From mschout at gkg.net Tue Feb 1 19:09:42 2005 From: mschout at gkg.net (Michael Schout) Date: Tue, 01 Feb 2005 13:09:42 -0600 Subject: Self Introduction: Michael Schout Message-ID: <41FFD3F6.3060508@gkg.net> 1. Full name : Michael Schout 2. Location : Dallas, Texas 3. Profession : Software Engineer 4. Company : GKG.NET, Inc. 5. Goals : I want to contribute to QA testing for RH7.3 support. 6. Qualifications : I have been administering and developing software on Linux machines since 1996. 7. GPG Key: pub 1024D/3A7D2CEC 2000-03-21 Key fingerprint = D8A7 4DB5 5117 33F7 F385 5EE0 F82A AF4B 3A7D 2CEC uid Michael Schout sub 1024g/81990A25 2000-03-21 From dhowland at ecs.umass.edu Tue Feb 1 21:09:18 2005 From: dhowland at ecs.umass.edu (David Howland) Date: Tue, 01 Feb 2005 16:09:18 -0500 Subject: update doesn't really work Message-ID: <41FFEFFE.7060306@ecs.umass.edu> I've set up a 7.3 machine to update to the fedora-legacy project using yum. It doesn't really seem to work at all. Any help would be greatly appreciated. Please CC my email directly, as I am not subscribed to the list. Error follows. Thank you. -d # yum update Gathering package information from servers Getting headers from: Red Hat Linux 7.3 base Getting headers from: Fedora Legacy utilities for Red Hat Linux 7.3 Getting headers from: Red Hat Linux 7.3 updates Finding updated packages Downloading needed headers Resolving dependencies .....identical dependency loop exceeded package mozilla-psm needs mozilla-nss = 1.0.2-2.7.3 (not provided) package mozilla-psm needs mozilla-nss = 1.0.2-2.7.3 (not provided) $ cat /etc/yum.conf [main] cachedir=/var/cache/yum debuglevel=2 logfile=/var/log/yum.log pkgpolicy=newest exactarch=1 exclude=kernel* [base] name=Red Hat Linux $releasever base baseurl=http://download.fedoralegacy.org/redhat/$releasever/os/$basearch gpgcheck=1 [updates] name=Red Hat Linux $releasever updates baseurl=http://download.fedoralegacy.org/redhat/$releasever/updates/$basearch gpgcheck=1 [legacy-utils] name=Fedora Legacy utilities for Red Hat Linux $releasever baseurl=http://download.fedoralegacy.org/redhat/$releasever/legacy-utils/$basearch gpgcheck=1 From marcdeslauriers at videotron.ca Wed Feb 2 01:13:58 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Tue, 01 Feb 2005 20:13:58 -0500 Subject: [FLSA-2005:2255] Updated zip package fixes security issue Message-ID: <42002956.5070905@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated zip package fixes security issue Advisory ID: FLSA:2255 Issue date: 2005-02-01 Product: Red Hat Linux, Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2255 CVE Names: CAN-2004-1010 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated zip package that fixes a buffer overflow vulnerability is now available. The zip program is an archiving utility which can create ZIP-compatible archives. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: A buffer overflow bug has been discovered in zip when handling long file names. An attacker could create a specially crafted path which could cause zip to crash or execute arbitrary instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1010 to this issue. Users of zip should upgrade to this updated package, which contains backported patches and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2255 - zip long path buffer overflow 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/zip-2.3-26.1.0.7.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/zip-2.3-26.1.0.7.3.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/zip-2.3-26.1.0.9.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/zip-2.3-26.1.0.9.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/zip-2.3-26.1.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/zip-2.3-26.1.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 7b1134632529e30a471d2ae038f414f407ac0d3e redhat/7.3/updates/i386/zip-2.3-26.1.0.7.3.legacy.i386.rpm 8db58039a432c0f0c9ff01e07b9190ad23ac4413 redhat/7.3/updates/SRPMS/zip-2.3-26.1.0.7.3.legacy.src.rpm 95966b2b9fdac8f17c74226c3c033b24dd6c9226 redhat/9/updates/i386/zip-2.3-26.1.0.9.legacy.i386.rpm 92b76aadb2e46b57dd9b71927dada7b1c1154dae redhat/9/updates/SRPMS/zip-2.3-26.1.0.9.legacy.src.rpm 9ef4498e118ca6b4a8f72b02fecde57924d51267 fedora/1/updates/i386/zip-2.3-26.1.1.legacy.i386.rpm 2dcdfc8e6ac63e2b74cf7c781c078773e0265eb8 fedora/1/updates/SRPMS/zip-2.3-26.1.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1010 http://lists.netsys.com/pipermail/full-disclosure/2004-November/028379.html 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Wed Feb 2 01:15:06 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Tue, 01 Feb 2005 20:15:06 -0500 Subject: [FLSA-2005:2187] Updated freeradius packages fix security flaws Message-ID: <4200299A.9040402@videotron.ca> ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated freeradius packages fix security flaws Advisory ID: FLSA:2187 Issue date: 2005-02-01 Product: Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2187 CVE Names: CAN-2004-0938 CAN-2004-0960 CAN-2004-0961 ----------------------------------------------------------------------- ----------------------------------------------------------------------- 1. Topic: Updated freeradius packages that fix a number of denial of service vulnerabilities as well as minor bugs are now available. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. 2. Relevant releases/architectures: Fedora Core 1 - i386 3. Problem description: A number of flaws were found in FreeRADIUS versions prior to 1.0.1. An attacker who is able to send packets to the server could construct carefully constructed packets in such a way as to cause the server to consume memory or crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0938, CAN-2004-0960, and CAN-2004-0961 to these issues. Please note that the pam config file included in these packages was renamed to /etc/pam.d/radiusd. Users of FreeRADIUS should update to these erratum packages that contain FreeRADIUS 1.0.1, which is not vulnerable to these issues and also corrects a number of bugs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - 2187 - Freeradius < 1.0.1 DoS and remote crash 6. RPMs required: Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/freeradius-1.0.1-0.FC1.5.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/freeradius-1.0.1-0.FC1.5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/freeradius-mysql-1.0.1-0.FC1.5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/freeradius-postgresql-1.0.1-0.FC1.5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/freeradius-unixODBC-1.0.1-0.FC1.5.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------------- 83a5b013fac1aaa3caee75ea97dadb9ead68ca6c fedora/1/updates/i386/freeradius-1.0.1-0.FC1.5.legacy.i386.rpm 6b9dfc73490b32784112f0f6f0cde1d87f1812f7 fedora/1/updates/i386/freeradius-mysql-1.0.1-0.FC1.5.legacy.i386.rpm 58b1e0975443a435c982b394f775337a8eedde9a fedora/1/updates/i386/freeradius-postgresql-1.0.1-0.FC1.5.legacy.i386.rpm 94b816b7da430f359401dade849820c962b5ad98 fedora/1/updates/i386/freeradius-unixODBC-1.0.1-0.FC1.5.legacy.i386.rpm c26c9fe20f721946bbcf7723b654ce72d1fd587f fedora/1/updates/SRPMS/freeradius-1.0.1-0.FC1.5.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0961 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Wed Feb 2 01:16:20 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Tue, 01 Feb 2005 20:16:20 -0500 Subject: [FLSA-2005:2272] Updated unarj package fixes security issue Message-ID: <420029E4.80600@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated unarj package fixes security issue Advisory ID: FLSA:2272 Issue date: 2005-02-01 Product: Red Hat Linux, Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2272 CVE Names: CAN-2004-0947 CAN-2004-1027 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available. The unarj program is an archiving utility which can extract ARJ-compatible archives. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: A buffer overflow bug was discovered in unarj when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to this issue. Additionally, a path traversal vulnerability was discovered in unarj. An attacker could create a specially crafted archive which would create files in the parent ("..") directory when extracted by a victim. When used recursively, this vulnerability could be used to overwrite critical system files and programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1027 to this issue. Users of unarj should upgrade to this updated package which contains backported patches and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2272 - unarj - buffer overflow and path traversal bugs 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/unarj-2.63a-4.0.7.3.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/unarj-2.63a-4.0.7.3.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/unarj-2.63a-4.0.9.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/unarj-2.63a-4.0.9.1.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/unarj-2.63a-4.1.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/unarj-2.63a-4.1.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 8b07f5d8a514324da4097fa5e5fe45ab693fba54 redhat/7.3/updates/i386/unarj-2.63a-4.0.7.3.1.legacy.i386.rpm 07a12c321015017d0813cb107758df017119d9ac redhat/7.3/updates/SRPMS/unarj-2.63a-4.0.7.3.1.legacy.src.rpm a6151b99a058e254d76de4fe73b769fe0978f851 redhat/9/updates/i386/unarj-2.63a-4.0.9.1.legacy.i386.rpm b88dc2c7dad960fdf9fe5392ef4715deca699287 redhat/9/updates/SRPMS/unarj-2.63a-4.0.9.1.legacy.src.rpm ea630f037afc90ab60cc85e230b64e54141535c9 fedora/1/updates/i386/unarj-2.63a-4.1.1.legacy.i386.rpm d44d03bc24fc9459bd0bd4ed42d7802ca53d74c3 fedora/1/updates/SRPMS/unarj-2.63a-4.1.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1027 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From skvidal at phy.duke.edu Wed Feb 2 01:26:26 2005 From: skvidal at phy.duke.edu (seth vidal) Date: Tue, 01 Feb 2005 20:26:26 -0500 Subject: update doesn't really work In-Reply-To: <41FFEFFE.7060306@ecs.umass.edu> References: <41FFEFFE.7060306@ecs.umass.edu> Message-ID: <1107307586.25100.176.camel@cutter> On Tue, 2005-02-01 at 16:09 -0500, David Howland wrote: > I've set up a 7.3 machine to update to the fedora-legacy project using > yum. It doesn't really seem to work at all. Any help would be greatly > appreciated. Please CC my email directly, as I am not subscribed to the > list. Error follows. Thank you. > -d > > # yum update > Gathering package information from servers > Getting headers from: Red Hat Linux 7.3 base > Getting headers from: Fedora Legacy utilities for Red Hat Linux 7.3 > Getting headers from: Red Hat Linux 7.3 updates > Finding updated packages > Downloading needed headers > Resolving dependencies > .....identical dependency loop exceeded > package mozilla-psm needs mozilla-nss = 1.0.2-2.7.3 (not provided) > package mozilla-psm needs mozilla-nss = 1.0.2-2.7.3 (not provided) > run yum upgrade. that will force the obsoleting out. -sv From rostetter at mail.utexas.edu Wed Feb 2 04:47:28 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Tue, 1 Feb 2005 22:47:28 -0600 Subject: update doesn't really work In-Reply-To: <41FFEFFE.7060306@ecs.umass.edu> References: <41FFEFFE.7060306@ecs.umass.edu> Message-ID: <1107319648.d4328755f9db8@mail.ph.utexas.edu> Quoting David Howland : > I've set up a 7.3 machine to update to the fedora-legacy project using > yum. It doesn't really seem to work at all. There are rare problems. > .....identical dependency loop exceeded > package mozilla-psm needs mozilla-nss = 1.0.2-2.7.3 (not provided) > package mozilla-psm needs mozilla-nss = 1.0.2-2.7.3 (not provided) This is a common problem with old RH mozilla installs. Easiest way to fix it is something like: remove all old mozilla packages, then issue a "yum install mozilla" to reinstall it, adding install commands for any others you may need also (the mozilla-* packages). Then redo your yum update. This is very rare, in that very few packages cause this kind of problem. Mozilla is a very common one though. It is caused by bad "requires" by Red Hat in the older packages... -- Eric Rostetter From dom at earth.li Wed Feb 2 10:59:19 2005 From: dom at earth.li (Dominic Hargreaves) Date: Wed, 2 Feb 2005 10:59:19 +0000 Subject: update doesn't really work In-Reply-To: <1107307586.25100.176.camel@cutter> References: <41FFEFFE.7060306@ecs.umass.edu> <1107307586.25100.176.camel@cutter> Message-ID: <20050202105919.GL987@tirian.magd.ox.ac.uk> On Tue, Feb 01, 2005 at 08:26:26PM -0500, seth vidal wrote: > run yum upgrade. > > that will force the obsoleting out. I'm not a yum user, but it seems obvious that this step should be put into the documentation at since it is tripping up a lot of new users. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From b-nordquist at bethel.edu Wed Feb 2 18:13:42 2005 From: b-nordquist at bethel.edu (Brent J. Nordquist) Date: Wed, 2 Feb 2005 12:13:42 -0600 Subject: libxml/libxml2 (was Re: Round-up, 2005-01-28) In-Reply-To: <20050128000821.GA19575@home.thedom.org> References: <20050128000821.GA19575@home.thedom.org> Message-ID: <20050202181340.GP2774@bethel.edu> On Fri, Jan 28, 2005 at 12:08:21AM +0000, Dominic Hargreaves wrote: > libxml2 - https://bugzilla.fedora.us/show_bug.cgi?id=2207 > Needs PUBLISH [rh73,rh9,fc1] In December Pekka found some differences in the patches used by the various vendors and packagers: https://bugzilla.fedora.us/show_bug.cgi?id=2207#c12 Is a definite conclusion going to be reached? I will commit the time to test libxml/libxml2 with RHL 7.3 and 9 toward a +PUBLISH if the consensus is they have stopped moving... just thought I'd ask first if they are likely to change again. -- Brent J. Nordquist N0BJN Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html From dom at earth.li Thu Feb 3 14:59:37 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 14:59:37 +0000 Subject: Fedora Legacy Test Update Notification: XFree86 Message-ID: <20050203145937.GA6696@home.thedom.org> - -------------- next part -------------- -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dom at earth.li Thu Feb 3 15:01:08 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 15:01:08 +0000 Subject: Fedora Legacy Test Update Notification: XFree86 In-Reply-To: <20050203145937.GA6696@home.thedom.org> References: <20050203145937.GA6696@home.thedom.org> Message-ID: <20050203150108.GO987@tirian.magd.ox.ac.uk> On Thu, Feb 03, 2005 at 02:59:37PM +0000, Dominic Hargreaves wrote: [junk] Sorry about that. I'm not with it today. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From dom at earth.li Thu Feb 3 15:54:43 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 15:54:43 +0000 Subject: Fedora Legacy Test Update Notification: XFree86 Message-ID: <20050203155442.GA7038@home.thedom.org> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2004-2314 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2314 2005-02-03 --------------------------------------------------------------------- Name : XFree86 7.3 Version : XFree86-4.2.1-16.73.30.legacy 9 Version : XFree86-4.3.0-2.90.60.legacy fc1 Version : XFree86-4.3.0-59.legacy Summary : The basic fonts, programs and docs for an X workstation. Description : XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. --------------------------------------------------------------------- Update Information: iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues. Additionally David Dawes discovered additional flaws in reading font files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0106 to these issues. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0692 to these issues. Users of XFree86 should upgrade to this updated package, which contains backported patches and is not vulnerable to this issue. --------------------------------------------------------------------- 7.3 changelog: * Tue Nov 30 2004 Rob Myers 4.2.1-16.73.30.legacy - apply fix for previous patch * Tue Nov 30 2004 Rob Myers 4.2.1-16.73.29.legacy - apply patch for CAN-2004-0914 (FL #2314) * Sat Oct 02 2004 Dominic Hargreaves 4.2.1-28 - Fix for CAN-2004-0687/8 libXpm stack and integer overflows. * Tue Sep 28 2004 Dominic Hargreaves 4.2.1-27 - Fixed permissions of a few source files - Added gcc-c++ BuildRequires * Fri May 14 2004 John P. Dalbec 4.2.1-26 - Disabled parallel building (not fixable?). * Wed May 12 2004 John P. Dalbec 4.2.1-25 - Fixed parallel building (reversed order of two lines in Makefile patches). - Added conditional BuildRequires for Glide3-devel. - Commented out rpm -q test for Glide3-devel. * Tue Feb 24 2004 John P. Dalbec 4.2.1-24 - [SECURITY] XFree86-4.2.1-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2-430-backport.patch added containing fixes for libXfont buffer overflow issues CAN-2004-0083, CAN-2004-0084, and CAN-2004-0106 (copied from RH 9 SRPM). - Added missing BuildRequires for libtool - Converted all BuildPrereq to BuildRequires 9 changelog: * Tue Nov 30 2004 Rob Myers 4.3.0-2.x.60.legacy - apply fix for previous patch * Tue Nov 30 2004 Rob Myers 4.3.0-2.x.59.legacy - apply patch for CAN-2004-0914 (FL #2314) * Sat Oct 02 2004 Dominic Hargreaves 4.3.0-2.x.58.legacy - Fix for CAN-2004-0687/8 libXpm stack and integer overflows. * Tue Sep 28 2004 Dominic Hargreaves 4.3.0-2.x.57.legacy - Add BuildRequires on gcc-c++ * Tue Jul 06 2004 J.S.Peatfield 4.3.0-2.x.56.legac - fix CAN-2004-0419 - XDM in XFree86 socket open vulnerability with patch based on one from http://bugs.xfree86.org/show_bug.cgi?id=1376 fc1 changelog: * Tue Nov 30 2004 Rob Myers 4.3.0.59.legacy - apply fix for previous patch * Tue Nov 30 2004 Rob Myers 4.3.0.58.legacy - apply patch for CAN-2004-0914 (FL #2314) * Tue Nov 09 2004 Dominic Hargreaves 4.3.0.57.legacy - Add m4 BuildRequires * Sat Oct 02 2004 Dominic Hargreaves 4.3.0-56.legacy - Fix for CAN-2004-0419 - XDM in XFree86 socket open vulnerability - Fix for CAN-2004-0687/8 libXpm stack and integer overflows. