-testing/i386/mozilla-nss-1.7.10-0.90.1.legacy.i386.rpm 815236f90f4778e52a364ae4795b762f95b11909 redhat/9/updates-testing/i386/mozilla-nss-devel-1.7.10-0.90.1.legacy.i386.rpm 49801c7d362ba0e659096516f7dc89960aaba5ab redhat/9/updates-testing/SRPMS/mozilla-1.7.10-0.90.1.legacy.src.rpm abd5ff8e4e92dacc43cd8ddbb88061bee410a965 redhat/9/updates-testing/i386/galeon-1.2.14-0.90.4.legacy.i386.rpm f252f4ec0b3132199e30362b5aa12fcf70345708 redhat/9/updates-testing/SRPMS/galeon-1.2.14-0.90.4.legacy.src.rpm fc1: 024af661649ccdd80f61cdbcd67405146ddd290e fedora/1/updates-testing/i386/mozilla-1.7.10-1.1.1.legacy.i386.rpm c714508dfbf5194b518ab8c36ef15e35b5f9f34d fedora/1/updates-testing/i386/mozilla-chat-1.7.10-1.1.1.legacy.i386.rpm 9f87a7c1b15b1eacf77d785ba02a6e5272786483 fedora/1/updates-testing/i386/mozilla-devel-1.7.10-1.1.1.legacy.i386.rpm 40d6a447c6fa50971449a12ed04d2139e7f38c86 fedora/1/updates-testing/i386/mozilla-dom-inspector-1.7.10-1.1.1.legacy.i386.rpm 7d7993584caf000376d414adfea09ef03b5dcfcc fedora/1/updates-testing/i386/mozilla-js-debugger-1.7.10-1.1.1.legacy.i386.rpm ddb668ea5ef6354bcea561d396f322b812986d3c fedora/1/updates-testing/i386/mozilla-mail-1.7.10-1.1.1.legacy.i386.rpm ba21eee7662528448aeab774f9f1eedcd27bef6e fedora/1/updates-testing/i386/mozilla-nspr-1.7.10-1.1.1.legacy.i386.rpm 6fc9017c5f1712648f83f74dfc289097244bf2fb fedora/1/updates-testing/i386/mozilla-nspr-devel-1.7.10-1.1.1.legacy.i386.rpm b16af5524e6b5ae6d00b978aa7ae7e382045e42a fedora/1/updates-testing/i386/mozilla-nss-1.7.10-1.1.1.legacy.i386.rpm fe6babcc981d3d8d00405bc668a163c762325556 fedora/1/updates-testing/i386/mozilla-nss-devel-1.7.10-1.1.1.legacy.i386.rpm b897549c97460c0c77cb7cd2a5cc09fa2b87e648 fedora/1/updates-testing/SRPMS/mozilla-1.7.10-1.1.1.legacy.src.rpm 8e927ac2f8ef17d3d33a5f244944c8e23bd349a5 fedora/1/updates-testing/i386/epiphany-1.0.8-1.fc1.4.legacy.i386.rpm e7269e1c82160199d9922ee85116ca6c3b968aa4 fedora/1/updates-testing/SRPMS/epiphany-1.0.8-1.fc1.4.legacy.src.rpm fc2: 84191565518894d9064043591f6bd8a87aadf7c1 fedora/2/updates-testing/i386/mozilla-1.7.10-1.2.1.legacy.i386.rpm 840981293c815a81a1e2731cb70890fdcf4a9439 fedora/2/updates-testing/i386/mozilla-chat-1.7.10-1.2.1.legacy.i386.rpm c8239468a1ee288b4a4c476d3499e2dd21f9e15f fedora/2/updates-testing/i386/mozilla-devel-1.7.10-1.2.1.legacy.i386.rpm ead0223ae156bc10bc98d7b3e2b3d73fe295a3b8 fedora/2/updates-testing/i386/mozilla-dom-inspector-1.7.10-1.2.1.legacy.i386.rpm 8f8ce4d865ca4f1a39044c5be16aa3226c379336 fedora/2/updates-testing/i386/mozilla-js-debugger-1.7.10-1.2.1.legacy.i386.rpm f7f86824465f7cefb863edd0185a1d10dd1a9e5b fedora/2/updates-testing/i386/mozilla-mail-1.7.10-1.2.1.legacy.i386.rpm 6ddbbe1bf072839e4d614f875c4bf2b9e613c252 fedora/2/updates-testing/i386/mozilla-nspr-1.7.10-1.2.1.legacy.i386.rpm b19179e3c9636c693519859168c15a374868265b fedora/2/updates-testing/i386/mozilla-nspr-devel-1.7.10-1.2.1.legacy.i386.rpm cb906332518766343ce2e0b42b1daa8ea365f5c2 fedora/2/updates-testing/i386/mozilla-nss-1.7.10-1.2.1.legacy.i386.rpm b321daec595fa820fa1c61636b6e7ae04bc93ec0 fedora/2/updates-testing/i386/mozilla-nss-devel-1.7.10-1.2.1.legacy.i386.rpm 84b27211a322366ed7b55ebd56b27bd311f268b1 fedora/2/updates-testing/SRPMS/mozilla-1.7.10-1.2.1.legacy.src.rpm 602ce3dc7e96667ca3c854208447873660bbbbec fedora/2/updates-testing/i386/epiphany-1.2.10-0.2.5.legacy.i386.rpm d1c8debf69421cf879a8cc124999f09b86849743 fedora/2/updates-testing/SRPMS/epiphany-1.2.10-0.2.5.legacy.src.rpm 616b84cd1427ed5692afaad68e75fa78a306853d fedora/2/updates-testing/i386/devhelp-0.9.1-0.2.8.legacy.i386.rpm 2f93f6d05bf459305427ee159b798a939087d125 fedora/2/updates-testing/i386/devhelp-devel-0.9.1-0.2.8.legacy.i386.rpm 08ac95e7d0f4bdcebbe03994cdacd5074f166479 fedora/2/updates-testing/SRPMS/devhelp-0.9.1-0.2.8.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From gene.heskett at verizon.net Fri Aug 12 21:34:10 2005 From: gene.heskett at verizon.net (Gene Heskett) Date: Fri, 12 Aug 2005 17:34:10 -0400 Subject: Fedora Legacy Test Update Notification: mozilla In-Reply-To: <42FD0BC0.8010705@videotron.ca> References: <42FD0BC0.8010705@videotron.ca> Message-ID: <200508121734.10787.gene.heskett@verizon.net> On Friday 12 August 2005 16:51, Marc Deslauriers wrote: >-------------------------------------------------------------------- >- Fedora Legacy Test Update Notification >FEDORALEGACY-2005-160202 >Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202 >2005-08-12 >-------------------------------------------------------------------- >- > >Name : mozilla >Versions : rh7.3: mozilla-1.7.10-0.73.1.legacy >Versions : rh9: mozilla-1.7.10-0.90.1.legacy >Versions : fc1: mozilla-1.7.10-1.1.1.legacy >Versions : fc2: mozilla-1.7.10-1.2.1.legacy >Summary : A Web browser. >Description : >Mozilla is an open-source Web browser, designed for standards >compliance, performance, and portability. > [...] >fc2: >* Sat Jul 30 2005 Marc Deslauriers >37:1.7.10-1.2.1.legacy >- Rebuilt as a Fedora Legacy update to Fedora Core 2 >- Reverted to desktop-file-utils 0.4 >- Removed desktop-update-database >- Disabled pango support >- Added missing gnome-vfs2-devel, desktop-file-utils and krb5-devel >BuildPrereq > >-------------------------------------------------------------------- >- This update can be downloaded from: > http://download.fedoralegacy.org/ yum can't find it, and its not at the above link yet. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.35% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved. From Axel.Thimm at ATrpms.net Mon Aug 15 11:41:33 2005 From: Axel.Thimm at ATrpms.net (Axel Thimm) Date: Mon, 15 Aug 2005 13:41:33 +0200 Subject: New repository metadata format In-Reply-To: <20050803071750.GA23604@neu.nirvana> References: <382AE7E877C4CB520095C298@[10.0.0.14]> <1115226675.28515.11.camel@jkeating2.hq.pogolinux.com> <1115232781.28515.27.camel@jkeating2.hq.pogolinux.com> <1121241847.31376.0.camel@prometheus.gamehouse.com> <20050713110022.GA8909@neu.nirvana> <89F1E59355FC8602502B4B70@[10.169.6.233]> <20050803071750.GA23604@neu.nirvana> Message-ID: <20050815114133.GD26996@neu.nirvana> On Wed, Aug 03, 2005 at 09:17:50AM +0200, Axel Thimm wrote: > On Tue, Aug 02, 2005 at 07:19:21PM -0700, Kenneth Porter wrote: > > wrote: > > > > >dl.atrpms.net has vendor and legacy updates with all three metadata > > >formats, apt, yum20 and yum. Until fedoralegacy introduces the new > > >metadata support, you can use ATrpms'. > > > > > >For FC2/i386 this is under > > > > > >http://dl.atrpms.net/fc2-i386/redhat/updates/ > > >http://dl.atrpms.net/fc2-i386/redhat/updates-legacy/ > > > > Any plans to update the updates-testing mirror? It doesn't seem to be > > getting the new files. > > I was only using Red Hat's updates-testing, I missed the legacy > bits. I'll fix that and repost. Thanks for chatching this. :) Kenneth, could you test this? The repos are called updates-legacy-testing, e.g. copy the config of updates{,-testing,-legacy} and modify accordingly. atrpms-package-config and meldey-package-config will soon be adapted. Thanks! > > The last package there is from March, but there are a number of > > newer packages available at the main repo (which lacks the new > > metadata): > > > > -- Axel.Thimm at ATrpms.