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 2c38279e15e8510c85400780da3ee41b57b81ffa redhat/7.3/updates-testing/SRPMS/XFree86-4.2.1-16.73.30.legacy.src.rpm dc1ac97e2f0077915a4f3d56dd32d14c0429faa6 redhat/7.3/updates-testing/i386/XFree86-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm df4fac2134c20410c7df415c7ced94ccc08cf36b redhat/7.3/updates-testing/i386/XFree86-4.2.1-16.73.30.legacy.i386.rpm c6e3b08145f73a85be39e301ac2df2015c37a036 redhat/7.3/updates-testing/i386/XFree86-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm f0bec0c03de0c977be1d5b4e34b09dd348f34c14 redhat/7.3/updates-testing/i386/XFree86-base-fonts-4.2.1-16.73.30.legacy.i386.rpm 794fb0cf67a1b1ef84d247fc90a0138e70d85c4f redhat/7.3/updates-testing/i386/XFree86-cyrillic-fonts-4.2.1-16.73.30.legacy.i386.rpm ac82944f56aba63f6d64068ddc5a6bd4e55fae94 redhat/7.3/updates-testing/i386/XFree86-devel-4.2.1-16.73.30.legacy.i386.rpm a3b4043417d7069f095471daf2f72153f9a31ea4 redhat/7.3/updates-testing/i386/XFree86-doc-4.2.1-16.73.30.legacy.i386.rpm 1c28ae585d90ad3bd73e4cb6eff32035d54dbec9 redhat/7.3/updates-testing/i386/XFree86-font-utils-4.2.1-16.73.30.legacy.i386.rpm ab51270528cb8970f19d21c35de093840c9eacc4 redhat/7.3/updates-testing/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm d06490ffd58c498b6c3392a02e2f1f52368c1699 redhat/7.3/updates-testing/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm 81c5bb28ee0493c53dbee38f8312f73279481e49 redhat/7.3/updates-testing/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm 8a9d4c1ea6f3dddd0787009015e3bf66d194beb3 redhat/7.3/updates-testing/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm b65333c64e90524b437c1c5ffe0a1eded2deab9d redhat/7.3/updates-testing/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm 5f0cbdd132954a813d2e4b187d37f9e4e4613a32 redhat/7.3/updates-testing/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.30.legacy.i386.rpm d4ee4c7adf9e6a6f533a09cabfcfe9b6f11f8628 redhat/7.3/updates-testing/i386/XFree86-libs-4.2.1-16.73.30.legacy.i386.rpm af869d4a76601d739a90c05cac61f2112ad753e5 redhat/7.3/updates-testing/i386/XFree86-tools-4.2.1-16.73.30.legacy.i386.rpm 629b596d824fb31558eef1eef05dd6b63ce2a15b redhat/7.3/updates-testing/i386/XFree86-truetype-fonts-4.2.1-16.73.30.legacy.i386.rpm fe63ec2dd3f402ee2e9f05417969c58f276e3d8a redhat/7.3/updates-testing/i386/XFree86-twm-4.2.1-16.73.30.legacy.i386.rpm 95ef4f17e9e282b48979c3b491447738679b5b3e redhat/7.3/updates-testing/i386/XFree86-xdm-4.2.1-16.73.30.legacy.i386.rpm a52fa2bebe3f9aa2fa37409ddf4aa57b01abd435 redhat/7.3/updates-testing/i386/XFree86-xf86cfg-4.2.1-16.73.30.legacy.i386.rpm 7bc973b06812281b3c102a9721cd824747b8b8a8 redhat/7.3/updates-testing/i386/XFree86-xfs-4.2.1-16.73.30.legacy.i386.rpm 18d0442ed2d6a31eaf870c6ab7d727b2f6696351 redhat/7.3/updates-testing/i386/XFree86-Xnest-4.2.1-16.73.30.legacy.i386.rpm 77215ad43ad1b77f6f1527af7d642ad6c5dc40ce redhat/7.3/updates-testing/i386/XFree86-Xvfb-4.2.1-16.73.30.legacy.i386.rpm ff7072e0b55decdd13453ce3532588c32597de61 redhat/9/updates-testing/SRPMS/XFree86-4.3.0-2.90.60.legacy.src.rpm ed4d03ede26a89422825ad18ce6e14a7831927eb redhat/9/updates-testing/i386/XFree86-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm f4f99ff79a7d1eeca726cb61a536c5884bbdadac redhat/9/updates-testing/i386/XFree86-4.3.0-2.90.60.legacy.i386.rpm dc9b89287ea04b5acafac200f8c8483cbdb74cce redhat/9/updates-testing/i386/XFree86-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm f8210a9eb148259a1d402dfdd7f58075dfd022a6 redhat/9/updates-testing/i386/XFree86-base-fonts-4.3.0-2.90.60.legacy.i386.rpm caad110605ae0aaa91f93cd79d9bea5d3ae73431 redhat/9/updates-testing/i386/XFree86-cyrillic-fonts-4.3.0-2.90.60.legacy.i386.rpm 6502feec18a9e2f325551f90c8a2a3e260f1915a redhat/9/updates-testing/i386/XFree86-devel-4.3.0-2.90.60.legacy.i386.rpm b9c797cc7202aa43c824474713b1fee447039b1f redhat/9/updates-testing/i386/XFree86-doc-4.3.0-2.90.60.legacy.i386.rpm b4efa8b07bfc3c5a4441b89acd02266c1618d138 redhat/9/updates-testing/i386/XFree86-font-utils-4.3.0-2.90.60.legacy.i386.rpm db7c826e976913123caae9bc20303655c758a047 redhat/9/updates-testing/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm 23f5c9db2e532aabdc6f47f629458d69da92d303 redhat/9/updates-testing/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm 14d720d254b1f26633ebee78b76273f38b8ee46b redhat/9/updates-testing/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm dffce9814a821f9d4b4703bfb98e5aa04ef221bc redhat/9/updates-testing/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm 70b0606839ef7c14eff38851e2fab6a7896992dc redhat/9/updates-testing/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm 01fa202f3915e2d6a123f150e367feff82d42d1f redhat/9/updates-testing/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm e640fe73f9f6769d38d59fa01bdce78e2ef71bdd redhat/9/updates-testing/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm f253cb5b83610f7168762978335beef8b45a3f59 redhat/9/updates-testing/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.60.legacy.i386.rpm 694f32b8c7a4be52008de92f41347e3af51ee9e7 redhat/9/updates-testing/i386/XFree86-libs-4.3.0-2.90.60.legacy.i386.rpm 95f6355f42e885ff21d87788975c28adbc2b75e9 redhat/9/updates-testing/i386/XFree86-libs-data-4.3.0-2.90.60.legacy.i386.rpm 1b88a4c736fd2aa5409d4ee23ad626aa95c9c816 redhat/9/updates-testing/i386/XFree86-Mesa-libGL-4.3.0-2.90.60.legacy.i386.rpm 18d4247c77182cd7cd569b949a5483a968043723 redhat/9/updates-testing/i386/XFree86-Mesa-libGLU-4.3.0-2.90.60.legacy.i386.rpm 3335a0096695baa109f35c64c9ead7a3072fc28c redhat/9/updates-testing/i386/XFree86-sdk-4.3.0-2.90.60.legacy.i386.rpm d069175adc265f31b0ff48ea78cdd59203146ab9 redhat/9/updates-testing/i386/XFree86-syriac-fonts-4.3.0-2.90.60.legacy.i386.rpm 0a6ae9b0f3b640ce528ef153e33536c6ba4b9d2f redhat/9/updates-testing/i386/XFree86-tools-4.3.0-2.90.60.legacy.i386.rpm b78bfd843f2c6a9cb31957ad6ab2dbf6c4d25632 redhat/9/updates-testing/i386/XFree86-truetype-fonts-4.3.0-2.90.60.legacy.i386.rpm f72ff04509739828871044b8e246bbb98cb26500 redhat/9/updates-testing/i386/XFree86-twm-4.3.0-2.90.60.legacy.i386.rpm b1043925fffe7bd714d025372242778a6f03e7ed redhat/9/updates-testing/i386/XFree86-xauth-4.3.0-2.90.60.legacy.i386.rpm 3ed9fb9f0de675fe92b671e1d0432bda531daa41 redhat/9/updates-testing/i386/XFree86-xdm-4.3.0-2.90.60.legacy.i386.rpm 6aff7d5ff0e5f5e22c471c9113bffa25fd6b5478 redhat/9/updates-testing/i386/XFree86-xfs-4.3.0-2.90.60.legacy.i386.rpm 42f8c36e72ae33cdc98b4a2e78771fa3f121351c redhat/9/updates-testing/i386/XFree86-Xnest-4.3.0-2.90.60.legacy.i386.rpm 67c6176f5d673238b58ae3f79d446ab0da258607 redhat/9/updates-testing/i386/XFree86-Xvfb-4.3.0-2.90.60.legacy.i386.rpm f506c7f1286ed9d252840d56e5bfd3e10323f260 fedora/1/updates-testing/SRPMS/XFree86-4.3.0-59.legacy.src.rpm 41dc2c5e92530ee276092e7a6ef0711242a6d802 fedora/1/updates-testing/i386/XFree86-100dpi-fonts-4.3.0-59.legacy.i386.rpm e0e6865d27c7ef62fff9cae59adc0d241901435f fedora/1/updates-testing/i386/XFree86-4.3.0-59.legacy.i386.rpm 21e69dd9ba1e1561b2d13be7d992975dca4326e0 fedora/1/updates-testing/i386/XFree86-75dpi-fonts-4.3.0-59.legacy.i386.rpm 19089ae7b10a16531a050f26e924ff7afd6cab84 fedora/1/updates-testing/i386/XFree86-base-fonts-4.3.0-59.legacy.i386.rpm 5ef293ae847c995d39f41c57821739e3cc3bb74b fedora/1/updates-testing/i386/XFree86-cyrillic-fonts-4.3.0-59.legacy.i386.rpm 97bd48f5887c5b8c2a5a6739e0a931af4f99e6af fedora/1/updates-testing/i386/XFree86-devel-4.3.0-59.legacy.i386.rpm 8d254544eed188d5c2fbc5fa303dceda6886d3cb fedora/1/updates-testing/i386/XFree86-doc-4.3.0-59.legacy.i386.rpm 2c1974d8dc69f98957358724c72d36c2d74eb0b7 fedora/1/updates-testing/i386/XFree86-font-utils-4.3.0-59.legacy.i386.rpm b43e195b60add11ebed29c840655986aefae4bdb fedora/1/updates-testing/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-59.legacy.i386.rpm 93d3b1c7f1ccb4774b2db353dd031767c3389c58 fedora/1/updates-testing/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-59.legacy.i386.rpm 8a3b08dfea526be7655f7f3f2bfe0935167ca326 fedora/1/updates-testing/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-59.legacy.i386.rpm 50c0018cd62b5a09c0becc2c7fb125cb11aaed86 fedora/1/updates-testing/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-59.legacy.i386.rpm 50691dd23bd82ac66f894561d52ae4f30d9e6be4 fedora/1/updates-testing/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-59.legacy.i386.rpm f1e8391db079f6479c47b31f02d283eb64e1b372 fedora/1/updates-testing/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-59.legacy.i386.rpm b4f1a8aaab2168d801239de9ec4631b5f5f952c5 fedora/1/updates-testing/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-59.legacy.i386.rpm c90c9f1086ade943c819159e1e9c4da609ee20bc fedora/1/updates-testing/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-59.legacy.i386.rpm 6969c834e092c7f17d736ae4ab7d13020446b088 fedora/1/updates-testing/i386/XFree86-libs-4.3.0-59.legacy.i386.rpm 40401fae64837023cf5ad321914ed35b0569e1fb fedora/1/updates-testing/i386/XFree86-libs-data-4.3.0-59.legacy.i386.rpm c77ae20f5e95c2013ab5b79c747c50a1aeb2ff9f fedora/1/updates-testing/i386/XFree86-Mesa-libGL-4.3.0-59.legacy.i386.rpm 6acb61f2ccb56125b8bb6b0bbb33aca393b41bfa fedora/1/updates-testing/i386/XFree86-Mesa-libGLU-4.3.0-59.legacy.i386.rpm b5ed6846d3c5267890f75bb2967719a77251077b fedora/1/updates-testing/i386/XFree86-sdk-4.3.0-59.legacy.i386.rpm a2593f5ad70cf863bc1a50065d4cf959c396b290 fedora/1/updates-testing/i386/XFree86-syriac-fonts-4.3.0-59.legacy.i386.rpm 77ef806dd3a962e13300cfaafc5761cd453e42fd fedora/1/updates-testing/i386/XFree86-tools-4.3.0-59.legacy.i386.rpm 004636b99489d8d9d0da9a89d112fbca85b51e7b fedora/1/updates-testing/i386/XFree86-truetype-fonts-4.3.0-59.legacy.i386.rpm 61442fea052c2c9bb4cd52b836f83be39dd51645 fedora/1/updates-testing/i386/XFree86-twm-4.3.0-59.legacy.i386.rpm adee8168ca51a34a7f33a1af4e51ad2409a244fb fedora/1/updates-testing/i386/XFree86-xauth-4.3.0-59.legacy.i386.rpm 60bc51efdcfa0e4062404ba4e7083e9927f16e33 fedora/1/updates-testing/i386/XFree86-xdm-4.3.0-59.legacy.i386.rpm ffbeaab8ac66e40cac0eeac685a8567bda43517b fedora/1/updates-testing/i386/XFree86-xfs-4.3.0-59.legacy.i386.rpm 23b0cdbf749a8eadb3dce701ab4bfd57e65777fe fedora/1/updates-testing/i386/XFree86-Xnest-4.3.0-59.legacy.i386.rpm 7ee79dd5f9a1efd0d2881c0d426951b9c9eac44f fedora/1/updates-testing/i386/XFree86-Xvfb-4.3.0-59.legacy.i386.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dom at earth.li Thu Feb 3 21:26:57 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 21:26:57 +0000 Subject: Fedora Legacy Test Update Notification: libpng In-Reply-To: <41C4828A.3040306@videotron.ca> References: <41C4828A.3040306@videotron.ca> Message-ID: <20050203212656.GA8893@home.thedom.org> On Sat, Dec 18, 2004 at 02:18:34PM -0500, Marc Deslauriers wrote: > Name : libpng > 9 Versions : libpng-1.2.2-20.2.legacy, libpng10-1.0.15-0.9.1.legacy An updated version for rh9, libpng-1.2.2-20.3.legacy is available for testing. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) be705f7823d379c5c99f88f4b2c2364e333379cb redhat/9/updates-testing/SRPMS/libpng-1.2.2-20.3.legacy.src.rpm 7cd0d3d36280449e6cb0fe1b4478d14701ec11c5 redhat/9/updates-testing/i386/libpng-1.2.2-20.3.legacy.i386.rpm 36ddbdaac4cc3ec1f9e23521a0ad1029714a80a2 redhat/9/updates-testing/i386/libpng-devel-1.2.2-20.3.legacy.i386.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dom at earth.li Thu Feb 3 23:29:24 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 23:29:24 +0000 Subject: Fedora Legacy Test Update Notification: redhat-config-nfs Message-ID: <20050203232924.GA9400@home.thedom.org> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2086 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2086 2005-02-03 --------------------------------------------------------------------- Name : redhat-config-nfs 9 Version : redhat-config-nfs-1.0.13-5.legacy fc1 Version : redhat-config-nfs-1.1.3-2.legacy Summary : NFS server configuration tool Description : redhat-config-nfs is a graphical user interface for creating, modifying, and deleting nfs shares. --------------------------------------------------------------------- Update Information: John Buswell discovered a flaw in redhat-config-nfs that could lead to incorrect permissions on exported shares when exporting to multiple hosts. This could cause an option such as "all_squash" to not be applied to all of the listed hosts. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0750 to this issue. Additionally, a bug was found that prevented redhat-config-nfs from being run if hosts didn't have options set in /etc/exports. --------------------------------------------------------------------- 9 changelog: * Thu Sep 23 2004 Marc Deslauriers 1.0.13-5.legac y - rebuilt as Fedora Legacy security update to fix CAN-2004-0750 - revert desktop file to rh9 format * Thu Sep 16 2004 Nils Philippsen 1.0.13-5 - close properties dialog when clicking OK button - handle /etc/exports missing gracefully * Sat Aug 14 2004 Nils Philippsen 1.0.13-4 - fix incorrect syntax for multiple hosts with a single mount point (#107997, patch by Shannon Mitchell) - don't barf on optionless hosts - readonly is default * Mon Sep 15 2003 Brent Fox 1.0.13-1 - add Requires for rhpl (bug #104214) * Wed Sep 10 2003 Brent Fox 1.0.12-1 - rebuild for latest docs * Wed Sep 03 2003 Brent Fox 1.0.11-2 - bump relnum and rebuild * Wed Sep 03 2003 Brent Fox 1.0.11-1 - fix backend to handle multiple hosts on one line (bug #74311) * Thu Aug 14 2003 Brent Fox 1.0.10-1 - tag on every build * Wed Aug 13 2003 Brent Fox 1.0.9-1 - add BuildRequires for gettext * Wed Aug 13 2003 Brent Fox 1.0.8-1 - remove BuildRequires on python-tools * Tue Jul 01 2003 Brent Fox 1.0.7-2 - bump and rebuild * Tue Jul 01 2003 Brent Fox 1.0.7-1 - truncate menu entries (bug #98023) fc1 Changelog: * Thu Sep 23 2004 Marc Deslauriers 1.1.3-2.legacy - close properties dialog when clicking OK button - handle /etc/exports missing gracefully - fix incorrect syntax for multiple hosts with a single mount point CAN-2004-0750 (patch by Shannon Mitchell) - don't barf on optionless hosts - readonly is default --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 01d7abcb9ffd3d0ba76c7ad910fb53d3a54733f0 redhat/9/updates-testing/SRPMS/redhat-config-nfs-1.0.13-5.legacy.src.rpm 0935165a66653b8c546713178b975e55119717fe redhat/9/updates-testing/i386/redhat-config-nfs-1.0.13-5.legacy.noarch.rpm 841f2e06ac7f478c4b84ec18df51133ddda93000 fedora/1/updates-testing/SRPMS/redhat-config-nfs-1.1.3-2.legacy.src.rpm 74af9de2970b1c8539bc5a5ca5dcc5fd59ed8d79 fedora/1/updates-testing/i386/redhat-config-nfs-1.1.3-2.legacy.noarch.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dom at earth.li Thu Feb 3 23:29:33 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 23:29:33 +0000 Subject: Fedora Legacy Test Update Notification: cyrus-sasl Message-ID: <20050203232933.GB9400@home.thedom.org> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2137 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2137 2005-02-03 --------------------------------------------------------------------- Name : cyrus-sasl 7.3 Version : cyrus-sasl-1.5.24-25.2.legacy 9 Version : cyrus-sasl-2.1.10-4.2.legacy fc1 Version : cyrus-sasl-2.1.15-6.2.legacy Summary : The Cyrus SASL library. Description : The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. --------------------------------------------------------------------- Update Information: At application startup, libsasl and libsasl2 attempts to build a list of all available SASL plug-ins which are available on the system. To do so, the libraries search for and attempt to load every shared library found within the plug-in directory. This location can be set with the SASL_PATH environment variable. In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0884 to this issue. --------------------------------------------------------------------- 7.3 changelog: * Wed Oct 13 2004 Marc Deslauriers 1.5.24-25.2.le gacy - Added better patch for SASL_PATH vulnerability (CAN-2004-0884) * Tue Oct 05 2004 Marc Deslauriers 1.5.24-25.1.le gacy - Added security patch for SASL_PATH vulnerability 9 changelog: * Wed Oct 13 2004 Marc Deslauriers 2.1.10-4.2.leg acy - Added better patches for SASL_PATH vulnerability (CAN-2004-0884) * Tue Oct 05 2004 Marc Deslauriers 2.1.10-4.1.leg acy - Added security patches for SASL_PATH vulnerability fc1 changlog: * Wed Oct 13 2004 Marc Deslauriers 2.1.15-6.2.leg acy - Added better patches for SASL_PATH vulnerability (CAN-2004-0884) * Tue Oct 05 2004 Marc Deslauriers 2.1.15-6.1.leg acy - Added security patches for SASL_PATH vulnerability --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) b1a8f0ec581a4241ad5426c66610fbd333d43cd6 redhat/7.3/updates-testing/SRPMS/cyrus-sasl-1.5.24-25.2.legacy.src.rpm b4667fa03cb7395b7e0535fcdb74de78f4ee1a90 redhat/7.3/updates-testing/i386/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm a5df6f8feca3944d60e10ec94264229d157b5ad6 redhat/7.3/updates-testing/i386/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm bc1e6e9cae9e1065a90327c752558c1f891f91a7 redhat/7.3/updates-testing/i386/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm 61d28e3fbab415d6b37ac759bb154a54d94995c1 redhat/7.3/updates-testing/i386/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm 6c8b1eae837a084f29fd572e781acc38e54c5201 redhat/7.3/updates-testing/i386/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm d7fdf0513e1b05543801354137b27660c7c1df9b redhat/9/updates-testing/SRPMS/cyrus-sasl-2.1.10-4.2.legacy.src.rpm 99dae02364cc6ba8e26ef4b080e555d85647f9e2 redhat/9/updates-testing/i386/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm a6d19e7fbfb6ea5ef16b37a98cf03bbde7467059 redhat/9/updates-testing/i386/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm e1021e337cf247eb42d795f37e786783567ac39b redhat/9/updates-testing/i386/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm df7f3f58cf8967b22b7c599e9d7cdbc151b7ee51 redhat/9/updates-testing/i386/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm c8851e0319d7cdb337d9ce34fe0c099383770473 redhat/9/updates-testing/i386/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm 67070836cf1f9ab742789e2d1787d9b5d18cb5c1 fedora/1/updates-testing/SRPMS/cyrus-sasl-2.1.15-6.2.legacy.src.rpm ef9d0ad17d1f5e8b9fa1f054a3ee5686d6886eec fedora/1/updates-testing/i386/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm d698f0da0e60a574052aa3c9780599f3a16c1af1 fedora/1/updates-testing/i386/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm 40e3c0bd3a66bea24a255a9cc923c975d4848e65 fedora/1/updates-testing/i386/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm 2d19e1de5a5f36574af71bf0eb1087f1322b03de fedora/1/updates-testing/i386/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm a13820031b39c60ff44c32f3fb265f1b6101fa05 fedora/1/updates-testing/i386/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dom at earth.li Thu Feb 3 23:43:24 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 23:43:24 +0000 Subject: FOSDEM? Message-ID: <20050203234324.GR987@tirian.magd.ox.ac.uk> Hi, Is anyone else going to FOSDEM[1]? It'd be good to meet up with other FL people, if so. Cheers, [1] http://www.fosdem.org/ -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From dom at earth.li Thu Feb 3 23:46:03 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 23:46:03 +0000 Subject: LWN article about us Message-ID: <20050203234603.GS987@tirian.magd.ox.ac.uk> An article about us was posted a couple of weeks ago that I didn't see before: http://lwn.net/Articles/119892/ "Whither Fedora Legacy". Cheers, -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From dom at earth.li Thu Feb 3 23:51:15 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 23:51:15 +0000 Subject: Donate? In-Reply-To: <41EFB8E2.2070407@rptec.ch> References: <41EFB8E2.2070407@rptec.ch> Message-ID: <20050203235115.GT987@tirian.magd.ox.ac.uk> On Thu, Jan 20, 2005 at 02:57:54PM +0100, Jean-Eric Cuendet wrote: > I read an article in LWN about Fedora Legacy lacking resources and funds. > I would like to donate money to Fedora Legacy. How to proceed? > Thanks for your ground, hard work! Hi, By far the most pressing issue at the moment is manpower to test and prepare updates. I'm not sure whether the project can usefully accept monetary contributions at the moment (is there any point in sponsoring small amounts of developer time, and if so setting up some way of collecting and distributing funds so that this can happen?) -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From dom at earth.li Thu Feb 3 23:58:07 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 3 Feb 2005 23:58:07 +0000 Subject: LWN article about us In-Reply-To: <20050203234603.GS987@tirian.magd.ox.ac.uk> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> Message-ID: <20050203235807.GV987@tirian.magd.ox.ac.uk> On Thu, Feb 03, 2005 at 11:46:03PM +0000, Dominic Hargreaves wrote: > An article about us was posted a couple of weeks ago that I didn't see > before: http://lwn.net/Articles/119892/ One issue raised here is whether we should be dropping support for 7.3 by now. Documentated end of support for 7.3 according to is the middle of this year (ie 1.5 years after Red Hat EOL). I would say that we should drop it no later than the introduction of FC2 support in March, though, because three distros is already fairly unmanagable. I'd be happy to drop it earlier, though. Thoughts? -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From sebenste at weather.admin.niu.edu Fri Feb 4 00:02:26 2005 From: sebenste at weather.admin.niu.edu (Gilbert Sebenste) Date: Thu, 3 Feb 2005 18:02:26 -0600 (CST) Subject: LWN article about us In-Reply-To: <20050203235807.GV987@tirian.magd.ox.ac.uk> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: On Thu, 3 Feb 2005, Dominic Hargreaves wrote: > (ie 1.5 years after Red Hat EOL). I would say that we should drop it no > later than the introduction of FC2 support in March, though, because > three distros is already fairly unmanagable. I'd be happy to drop it > earlier, though. I agree. Given very limited resources right now, everyone should be at RH 9 or later. And since every 6 months you're going to have a new OS to do patches on, the EOL's are probably going to have to be reduced unless additional funding/programmers are brought on. ******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** Staff Meteorologist, Northern Illinois University **** E-mail: sebenste at weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** Work phone: 815-753-5492 * ******************************************************************************* From mic at npgx.com.au Fri Feb 4 00:23:59 2005 From: mic at npgx.com.au (Michael Mansour) Date: Fri, 4 Feb 2005 10:23:59 +1000 Subject: LWN article about us In-Reply-To: <20050203235807.GV987@tirian.magd.ox.ac.uk> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <20050204001420.M54777@npgx.com.au> Hi Dominic, > On Thu, Feb 03, 2005 at 11:46:03PM +0000, Dominic Hargreaves wrote: > > An article about us was posted a couple of weeks ago that I didn't see > > before: http://lwn.net/Articles/119892/ > > One issue raised here is whether we should be dropping support for > 7.3 by now. Documentated end of support for 7.3 according to > is the middle of this year > (ie 1.5 years after Red Hat EOL). I would say that we should drop it > no later than the introduction of FC2 support in March, though, because > three distros is already fairly unmanagable. I'd be happy to drop it > earlier, though. > > Thoughts? The oldest machines I have running are FC1 machines, and I'm only a month away from either upgrading (to FC3) or side-stepping (to another dist) those machines. Just for my 2c, dropping support for 7.3 and 9 won't affect me. If it will affect others, they really should speak up :) Michael. From rob.myers at gtri.gatech.edu Fri Feb 4 00:46:18 2005 From: rob.myers at gtri.gatech.edu (Rob Myers) Date: Thu, 03 Feb 2005 19:46:18 -0500 Subject: LWN article about us In-Reply-To: References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <1107477978.9226.493.camel@rXm-581b.stl.gtri.gatech.edu> On Thu, 2005-02-03 at 19:02, Gilbert Sebenste wrote: > On Thu, 3 Feb 2005, Dominic Hargreaves wrote: > > > (ie 1.5 years after Red Hat EOL). I would say that we should drop it no > > later than the introduction of FC2 support in March, though, because > > three distros is already fairly unmanagable. I'd be happy to drop it > > earlier, though. > > I agree. Given very limited resources right now, everyone should be at RH > 9 or later. And since every 6 months you're going to have a new OS to do > patches on, the EOL's are probably going to have to be reduced unless > additional funding/programmers are brought on. if there are people willing to do 7.3 patches i don't see the need to drop it. if people are willing to actively support any EOL'd RedHat release they should be able to do that via Fedora Legacy. the important point is that versions that do not have as much interest should not slow down updates for versions that have more interest. in other words, i think we should have a process that says we release updates for versions as they make it through QA- rather than queuing updates until all versions are ready. this would make it easy to judge what versions people are interested in. also, this would eliminate the problem of setting an EOL date. also, too much time is spent getting BuildRequires correct for mach. getting upstream FC-4+ packages to have the correct BuildRequires would dramatically cut the time required for many updates. does mach support x86_64, ppc, and more? if not we will have to rethink our buildsystem for the future. perhaps we can get more mileage out of our limited resources if we streamline our build process. i'd like to see legacy cvs trees, perhaps even on cvs.fedora.redhat.com. does anyone already have scripts that can take an srpm and make the appropriate modifications, adds, deletes and commits to the cvs repository? sorry for rambling. rob. From steve at math.upatras.gr Fri Feb 4 01:01:57 2005 From: steve at math.upatras.gr (Steve Stavropoulos) Date: Fri, 4 Feb 2005 03:01:57 +0200 (EET) Subject: LWN article about us In-Reply-To: <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: On Thu, 3 Feb 2005, Dominic Hargreaves wrote: > One issue raised here is whether we should be dropping support for 7.3 > by now. Documentated end of support for 7.3 according to > is the middle of this year > (ie 1.5 years after Red Hat EOL). I would say that we should drop it no > later than the introduction of FC2 support in March, though, because > three distros is already fairly unmanagable. I'd be happy to drop it > earlier, though. RedHat 7.3 is the only "real" server distro fedoralegacy currently supports. All others are meant to be more desktop machines than 7.3. I'd say to drop fedora 1 if things are tight in resources. You don't really need so much time to upgrade your personal desktop and if you have fedora 1 as a server then you must _really_ know what you 're doing and you should be alright left alone :> Of course it all depends on what the people that actually do work for fedora legacy use. Are there any delays on getting packages ready for 7.3? Is rh 7.3 slowing things down? From mgerber at leitwerk.de Fri Feb 4 01:04:36 2005 From: mgerber at leitwerk.de (Mike Gerber) Date: Fri, 4 Feb 2005 02:04:36 +0100 Subject: LWN article about us In-Reply-To: References: <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <20050204010435.GA16473@nin.lan.rwsr-xr-x.de> Hi, > RedHat 7.3 is the only "real" server distro fedoralegacy currently > supports. All others are meant to be more desktop machines than 7.3. And we would actually do some more work on RHL 7.3 if that is what is needed. -- ------------------------------------------------------------------ Mike Gerber Management Internet/Security Development LEITWERK GmbH http://www.leitwerk.de Im Ettenbach 13a Fon: +49 7805 918 0 77767 Appenweier Fax: +49 7805 918 200 ------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From norm at turing.une.edu.au Fri Feb 4 01:19:00 2005 From: norm at turing.une.edu.au (Norman Gaywood) Date: Fri, 4 Feb 2005 12:19:00 +1100 Subject: LWN article about us In-Reply-To: References: <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <20050204011900.GA32684@turing.une.edu.au> On Fri, Feb 04, 2005 at 03:01:57AM +0200, Steve Stavropoulos wrote: > RedHat 7.3 is the only "real" server distro fedoralegacy currently > supports. All others are meant to be more desktop machines than 7.3. I'd > say to drop fedora 1 if things are tight in resources. You don't really > need so much time to upgrade your personal desktop and if you have fedora > 1 as a server then you must _really_ know what you 're doing and you > should be alright left alone :> FC1 is a great server distro. I'm using it many places. I would have thought you needed more know-how to stay with 7.3. I really value and appreciate the efforts of fedora-legacy to keep FC1 secure. It will be at least another year for me before I can drop FC1 and move on to 2.6 kernels. -- Norman Gaywood, Systems Administrator School of Mathematics, Statistics and Computer Science University of New England, Armidale, NSW 2351, Australia norm at turing.une.edu.au Phone: +61 (0)2 6773 2412 http://turing.une.edu.au/~norm Fax: +61 (0)2 6773 3312 Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html From info at hostinthebox.net Fri Feb 4 01:33:52 2005 From: info at hostinthebox.net (dan) Date: Thu, 03 Feb 2005 18:33:52 -0700 Subject: LWN article about us In-Reply-To: References: Message-ID: <4202D100.2050203@hostinthebox.net> Steve Stavropoulos wrote: > On Thu, 3 Feb 2005, Dominic Hargreaves wrote: > > >>One issue raised here is whether we should be dropping support for 7.3 >>by now. Documentated end of support for 7.3 according to >> is the middle of this year >>(ie 1.5 years after Red Hat EOL). I would say that we should drop it no >>later than the introduction of FC2 support in March, though, because >>three distros is already fairly unmanagable. I'd be happy to drop it >>earlier, though. > > > RedHat 7.3 is the only "real" server distro fedoralegacy currently > supports. All others are meant to be more desktop machines than 7.3. I'd > say to drop fedora 1 if things are tight in resources. You don't really > need so much time to upgrade your personal desktop and if you have fedora > 1 as a server then you must _really_ know what you 're doing and you > should be alright left alone :> > Of course it all depends on what the people that actually do work for > fedora legacy use. Are there any delays on getting packages ready for 7.3? > Is rh 7.3 slowing things down? > While we're kindof on the subject here - one thing I don't really recall ever seeing is upgreade guides for mammoth overhauls, from say RH7.3 to FC1 - if that's even possible. As much as we (I say "we" as part of the Legacy group, unfortunately not so much as a contributor :( ) would like to part ways with some of the very old distros and the ones that are 1.5 yrs past RH's official EOL, we will encounter uproar and outcry and, well, just a bunch of really angry people. I think that the introduction of documents that detail and describe these overhauls and/or procedures would benefit our move to progress with expiring older distros, and help with us EOL'ing the EOL's. Since I know very little about actually creating packages as most of you other guys know in and out, but rather having a fairly decent knowledge of the inner-workings of the Linux system, I would be more than happy to contribute to such guides and documents. I will be attempting this shortly from FC1 to FC2, which I plan to document in detail, as to hopefully help others who may be wanting to do the same thing. I realize that a clean install is much preferred over an upgrade, but in some cases it's absolutely necessary - which also explains why the Legacy project has so many people interested. Because sometimes you just can't re-install. Thoughts? Thanks -dant From lists at benjamindsmith.com Fri Feb 4 01:43:18 2005 From: lists at benjamindsmith.com (Benjamin Smith) Date: Thu, 3 Feb 2005 17:43:18 -0800 Subject: LWN article about us In-Reply-To: <20050203235807.GV987@tirian.magd.ox.ac.uk> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <200502031743.18523.lists@benjamindsmith.com> I have numerous RedHat 7.2 and 9 servers being supported by Progeny through the end of 2005. My biggest concern is Fedora Core 1 - I have about a dozen servers which all the several un-patched vulnerabilities metioned in the LWN article. I've more or less decided to switch to Whitebox Linux in April (ish) or when WBEL 4.0 comes out, whichever happens sooner. I'd be happy to pay a reasonable monthly fee (Progeny charges $5/mo) if I could be reasonably certain that updates would be timely. At this point, I have no support options for the FC1 systems except for recompiling, which opens up its own can of worms and increases support costs sharply. -Ben On Thursday 03 February 2005 15:58, Dominic Hargreaves wrote: > One issue raised