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From cave.dnb at tiscali.fr Mon Aug 15 17:39:20 2005 From: cave.dnb at tiscali.fr (nigel henry) Date: Mon, 15 Aug 2005 18:39:20 +0100 Subject: Suspect that Fedora Legacy site list is being farmed for email addresses Message-ID: <200508151839.20708.cave.dnb@tiscali.fr> Just received and email supposedly from Fedora Legacy. It just has subject Re: And a From address: "Fedora-legacy" . Also has an attachment Garry .cpl. I will post the email complete with all headers to anyone there who wants to have a look at it. Nigel. From shiva at sewingwitch.com Mon Aug 15 17:13:33 2005 From: shiva at sewingwitch.com (Kenneth Porter) Date: Mon, 15 Aug 2005 10:13:33 -0700 Subject: New repository metadata format In-Reply-To: <20050815114133.GD26996@neu.nirvana> References: <382AE7E877C4CB520095C298@[10.0.0.14]> <1115226675.28515.11.camel@jkeating2.hq.pogolinux.com> <1115232781.28515.27.camel@jkeating2.hq.pogolinux.com> <1121241847.31376.0.camel@prometheus.gamehouse.com> <20050713110022.GA8909@neu.nirvana> <89F1E59355FC8602502B4B70@[10.169.6.233]> <20050803071750.GA23604@neu.nirvana> <20050815114133.GD26996@neu.nirvana> Message-ID: <733DBF85E3F6DCCFDFD4A820@[10.169.6.233]> --On Monday, August 15, 2005 1:41 PM +0200 Axel Thimm wrote: > Kenneth, could you test this? The repos are called > updates-legacy-testing, e.g. copy the config of > updates{,-testing,-legacy} and modify accordingly. Looks good. I just pulled the Mozilla, Squirrelmail, and CUPS updates from this weekend successfully. From mlamar at co.walton.ga.us Mon Aug 15 17:47:38 2005 From: mlamar at co.walton.ga.us (Lamar Milligan) Date: Mon, 15 Aug 2005 13:47:38 -0400 Subject: Suspect that Fedora Legacy site list is being farmed for emailaddresses In-Reply-To: <200508151839.20708.cave.dnb@tiscali.fr> Message-ID: <000a01c5a1c1$6f644710$2028a8c0@netwatch> Not "farmed" as such, but it was being abused. A Windows user received a copy of the virus-of-the-week and was kind enough to share his good fortune not only with you, but probably everyone else they ever knew. -----Original Message----- From: fedora-legacy-list-bounces at redhat.com [mailto:fedora-legacy-list-bounces at redhat.com] On Behalf Of nigel henry Sent: Monday, August 15, 2005 1:39 PM To: Discussion of the Fedora Legacy Project Subject: Suspect that Fedora Legacy site list is being farmed for emailaddresses Just received and email supposedly from Fedora Legacy. It just has subject Re: And a From address: "Fedora-legacy" . Also has an attachment Garry .cpl. I will post the email complete with all headers to anyone there who wants to have a look at it. Nigel. -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list From mike.mccarty at sbcglobal.net Mon Aug 15 18:32:05 2005 From: mike.mccarty at sbcglobal.net (Mike McCarty) Date: Mon, 15 Aug 2005 13:32:05 -0500 Subject: Suspect that Fedora Legacy site list is being farmed for emailaddresses In-Reply-To: <000a01c5a1c1$6f644710$2028a8c0@netwatch> References: <000a01c5a1c1$6f644710$2028a8c0@netwatch> Message-ID: <4300DFA5.4070600@sbcglobal.net> Lamar Milligan wrote: > Not "farmed" as such, but it was being abused. A Windows user received > a copy of the virus-of-the-week and was kind enough to share his good > fortune not only with you, but probably everyone else they ever knew. > The sarcasm is a little bit harsh. If this is what happened, then the user of The Other Operating System is also a victim. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} This message made from 100% recycled bits. You have found the bank of Larn. I can explain it for you, but I can't understand it for you. I speak only for myself, and I am unanimous in that! From jkeating at j2solutions.net Mon Aug 15 18:36:08 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Mon, 15 Aug 2005 11:36:08 -0700 Subject: Suspect that Fedora Legacy site list is being farmed for email addresses In-Reply-To: <200508151839.20708.cave.dnb@tiscali.fr> References: <200508151839.20708.cave.dnb@tiscali.fr> Message-ID: <1124130969.11426.9.camel@prometheus.gamehouse.com> On Mon, 2005-08-15 at 18:39 +0100, nigel henry wrote: > Just received and email supposedly from Fedora Legacy. It just has subject Re: > And a From address: "Fedora-legacy" . Also has an > attachment Garry .cpl. I will post the email complete with all headers to > anyone there who wants to have a look at it. Nigel. > It is highly unlikely that this list is being farmed. IT takes a subscription to see addresses subscribed, and while the archives are public, this list is not exactly prime target for spammers. What you are seeing is that the first part of the address is being spoofed, most likely pulled from some Windows user's address book or inbox, then sent to everybody else in that user's address book or inbox. It is Joe-Jobbing. Not a damn thing we can do about it. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From cave.dnb at tiscali.fr Mon Aug 15 19:34:52 2005 From: cave.dnb at tiscali.fr (nigel henry) Date: Mon, 15 Aug 2005 20:34:52 +0100 Subject: Suspect that Fedora Legacy site list is being farmed for email addresses In-Reply-To: <1124130969.11426.9.camel@prometheus.gamehouse.com> References: <200508151839.20708.cave.dnb@tiscali.fr> <1124130969.11426.9.camel@prometheus.gamehouse.com> Message-ID: <200508152034.52031.cave.dnb@tiscali.fr> Hi Jesse. Thanks for the reply. It's nice to know it's not the list that's been compromised. I rapidly ran chkrootkit on the machine in the usual paranoid way, but it shows all clear. I'm more concerned that perhaps one of tiscali.fr mailservers has been hit. Particularly with the ammount of spam and scams I'm getting with loads of CC's directed to tiscali.fr clients. I had hardly any unsolicited mail when I was in England on a freeserve/ wanadoo account. Keep up with the good work, FC1 is still going well. Nigel. On Monday 15 Aug 2005 7:36 pm, Jesse Keating wrote: > On Mon, 2005-08-15 at 18:39 +0100, nigel henry wrote: > > Just received and email supposedly from Fedora Legacy. It just has > > subject Re: And a From address: "Fedora-legacy" > > . Also has an attachment Garry .cpl. I will > > post the email complete with all headers to anyone there who wants to > > have a look at it. Nigel. > > It is highly unlikely that this list is being farmed. IT takes a > subscription to see addresses subscribed, and while the archives are > public, this list is not exactly prime target for spammers. > > What you are seeing is that the first part of the address is being > spoofed, most likely pulled from some Windows user's address book or > inbox, then sent to everybody else in that user's address book or inbox. > It is Joe-Jobbing. Not a damn thing we can do about it. From hjp+fedora-legacy at wsr.ac.at Tue Aug 16 09:14:25 2005 From: hjp+fedora-legacy at wsr.ac.at (Peter J. Holzer) Date: Tue, 16 Aug 2005 11:14:25 +0200 Subject: Suspect that Fedora Legacy site list is being farmed for email addresses In-Reply-To: <1124130969.11426.9.camel@prometheus.gamehouse.com> References: <200508151839.20708.cave.dnb@tiscali.fr> <1124130969.11426.9.camel@prometheus.gamehouse.com> Message-ID: <20050816091425.GC1399@wsr.ac.at> On 2005-08-15 11:36:08 -0700, Jesse Keating wrote: > On Mon, 2005-08-15 at 18:39 +0100, nigel henry wrote: > > Just received and email supposedly from Fedora Legacy. It just has > > subject Re: And a From address: "Fedora-legacy" > > . Also has an attachment Garry .cpl. > > It is highly unlikely that this list is being farmed. IT takes a > subscription to see addresses subscribed, and while the archives are > public, this list is not exactly prime target for spammers. > > What you are seeing is that the first part of the address is being > spoofed, most likely pulled from some Windows user's address book or > inbox, then sent to everybody else in that user's address book or inbox. Or, more likely, from a browser cache. The address doesn't exist, but it is part of the address I use to post to this list. Programs which convert plain text to html frequently don't know that "+" is a valid character in a mail address and cut off the mail address at the wrong position. > It is Joe-Jobbing. Not a damn thing we can do about it. Hmm. I wouldn't call that joe-jobbing: Joe-jobbing implies (to me, at least) an intention to hurt the reputation of the owner of the address. The use of random addresses by viruses isn't designed to do that. It's an attempt at social engineering (users are more likely to open an attachment from someone they know) and of covering the tracks. hp -- _ | Peter J. Holzer | In our modern say,learn,know in a day |_|_) | Sysadmin WSR | world, perhaps being an expert is an | | | hjp at wsr.ac.at | outdated concept. __/ | http://www.hjp.at/ | -- Catharine Drozdowski on dbi-users. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 388 bytes Desc: not available URL: From euckew at sierraelectronics.com Tue Aug 16 15:40:59 2005 From: euckew at sierraelectronics.com (Eucke) Date: Tue, 16 Aug 2005 08:40:59 -0700 Subject: GDM Greeter Crashing Message-ID: <4302090B.1080103@sierraelectronics.com> Hello Everyone, I am hoping someone who's experienced this problem can point me in the right direction. I was a bit delayed in modifying YUM to pull down the Legacy updates and so I did so a couple of weeks ago. After installing the most recent 6 or so updates I ended up rebooting. When the machine came up I did as I normally do. I SSH'ed in, SU'ed to root and then manually invoked the VNCServer. Within a couple of minutes the server hard locked on me. I did not discover this until a few hours later. What I found was a message in the logs that indicated that "The greeter program appears to be crashing. I will attempt to use a different one." However, from what I can tell, the system was locked up hard. None of the services running on the server appeared to be live from outside the box...cursor would not move at the local console. From what I have been able to dig up there appears to be some toxic relationship between VNC, KDE and the Greeter when you SU. The system has long been stable so it's something that was recently changed. I feel like I am nibbling all around the fix but cannot seem to identify it. What am I missing? I really appreciate any help on this. Most all that I have turned up via google has not helped me figure out the fix. Thank you! -- Eucke From marcdeslauriers at videotron.ca Tue Aug 16 15:54:09 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Tue, 16 Aug 2005 11:54:09 -0400 Subject: GDM Greeter Crashing In-Reply-To: <4302090B.1080103@sierraelectronics.com> References: <4302090B.1080103@sierraelectronics.com> Message-ID: <1124207650.6599.0.camel@mdlinux> On Tue, 2005-08-16 at 08:40 -0700, Eucke wrote: > manually invoked the VNCServer. Within a couple of minutes the server > hard locked on me. I did not discover this until a few hours later. > What I found was a message in the logs that indicated that "The greeter > program appears to be crashing. I will attempt to use a different one." Just an idea: how are you on disk space? Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From euckew at sierraelectronics.com Tue Aug 16 16:08:01 2005 From: euckew at sierraelectronics.com (Eucke) Date: Tue, 16 Aug 2005 09:08:01 -0700 Subject: GDM Greeter Crashing In-Reply-To: <1124207650.6599.0.camel@mdlinux> References: <4302090B.1080103@sierraelectronics.com> <1124207650.6599.0.camel@mdlinux> Message-ID: <43020F61.9080406@sierraelectronics.com> An HTML attachment was scrubbed... URL: From pekkas at netcore.fi Fri Aug 19 07:03:08 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Fri, 19 Aug 2005 10:03:08 +0300 (EEST) Subject: issues list(s) Message-ID: Remember, there's always a need for folks to do some QA testing. See the wiki for instructions and how to get started: http://www.fedoraproject.org/wiki/Legacy/QATesting In particular, IMHO the biggest need right now is having people take a look at "All packages lacking VERIFY", especially anyone who is using rp-pppoe, squid, or xchat/zlib on FC1/FC2. There are also 4 pretty trivial updates in "lacking PUBLISH" category. Lots of packages also need updates, but I don't think folks are inclined to create these until more people show up to do QA on the existing ones. http://www.netcore.fi/pekkas/buglist.html (all) http://www.netcore.fi/pekkas/buglist-rhl73.html http://www.netcore.fi/pekkas/buglist-rhl9.html http://www.netcore.fi/pekkas/buglist-core1.html http://www.netcore.fi/pekkas/buglist-fc2.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From deisenst at gtw.net Fri Aug 19 23:24:00 2005 From: deisenst at gtw.net (David Eisenstein) Date: Fri, 19 Aug 2005 18:24:00 -0500 (CDT) Subject: issues list(s) In-Reply-To: Message-ID: On Fri, 19 Aug 2005, Pekka Savola wrote: > Remember, there's always a need for folks to do some QA testing. See > the wiki for instructions and how to get started: > > http://www.fedoraproject.org/wiki/Legacy/QATesting > > In particular, IMHO the biggest need right now is having people take a > look at "All packages lacking VERIFY", especially anyone who is using > rp-pppoe, squid, or xchat/zlib on FC1/FC2. > > http://www.netcore.fi/pekkas/buglist.html (all) > http://www.netcore.fi/pekkas/buglist-rhl73.html > http://www.netcore.fi/pekkas/buglist-rhl9.html > http://www.netcore.fi/pekkas/buglist-core1.html > http://www.netcore.fi/pekkas/buglist-fc2.html Pekka, I really have to commend you for your sending out periodic reminder messages like this one and the creation of these excellent webpages with pointers to Fedora Legacy open issues in Bugzilla. These are very helpful. Great work, Pekka! :-) -David From jimpop at yahoo.com Fri Aug 19 23:32:32 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Fri, 19 Aug 2005 19:32:32 -0400 Subject: issues list(s) In-Reply-To: References: Message-ID: <1124494352.10770.6.camel@localhost> On Fri, 2005-08-19 at 18:24 -0500, David Eisenstein wrote: > On Fri, 19 Aug 2005, Pekka Savola wrote: > > > Remember, there's always a need for folks to do some QA testing. See > > the wiki for instructions and how to get started: > > > > http://www.fedoraproject.org/wiki/Legacy/QATesting > > > > In particular, IMHO the biggest need right now is having people take a > > look at "All packages lacking VERIFY", especially anyone who is using > > rp-pppoe, squid, or xchat/zlib on FC1/FC2. > > > > http://www.netcore.fi/pekkas/buglist.html (all) > > http://www.netcore.fi/pekkas/buglist-rhl73.html > > http://www.netcore.fi/pekkas/buglist-rhl9.html > > http://www.netcore.fi/pekkas/buglist-core1.html > > http://www.netcore.fi/pekkas/buglist-fc2.html > > Pekka, I really have to commend you for your sending out periodic reminder > messages like this one and the creation of these excellent webpages with > pointers to Fedora Legacy open issues in Bugzilla. These are very > helpful. Great work, Pekka! :-) > > > -David Pekka, I too agree that these pages are a big asset. Thank you. -Jim P. From rostetter at mail.utexas.edu Fri Aug 19 23:46:42 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Fri, 19 Aug 2005 18:46:42 -0500 Subject: issues list(s) In-Reply-To: <1124494352.10770.6.camel@localhost> References: <1124494352.10770.6.camel@localhost> Message-ID: <1124495202.e1385a6166b34@mail.ph.utexas.edu> Quoting Jim Popovitch : > Pekka, I too agree that these pages are a big asset. Thank you. > > -Jim P. Me three! It's a shame it is needed, but it *is* needed, and I really appreciate Pekka taking on the job and doing it so well. -- Eric Rostetter From jkeating at j2solutions.net Sat Aug 20 00:23:05 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 19 Aug 2005 17:23:05 -0700 Subject: issues list(s) In-Reply-To: References: Message-ID: <1124497385.15701.66.camel@localhost.localdomain> On Fri, 2005-08-19 at 18:24 -0500, David Eisenstein wrote: > Pekka, I really have to commend you for your sending out periodic reminder > messages like this one and the creation of these excellent webpages with > pointers to Fedora Legacy open issues in Bugzilla. These are very > helpful. Great work, Pekka! :-) Ditto. (: -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From marcdeslauriers at videotron.ca Sat Aug 27 00:01:41 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 26 Aug 2005 20:01:41 -0400 Subject: List of bugs to investigate/open Message-ID: <1125100901.7133.24.camel@mdlinux> Hi all, If anyone's looking for something to do, here is a list of security issues that I've been writing down. Someone needs to sort through it, see if anything applies to Fedora Legacy, and open relevant bugs in bugzilla if necessary. Thanks! Marc. kde dcop CAN-2005-0365 or CAN-2005-0396 gnomevfs CAN-2005-0706 mysql CAN-2004-0957 better fix available? (debian, ubuntu) kdelibs CAN-2005-1046 cyrus-imapd CAN-2005-0546 kdewebdev CAN-2005-0754 gnutls CAN-2005-1431 squid CAN-2005-1345 CAN-2005-1519 CVE-1999-0710 CAN-2005-1390 CAN-2005-1389 ethereal openssl CAN-2005-0109 gaim CAN-2005-1269 CAN-2005-1934 ruby CAN-2005-1992 sudo CAN-2005-1993 gedit CAN-2005-1686 binutils CAN-2005-1704 zlib CAN-2005-2096 (rpm?) httpd 2.0 CAN-2005-2088 CAN-2005-1344 vixie cron CAN-2005-1038 krb5 CAN-2005-1689 CAN-2005-1175 CAN-2005-1174 etc net-snmp CAN-2005-2177 klibs - kate CAN-2005-1920 fetchmail CAN-2005-2335 kdenetwork (kopete) CAN-2005-1852 xpdf CAN-2005-2097 vim CAN-2005-2368 slocate CAN-2005-2499 pcre CAN-2005-2491 php CAN-2005-2498 freeradius CAN-2005-1454 CAN-2005-1455 ntp CAN-2005-2496 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From deisenst at gtw.net Sat Aug 27 00:30:45 2005 From: deisenst at gtw.net (David Eisenstein) Date: Fri, 26 Aug 2005 19:30:45 -0500 (CDT) Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: <420AC3C8.6000804@videotron.ca> Message-ID: Hey, Marc, Pekka & everyone, Do you think if we reissued this under the new bug number (RH Bugzilla # 152794), it might see some action? It took me awhile looking through my mail archives to find this test up- date notification. It may be that simply no one uses this package? I know I don't and wouldn't know how to test it. -David On Wed, 9 Feb 2005, Marc Deslauriers wrote: > --------------------------------------------------------------------- > Fedora Legacy Test Update Notification > FEDORALEGACY-2005-2116 > Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2116 > 2005-02-09 > --------------------------------------------------------------------- > > Name : rp-pppoe > 7.3 Version : rp-pppoe-3.3-10.legacy > 9 Version : rp-pppoe-3.5-2.2.legacy > fc1 Version : rp-pppoe-3.5-8.2.legacy > Summary : A PPP over Ethernet client (for xDSL support). > Description : > PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used by > many ADSL Internet Service Providers. This package contains the > Roaring Penguin PPPoE client, a user-mode program that does not > require any kernel modifications. It is fully compliant with RFC 2516, > the official PPPoE specification. > > --------------------------------------------------------------------- > Update Information: > > An updated rp-pppoe package that fixes a security vulnerability is now > available. > > The rp-pppoe package is a PPP over Ethernet client (for xDSL support). > > Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet > driver from Roaring Penguin. When the program is running setuid root > (which is not the case in a default Red Hat Linux or Fedora Core > installation), an attacker could overwrite any file on the file system. > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the name CAN-2004-0564 to this issue. > > All users of rp-pppoe should upgrade to this updated package, which > resolves this issue. > > --------------------------------------------------------------------- > Changelogs: > > rh73: > * Sat Feb 05 2005 Marc Deslauriers > 3.3.8-10.legacy > - added missing autoconf to BuildRequires > > * Sat Oct 09 2004 Marc Deslauriers > 3.3.8-9.legacy > - added better patch for CAN-2004-0564 > > * Thu Oct 07 2004 Simon Weller 3.3.8-7.x.legacy > - added patch for CAN-2004-0564, setuid root file overwriting issue > > rh9: > * Sat Feb 05 2005 Marc Deslauriers > 3.5-2.2.legacy > - added missing autoconf to BuildRequires > > * Sat Oct 09 2004 Marc Deslauriers > 3.5-2.1.legacy > - add rp-pppoe-3.5-CAN-2004-0564.patch > > fc1: > * Sat Feb 05 2005 Marc Deslauriers > 3.5-8.2.legacy > - added missing autoconf to BuildRequires > > * Thu Oct 07 2004 Rob Myers 3.5-8.1.legacy > - add rp-pppoe-3.5-CAN-2004-0564.patch > > --------------------------------------------------------------------- > This update can be downloaded from: > http://download.fedoralegacy.org/ > (sha1sums) > > 3f7646466059606af82392573647db2757a07184 > redhat/7.3/updates-testing/i386/rp-pppoe-3.3-10.legacy.i386.rpm > 0c9fdb6d3ad087cdedef83dc564ae1b21d8f5bab > redhat/7.3/updates-testing/SRPMS/rp-pppoe-3.3-10.legacy.src.rpm > dda91513cd724e0175550465b19c8fab00876f9a > redhat/9/updates-testing/i386/rp-pppoe-3.5-2.2.legacy.i386.rpm > a5806f7bbcb5cd62f33a9b36904d08548da976b8 > redhat/9/updates-testing/SRPMS/rp-pppoe-3.5-2.2.legacy.src.rpm > 8f808a8239aeebf880c9b9b894531dd26db849a9 > fedora/1/updates-testing/i386/rp-pppoe-3.5-8.2.legacy.i386.rpm > ef55f4b9380d5551129f806ae76ba548bfb7bdb4 > fedora/1/updates-testing/SRPMS/rp-pppoe-3.5-8.2.legacy.src.rpm > > --------------------------------------------------------------------- > > Please test and comment in bugzilla. From rostetter at mail.utexas.edu Sat Aug 27 02:46:28 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Fri, 26 Aug 2005 21:46:28 -0500 Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: References: Message-ID: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> Quoting David Eisenstein : > Hey, Marc, Pekka & everyone, > > Do you think if we reissued this under the new bug number > (RH Bugzilla # 152794), it might see some action? It took me > awhile looking through my mail archives to find this test up- > date notification. There are two problems with this one. First, it isn't a bug in the default install, so it doesn't affect anyone unless they have modified things. Second, not very many people use it, since most businesses/schools/etc. don't use pppoe. > It may be that simply no one uses this package? I know I don't > and wouldn't know how to test it. -David If I understand it correctly, to test it you would need to change it to be suid which it normally isn't, and then try to exploit it (to make sure it isn't still vulnerable) and make sure it still works (actually still does pppoe). If this is correct, then it isn't a real big security issue, since making an non-suid program suid is a known security issue in itself, and anyone doing that should take responsibility for any problems that arise from it. If people want it released, we