here is whether we should be dropping support for 7.3 > by now. Documentated end of support for 7.3 according to > is the middle of this year > (ie 1.5 years after Red Hat EOL). I would say that we should drop it no > later than the introduction of FC2 support in March, though, because > three distros is already fairly unmanagable. I'd be happy to drop it > earlier, though. -- "The best way to predict the future is to invent it." - XEROX PARC slogan, circa 1978 From Craig.Miskell at agresearch.co.nz Fri Feb 4 01:49:09 2005 From: Craig.Miskell at agresearch.co.nz (Miskell, Craig) Date: Fri, 4 Feb 2005 14:49:09 +1300 Subject: LWN article about us Message-ID: > While we're kindof on the subject here - one thing I don't > really recall > ever seeing is upgreade guides for mammoth overhauls, from > say RH7.3 to > FC1 - if that's even possible. It's possible to go from RH7.3 to FC3. A kickstart file with the "upgrade" option worked a treat here, although the servers were relatively trivial with nothing much non-standard installed. Had a few problems (perl version jumped from 5.6 to 5.8 which messed up some custom libraries) but a recompile and tweak here and there fixed those. So I suppose it wasn't hassle free, but it wasn't more than an hours additional work in my case. I did this on 3 servers, and bumped another 6 from RH8.0 to FC3. Not to say I wasn't apprehensive before doing it, but I was pleasantly surprised afterwards ;-) Craig ======================================================================= Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. ======================================================================= From maillist at jasonlim.com Fri Feb 4 02:40:01 2005 From: maillist at jasonlim.com (Jason Lim) Date: Fri, 4 Feb 2005 10:40:01 +0800 Subject: LWN article about us References: <20050203235807.GV987@tirian.magd.ox.ac.uk> <20050204011900.GA32684@turing.une.edu.au> Message-ID: <123d01c50a62$d376d3e0$0900a8c0@SYSTEM9> Actually, if you're talking about the RedHat Linux distros, the last "stable" one was Redhat Linux 9. All the FC ones are being released way too fast and frequently to be used on a stable server. Lets look at it this way... if you are on a desktop and using Fedora, just keep upgrading to the next release when it comes out. They were made to be frequently upgraded. A bit of upgrade time is acceptable on a desktop/workstation, but it isn't acceptable on a server. FC was never supposed to have a long lifespan for each release. The last version of RedHat Linux that would have been used on servers most commonly is RH9. We still have a lot of RH9 servers running, while 7.x and 8 has been moved to RH9 as well. Anyway, hope that shows support for RH9!!! > On Fri, Feb 04, 2005 at 03:01:57AM +0200, Steve Stavropoulos wrote: > > RedHat 7.3 is the only "real" server distro fedoralegacy currently > > supports. All others are meant to be more desktop machines than 7.3. I'd > > say to drop fedora 1 if things are tight in resources. You don't really > > need so much time to upgrade your personal desktop and if you have fedora > > 1 as a server then you must _really_ know what you 're doing and you > > should be alright left alone :> > > FC1 is a great server distro. I'm using it many places. I would have > thought you needed more know-how to stay with 7.3. > > I really value and appreciate the efforts of fedora-legacy to keep FC1 > secure. It will be at least another year for me before I can drop FC1 > and move on to 2.6 kernels. > > -- > Norman Gaywood, Systems Administrator > School of Mathematics, Statistics and Computer Science > University of New England, Armidale, NSW 2351, Australia > > norm at turing.une.edu.au Phone: +61 (0)2 6773 2412 > http://turing.une.edu.au/~norm Fax: +61 (0)2 6773 3312 > > Please avoid sending me Word or PowerPoint attachments. > See http://www.fsf.org/philosophy/no-word-attachments.html > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > From rostetter at mail.utexas.edu Fri Feb 4 02:59:30 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Thu, 3 Feb 2005 20:59:30 -0600 Subject: LWN article about us In-Reply-To: <20050203235807.GV987@tirian.magd.ox.ac.uk> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <1107485970.04da578999195@mail.ph.utexas.edu> Quoting Dominic Hargreaves : > One issue raised here is whether we should be dropping support for 7.3 > by now. No. > Documentated end of support for 7.3 according to > is the middle of this year > (ie 1.5 years after Red Hat EOL). It says no such thing. It says rather: We are currently supporting Red Hat Linux 7.3 and 9 as these have reached their End-of-Life (EOL). We will provide support for these Red Hat releases for as long as there is community interest. The above has always been the point of FL. > I would say that we should drop it no > later than the introduction of FC2 support in March, though, because > three distros is already fairly unmanagable. I'd be happy to drop it > earlier, though. It would spell the death of FL, both as it was it was designed, and in more practical terms in the amount of support and *trust* the project would get. > Thoughts? You misrepresented the FAQ and the goal of FL. 7.3 should stay as long as the is community support. -- Eric Rostetter From rostetter at mail.utexas.edu Fri Feb 4 03:04:09 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Thu, 3 Feb 2005 21:04:09 -0600 Subject: LWN article about us In-Reply-To: <1107477978.9226.493.camel@rXm-581b.stl.gtri.gatech.edu> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> <1107477978.9226.493.camel@rXm-581b.stl.gtri.gatech.edu> Message-ID: <1107486249.f567d017cc535@mail.ph.utexas.edu> Quoting Rob Myers : > if there are people willing to do 7.3 patches i don't see the need to > drop it. if people are willing to actively support any EOL'd RedHat > release they should be able to do that via Fedora Legacy. We have a set policy on this. RHL versions for as long as there is community support, and FC on a 1-2-3 and out policy. > the important point is that versions that do not have as much interest > should not slow down updates for versions that have more interest. in This is correct. If they are slowing things down, then they basically lack community interest and can be dropped, as we did with 7.2 and 8. -- Eric Rostetter From diogenes at xenodochy.org Fri Feb 4 03:50:49 2005 From: diogenes at xenodochy.org (Ralph E. Kenyon, Jr.) Date: Thu, 03 Feb 2005 22:50:49 -0500 Subject: LWN article about us In-Reply-To: <1107486249.f567d017cc535@mail.ph.utexas.edu> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> <1107477978.9226.493.camel@rXm-581b.stl.gtri.gatech.edu> <1107486249.f567d017cc535@mail.ph.utexas.edu> Message-ID: On Thu, 3 Feb 2005 21:04:09 -0600, Eric Rostetter wrote: > Quoting Rob Myers : > >> if there are people willing to do 7.3 patches i don't see the need to >> drop it. if people are willing to actively support any EOL'd RedHat >> release they should be able to do that via Fedora Legacy. > > We have a set policy on this. RHL versions for as long as there is > community support, and FC on a 1-2-3 and out policy. > >> the important point is that versions that do not have as much interest >> should not slow down updates for versions that have more interest. in > > This is correct. If they are slowing things down, then they basically > lack community interest and can be dropped, as we did with 7.2 and 8. > I hope RH9 won't be dropped for quite a while. Unfortunately, I'm still a relative beginner, and just a user who is dependent on your gracious continued support. Please be aware that your efforts are appreciated! Thanks for being there. -- Ralph E. Kenyon, Jr. http://www.xenodochy.org/ralph.html 191 White Oaks Road Williamstown, MA 01267-2259 Phone: 413-458-3597 Home pages: http://www.xenodochy.org http://www.ballroomdances.org ------------------------------------------------------- FIGHT SPAM http://www.xenodochy.org/diogenes/antispam.html (If you are thinking about collecting my email address, read the above page first!) -------------------------------------------------------- Keep our semantic environments and cyberspace clean. Always report errors discovered while surfing the web. ------------------------------------------------------ My favorite saying (from general semantics): It's not that seeing is believing, believing is seeing, and we're much better at believing than we are at seeing. http://www.xenodochy.org/ex/quotes/santayana.html From pekkas at netcore.fi Fri Feb 4 06:32:06 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Fri, 4 Feb 2005 08:32:06 +0200 (EET) Subject: LWN article about us In-Reply-To: <20050203235807.GV987@tirian.magd.ox.ac.uk> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: On Thu, 3 Feb 2005, Dominic Hargreaves wrote: > On Thu, Feb 03, 2005 at 11:46:03PM +0000, Dominic Hargreaves wrote: >> An article about us was posted a couple of weeks ago that I didn't see >> before: http://lwn.net/Articles/119892/ > > One issue raised here is whether we should be dropping support for 7.3 > by now. Documentated end of support for 7.3 according to > is the middle of this year > (ie 1.5 years after Red Hat EOL). I would say that we should drop it no > later than the introduction of FC2 support in March, though, because > three distros is already fairly unmanagable. I'd be happy to drop it > earlier, though. > > Thoughts? IMHO, we should stick with RHL73. When we get FC2 support, I suggest dropping FC1. There will be WAY too many FC releases to take care of all of them, so I suggest just handling the latest. Those users which have installed Fedora Core should have realized that it has much shorter support cycle, and they need to upgrade to newer releases of FC to stay current. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jeroen at easyhosting.nl Fri Feb 4 08:12:27 2005 From: jeroen at easyhosting.nl (Jeroen Wunnink) Date: Fri, 04 Feb 2005 09:12:27 +0100 Subject: LWN article about us In-Reply-To: References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <6.1.2.0.2.20050204090740.046bb668@mail.easyhosting.nl> Personally I still have several older servers running RH7.3 (our cluster controlpanel server and some older Plesk machines), RH9 and due to the screwed up AACRAID SATA drivers in the 2.6 kernel, I'm stuck using FC1 on our Dell poweredge 750's which customers want to rent.. I think fedoralegacy is a fantastic initiative, and I cheer the continuing support of FC1, RH7.3 and RH9 At 07:32 4-2-2005, you wrote: >IMHO, we should stick with RHL73. > >When we get FC2 support, I suggest dropping FC1. There will be WAY too >many FC releases to take care of all of them, so I suggest just handling >the latest. > >Those users which have installed Fedora Core should have realized that it >has much shorter support cycle, and they need to upgrade to newer releases >of FC to stay current. > >-- >Pekka Savola "You each name yourselves king, yet the >Netcore Oy kingdom bleeds." >Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > >-- >fedora-legacy-list mailing list >fedora-legacy-list at redhat.com >http://www.redhat.com/mailman/listinfo/fedora-legacy-list Met vriendelijke groet, Jeroen Wunnink, EasyHosting B.V. Systeembeheerder systeembeheer at easyhosting.nl telefoon:+31 (035) 6285455 Postbus 1332 fax: +31 (035) 6838242 1200 BH Hilversum http://www.easyhosting.nl http://www.easycolo.nl From maillist at jasonlim.com Fri Feb 4 09:28:32 2005 From: maillist at jasonlim.com (Jason Lim) Date: Fri, 4 Feb 2005 17:28:32 +0800 Subject: LWN article about us References: <20050203234603.GS987@tirian.magd.ox.ac.uk><20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <06d501c50a9b$e6a133a0$0900a8c0@SYSTEM9> > IMHO, we should stick with RHL73. > > When we get FC2 support, I suggest dropping FC1. There will be WAY > too many FC releases to take care of all of them, so I suggest just > handling the latest. > > Those users which have installed Fedora Core should have realized that > it has much shorter support cycle, and they need to upgrade to newer > releases of FC to stay current. > Even though we don't have any RH7.3 servers anymore, I agree with you. Anyone installing Fedora Core knows in advanced it is not going to be a "stable" or "long release" distro, and they know they are expected to upgrade constantly. There was no such expectation with RHL9, and to an extent 7.3. From rob.myers at gtri.gatech.edu Fri Feb 4 12:20:21 2005 From: rob.myers at gtri.gatech.edu (Rob Myers) Date: Fri, 04 Feb 2005 07:20:21 -0500 Subject: LWN article about us In-Reply-To: <200502031743.18523.lists@benjamindsmith.com> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> <200502031743.18523.lists@benjamindsmith.com> Message-ID: <1107519621.9226.513.camel@rXm-581b.stl.gtri.gatech.edu> On Thu, 2005-02-03 at 20:43, Benjamin Smith wrote: > My biggest concern is Fedora Core 1 - I have about a dozen servers which all > the several un-patched vulnerabilities metioned in the LWN article. updated rpms (binary and source) that patch vulnerabilities can be found in bugzilla. they are in various states of QA and may not have been fully vetted yet, but you may still find them useful. rob. From brian.t.brunner at gai-tronics.com Fri Feb 4 12:54:20 2005 From: brian.t.brunner at gai-tronics.com (Brian T. Brunner) Date: Fri, 04 Feb 2005 04:54:20 -0800 Subject: LWN article about us Message-ID: This logic makes good sense to me... If people are going to stick to an earlier version and not ride the current wave, where will they stay? 7.3 is more likely (in my trogdelyte opinion) than FC1 or FC2. Brian Brunner brian.t.brunner at gai-tronics.com (610)796-5838 >>> steve at math.upatras.gr 02/03/05 08:01PM >>> RedHat 7.3 is the only "real" server distro fedoralegacy currently supports. All others are meant to be more desktop machines than 7.3. I'd say to drop fedora 1 if things are tight in resources. ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated From jimpop at yahoo.com Fri Feb 4 13:20:02 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Fri, 04 Feb 2005 08:20:02 -0500 Subject: LWN article about us In-Reply-To: References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <1107523202.21046.6.camel@blue> On Fri, 2005-02-04 at 08:32 +0200, Pekka Savola wrote: > IMHO, we should stick with RHL73. I agree, as 7.3 is the only non-desktop version that FL seems to currently support. I suggest, as others have also, that we drop some of the FC series. Does anyone run 7.3 as a desktop (XFree86, etc)? Perhaps we could give up Gnome/XFree support for 73 and only focus on server components. -Jim P. From dawson at fnal.gov Fri Feb 4 15:01:36 2005 From: dawson at fnal.gov (Troy Dawson) Date: Fri, 04 Feb 2005 09:01:36 -0600 Subject: LWN article about us In-Reply-To: <20050203235807.GV987@tirian.magd.ox.ac.uk> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <42038E50.4060503@fnal.gov> Dominic Hargreaves wrote: > On Thu, Feb 03, 2005 at 11:46:03PM +0000, Dominic Hargreaves wrote: > >>An article about us was posted a couple of weeks ago that I didn't see >>before: http://lwn.net/Articles/119892/ > > > One issue raised here is whether we should be dropping support for 7.3 > by now. Documentated end of support for 7.3 according to > is the middle of this year > (ie 1.5 years after Red Hat EOL). I would say that we should drop it no > later than the introduction of FC2 support in March, though, because > three distros is already fairly unmanagable. I'd be happy to drop it > earlier, though. > > Thoughts? > *Troy puts two cents down on the table* Other than being a mirror, I cannot say I've contributed much to Fedora Legacy over the past 6 months, so I do not think my opinion should count for much. I'm just stating this so people know where Fermilab's policy is. Fermilab officially ended support for Fermi Linux 7.3.x (based on RedHat 7.3) on January 2005. We currently have 1240 known 7.3.x users, but in our negotiations with our experiments, January 2005 was agreed upon, and no re-negotiations followed. We will continue to be a mirror for the foreseeable future. Thanks Troy Dawson -- __________________________________________________ Troy Dawson dawson at fnal.gov (630)840-6468 Fermilab ComputingDivision/CSS CSI Group __________________________________________________ From dom at earth.li Fri Feb 4 15:05:33 2005 From: dom at earth.li (Dominic Hargreaves) Date: Fri, 4 Feb 2005 15:05:33 +0000 Subject: LWN article about us In-Reply-To: <1107523202.21046.6.camel@blue> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> <1107523202.21046.6.camel@blue> Message-ID: <20050204150533.GW987@tirian.magd.ox.ac.uk> On Fri, Feb 04, 2005 at 08:20:02AM -0500, Jim Popovitch wrote: > Does anyone run 7.3 as a desktop (XFree86, etc)? Perhaps we could give > up Gnome/XFree support for 73 and only focus on server components. My interest in the project lies in around 100 7.3 desktops, but Red Hat will be replace within the next month or so. Cheers, -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From dwb7 at ccmr.cornell.edu Fri Feb 4 15:53:10 2005 From: dwb7 at ccmr.cornell.edu (David Botsch) Date: Fri, 4 Feb 2005 10:53:10 -0500 Subject: LWN article about us In-Reply-To: <20050204001420.M54777@npgx.com.au> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> <20050204001420.M54777@npgx.com.au> Message-ID: <20050204155310.GB24325@ccmr.cornell.edu> I'll go ahead and speak up as someone for whom dropped rh7.3 support would affect us (though, it wouldn't be too much worse than the present state of updates not really coming out). We have a large install base of rh7.3 linux computers here. We looked at progeny, but they priced themselves out of our range, and were not even willing to talk about any sort of educational pricing. So, we are working on moving to rhel3, but, ensuring that software works and that the packages which we need are there (eg missing ncftp, w3m, gnumeric among others) means it is taking a while. On Fri, Feb 04, 2005 at 10:23:59AM +1000, Michael Mansour wrote: > Hi Dominic, > > > On Thu, Feb 03, 2005 at 11:46:03PM +0000, Dominic Hargreaves wrote: > > > An article about us was posted a couple of weeks ago that I didn't see > > > before: http://lwn.net/Articles/119892/ > > > > One issue raised here is whether we should be dropping support for > > 7.3 by now. Documentated end of support for 7.3 according to > > is the middle of this year > > (ie 1.5 years after Red Hat EOL). I would say that we should drop it > > no later than the introduction of FC2 support in March, though, because > > three distros is already fairly unmanagable. I'd be happy to drop it > > earlier, though. > > > > Thoughts? > > The oldest machines I have running are FC1 machines, and I'm only a month away > from either upgrading (to FC3) or side-stepping (to another dist) those > machines. > > Just for my 2c, dropping support for 7.3 and 9 won't affect me. If it will > affect others, they really should speak up :) > > Michael. > > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list -- ******************************** David William Botsch Consultant/Advisor II CCMR Computing Facility dwb7 at ccmr.cornell.edu ******************************** From sweller at ena.com Fri Feb 4 16:05:36 2005 From: sweller at ena.com (Simon Weller) Date: Fri, 4 Feb 2005 10:05:36 -0600 Subject: LWN article about us Message-ID: We also have a sizable number of 7.3 servers that we're slowly starting to migrate to Centos, but it does take time. I help out where I can with Legacy, but we all work long hours and sometimes it's extremely hard finding the time to package if the issue doesn't directly affect your systems (especially from a employers perspective). I think this especially noticeable lately as a lot of the newer patches have been more involved and simply take longer to backport. - Si From rostetter at mail.utexas.edu Fri Feb 4 16:37:07 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Fri, 4 Feb 2005 10:37:07 -0600 Subject: LWN article about us In-Reply-To: References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> Message-ID: <1107535027.797f444bfadd3@mail.ph.utexas.edu> Quoting Pekka Savola : > > One issue raised here is whether we should be dropping support for 7.3 > > by now. Documentated end of support for 7.3 according to > > is the middle of this year > > (ie 1.5 years after Red Hat EOL). I would say that we should drop it no > > later than the introduction of FC2 support in March, though, because > > three distros is already fairly unmanagable. I'd be happy to drop it > > earlier, though. > > > > Thoughts? > > IMHO, we should stick with RHL73. > > When we get FC2 support, I suggest dropping FC1. There will be WAY > too many FC releases to take care of all of them, so I suggest just > handling the latest. > > Those users which have installed Fedora Core should have realized that > it has much shorter support cycle, and they need to upgrade to newer > releases of FC to stay current. Has anyone even bothered to actually read the FAQ entry that is linked into the above text? It clearly defines what is dropped and when. -- Eric Rostetter From mule at umich.edu Fri Feb 4 16:53:26 2005 From: mule at umich.edu (Stephen E. Dudek) Date: Fri, 04 Feb 2005 11:53:26 -0500 Subject: LWN article about us In-Reply-To: <20050203234603.GS987@tirian.magd.ox.ac.uk> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> Message-ID: <1107536004.2241.33.camel@pestilence.themule.net> I've read the article and I have to agree with LWN: "Keeping a distribution current with security patches is hard, tedious, and often thankless work. It's the sort of work that people tend to demand to be paid to do. Projects like Debian and Gentoo demonstrate that this job can be done, and done well, on a volunteer basis, however. But it would appear that the requisite effort is not there for the Fedora Legacy project." "People ... might want to think about what they can do to help the Fedora Legacy project get its process restarted." ... Taking a look at the bottom line at Dom's extremely helpful summary page (http://www-astro.physics.ox.ac.uk/~dom/legacy/issues.txt) seems to tell the story: Packages that have been verified and should be fully released ------------------------------------------------------------- xpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2186 gpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2195 Packages waiting to be built for updates-testing ------------------------------------------------ yum - https://bugzilla.fedora.us/show_bug.cgi?id=1604 libxpm - https://bugzilla.fedora.us/show_bug.cgi?id=2075 openmotif - https://bugzilla.fedora.us/show_bug.cgi?id=2143 lesstiff - https://bugzilla.fedora.us/show_bug.cgi?id=2142 rp-pppoe - https://bugzilla.fedora.us/show_bug.cgi?id=2116 gtk2 - https://bugzilla.fedora.us/show_bug.cgi?id=2073 openoffice - https://bugzilla.fedora.us/show_bug.cgi?id=2074 squirrelmail - http://bugzilla.fedora.us/show_bug.cgi?id=2290 qt - https://bugzilla.fedora.us/show_bug.cgi?id=2002 sharutils - https://bugzilla.fedora.us/show_bug.cgi?id=2155 sox - https://bugzilla.fedora.us/show_bug.cgi?id=1945 gdk-pixbuf - https://bugzilla.fedora.us/show_bug.cgi?id=2005 ImageMagick - https://bugzilla.fedora.us/show_bug.cgi?id=2052 (but more?) cdrecord - https://bugzilla.fedora.us/show_bug.cgi?id=2058 cups - https://bugzilla.fedora.us/show_bug.cgi?id=2127 iptables - https://bugzilla.fedora.us/show_bug.cgi?id=2252 nfs-utils - https://bugzilla.fedora.us/show_bug.cgi?id=2339 zlib - https://bugzilla.fedora.us/show_bug.cgi?id=2043 modutils - https://bugzilla.fedora.us/show_bug.cgi?id=2364 vim - https://bugzilla.fedora.us/show_bug.cgi?id=2343 xpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2352 gpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2353 ruby - https://bugzilla.fedora.us/show_bug.cgi?id=2007 ... The bottleneck, to me, seems obvious. Unless the Fedora Legacy Project can get items built into updates-testing (and released) in a timely manner, then this project is doomed to fail. I have tried to contribute in the past, but have become discouraged about the timeliness of the releases, especially for the tripwire release. Issues concerning releases for 7.3 got bundled with 9, holding up the release for this and other packages. I know for those who volunteer that this can be a thankless job, and for those of you who have contributed, thank you. Perhaps a discussion either on the list or in another forum of how to get those who seem to be regular contributers (or potential ones) to fix the process. On Thu, 2005-02-03 at 18:46, Dominic Hargreaves wrote: > An article about us was posted a couple of weeks ago that I didn't see > before: http://lwn.net/Articles/119892/ > > "Whither Fedora Legacy". > > Cheers, -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From euckew at sierraelectronics.com Fri Feb 4 18:14:09 2005 From: euckew at sierraelectronics.com (Eucke Warren) Date: Fri, 04 Feb 2005 10:14:09 -0800 Subject: PHP/Apache Registration Failed Duplicate Name Error Message-ID: <4203BB71.7060209@sierraelectronics.com> I am finally getting around to trying to chase down a PHP/Apache error that I believe is related to a legacy PHP update that was applied in the recent past. I note that, at boot up, I am seeing the following errors in the apache error log: PHP Warning: Function registration failed - duplicate name - ldap_connect in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - ldap_close in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - ldap_bind in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - ldap_unbind in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - ldap_read in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - ldap_list in Unknown on line 0 PHP Warning: Function registration failed - duplicate name - ldap_search in Unknown on line 0 These are just examples as there are much more and there are similar errors for imap which I assume has some dependency or relation. I have googled and done some searching via Redhats archives but I cannot seem to pin down anything that would suggest what I should be looking at. I understand that there is duplication of files. I assume that there was a a legacy RPM that add files but did not remove the old ones and so those are both showing up and causing problems. I have scanned the config files and the start files but I cannot seem to find the modules that would seem to be upsetting my server. I am running RH9 and my PHP is php-4.2.2-17.7.legacy and my httpd is httpd-2.0.40-21.17.legacy. Any pointers would greatly appreciated. -- Eucke Warren V 775.359.1121 F 775.358.9309 From jimpop at yahoo.com Fri Feb 4 18:18:09 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Fri, 04 Feb 2005 13:18:09 -0500 Subject: LWN article about us In-Reply-To: <1107536004.2241.33.camel@pestilence.themule.net> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <1107536004.2241.33.camel@pestilence.themule.net> Message-ID: <1107541089.22291.18.camel@blue> The way that I read this is quite simply that most ppl don't care about "desktop" style updates from FL. Maybe I'm thinking small, but to me the main benefit that FL can provide is timely updates for server security related packages. I personally don't care if openmotif, gtk2, sox, qt, xpdf, gpdf, etc have bugs waiting to be tested, i don't need them. This is why you see lots of emails on php, ssh, zip, apache, etc. OK, so squirrelmail is in the list below, it's there because it isn't important enough to someone... thus getting back to my point which is that things needing testing get tested. I don't care about providing all possible updates for RH73/FC1/RH9, etc. To me there is a lot of time that could/will be wasted on "non-consequential" packages. I think that FL's best future lies with providing things the market demands, not *all* things for some distros that RedHat gives up on. Determining this will be difficult but probably still easier than brute-forcing everything. Just my $.02... flame away. ;-) -Jim P. On Fri, 2005-02-04 at 11:53 -0500, Stephen E. Dudek wrote: > Taking a look at the bottom line at Dom's extremely helpful summary page > (http://www-astro.physics.ox.ac.uk/~dom/legacy/issues.txt) seems to tell > the story: > > Packages that have been verified and should be fully released > ------------------------------------------------------------- > > xpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2186 > gpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2195 > > Packages waiting to be built for updates-testing > ------------------------------------------------ > > yum - https://bugzilla.fedora.us/show_bug.cgi?id=1604 > libxpm - https://bugzilla.fedora.us/show_bug.cgi?id=2075 > openmotif - https://bugzilla.fedora.us/show_bug.cgi?id=2143 > lesstiff - https://bugzilla.fedora.us/show_bug.cgi?id=2142 > rp-pppoe - https://bugzilla.fedora.us/show_bug.cgi?id=2116 > gtk2 - https://bugzilla.fedora.us/show_bug.cgi?id=2073 > openoffice - https://bugzilla.fedora.us/show_bug.cgi?id=2074 > squirrelmail - http://bugzilla.fedora.us/show_bug.cgi?id=2290 > qt - https://bugzilla.fedora.us/show_bug.cgi?id=2002 > sharutils - https://bugzilla.fedora.us/show_bug.cgi?id=2155 > sox - https://bugzilla.fedora.us/show_bug.cgi?id=1945 > gdk-pixbuf - https://bugzilla.fedora.us/show_bug.cgi?id=2005 > ImageMagick - https://bugzilla.fedora.us/show_bug.cgi?id=2052 (but more?) > cdrecord - https://bugzilla.fedora.us/show_bug.cgi?id=2058 > cups - https://bugzilla.fedora.us/show_bug.cgi?id=2127 > iptables - https://bugzilla.fedora.us/show_bug.cgi?id=2252 > nfs-utils - https://bugzilla.fedora.us/show_bug.cgi?id=2339 > zlib - https://bugzilla.fedora.us/show_bug.cgi?id=2043 > modutils - https://bugzilla.fedora.us/show_bug.cgi?id=2364 > vim - https://bugzilla.fedora.us/show_bug.cgi?id=2343 > xpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2352 > gpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2353 > ruby - https://bugzilla.fedora.us/show_bug.cgi?id=2007 From joseph at ndimedia.com Fri Feb 4 18:44:18 2005 From: joseph at ndimedia.com (S.Joseph) Date: Fri, 4 Feb 2005 13:44:18 -0500 Subject: PHP/Apache Registration Failed Duplicate Name Error References: <4203BB71.7060209@sierraelectronics.com> Message-ID: <124701c50ae9$890ac7d0$b802a8c0@l> do you have a /etc/php.d/ dir? ----- Original Message ----- From: "Eucke Warren" To: "Fedora Legacy Project" Sent: Friday, February 04, 2005 1:14 PM Subject: PHP/Apache Registration Failed Duplicate Name Error >I am finally getting around to trying to chase down a PHP/Apache error > that I believe is related to a legacy PHP update that was applied in the > recent past. I note that, at boot up, I am seeing the following errors > in the apache error log: > > PHP Warning: Function registration failed - duplicate name - > ldap_connect in Unknown on line 0 > PHP Warning: Function registration failed - duplicate name - ldap_close > in Unknown on line 0 > PHP Warning: Function registration failed - duplicate name - ldap_bind > in Unknown on line 0 > PHP Warning: Function registration failed - duplicate name - > ldap_unbind in Unknown on line 0 > PHP Warning: Function registration failed - duplicate name - ldap_read > in Unknown on line 0 > PHP Warning: Function registration failed - duplicate name - ldap_list > in Unknown on line 0 > PHP Warning: Function registration failed - duplicate name - > ldap_search in Unknown on line 0 > > These are just examples as there are much more and there are similar > errors for imap which I assume has some dependency or relation. I have > googled and done some searching via Redhats archives but I cannot seem > to pin down anything that would suggest what I should be looking at. I > understand that there is duplication of files. I assume that there was > a a legacy RPM that add files but did not remove the old ones and so > those are both showing up and causing problems. I have scanned the > config files and the start files but I cannot seem to find the modules > that would seem to be upsetting my server. > > I am running RH9 and my PHP is php-4.2.2-17.7.legacy and my httpd is > httpd-2.0.40-21.17.legacy. Any pointers would greatly appreciated. > > -- > Eucke Warren > V 775.359.1121 > F 775.358.9309 > > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > From euckew at sierraelectronics.com Fri Feb 4 19:01:50 2005 From: euckew at sierraelectronics.com (Eucke Warren) Date: Fri, 04 Feb 2005 11:01:50 -0800 Subject: PHP/Apache Registration Failed Duplicate Name Error In-Reply-To: <124701c50ae9$890ac7d0$b802a8c0@l> References: <4203BB71.7060209@sierraelectronics.com> <124701c50ae9$890ac7d0$b802a8c0@l> Message-ID: <4203C69E.3030208@sierraelectronics.com> S.Joseph wrote: > do you have a /etc/php.d/ dir? > > ----- Original Message ----- From: "Eucke Warren" > > To: "Fedora Legacy Project" > Sent: Friday, February 04, 2005 1:14 PM > Subject: PHP/Apache Registration Failed Duplicate Name Error Yes I do. It has two files in it imap.ini and ldap.ini both of which have a single reference to activating an extention module. Chasing the module in the filesystem I find only one copy each in the /usr/lib/php4 directory. I am still not seeing the duplication in the configuration files or in actual modules or libraries themselves. -- Eucke From joseph at ndimedia.com Fri Feb 4 19:06:30 2005 From: joseph at ndimedia.com (S.Joseph) Date: Fri, 4 Feb 2005 14:06:30 -0500 Subject: PHP/Apache Registration Failed Duplicate Name Error References: <4203BB71.7060209@sierraelectronics.com><124701c50ae9$890ac7d0$b802a8c0@l> <4203C69E.3030208@sierraelectronics.com> Message-ID: <129c01c50aec$a2b15f20$b802a8c0@l> verify that in your php.ini you are not loading the same module(s) that are being loaded from php.d. ----- Original Message ----- From: "Eucke Warren" To: "Discussion of the Fedora Legacy Project" Sent: Friday, February 04, 2005 2:01 PM Subject: Re: PHP/Apache Registration Failed Duplicate Name Error > > > S.Joseph wrote: > >> do you have a /etc/php.d/ dir? >> >> ----- Original Message ----- From: "Eucke Warren" >> >> To: "Fedora Legacy Project" >> Sent: Friday, February 04, 2005 1:14 PM >> Subject: PHP/Apache Registration Failed Duplicate Name Error > > > Yes I do. It has two files in it imap.ini and ldap.ini both of which have > a single reference to activating an extention module. Chasing the module > in the filesystem I find only one copy each in the /usr/lib/php4 > directory. I am still not seeing the duplication in the configuration > files or in actual modules or libraries themselves. > > -- > Eucke > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > From euckew at sierraelectronics.com Fri Feb 4 19:20:33 2005 From: euckew at sierraelectronics.com (Eucke Warren) Date: Fri, 04 Feb 2005 11:20:33 -0800 Subject: PHP/Apache Registration Failed Duplicate Name Error In-Reply-To: <129c01c50aec$a2b15f20$b802a8c0@l> References: <4203BB71.7060209@sierraelectronics.com><124701c50ae9$890ac7d0$b802a8c0@l> <4203C69E.3030208@sierraelectronics.com> <129c01c50aec$a2b15f20$b802a8c0@l> Message-ID: <4203CB01.30701@sierraelectronics.com> S.Joseph wrote: > verify that in your php.ini you are not loading the same module(s) > that are being loaded from php.d. > You are the man! Which should take priority? php.ini? -- Eucke From joseph at ndimedia.com Fri Feb 4 19:37:38 2005 From: joseph at ndimedia.com (S.Joseph) Date: Fri, 4 Feb 2005 14:37:38 -0500 Subject: PHP/Apache Registration Failed Duplicate Name Error References: <4203BB71.7060209@sierraelectronics.com><124701c50ae9$890ac7d0$b802a8c0@l> <4203C69E.3030208@sierraelectronics.com><129c01c50aec$a2b15f20$b802a8c0@l> <4203CB01.30701@sierraelectronics.com> Message-ID: <133201c50af0$fc37eec0$b802a8c0@l> > You are the man! Which should take priority? php.ini? http://php.oregonstate.edu/manual/en/function.php-ini-scanned-files.php From marcdeslauriers at videotron.ca Fri Feb 4 22:30:11 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 04 Feb 2005 17:30:11 -0500 Subject: Fedora Legacy Test Update Notification: cups Message-ID: <4203F773.6040604@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2127 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2127 2005-02-04 --------------------------------------------------------------------- Name : cups Versions : rh7.3: cups-1.1.14-15.4.4.legacy Versions : rh9: cups-1.1.17-13.3.0.13.legacy Versions : fc1: cups-1.1.19-13.8.legacy Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. --------------------------------------------------------------------- Update Information: Updated CUPS packages that fix several security issues are now available. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code used for parsing PDF files and is therefore affected by these bugs. An attacker who has the ability to send a malicious PDF file to a printer could cause CUPS to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. When set up to print to a shared printer via Samba, CUPS would authenticate with that shared printer using a username and password. By default, the username and password used to connect to the Samba share is written into the error log file. A local user who is able to read the error log file could collect these usernames and passwords. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0923 to this issue. A buffer overflow was found in the CUPS pdftops filter, which uses code from the Xpdf package. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow was found in the ParseCommand function in the hpgltops program. An attacker who has the ability to send a malicious HPGL file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1267 to this issue. The lppasswd utility ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS password file or prevent future uses of lppasswd. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1268 and CAN-2004-1269 to these issues. The lppasswd utility does not verify that the passwd.new file is different from STDERR, which could allow local users to control output to passwd.new via certain user input that triggers an error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1270 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. All users of cups should upgrade to these updated packages, which resolve these issues. --------------------------------------------------------------------- 7.3 changelog: * Wed Jan 19 2005 Rob Myers 1.1.14-15.4.4.legacy - xpdf patch CAN-2005-0064 - fix small regression in STR #1023 (FL bug #2127 comment 16) * Wed Dec 22 2004 Rob Myers 1.1.14-15.4.3.legacy - xpdf security fix CAN-2004-1125 - Fixed STR #1023 (FL bug #2127 comment 11) - Fixed STR #1024 (FL bug #2127 comment 10) * Wed Nov 17 2004 Rob Myers 1.1.14-15.4.2.legacy - remove CAN-2004-0889 from patch filename, since the xpdf used here is < 3.0 and CAN-2004-0889 does not apply * Tue Oct 26 2004 Rob Myers 1.1.14-15.4.1.legacy - Apply patch for UDP packet DoS CAN-2004-0558 UDP DoS (FL #2072) - Apply patch for information disclosure in logfile CAN-2004-0923 (FL #2127) - Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH #135378) - add BuildPrereq: pam-devel openssl-devel autoconf zlib-devel libjpeg-devel libtiff-devel libpng-devel - to build in mach i had to: if [ ! -x /usr/lib/libtiff.so.3 ]; then (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi 9 changelog: * Wed Jan 19 2005 Rob Myers 1.1.17-13.3.0.13.legacy - xpdf patch CAN-2005-0064 - fix small regression in STR #1023 (FL bug #2127 comment 16) * Wed Dec 22 2004 Rob Myers 1.1.17-13.3.0.12.legacy - xpdf security fix CAN-2004-1125 - Fixed STR #1023 (FL bug #2127 comment 11) - Fixed STR #1024 (FL bug #2127 comment 10) * Wed Nov 17 2004 Rob Myers 1.1.17-13.3.0.11.legacy - remove CAN-2004-0889 from patch filename, since the xpdf used here is < 3.0 and CAN-2004-0889 does not apply * Thu Oct 28 2004 Rob Myers 1.1.17-13.3.0.10.legacy - include updated patch with "anti-optimizer" changes * Tue Oct 26 2004 Rob Myers 1.1.17-13.3.0.9.legacy - in mach i had to: if [ ! -x /usr/lib/libtiff.so.3 ]; then (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi - group, organize, rename Fedora Legacy security update patches - fix wrong CAN number in changelog (Oct 6 2004) - rebuild * Mon Oct 25 2004 Rob Myers 1.1.17-13.3.0.8.legacy - Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH #135378) * Wed Oct 06 2004 Marc Deslauriers 1.1.17-13.3.0.7.legacy - Apply backported patch to fix CAN-2004-0923 - Apply patch to add cups_strcpy from cups 1.1.20 fc1 changelog: * Wed Jan 19 2005 Rob Myers 1:1.1.19-13.8.legacy - xpdf patch CAN-2005-0064 - fix small regression in STR #1023 (FL bug #2127 comment 16) * Wed Dec 22 2004 Rob Myers 1:1.1.19-13.7.legacy - xpdf security fix CAN-2004-1125 - Fixed STR #1023 (FL bug #2127 comment 11) - Fixed STR #1024 (FL bug #2127 comment 10) * Wed Nov 17 2004 Rob Myers 1:1.1.19-13.6.legacy - remove CAN-2004-0889 from patch filename, since the xpdf used here is < 3.0 and CAN-2004-0889 does not apply * Thu Oct 28 2004 Rob Myers 1:1.1.19-13.5.legacy - include updated patch with "anti-optimizer" changes * Tue Oct 26 2004 Rob Myers 1:1.1.19-13.4.legacy - Apply patch for pdftops integer overflow CAN-2004-0888 (FL #2127) (RH #135378) - group, organize, rename Fedora Legacy security update patches - fix wrong CAN number in changelog (Oct 5 2004) - to build in mach i had to: if [ ! -x /usr/lib/libtiff.so.3 ]; then (cd /usr/lib ; ln -s libtiff.so.3.5 libtiff.so.3) ; fi * Tue Oct 05 2004 Rob Myers 1:1.1.19-13.3.legacy - Apply patch to fix CAN-2004-0923 (rh bug #130646). - Apply patch to add cups_strcpy from cups 1.1.20 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 0db34c2e38a4041f73d2a78a9b2915f75a66c24a redhat/7.3/updates-testing/i386/cups-1.1.14-15.4.4.legacy.i386.rpm daae4200a9bbf7e7b9fafa28bb46e07028f9e8c5 redhat/7.3/updates-testing/i386/cups-devel-1.1.14-15.4.4.legacy.i386.rpm 7274fee7375ae5daf0824091ae394544a45fbe1a redhat/7.3/updates-testing/i386/cups-libs-1.1.14-15.4.4.legacy.i386.rpm c069522837c744b29cb67ea52e00023110400e70 redhat/7.3/updates-testing/SRPMS/cups-1.1.14-15.4.4.legacy.src.rpm c6fdf900397f732b510fbfa21a5fa977e984c2cb redhat/9/updates-testing/i386/cups-1.1.17-13.3.0.13.legacy.i386.rpm a18781d8f285db684790d32b9a8eca4ca4504124 redhat/9/updates-testing/i386/cups-devel-1.1.17-13.3.0.13.legacy.i386.rpm 01741a487d1a9ffdede42fbe0e80f1bfa09250f7 redhat/9/updates-testing/i386/cups-libs-1.1.17-13.3.0.13.legacy.i386.rpm 2d0734d15d4d72ebd72a03c62886f87c4f8fc0fb redhat/9/updates-testing/SRPMS/cups-1.1.17-13.3.0.13.legacy.src.rpm 9637c0555edd133c1fb8ef7c7818c3e794408e04 fedora/1/updates-testing/i386/cups-1.1.19-13.8.legacy.i386.rpm bc4b60d13ac3cae0a047149b9f8350a4ca8bb427 fedora/1/updates-testing/i386/cups-devel-1.1.19-13.8.legacy.i386.rpm 3a1fea385f2fc5302e9529ed64cb36c17d64ed3f fedora/1/updates-testing/i386/cups-libs-1.1.19-13.8.legacy.i386.rpm 132ca29e094556c2f575f811cad907efd3a6cdad fedora/1/updates-testing/SRPMS/cups-1.1.19-13.8.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri Feb 4 22:30:53 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 04 Feb 2005 17:30:53 -0500 Subject: Fedora Legacy Test Update Notification: gpdf Message-ID: <4203F79D.1080001@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2353 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2353 2005-02-04 --------------------------------------------------------------------- Name : gpdf Versions : fc1: gpdf-0.110-1.4.legacy Summary : viewer for Portable Document Format (PDF) files for GNOME Description : This is GPdf, a viewer for Portable Document Format (PDF) files for GNOME. GPdf is based on the Xpdf program and uses additional GNOME libraries for better desktop integration. --------------------------------------------------------------------- Update Information: An updated gpdf package that fixes a number of integer overflow security flaws is now available. GPdf is a viewer for Portable Document Format (PDF) files for GNOME. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. These issues also affect gpdf as it is based on xpdf source code. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. This flaw also affects gpdf as it is based on xpdf source code. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. Users of gpdf are advised to upgrade to this errata package, which contains backported patches correcting these issues. --------------------------------------------------------------------- Changelogs fc1: * Wed Jan 19 2005 Rob Myers 0.110-1.4.legacy - patch for CAN-2005-0064 (FL #2353) - use better patch for CAN-2004-1125 * Wed Dec 22 2004 Rob Myers 0.110-1.3.legacy - add patch for CAN-2004-1125 (FL #2353) * Tue Nov 30 2004 Marc Deslauriers 0.110-1.2.legacy - Added missing gettext BuildRequires * Thu Oct 28 2004 Rob Myers 0.110-1.1.legacy - patch for CAN-2004-0888 CAN-2004-0889 (FL #2186, #2195) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fc1: 63438a137ac33d1355bc6b8065fef0a03dde7e68 fedora/1/updates-testing/i386/gpdf-0.110-1.4.legacy.i386.rpm 19c4e9fd40a135b4ad782c228990edcdc38dad04 fedora/1/updates-testing/SRPMS/gpdf-0.110-1.4.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri Feb 4 22:31:23 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 04 Feb 2005 17:31:23 -0500 Subject: Fedora Legacy Test Update Notification: xpdf Message-ID: <4203F7BB.6040508@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2352 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2352 2005-02-04 --------------------------------------------------------------------- Name : xpdf Versions : rh7.3: xpdf-1.00-7.4.legacy Versions : rh9: xpdf-2.01-11.3.legacy Versions : fc1: xpdf-2.03-1.3.legacy Summary : A PDF file viewer for the X Window System. Description : Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. --------------------------------------------------------------------- Update Information: Updated Xpdf packages that fix several security issues are now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. Users of xpdf are advised to upgrade to these errata packages, which contain backported patches correcting these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Jan 19 2005 Rob Myers 1.00-7.4.legacy - patch for CAN-2005-0064 (FL #2352) - use better patch for CAN-2004-1125 * Thu Dec 23 2004 Rob Myers 1.00-7.3.legacy - patch for CAN-2004-1125 (FL #2352) * Wed Dec 01 2004 Marc Deslauriers 1.00-7.2.legacy - added missing XFree86-devel BuildPrereq * Thu Oct 28 2004 Rob Myers 1.00-7.1.legacy - patch for CAN-2004-0888 CAN-2004-0889 (FL #2186) rh9: * Wed Jan 19 2005 Rob Myers 2.01-11.3.legacy - patch for CAN-2005-0064 (FL #2352) - use better patch for CAN-2004-1125 * Thu Dec 23 2004 Rob Myers 2.01-11.2.legacy - patch for CAN-2004-1125 (FL #2352) * Thu Oct 28 2004 Rob Myers 2.01-11.1.legacy - patch for CAN-2004-0888 CAN-2004-0889 (FL #2186) - added simple non-security patch for xfont fix fc1: * Wed Jan 19 2005 Rob Myers 1:2.03-1.3.legacy - patch for CAN-2005-0064 (FL #2352) - use better patch for CAN-2004-1125 * Thu Dec 23 2004 Rob Myers 1:2.03-1.2.legacy - patch for CAN-2004-1125 (FL #2352) * Thu Oct 21 2004 Rob Myers 1:2.03-1.1.legacy - patch for CAN-2004-0888 CAN-2004-0889 (FL #2186) - include simple non-security xfont patch - fix files listed twice for /usr/share/xpdf/locales --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 423ffbb749b7ee88eeb10e6a859eeb0bf065e14f redhat/7.3/updates-testing/i386/xpdf-1.00-7.4.legacy.i386.rpm c73127114f7369b5b7dc47f888bd751aff93126e redhat/7.3/updates-testing/i386/xpdf-chinese-simplified-1.00-7.4.legacy.i386.rpm fc92215a4b5767adc4fc97dbdab273116ba4d633 redhat/7.3/updates-testing/i386/xpdf-chinese-traditional-1.00-7.4.legacy.i386.rpm f723ea683d914c4a07715a06aa986f91617bd4ea redhat/7.3/updates-testing/i386/xpdf-japanese-1.00-7.4.legacy.i386.rpm 81c63ff5b9f1fc0e6a9a384407a46bd699f33feb redhat/7.3/updates-testing/i386/xpdf-korean-1.00-7.4.legacy.i386.rpm e4a7aabeaaac53c1773f2cee640ec1052cffb820 redhat/7.3/updates-testing/SRPMS/xpdf-1.00-7.4.legacy.src.rpm rh9: 67e76b9214471447bf79ea1b5b191b16122ba2c0 redhat/9/updates-testing/i386/xpdf-2.01-11.3.legacy.i386.rpm 7c6d5c6374dd7e5c952d37ead71071500ac9fda3 redhat/9/updates-testing/i386/xpdf-chinese-simplified-2.01-11.3.legacy.i386.rpm e351ec803bc2e7c27aa4677dcd57ad9f4772c492 redhat/9/updates-testing/i386/xpdf-chinese-traditional-2.01-11.3.legacy.i386.rpm fcde9f1758de64bd50e5ef003cf344c63264b940 redhat/9/updates-testing/i386/xpdf-japanese-2.01-11.3.legacy.i386.rpm a5e48c1ef2bca6e59b4c27f442078231d6dd68c2 redhat/9/updates-testing/i386/xpdf-korean-2.01-11.3.legacy.i386.rpm 118304e7529774f84fd2a7ac23c4220fe5f92a52 redhat/9/updates-testing/SRPMS/xpdf-2.01-11.3.legacy.src.rpm fc1: 604172c53feadba2f6049a41e214dd61ec24fd95 fedora/1/updates-testing/i386/xpdf-2.03-1.3.legacy.i386.rpm 93454fd7f71a3fe88bcc89593312c6120e7168fc fedora/1/updates-testing/SRPMS/xpdf-2.03-1.