can just test the installation/updating of it, not the functionality of it or the exploits, and let it go at that. I'd prefer it was tested for functionality, but sometimes that just isn't going to happen, and this may be one of those times. But anyone can test that it installs without problems, so we should at least do that much. -- Eric Rostetter From pekkas at netcore.fi Sat Aug 27 05:49:47 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sat, 27 Aug 2005 08:49:47 +0300 (EEST) Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> Message-ID: On Fri, 26 Aug 2005, Eric Rostetter wrote: > If people want it released, we can just test the installation/updating of > it, not the functionality of it or the exploits, and let it go at that. > I'd prefer it was tested for functionality, but sometimes that just isn't > going to happen, and this may be one of those times. But anyone can test > that it installs without problems, so we should at least do that much. Either way, I think the packages which aren't tested in months (xchat and squid also belong in the same category) call for one of the following: 1) officially forgetting the update, removing it from updates-testing, and from the issue lists 2) specially marking "QA still needed but these are very low priority" updates, or 3) just releasing them with lower amount of QA or no QA at all after some timeout (e.g., 6 weeks) and revising if someone complains it doesn't work right. As it is, the problem is that the bug issue lists keep getting longer, not shorter. We should be able to get "rid of" historic and minor updates using some means. I don't have strong preference here, but I think 3) would probably be best. If no-one wants to do (official) QA, we could just release the update if it looks trivial, and fix it later if something is reported to break. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From marcdeslauriers at videotron.ca Sat Aug 27 13:14:02 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sat, 27 Aug 2005 09:14:02 -0400 Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> Message-ID: <1125148443.14397.9.camel@mdlinux> On Sat, 2005-08-27 at 08:49 +0300, Pekka Savola wrote: > 1) officially forgetting the update, removing it from > updates-testing, and from the issue lists > 2) specially marking "QA still needed but these are very low > priority" updates, or > 3) just releasing them with lower amount of QA or no QA at all after > some timeout (e.g., 6 weeks) and revising if someone complains it > doesn't work right. > I vote to just release them after a long timeout period. If there are any issues, we can quickly fix them afterwards. We most often use patches that came from upstream or from another distro anyway, so most of them have already gone through QA. It just doesn't make sense to have stuff in the updates-testing directory for ever. > I don't have strong preference here, but I think 3) would probably be > best. If no-one wants to do (official) QA, we could just release the > update if it looks trivial, and fix it later if something is reported > to break. > I think that is a good idea. Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From wstockal at compusmart.ab.ca Sat Aug 27 15:46:48 2005 From: wstockal at compusmart.ab.ca (William Stockall) Date: Sat, 27 Aug 2005 09:46:48 -0600 Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> Message-ID: <43108AE8.80802@compusmart.ab.ca> If no one is interested in testing the patch, doesn't that sort of imply no one really needs it? Why release untested software? If someone actually IS using the package, maybe they can QA it. Otherwise it shouldn't be released. It might be possible to add some code word to the bug and close it due to disinterest or something. Will. Pekka Savola wrote: > On Fri, 26 Aug 2005, Eric Rostetter wrote: > >> If people want it released, we can just test the installation/updating of >> it, not the functionality of it or the exploits, and let it go at that. >> I'd prefer it was tested for functionality, but sometimes that just isn't >> going to happen, and this may be one of those times. But anyone can test >> that it installs without problems, so we should at least do that much. > > > Either way, I think the packages which aren't tested in months (xchat > and squid also belong in the same category) call for one of the following: > > 1) officially forgetting the update, removing it from > updates-testing, and from the issue lists > 2) specially marking "QA still needed but these are very low > priority" updates, or > 3) just releasing them with lower amount of QA or no QA at all after > some timeout (e.g., 6 weeks) and revising if someone complains it > doesn't work right. > > As it is, the problem is that the bug issue lists keep getting longer, > not shorter. We should be able to get "rid of" historic and minor > updates using some means. > > I don't have strong preference here, but I think 3) would probably be > best. If no-one wants to do (official) QA, we could just release the > update if it looks trivial, and fix it later if something is reported to > break. > From pekkas at netcore.fi Sat Aug 27 21:12:43 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 28 Aug 2005 00:12:43 +0300 (EEST) Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: <43108AE8.80802@compusmart.ab.ca> References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> <43108AE8.80802@compusmart.ab.ca> Message-ID: On Sat, 27 Aug 2005, William Stockall wrote: > If no one is interested in testing the patch, doesn't that sort of imply no > one really needs it? Why release untested software? If someone actually IS > using the package, maybe they can QA it. Otherwise it shouldn't be released. > It might be possible to add some code word to the bug and close it due to > disinterest or something. The problem with this approach is that it wastes resources: a significant amount of time and energy is spent on the following steps: a) identifying the issues and putting them in bugzilla, b) creating packages for all the distros with patches, c) getting enough PUBLISH QA votes for the packages, d) rebuilding the packages in mach (often there are build issues) and releasing in updates-testing, e) getting the sufficient VERIFY votes f) releasing the packages in updates testing [trivial] At the moment, if we find a package like squid or rp-pppoe which don't get verifies, we'll notice it at step e). The energy/time has already been spent in steps a) - d). At step a), it is difficult if not impossible to figure out if e) would actually happen. We don't want to waste time and resources, particularly because the folks doing Fedora Legacy stuff CAN and DO get frustrated when nothing happens and the work already done is flushed down the toilet. Thus, "just abandon the work at e)" is NOT an option (as we are de-facto doing now). Something needs to change. For example, 1) identifying folks earlier who'd commit to providing at least one VERIFY, so the effort is not wasted, or 2) the policy which allows releasing non-VERIFYed packages after a (longish) timeout. Because 1) is more work to the process as it is, as I've said earlier, I find 2) better.. but I'm open to hearing concrete suggestions. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From wstockal at compusmart.ab.ca Sun Aug 28 02:47:40 2005 From: wstockal at compusmart.ab.ca (William Stockall) Date: Sat, 27 Aug 2005 20:47:40 -0600 Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> <43108AE8.80802@compusmart.ab.ca> Message-ID: <431125CC.60702@compusmart.ab.ca> So what about creating an "Untested" repository or something? Make the packages available to those willing to use untested packages (don't waste the effort already put into it) without putting untested packages with potential problems in with the tested and supposedly trustworthy packages. Will. Pekka Savola wrote: > On Sat, 27 Aug 2005, William Stockall wrote: > >> If no one is interested in testing the patch, doesn't that sort of >> imply no one really needs it? Why release untested software? If >> someone actually IS using the package, maybe they can QA it. >> Otherwise it shouldn't be released. It might be possible to add some >> code word to the bug and close it due to disinterest or something. > > > The problem with this approach is that it wastes resources: a > significant amount of time and energy is spent on the following steps: > > a) identifying the issues and putting them in bugzilla, > b) creating packages for all the distros with patches, > c) getting enough PUBLISH QA votes for the packages, > d) rebuilding the packages in mach (often there are build issues) > and releasing in updates-testing, > > e) getting the sufficient VERIFY votes > f) releasing the packages in updates testing [trivial] > > At the moment, if we find a package like squid or rp-pppoe which don't > get verifies, we'll notice it at step e). The energy/time has already > been spent in steps a) - d). At step a), it is difficult if not > impossible to figure out if e) would actually happen. > > We don't want to waste time and resources, particularly because the > folks doing Fedora Legacy stuff CAN and DO get frustrated when nothing > happens and the work already done is flushed down the toilet. > > Thus, "just abandon the work at e)" is NOT an option (as we are de-facto > doing now). Something needs to change. For example, > > 1) identifying folks earlier who'd commit to providing at least one > VERIFY, so the effort is not wasted, or > 2) the policy which allows releasing non-VERIFYed packages > after a (longish) timeout. > > Because 1) is more work to the process as it is, as I've said earlier, I > find 2) better.. but I'm open to hearing concrete suggestions. > From maillist at jasonlim.com Sun Aug 28 04:29:09 2005 From: maillist at jasonlim.com (Jason Lim) Date: Sun, 28 Aug 2005 12:29:09 +0800 Subject: Fedora Legacy Test Update Notification: rp-pppoe References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu><43108AE8.80802@compusmart.ab.ca> <431125CC.60702@compusmart.ab.ca> Message-ID: <0a3301c5ab89$0a260420$0900a8c0@SYSTEM9> Or how about this... since we have a lack of manpower, create an untested folder, let people run it... assuming no complaints, move it to stable after X number of days or a week or something. Wouldn't that work, considering manpower shortage? ----- Original Message ----- From: "William Stockall" To: "Discussion of the Fedora Legacy Project" Sent: Sunday, 28 August, 2005 10:47 AM Subject: Re: Fedora Legacy Test Update Notification: rp-pppoe > So what about creating an "Untested" repository or something? Make the > packages available to those willing to use untested packages (don't > waste the effort already put into it) without putting untested packages > with potential problems in with the tested and supposedly trustworthy > packages. > > > Will. > > Pekka Savola wrote: > > On Sat, 27 Aug 2005, William Stockall wrote: > > > >> If no one is interested in testing the patch, doesn't that sort of > >> imply no one really needs it? Why release untested software? If > >> someone actually IS using the package, maybe they can QA it. > >> Otherwise it shouldn't be released. It might be possible to add some > >> code word to the bug and close it due to disinterest or something. > > > > > > The problem with this approach is that it wastes resources: a > > significant amount of time and energy is spent on the following steps: > > > > a) identifying the issues and putting them in bugzilla, > > b) creating packages for all the distros with patches, > > c) getting enough PUBLISH QA votes for the packages, > > d) rebuilding the packages in mach (often there are build issues) > > and releasing in updates-testing, > > > > e) getting the sufficient VERIFY votes > > f) releasing the packages in updates testing [trivial] > > > > At the moment, if we find a package like squid or rp-pppoe which don't > > get verifies, we'll notice it at step e). The energy/time has already > > been spent in steps a) - d). At step a), it is difficult if not > > impossible to figure out if e) would actually happen. > > > > We don't want to waste time and resources, particularly because the > > folks doing Fedora Legacy stuff CAN and DO get frustrated when nothing > > happens and the work already done is flushed down the toilet. > > > > Thus, "just abandon the work at e)" is NOT an option (as we are de-facto > > doing now). Something needs to change. For example, > > > > 1) identifying folks earlier who'd commit to providing at least one > > VERIFY, so the effort is not wasted, or > > 2) the policy which allows releasing non-VERIFYed packages > > after a (longish) timeout. > > > > Because 1) is more work to the process as it is, as I've said earlier, I > > find 2) better.. but I'm open to hearing concrete suggestions. > > > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > From wstockal at compusmart.ab.ca Sun Aug 28 04:46:08 2005 From: wstockal at compusmart.ab.ca (William Stockall) Date: Sat, 27 Aug 2005 22:46:08 -0600 Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: <0a3301c5ab89$0a260420$0900a8c0@SYSTEM9> References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> <43108AE8.80802@compusmart.ab.ca> <431125CC.60702@compusmart.ab.ca> <0a3301c5ab89$0a260420$0900a8c0@SYSTEM9> Message-ID: <43114190.6050108@compusmart.ab.ca> Jason Lim wrote: > Or how about this... since we have a lack of manpower, create an untested > folder, let people run it... assuming no complaints, move it to stable > after X number of days or a week or something. > > Wouldn't that work, considering manpower shortage? If people were actually running the untested packages, wouldn't the then be tested packages and wouldn't people then not be asking these questions? Will. From pekkas at netcore.fi Sun Aug 28 04:48:20 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 28 Aug 2005 07:48:20 +0300 (EEST) Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: <0a3301c5ab89$0a260420$0900a8c0@SYSTEM9> References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu><43108AE8.80802@compusmart.ab.ca> <431125CC.60702@compusmart.ab.ca> <0a3301c5ab89$0a260420$0900a8c0@SYSTEM9> Message-ID: On Sun, 28 Aug 2005, Jason Lim wrote: > Or how about this... since we have a lack of manpower, create an untested > folder, let people run it... assuming no complaints, move it to stable > after X number of days or a week or something. > > Wouldn't that work, considering manpower shortage? As far as I can tell, folks are using updates-testing already this way -- many update from there directly. We just don't (yet) move stuff from updates-testing to updates; personally, I think we should. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From shiva at sewingwitch.com Sun Aug 28 05:17:06 2005 From: shiva at sewingwitch.com (Kenneth Porter) Date: Sat, 27 Aug 2005 22:17:06 -0700 Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: <43114190.6050108@compusmart.ab.ca> References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> <43108AE8.80802@compusmart.ab.ca> <431125CC.60702@compusmart.ab.ca> <0a3301c5ab89$0a260420$0900a8c0@SYSTEM9> <43114190.6050108@compusmart.ab.ca> Message-ID: --On Saturday, August 27, 2005 10:46 PM -0600 William Stockall wrote: > If people were actually running the untested packages, wouldn't the then > be tested packages and wouldn't people then not be asking these questions? Anyone have an RPM command to report what packages one has installed that come from updates-testing? I could then add it to a cron job to nag me, go submit a verify for those I actually use, and perhaps remove the ones I'm not using (which would then not be verified by me) to get rid of the nag. From pekkas at netcore.fi Sun Aug 28 06:06:02 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 28 Aug 2005 09:06:02 +0300 (EEST) Subject: Fedora Legacy Test Update Notification: rp-pppoe In-Reply-To: References: <1125110788.1a54e28ba753e@mail.ph.utexas.edu> <43108AE8.80802@compusmart.ab.ca> <431125CC.60702@compusmart.ab.ca> <0a3301c5ab89$0a260420$0900a8c0@SYSTEM9> <43114190.6050108@compusmart.ab.ca> Message-ID: On Sat, 27 Aug 2005, Kenneth Porter wrote: > --On Saturday, August 27, 2005 10:46 PM -0600 William Stockall > wrote: > >> If people were actually running the untested packages, wouldn't the then >> be tested packages and wouldn't people then not be asking these questions? > > Anyone have an RPM command to report what packages one has installed that > come from updates-testing? I could then add it to a cron job to nag me, go > submit a verify for those I actually use, and perhaps remove the ones I'm not > using (which would then not be verified by me) to get rid of the nag. Here's a very simple script for you which prints out if you have installed package versions which exist in fedora legacy. Note that I'm making a shortcut/assumption here by assuming that for foo.src.rpm, there will be foo.i386.rpm which would be installed. So, it's not bulletproof but might be "good enough". -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------- next part -------------- A non-text attachment was scrubbed... Name: nag-testing.sh Type: application/x-sh Size: 334 bytes Desc: URL: From sheltren at cs.ucsb.edu Sun Aug 28 13:23:59 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Sun, 28 Aug 2005 06:23:59 -0700 (PDT) Subject: List of bugs to investigate/open In-Reply-To: <1125100901.7133.24.camel@mdlinux> References: <1125100901.7133.24.camel@mdlinux> Message-ID: <50137.66.205.48.47.1125235439.squirrel@letters.cs.ucsb.edu> Hi Mark, thanks for the list, saves me digging through lots of emails :) I've opened a few new bugs and commented on a few others below. I haven't looked at the ones I say nothing about, but I'll try to get to a few of those later. -Jeff > kde dcop CAN-2005-0365 or CAN-2005-0396 > gnomevfs CAN-2005-0706 > mysql CAN-2004-0957 better fix available? (debian, ubuntu) > kdelibs CAN-2005-1046 > cyrus-imapd CAN-2005-0546 This exists as bugzilla #156290 > kdewebdev CAN-2005-0754 > gnutls CAN-2005-1431 Does this package exist in legacy? > squid CAN-2005-1345 CAN-2005-1519 CVE-1999-0710 CAN-2005-1390 > CAN-2005-1389 There is an old squid package sitting in updates-testing, but it doesn't cover those issues. I vote for pushing out the old package and opening up a new bug for these. RHEL has a package which covers many of those patches: https://rhn.redhat.com/errata/RHSA-2005-415.html > ethereal There are ethereal packages sitting in updates-testing since March (bug #152922). Any reason this hasn't timed-out yet? RHEL has updated packages for the newer bugs: https://rhn.redhat.com/errata/RHSA-2005-687.html > openssl CAN-2005-0109 I opened a new report for this - #166939 - also addresses CAN-2004-0975. > gaim CAN-2005-1269 CAN-2005-1934 > ruby CAN-2005-1992 > sudo CAN-2005-1993 I opened a new report for this - #166940 > gedit CAN-2005-1686 > binutils CAN-2005-1704 > zlib CAN-2005-2096 (rpm?) This exists as bug #162680 and looks like it's just waiting to be pushed to updates - am I missing something? > httpd 2.0 CAN-2005-2088 CAN-2005-1344 It looks like redhat has patched CAN-2005-2088 and CAN-2005-1268, but I don't see a patch for CAN-2005-1344. According to the CVE page, it doesn't look easily exploitable. I've created a new report for this - #166941 > vixie cron CAN-2005-1038 > krb5 CAN-2005-1689 CAN-2005-1175 CAN-2005-1174 etc > net-snmp CAN-2005-2177 > klibs - kate CAN-2005-1920 > fetchmail CAN-2005-2335 This exists as bug #164512. I'll look into adding the fixes you mentioned there. > kdenetwork (kopete) CAN-2005-1852 > xpdf CAN-2005-2097 > vim CAN-2005-2368 This exists as bug #164488 > slocate CAN-2005-2499 I'm confused on this one. bug #165430 makes it looks like all rhel os's are effected, yet the errata is only for rhel 2.1 - anyone have any ideas on this? The CVE page states that it only effects versions prior to 2.7, which should mean we are OK, but RHEL 2.1 was also running 2.7 which is why I'm confused... > pcre CAN-2005-2491 > php CAN-2005-2498 I created a new report for this - #166943 - it effects fc1 & fc2 > freeradius CAN-2005-1454 CAN-2005-1455 > ntp CAN-2005-2496 From pekkas at netcore.fi Sun Aug 28 16:43:04 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 28 Aug 2005 19:43:04 +0300 (EEST) Subject: List of bugs to investigate/open In-Reply-To: <50137.66.205.48.47.1125235439.squirrel@letters.cs.ucsb.edu> References: <1125100901.7133.24.camel@mdlinux> <50137.66.205.48.47.1125235439.squirrel@letters.cs.ucsb.edu> Message-ID: On Sun, 28 Aug 2005, Jeff Sheltren wrote: >> ethereal > There are ethereal packages sitting in updates-testing since March (bug > #152922). Any reason this hasn't timed-out yet? RHEL has updated packages > for the newer bugs: https://rhn.redhat.com/errata/RHSA-2005-687.html The reason for not timing out is because I made a "discuss" on it, saying that we should just publish the later release instead as it fixes over a dozen other vulnerabilities. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jkosin at beta.intcomgrp.com Tue Aug 30 17:39:32 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Tue, 30 Aug 2005 13:39:32 -0400 Subject: *** UNOFFICIAL JAMES UPDATES *** Message-ID: <431499D4.6030309@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Everyone, I have been on vacation and have a few updates ready now..... REMEMBER: ~ (1) My updates are not supported by anyone other than me or the original group that is currently developing the software. ~ (2) Fedora-Legacy, Fedora and other groups are not supporting these updates. Don't complain to them about my updates!!! They usually won't know what you are talking about. ~ (3) If I tell of a kernel update! DO NOT GET RID OF YOUR OLD KERNEL. Keeping an old kernel that works installed is kinda like having a bootable floppy that works, if something breaks you still have a good system. ~ (4) Please let me know if you would like to see any other updates. Right now, I can't do a lot of updates but, I'm willing to add as long as everyone knows I'm only one person. ~ (5) MY UPDATES HAVE ONLY BEEN TESTED WITH FC1 !!! If you want to try them on FC2, RedHat 7.3 etc you are welcome to try, but I can't help with any problems... I just don't have the time. ============================================== INN 2.4.1-2 - -------------- I've updated to the latest inn source with an inn-2.4.2 patch. Most of the changes are improvements and minor issues. RPMS - ------- http://support.intcomgrp.com/mirror/fedora-core/beta/i386/inews-2.4.1-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/inn-2.4.1-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/inn-devel-2.4.1-2.fc1.i386.rpm SOURCE RPM - ----------------- http://support.intcomgrp.com/mirror/fedora-core/beta/src/inn-2.4.1-2.fc1.src.rpm =============================================== SAMBA 3.0.20 - ----------------- Samba released 3.0.20 while I was on vacation. Please see the samba web-site for full details of any changes. I've recompiled samba-vscan against this version of samba. I'll have to track down what happened to testprn ... but, I think it may have been depreciated. Although the man files are still there. RPMS - ------- http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-3.0.20-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-client-3.0.20-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-common-3.0.20-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-swat-3.0.20-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-vscan-clamav-0.4.0-1.fc1.i386.rpm SOURCES - ------------ http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-3.0.20-2.fc1.src.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-1.fc1.src.rpm ===================================================================== All of my binary packages are signed..... http://support.intcomgrp.com/mirror/fedora-core/beta/RPM-GPG-KEY-JAMES The SHA1 Sums for the binaries are here: http://support.intcomgrp.com/mirror/fedora-core/beta/i386/sha1sum.txt The SHA1 Sums for the source files are here: http://support.intcomgrp.com/mirror/fedora-core/beta/src/sha1sum.txt I run a YUM server for FC1.... you can also point your updates to http://support.intcomgrp.com/mirror/fedora-core/beta/i386 BUT ONLY IF YOU WANT! ====================================================================== Thanks James Kosin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFJnUkNLDmnu1kSkRA+NKAJ92WPvUWLXMMtf0eZlNHp0gKUA2awCffCHs I4oUP1TOqxC3JrQU1y68y24= =2QIi -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net From gerry at pathtech.org Wed Aug 31 01:51:35 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Tue, 30 Aug 2005 21:51:35 -0400 Subject: Where is there a repository for updated tools? Message-ID: <1125453095.4586.40.camel@www.pathtech.org> I managed to build sendmail-8.13.4 for RH7.3 to replace the insecure stock sendmail. Now I understand that fedoralegacy itself has no such repository but I am sure that there are others out there that run their MTA under RH7.3 and would appreciate being able to install from rpm. So can anyone offer some pointers to any repositories that take contributions? -- G. Roderick Singleton PATH tech From gerry at pathtech.org Wed Aug 31 15:06:54 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Wed, 31 Aug 2005 11:06:54 -0400 Subject: [OGo-Users] ogo-nhsd-1.0a fails to start In-Reply-To: <4315C0E6.3070901@abcsolve.com> References: <4315C0E6.3070901@abcsolve.com> Message-ID: <1125500814.4586.68.camel@www.pathtech.org> On Wed, 2005-08-31 at 09:38 -0500, Timothy Strimple wrote: > Did you ever find a fix for this problem? We are running into it now on > a Fedora Core 4 install. Any help you could offer would be appreciated. > > Tim. No I wasn't able to get past this either. I decided to wait it out and offer resources from time to time to see if this will help. I have copied the list so others much more knowledgeable than I can answer. I have downloaded the sources and will try a local build. -- G. Roderick Singleton PATH tech From jkosin at beta.intcomgrp.com Wed Aug 31 16:11:11 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Wed, 31 Aug 2005 12:11:11 -0400 Subject: *** UNOFFICIAL JAMES UPDATES *** Message-ID: <4315D69F.2080604@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Everyone, REMEMBER: ~ (1) My updates are not supported by anyone other than me or the original group that is currently developing the software. ~ (2) Fedora-Legacy, Fedora and other groups are not supporting these updates. Don't complain to them about my updates!!! They usually won't know what you are talking about. ~ (3) If I tell of a kernel update! DO NOT GET RID OF YOUR OLD KERNEL. Keeping an old kernel that works installed is kinda like having a bootable floppy that works, if something breaks you still have a good system. ~ (4) Please let me know if you would like to see any other updates. Right now, I can't do a lot of updates but, I'm willing to add as long as everyone knows I'm only one person. ~ (5) MY UPDATES HAVE ONLY BEEN TESTED WITH FC1 !!! If you want to try them on FC2, RedHat 7.3 etc you are welcome to try, but I can't help with any problems... I just don't have the time. ============================================== SAMBA 3.0.20 - ----------------- I've added the patch for winbindd from the samba website. Please see http://samba.org/samba/patches/ for all information about any applied patches. The clamav vscan module did not change. RPMS - ------- http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-3.0.20-3.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-client-3.0.20-3.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-common-3.0.20-3.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-swat-3.0.20-3.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/samba-vscan-clamav-0.4.0-1.fc1.i386.rpm SOURCES - ------------ http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-3.0.20-3.fc1.src.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-1.fc1.src.rpm ===================================================================== All of my binary packages are signed..... http://support.intcomgrp.com/mirror/fedora-core/beta/RPM-GPG-KEY-JAMES The SHA1 Sums for the binaries are here: http://support.intcomgrp.com/mirror/fedora-core/beta/i386/sha1sum.txt The SHA1 Sums for the source files are here: http://support.intcomgrp.com/mirror/fedora-core/beta/src/sha1sum.txt I run a YUM server for FC1.... you can also point your updates to http://support.intcomgrp.com/mirror/fedora-core/beta/i386 BUT ONLY IF YOU WANT! ====================================================================== Thanks James Kosin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFdafkNLDmnu1kSkRA+6oAJ0YXkbsOtKp6/iGe8BL2uyNnQMnZQCbBF01 RDMSF+o4q/JlE++ij9YCYIE= =xbUs -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net From michal at harddata.com Wed Aug 31 17:10:14 2005 From: michal at harddata.com (Michal Jaegermann) Date: Wed, 31 Aug 2005 11:10:14 -0600 Subject: Where is there a repository for updated tools? In-Reply-To: <1125453095.4586.40.camel@www.pathtech.org>; from gerry@pathtech.org on Tue, Aug 30, 2005 at 09:51:35PM -0400 References: <1125453095.4586.40.camel@www.pathtech.org> Message-ID: <20050831111014.A4251@mail.harddata.com> On Tue, Aug 30, 2005 at 09:51:35PM -0400, G. Roderick Singleton wrote: > I managed to build sendmail-8.13.4 for RH7.3 Actually this is not such great feat. Source rpms for sendmail from later distributions rebuild just fine on RH7.3 installations; maybe after small tweaks. > to replace the insecure stock sendmail. Could you elaborate in what sense a version of sendmail distributed with RH7.3 is "insecure"? CAN numbers? AFAIK if you want some features, like really working TLS or some functions separation (which is indeed a more secure design), then you need a later version of sendmail but otherwise there is nothing wrong with it. New features are beyond a fedora-legacy scope. Michal