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From tdiehl at rogueind.com Sat Feb 5 00:42:54 2005 From: tdiehl at rogueind.com (Tom Diehl) Date: Fri, 4 Feb 2005 19:42:54 -0500 (EST) Subject: LWN article about us In-Reply-To: <123d01c50a62$d376d3e0$0900a8c0@SYSTEM9> References: <20050203235807.GV987@tirian.magd.ox.ac.uk> <20050204011900.GA32684@turing.une.edu.au> <123d01c50a62$d376d3e0$0900a8c0@SYSTEM9> Message-ID: On Fri, 4 Feb 2005, Jason Lim wrote: > Actually, if you're talking about the RedHat Linux distros, the last > "stable" one was Redhat Linux 9. All the FC ones are being released way > too fast and frequently to be used on a stable server. Do you really think this is unstable: (tigger pts2) $ uptime 18:57:26 up 346 days, 6:24, 95 users, load average: 0.21, 0.28, 0.25 (tigger pts2) $ rpm -q redhat-release package redhat-release is not installed (tigger pts2) $ rpm -q fedora-release fedora-release-1-3 (tigger pts2) $ > > Lets look at it this way... if you are on a desktop and using Fedora, just > keep upgrading to the next release when it comes out. They were made to be > frequently upgraded. A bit of upgrade time is acceptable on a > desktop/workstation, but it isn't acceptable on a server. FC was never > supposed to have a long lifespan for each release. > > The last version of RedHat Linux that would have been used on servers most > commonly is RH9. We still have a lot of RH9 servers running, while 7.x and > 8 has been moved to RH9 as well. > > Anyway, hope that shows support for RH9!!! Actually for me RHL9 is the least stable. My last RHL 9 box is very lightly loaded and will only stay up a max of 30 days. After that it will lock hard. It has been that way since day 1. A customer of mine OTOH, just had the jiffies wrap mid Jan. :-) We put the replacment machine into production this morning. The hardware was getting stressed out. It needed more horsepower. My point is that different people experience different results. For FL it really comes down to who is willing to continue to do the work. Regards, Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com From marcdeslauriers at videotron.ca Sat Feb 5 01:56:09 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 04 Feb 2005 20:56:09 -0500 Subject: Fedora Legacy Test Update Notification: iptables Message-ID: <420427B9.5030300@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2252 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2252 2005-02-04 --------------------------------------------------------------------- Name : iptables Versions : rh7.3: iptables-1.2.8-8.73.1.legacy Versions : rh9: iptables-1.2.8-8.90.1.legacy Versions : fc1: iptables-1.2.9-1.0.1.legacy Summary : Tools for managing Linux kernel packet filtering capabilities. Description : The iptables utility controls the network packet filtering code in the Linux kernel. If you need to set up firewalls and/or IP masquerading, you should install this package. --------------------------------------------------------------------- Update Information: Updated iptables packages that correct a security problem are now available. The iptables utility controls the network packet filtering code in the Linux kernel. Under certain conditions, iptables did not properly load the required modules at system startup, which caused the firewall rules to fail to load and protect the system from remote attackers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0986 to this issue. Users of iptables are advised to upgrade to these errata packages, which contain backported patches correcting these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Dec 22 2004 Rob Myers 1.2.8-8.73.1.legacy - apply patch for CAN-2004-0986 (FL #2252) - rebuild for rh73 rh9: * Wed Dec 22 2004 Rob Myers 1.2.8-8.90.1.legacy - apply patch for CAN-2004-0986 (FL #2252) - rebuild for rh90 fc1: * Wed Dec 22 2004 Rob Myers 1.2.9-1.0.1.legacy - apply patch for CAN-2004-0986 (FL #2252) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 83895bb3697fc2c0a6442a12a481e5670a4c4e36 redhat/7.3/updates-testing/i386/iptables-1.2.8-8.73.1.legacy.i386.rpm a4fbd94e3307c8f6915e9cdf23b98069e7c9e44c redhat/7.3/updates-testing/i386/iptables-ipv6-1.2.8-8.73.1.legacy.i386.rpm d0630819c5a33d60976b5b3c0ed5b7e67bbfc1f6 redhat/7.3/updates-testing/SRPMS/iptables-1.2.8-8.73.1.legacy.src.rpm rh9: 1bf551072cb97cb4dfcec90530dbe5f71d3eb4b0 redhat/9/updates-testing/i386/iptables-1.2.8-8.90.1.legacy.i386.rpm e80b93d0c4161576a2707253b25240a2330f7d43 redhat/9/updates-testing/i386/iptables-ipv6-1.2.8-8.90.1.legacy.i386.rpm 5a7849fa4cc500bf6bc0d8320080fb6ba23d9e32 redhat/9/updates-testing/SRPMS/iptables-1.2.8-8.90.1.legacy.src.rpm fc1: 87484b5ab4fed7ddaeea720d5303e7f9eca88d16 fedora/1/updates-testing/i386/iptables-1.2.9-1.0.1.legacy.i386.rpm 6aa4eab81a36ddbbd00d4bde0280dd673dfd5324 fedora/1/updates-testing/i386/iptables-devel-1.2.9-1.0.1.legacy.i386.rpm 4d545e88fbec8ff2371a4ed9c5bc494400db6d63 fedora/1/updates-testing/i386/iptables-ipv6-1.2.9-1.0.1.legacy.i386.rpm 7ded8f4994d1a0017d804969318d8d0a6fa5053c fedora/1/updates-testing/SRPMS/iptables-1.2.9-1.0.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Sat Feb 5 01:56:44 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 04 Feb 2005 20:56:44 -0500 Subject: Fedora Legacy Test Update Notification: sox Message-ID: <420427DC.1080709@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-1945 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1945 2005-02-04 --------------------------------------------------------------------- Name : sox Versions : rh73: sox-12.17.3-4.1.legacy Versions : rh9: sox-12.17.3-11.1.legacy Summary : A general purpose sound file conversion tool. Description : SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. --------------------------------------------------------------------- Update Information: Updated sox packages that fix buffer overflows in the WAV file handling code are now available. SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0557 to these issues. All users of sox should upgrade to these updated packages, which contain a security patch to resolve these issues. --------------------------------------------------------------------- Changelogs rh73: * Mon Aug 30 2004 Dave Botsch - added CAN-2004-0557 patch rh9: * Sun Sep 12 2004 Marc Deslauriers 12.17.3-11.1.legacy - Added CAN-2004-0557 security patch --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 5e0a7fa217885c997e7172017a61ee70ac2301b6 redhat/7.3/updates-testing/i386/sox-12.17.3-4.1.legacy.i386.rpm 0f383f050988875f273e15d9c0aadd802d88001f redhat/7.3/updates-testing/i386/sox-devel-12.17.3-4.1.legacy.i386.rpm b7735f908b893f2b3cd3d9681bc230af3a1344e7 redhat/7.3/updates-testing/SRPMS/sox-12.17.3-4.1.legacy.src.rpm rh9: 42f91c34c3ce2ada6f0119961f92e747d962ab43 redhat/9/updates-testing/i386/sox-12.17.3-11.1.legacy.i386.rpm bcc6f5c29e9df358703ff70233ba90a23e01e8cb redhat/9/updates-testing/i386/sox-devel-12.17.3-11.1.legacy.i386.rpm 45f91336a69fb652fc1d4b0594a53784d3d1eb87 redhat/9/updates-testing/SRPMS/sox-12.17.3-11.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Sat Feb 5 01:57:10 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 04 Feb 2005 20:57:10 -0500 Subject: Fedora Legacy Test Update Notification: squirrelmail Message-ID: <420427F6.3000202@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2290 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2290 2005-02-04 --------------------------------------------------------------------- Name : squirrelmail Versions : rh9: squirrelmail-1.4.3-0.f0.9.2.legacy Versions : fc1: squirrelmail-1.4.3-0.f1.1.1.legacy Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has a all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. --------------------------------------------------------------------- Update Information: An updated SquirrelMail package that fixes a cross-site scripting vulnerability is now available. SquirrelMail is a webmail package written in PHP. A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which could result in causing the victim's machine to execute a malicious script. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1036 to this issue. Users of SquirrelMail are advised to upgrade to this updated package which contains a patched version of SquirrelMail version 1.43a and is not vulnerable to this issue. --------------------------------------------------------------------- Changelogs rh9: * Tue Nov 30 2004 Rob Myers 1.4.3-0.f0.9.2.legacy - apply patch for CAN-2004-1036 (FL #2290) fc1: * Tue Nov 30 2004 Rob Myers 1.4.3-0.f1.1.1.legacy - apply patch for CAN-2004-1036 (FL #2290) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh9: 70a95848a63e3f0caf14eddd9b4f63f26e5d4b4c redhat/9/updates-testing/i386/squirrelmail-1.4.3-0.f0.9.2.legacy.noarch.rpm 3a9f9a54eb6fa2d79c6b480d70292816237b4263 redhat/9/updates-testing/SRPMS/squirrelmail-1.4.3-0.f0.9.2.legacy.src.rpm fc1: a91b0a418a3f194f2ac16ee1301bd975bb774dbd fedora/1/updates-testing/i386/squirrelmail-1.4.3-0.f1.1.1.legacy.noarch.rpm 049b249c7bcc08135395063b79aa7a240e201ca7 fedora/1/updates-testing/SRPMS/squirrelmail-1.4.3-0.f1.1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From jimpop at yahoo.com Sat Feb 5 02:22:03 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Fri, 04 Feb 2005 21:22:03 -0500 Subject: LWN article about us In-Reply-To: References: <20050203235807.GV987@tirian.magd.ox.ac.uk> <20050204011900.GA32684@turing.une.edu.au> <123d01c50a62$d376d3e0$0900a8c0@SYSTEM9> Message-ID: <1107570124.3745.7.camel@blue> On Fri, 2005-02-04 at 19:42 -0500, Tom Diehl wrote: > Do you really think this is unstable: > > (tigger pts2) $ uptime > 18:57:26 up 346 days, 6:24, 95 users, load average: 0.21, 0.28, 0.25 Ahem... uptime is no more a indicator of system stability (esp when discussing servers) than df or /proc/mdstat. All uptime shows you is that the box has been up for a certain amount of time, no more, no less. It doesn't indicate network status, process utilization, application uptime, or system security. The world is full of a lot of insecure, hacked, bot'ed, trojan'ed (not the 'safe' way), spamming boxen that have an uptime that puts yours to shame. About the only thing a 346 day uptime shows is that you haven't updated your kernel in a while. ;-) -Jim P. From marcdeslauriers at videotron.ca Sat Feb 5 02:46:25 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 04 Feb 2005 21:46:25 -0500 Subject: LWN article about us In-Reply-To: <123d01c50a62$d376d3e0$0900a8c0@SYSTEM9> References: <20050203235807.GV987@tirian.magd.ox.ac.uk> <20050204011900.GA32684@turing.une.edu.au> <123d01c50a62$d376d3e0$0900a8c0@SYSTEM9> Message-ID: <1107571585.18889.9.camel@mdlinux> On Fri, 2005-02-04 at 10:40 +0800, Jason Lim wrote: > Actually, if you're talking about the RedHat Linux distros, the last > "stable" one was Redhat Linux 9. All the FC ones are being released way > too fast and frequently to be used on a stable server. rh7.0 - released September 2000 - 5 months after rh6.2 rh7.1 - released April 2001 - 7 months after rh7.0 rh7.2 - released October 2001 - 5 months after rh7.1 rh7.3 - released May 2002 - 7 months after rh7.2 rh8.0 - released September 2002 - 4 months after rh7.3 rh9 - released March 2003 - 6 months after rh8.0 fc1 - released September 2003 - 6 months after rh9 fc2 - released May 2004 - 8 months after fc1 fc3 - released November 2004 - 6 months after fc2 fc4 - projected to be released in May 2005 - 6 months after fc3 I don't see FC being released faster than RHL used to be. What makes you think it's any less stable? Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From jimpop at yahoo.com Sat Feb 5 04:59:23 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Fri, 04 Feb 2005 23:59:23 -0500 Subject: LWN article about us In-Reply-To: <1107571585.18889.9.camel@mdlinux> References: <20050203235807.GV987@tirian.magd.ox.ac.uk> <20050204011900.GA32684@turing.une.edu.au> <123d01c50a62$d376d3e0$0900a8c0@SYSTEM9> <1107571585.18889.9.camel@mdlinux> Message-ID: <1107579563.4143.10.camel@blue> On Fri, 2005-02-04 at 21:46 -0500, Marc Deslauriers wrote: > On Fri, 2005-02-04 at 10:40 +0800, Jason Lim wrote: > > Actually, if you're talking about the RedHat Linux distros, the last > > "stable" one was Redhat Linux 9. All the FC ones are being released way > > too fast and frequently to be used on a stable server. > > rh7.0 - released September 2000 - 5 months after rh6.2 > rh7.1 - released April 2001 - 7 months after rh7.0 > rh7.2 - released October 2001 - 5 months after rh7.1 > rh7.3 - released May 2002 - 7 months after rh7.2 > rh8.0 - released September 2002 - 4 months after rh7.3 > rh9 - released March 2003 - 6 months after rh8.0 > fc1 - released September 2003 - 6 months after rh9 > fc2 - released May 2004 - 8 months after fc1 > fc3 - released November 2004 - 6 months after fc2 > fc4 - projected to be released in May 2005 - 6 months after fc3 > > I don't see FC being released faster than RHL used to be. What makes you > think it's any less stable? Pound for pound (or more accurately package for package), I think RH7 holds the gold for length of release cycle per package. -Jim P. From lists at benjamindsmith.com Sun Feb 6 21:38:42 2005 From: lists at benjamindsmith.com (Benjamin Smith) Date: Sun, 6 Feb 2005 13:38:42 -0800 Subject: LWN article about us In-Reply-To: <1107571585.18889.9.camel@mdlinux> References: <20050203235807.GV987@tirian.magd.ox.ac.uk> <123d01c50a62$d376d3e0$0900a8c0@SYSTEM9> <1107571585.18889.9.camel@mdlinux> Message-ID: <200502061338.42584.lists@benjamindsmith.com> On Friday 04 February 2005 18:46, Marc Deslauriers wrote: > I don't see FC being released faster than RHL used to be. What makes you > think it's any less stable? How long were you able to buy support from RedHat (a la RHN) 7.0, vs Fedora Core? That should answer your question... -Ben -- "The best way to predict the future is to invent it." - XEROX PARC slogan, circa 1978 From schlueri-lists at schlicker.org Mon Feb 7 09:00:39 2005 From: schlueri-lists at schlicker.org (Schlueri) Date: Mon, 07 Feb 2005 10:00:39 +0100 Subject: Can't resolve fedoralegacy.org! Message-ID: <1107766839.3538.345.camel@dirk.gingco.net> Hi, i can't resolve the domain fedoralegacy.org. I've checked the nameservers in the whois database: Name Server:DNS1.J2SOLUTIONS.NET Name Server:DNS2.J2SOLUTIONS.NET $ dig @DNS1.J2SOLUTIONS.NET fedoralegacy.org ; <<>> DiG 9.2.4 <<>> @DNS1.J2SOLUTIONS.NET fedoralegacy.org ;; global options: printcmd ;; connection timed out; no servers could be reached $ dig @DNS2.J2SOLUTIONS.NET fedoralegacy.org ; <<>> DiG 9.2.4 <<>> @DNS2.J2SOLUTIONS.NET fedoralegacy.org ;; global options: printcmd ;; connection timed out; no servers could be reached Anybody who knows what happend? Greetz Dirk From mschout at gkg.net Mon Feb 7 17:58:01 2005 From: mschout at gkg.net (Michael Schout) Date: Mon, 07 Feb 2005 11:58:01 -0600 Subject: Can't resolve fedoralegacy.org! In-Reply-To: <1107766839.3538.345.camel@dirk.gingco.net> References: <1107766839.3538.345.camel@dirk.gingco.net> Message-ID: <4207AC29.70507@gkg.net> Schlueri wrote: > ; <<>> DiG 9.2.4 <<>> @DNS1.J2SOLUTIONS.NET fedoralegacy.org > ;; global options: printcmd > ;; connection timed out; no servers could be reached I am seeing the same thing. It looks like dns[12].j2solutions.net are down. Regards, Michael Schout From ismanager at ccbnpts.com Mon Feb 7 20:35:57 2005 From: ismanager at ccbnpts.com (Pettit, Paul) Date: Mon, 7 Feb 2005 14:35:57 -0600 Subject: LWN article about us In-Reply-To: <20050204001420.M54777@npgx.com.au> Message-ID: <05d301c50d54$a0b38260$7202a8c0@ccb2vpjza> > -----Original Message----- > Michael Mansour spoke ... > > Just for my 2c, dropping support for 7.3 and 9 won't affect > me. If it will > affect others, they really should speak up :) > > Michael. > One of the main reasons I'm using FL is the support (regardless of the delays) that I get for RH 7.3 and 9. IMHO 7.3 was the pinacle of the server-only RH distro. I paid full price for a Pro disk set and manuals because I wanted to back RH as best I could. Since then the server that 7.3 is on has run non-stop (save for new kernels) for over 2 years. We have no plan on upgrading to any of the FC versions, they are not production level products. Upgrading to RHEL is an expense that can't be justified in that the 7.3 server is stable as a rock and there is no upgrade path from it to RHEL. The same goes for RH9 which we have installed. Though not a server-only distro it's possibly the best of all the old Pro series (and yes, we paid full price for it too) and is the acknoledged basis for the first RHEL version to come out. It's been stable and is as solid an OS as you can find. While we could upgrade to RHEL again the cost its not worth the cost to just replace it when the server has not had a single problem. If I were to have a voice in what FL supported I'd say the following: RH7.3, RH9 and FC -1 from currently supported version. If interest dries up on 7.3 or 9 then you make the call when it comes to that. The FC support would roll with how fast the new versions are pushed out but would allow the "older" FC versions to die off (remember they are development versions after all). Just my .02 from the outside. Whatever happens I appriciate all the support that FL has give us to maintain what we have. Keep up the good work guys. :) Paul Pettit CTO and IS Manager Consistent Computer Bargains Inc. I've heard it said that the proof of lunacy is when you repeat the same steps expecting different results. I say it's proof that you're a Microsoft user. - comment by deshi777 on experts-exchange.com From jjasen at realityfailure.org Tue Feb 8 00:51:15 2005 From: jjasen at realityfailure.org (John Jasen) Date: Mon, 07 Feb 2005 19:51:15 -0500 Subject: LWN article about us In-Reply-To: <05d301c50d54$a0b38260$7202a8c0@ccb2vpjza> References: <05d301c50d54$a0b38260$7202a8c0@ccb2vpjza> Message-ID: <42080D03.3000901@realityfailure.org> > The same goes for RH9 which we have installed. Though not a server-only > distro it's possibly the best of all the old Pro series (and yes, we > paid full price for it too) and is the acknoledged basis for the first > RHEL version to come out. It's been stable and is as solid an OS as you > can find. While we could upgrade to RHEL again the cost its not worth > the cost to just replace it when the server has not had a single > problem. Errr ... RHEL 2.1 was based on 7.2, with some 7.3 thrown in ... From jgotts at linuxsavvy.com Tue Feb 8 00:58:16 2005 From: jgotts at linuxsavvy.com (John Gotts) Date: Mon, 07 Feb 2005 19:58:16 -0500 Subject: Can't resolve fedoralegacy.org! Message-ID: <200502080058.j180wG0k015837@umpire.fmfts.net> Anybody feel like giving Jesse Keating a call to ask him what's up? John -- John GOTTS http://linuxsavvy.com/staff/jgotts From stuart at serverpeak.com Tue Feb 8 01:28:27 2005 From: stuart at serverpeak.com (Stuart Low) Date: Tue, 08 Feb 2005 11:28:27 +1000 Subject: Is it worth forming a "collective"? [Was Can't resolve fedoralegacy.org] In-Reply-To: <200502080058.j180wG0k015837@umpire.fmfts.net> References: <200502080058.j180wG0k015837@umpire.fmfts.net> Message-ID: <1107826107.28135.13.camel@core1.inhouse.serverpeak.com> Hmm, With all the Fedora Legacy related issues lately (the project is dead, the website is dead, the server is down etc. etc.) I can't help but wonder if perhaps it would be worth considering forming a "collective" of companies who use the services the most to contribute a monthly amount to pay someone to do ensure everything was kept up to date? In Australia it'd be possible to hire a full time maintainer for ~40-50K per year. That translates to ~$4.2K per month on the upper end. If it was possible to have 10 companies commit to $500/month the longevity of the project could be maintained for all distributions. In addition the resolution time on issues could be massively decreased. I don't know if Jesse would be interested in being paid for his work (I believe he has a fulltime job elsewhere?) but it seems to me that many users of the project seem to want support for all distributions, a fast resolution time yet they are unwilling to pay or contribute a thing to it. Clearly Jesse is a pretty busy guy (understandable since he has to eat) and the project at this point in time doesn't have the time or resources to maintain all the distributions users want. Just a thought. :) Stuart Low Manager On Mon, 2005-02-07 at 19:58 -0500, John Gotts wrote: > Anybody feel like giving Jesse Keating a call to ask him what's up? > > John > From dom at earth.li Tue Feb 8 01:56:26 2005 From: dom at earth.li (Dominic Hargreaves) Date: Tue, 8 Feb 2005 01:56:26 +0000 Subject: Round-up, 2005-02-08 Message-ID: <20050208015626.GA5816@home.thedom.org> $Id: issues.txt,v 1.162 2005/02/08 01:37:08 dom Exp $ See bottom for changes This list is also available at http://www-astro.physics.ox.ac.uk/~dom/legacy/issues.txt Packages that have been verified and should be fully released ------------------------------------------------------------- xpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2186 gpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2195 gaim - https://bugzilla.fedora.us/show_bug.cgi?id=2188 abiword - https://bugzilla.fedora.us/show_bug.cgi?id=1906 Packages waiting to be built for updates-testing ------------------------------------------------ yum - https://bugzilla.fedora.us/show_bug.cgi?id=1604 libxpm - https://bugzilla.fedora.us/show_bug.cgi?id=2075 openmotif - https://bugzilla.fedora.us/show_bug.cgi?id=2143 lesstiff - https://bugzilla.fedora.us/show_bug.cgi?id=2142 rp-pppoe - https://bugzilla.fedora.us/show_bug.cgi?id=2116 gtk2 - https://bugzilla.fedora.us/show_bug.cgi?id=2073 openoffice - https://bugzilla.fedora.us/show_bug.cgi?id=2074 qt - https://bugzilla.fedora.us/show_bug.cgi?id=2002 sharutils - https://bugzilla.fedora.us/show_bug.cgi?id=2155 gdk-pixbuf - https://bugzilla.fedora.us/show_bug.cgi?id=2005 ImageMagick - https://bugzilla.fedora.us/show_bug.cgi?id=2052 (but more?) cdrecord - https://bugzilla.fedora.us/show_bug.cgi?id=2058 nfs-utils - https://bugzilla.fedora.us/show_bug.cgi?id=2339 zlib - https://bugzilla.fedora.us/show_bug.cgi?id=2043 modutils - https://bugzilla.fedora.us/show_bug.cgi?id=2364 vim - https://bugzilla.fedora.us/show_bug.cgi?id=2343 ruby - https://bugzilla.fedora.us/show_bug.cgi?id=2007 Packages in state RESOLVED (ie exist in updates-testing) that need active work. ------------------------------------------------------------------ mailman - https://bugzilla.fedora.us/show_bug.cgi?id=1269 There were some unconfirmed reports of breakage with the candidate. This needs more QA before release. gnome-vfs - https://bugzilla.fedora.us/show_bug.cgi?id=1944 Needs VERIFY redhat-config-nfs - https://bugzilla.fedora.us/show_bug.cgi?id=2086 Needs VERIFY [rh9,fc1] cyrus-sasl - https://bugzilla.fedora.us/show_bug.cgi?id=2137 Needs VERIFY [rh73,rh9,fc1] XFree86 - https://bugzilla.fedora.us/show_bug.cgi?id=2314 Needs VERIFY [rh9,fc1] cups - https://bugzilla.fedora.us/show_bug.cgi?id=2127 Needs VERIFY [rh73,rh9,fc1] gpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2353 Needs VERIFY [fc1] xpdf - https://bugzilla.fedora.us/show_bug.cgi?id=2352 Needs VERIFY [rh9,fc1] iptables - https://bugzilla.fedora.us/show_bug.cgi?id=2252 Needs VERIFY [fc1] sox - https://bugzilla.fedora.us/show_bug.cgi?id=1945 Needs VERIFY [rh9] squirrelmail - http://bugzilla.fedora.us/show_bug.cgi?id=2290 Needs VERIFY [rh9,fc1] Packages in state UNCONFIRMED, NEW, ASSIGNED or REOPENED: -------------------------------------------------------- libpng - https://bugzilla.fedora.us/show_bug.cgi?id=1943 Needs QA readline - https://bugzilla.fedora.us/show_bug.cgi?id=2017 Needs QA and decision on whether to release [rh9] mysql - https://bugzilla.fedora.us/show_bug.cgi?id=2006 Superceded by 2129 kdelibs - https://bugzilla.fedora.us/show_bug.cgi?id=2008 Needs 2 PUBLISH pam_wheel - https://bugzilla.fedora.us/show_bug.cgi?id=2010 Needs PUBLISH and full auditing and packages for rh9 krb5 - https://bugzilla.fedora.us/show_bug.cgi?id=2040 Needs 1 PUBLISH for rh9 / investigate possible bug introduced imlib - https://bugzilla.fedora.us/show_bug.cgi?id=2051 Needs PUBLISH [rh9] and package for fc1 kernel - https://bugzilla.fedora.us/show_bug.cgi?id=2128 Needs investigation/packages mysql - https://bugzilla.fedora.us/show_bug.cgi?id=2129 Needs QA [rh73,rh9] (more work?) security.conf - https://bugzilla.fedora.us/show_bug.cgi?id=2146 Needs QA [fc1,rh9], packages [rh9], discussion of updated extras squid - https://bugzilla.fedora.us/show_bug.cgi?id=2150 Needs QA [rh9], more work? (or maybe skip) gettext - https://bugzilla.fedora.us/show_bug.cgi?id=2151 Needs investigation/packages libtiff - https://bugzilla.fedora.us/show_bug.cgi?id=2163 Needs QA [rh73] and checking for new vulns kdefax - https://bugzilla.fedora.us/show_bug.cgi?id=2164 Needs PUBLISH [rh73,rh9,fc1] and checking for new vulns libxml2 - https://bugzilla.fedora.us/show_bug.cgi?id=2207 Needs PUBLISH [rh73,rh9,fc1] links - https://bugzilla.fedora.us/show_bug.cgi?id=2213 Needs packages/investigation mozilla - https://bugzilla.fedora.us/show_bug.cgi?id=2214 Needs investigation/packages lynx - https://bugzilla.fedora.us/show_bug.cgi?id=2215 Needs investigation/packages w3m - https://bugzilla.fedora.us/show_bug.cgi?id=2216 Needs investigation/packages dhcp - https://bugzilla.fedora.us/show_bug.cgi?id=2251 Needs PUBLISH [rh73] shadow - https://bugzilla.fedora.us/show_bug.cgi?id=2253 Needs perhaps a couple of PUBLISH for [rh73,rh9,fc1] libgd - https://bugzilla.fedora.us/show_bug.cgi?id=2254 Needs PUBLISH [rh73,rh9,fc1] groff - https://bugzilla.fedora.us/show_bug.cgi?id=2256 Needs investigation/packages openssl - https://bugzilla.fedora.us/show_bug.cgi?id=2257 Needs investigation/packages lvm - https://bugzilla.fedora.us/show_bug.cgi?id=2258 Needs investigation/packages netatalk - https://bugzilla.fedora.us/show_bug.cgi?id=2259 Needs investigation/packages postgresql - https://bugzilla.fedora.us/show_bug.cgi?id=2260 Needs investigation/packages perl - https://bugzilla.fedora.us/show_bug.cgi?id=2261 Needs investigation/packages pppd - https://bugzilla.fedora.us/show_bug.cgi?id=2262 Needs investigation/packages samba - https://bugzilla.fedora.us/show_bug.cgi?id=2264 Needs PUBLISH [rh73,rh9,fc1] and update for new vuln glibc - https://bugzilla.fedora.us/show_bug.cgi?id=2265 Needs investigation/packages ghostscript - https://bugzilla.fedora.us/show_bug.cgi?id=2266 Needs investigation/packages krb5 - https://bugzilla.fedora.us/show_bug.cgi?id=2267 Needs investigation/packages spamassassin - https://bugzilla.fedora.us/show_bug.cgi?id=2268 Needs PUBLISH [fc1] sudo - http://bugzilla.fedora.us/show_bug.cgi?id=2291 Needs PUBLISH [rh73,rh9,fc1] gzip - http://bugzilla.fedora.us/show_bug.cgi?id=2292 Needs investigation/packages file - https://bugzilla.fedora.us/show_bug.cgi?id=2331 Needs investigation/packages rpm - https://bugzilla.fedora.us/show_bug.cgi?id=2333 Haven't we seen this in some other bug? pdflatex - https://bugzilla.fedora.us/show_bug.cgi?id=2334 Needs PUBLISH [rh9], packages [rh73,fc1] kernel - https://bugzilla.fedora.us/show_bug.cgi?id=2336 Needs PUBLISH [rh73,rh9,fc1] a2ps - https://bugzilla.fedora.us/show_bug.cgi?id=2338 Needs PUBLISH [rh73,rh9,fc1] wget - https://bugzilla.fedora.us/show_bug.cgi?id=2340 Needs investigation/packages namazu - https://bugzilla.fedora.us/show_bug.cgi?id=2342 Needs investigation/packages php - https://bugzilla.fedora.us/show_bug.cgi?id=2344 Problem on rh73, don't publish? otherwise ready to be published does this problem affect rh9 and fc1 too? xine - https://bugzilla.fedora.us/show_bug.cgi?id=2348 Needs PUBLISH [rh73] samba - https://bugzilla.fedora.us/show_bug.cgi?id=2349 Needs more work glibc - https://bugzilla.fedora.us/show_bug.cgi?id=2354 Minor but could be included if another glibc is needed mozilla - https://bugzilla.fedora.us/show_bug.cgi?id=2380 Needs work php - https://bugzilla.fedora.us/show_bug.cgi?id=2394 Needs PUBLISH [rh73] less - https://bugzilla.fedora.us/show_bug.cgi?id=2404 Needs work mc - https://bugzilla.fedora.us/show_bug.cgi?id=2405 Needs work ethereal - https://bugzilla.fedora.us/show_bug.cgi?id=2407 Needs work cpio - https://bugzilla.fedora.us/show_bug.cgi?id=2408 Needs work General (non-package bugs) -------------------------- sample yum.conf - https://bugzilla.fedora.us/show_bug.cgi?id=2140 up2date - https://bugzilla.fedora.us/show_bug.cgi?id=2193 up2date - https://bugzilla.fedora.us/show_bug.cgi?id=2194 updates - http://bugzilla.fedora.us/show_bug.cgi?id=2281 up2date - http://bugzilla.fedora.us/show_bug.cgi?id=2306 yum - https://bugzilla.fedora.us/show_bug.cgi?id=2330 Notes ----- Needs PUBLISH means that there are packages available for QA that need to be QAd at the source level. Needs VERIFY means that there are updates-testing packages that need testing. This is the easy bit, let's get this old ones out of the way ASAP. * means that there is a judgement call that can be made on the bug system immediately. Please follow up onlist with opinions. Changes ------- $Log: issues.txt,v $ Revision 1.162 2005/02/08 01:37:08 dom stufff Revision 1.161 2005/02/03 23:38:05 dom updates-testing builds Revision 1.160 2005/02/03 21:59:49 dom updates Revision 1.159 2005/02/02 12:29:39 dom remove released updates -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From jimpop at yahoo.com Tue Feb 8 02:04:47 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Mon, 07 Feb 2005 21:04:47 -0500 Subject: Can't resolve fedoralegacy.org! In-Reply-To: <200502080058.j180wG0k015837@umpire.fmfts.net> References: <200502080058.j180wG0k015837@umpire.fmfts.net> Message-ID: <1107828287.20110.11.camel@blue> Here's what I know. Jesse was forced to change his business (j2solutions.net) hosting provider. This change was sudden and unexpected. The result of this is that DNS for fedoralegacy.org is down while Jesse works to get j2solutions.net back online. This will undoubtedly require new IP addresses, so things might take a bit to smooth out. Remember that Jesse's email is down right now, so all comms are best handled on #fedora-legacy Archived copies of the website are available on archive.org: http://web.archive.org/web/*/http://fedoralegacy.org -Jim P. On Mon, 2005-02-07 at 19:58 -0500, John Gotts wrote: > Anybody feel like giving Jesse Keating a call to ask him what's up? > > John > From Oisin.Curtin at PhoenixFltOps.com Tue Feb 8 03:55:01 2005 From: Oisin.Curtin at PhoenixFltOps.com (Oisin Curtin) Date: Tue, 08 Feb 2005 03:55:01 +0000 Subject: LWN article about us In-Reply-To: <1107523202.21046.6.camel@blue> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> <1107523202.21046.6.camel@blue> Message-ID: <42083815.3020403@PhoenixFltOps.com> Jim Popovitch wrote: > On Fri, 2005-02-04 at 08:32 +0200, Pekka Savola wrote: > > >>IMHO, we should stick with RHL73. > Does anyone run 7.3 as a desktop (XFree86, etc)? Perhaps we could give > up Gnome/XFree support for 73 and only focus on server components. Yes. Hope to soon upgrade it to RH9 (workload permitting) but I need the older kernel in RH7.3 and RH9. -- Oisin Curtin From spamtrap433941935136 at anime.net Tue Feb 8 04:14:14 2005 From: spamtrap433941935136 at anime.net (Dan Hollis) Date: Mon, 7 Feb 2005 20:14:14 -0800 (PST) Subject: LWN article about us In-Reply-To: <42083815.3020403@PhoenixFltOps.com> Message-ID: On Tue, 8 Feb 2005, Oisin Curtin wrote: > Jim Popovitch wrote: > > On Fri, 2005-02-04 at 08:32 +0200, Pekka Savola wrote: > >>IMHO, we should stick with RHL73. > > Does anyone run 7.3 as a desktop (XFree86, etc)? Perhaps we could give > > up Gnome/XFree support for 73 and only focus on server components. > Yes. Hope to soon upgrade it to RH9 (workload permitting) but I need > the older kernel in RH7.3 and RH9. I use rh73 as a desktop, but I don't use gnome -- only xfree and afterstep. I use it to compile compatibility binaries for glibc2.2 systems. -Dan From mschout at gkg.net Tue Feb 8 05:46:00 2005 From: mschout at gkg.net (Michael J Schout) Date: Mon, 07 Feb 2005 23:46:00 -0600 Subject: LWN article about us In-Reply-To: References: Message-ID: <42085218.4000406@gkg.net> Simon Weller wrote: > We also have a sizable number of 7.3 servers that we're slowly starting > to migrate to Centos, but it does take time. We are in the same situation. We had hoped that fedora legacy would enable us to stay with 7.3 indefinately, but it just hasn't worked out that way. Currently, the state of fedora legacy is that there are over 15 packages just "waiting" for packages to be built for updates-tesitng. In addition, about 5 or more packages have been built for updates-testing, have the appropriate number of VERIFY votes in bugzilla, but they have not been released to "updates" yet. As far as I can tell, only one person can do those tasks (build updates-testing packages and/or release from updates-testing to updates), and no number of community volunteers will help with a that unless some control is given to the community over the release/package building process. So in other words, about 20 fixes are held up by the package building and/or "move to updates" process. I'm not sure what is the best way to fix that :). So we are in the process of migrating to another distribution. My employeer is currently using a private yum repository in which we publish many of the fixes from fedora's bugzilla system in the meantime. I have started to contribute QA work on the 7.3 related issues, but overall, it just takes too long for things to get published in FL. I'm not sure what the best solution is to that . I don't know enough about what happens during the package building/publish process :). Regards, Michael Schout From jimpop at yahoo.com Tue Feb 8 08:01:01 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Tue, 08 Feb 2005 03:01:01 -0500 Subject: LWN article about us In-Reply-To: <42083815.3020403@PhoenixFltOps.com> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> <1107523202.21046.6.camel@blue> <42083815.3020403@PhoenixFltOps.com> Message-ID: <1107849661.22237.8.camel@blue> On Tue, 2005-02-08 at 03:55 +0000, Oisin Curtin wrote: > Jim Popovitch wrote: > > On Fri, 2005-02-04 at 08:32 +0200, Pekka Savola wrote: > > > > > >>IMHO, we should stick with RHL73. > > > > Does anyone run 7.3 as a desktop (XFree86, etc)? Perhaps we could give > > up Gnome/XFree support for 73 and only focus on server components. > > Yes. Hope to soon upgrade it to RH9 (workload permitting) but I need > the older kernel in RH7.3 and RH9. Let us know what you need to move on to RH9 (or even FC3) for your desktop. -Jim P> From jimpop at yahoo.com Tue Feb 8 08:01:03 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Tue, 08 Feb 2005 03:01:03 -0500 Subject: LWN article about us In-Reply-To: References: Message-ID: <1107849663.22237.10.camel@blue> On Mon, 2005-02-07 at 20:14 -0800, Dan Hollis wrote: > I use rh73 as a desktop, but I don't use gnome -- only xfree and > afterstep. I would rather spend time working with you to help you migrate to a better version of Linux and a better version of afterstep, then to spend time trying to support afterstep just for a few. Teach a man to fish.... > I use it to compile compatibility binaries for glibc2.2 > systems. I do similar. I use Debian Testing as my primary OS, then I run VMWare w/ 2 different RH73 systems. One for testing/compiling, one for a clean near mirror of 2 public hosts. This way I enjoy the latest features of Linux 2.6 and X but I am not limiting myself to a least common denominator for daily/weekly tasks. -Jim P. From m.clasen at freenet.de Tue Feb 8 08:12:03 2005 From: m.clasen at freenet.de (M.Clasen) Date: Tue, 08 Feb 2005 08:12:03 +0000 Subject: php, nameresolution, fsockopen() and mail() error - give them a las try Message-ID: <1107850323.3479.3.camel@localhost.localdomain> Hello List, my FC1 server got a problem with PHP and fsockopen() . To reduce traffic, i post the informations on fedoraforum.org at: http://www.fedoraforum.org/forum/showthread.php?p=157982#post157982 i need serious help with this. regards from germany :) michael From schlueri-lists at schlicker.org Tue Feb 8 08:55:12 2005 From: schlueri-lists at schlicker.org (Schlueri) Date: Tue, 08 Feb 2005 09:55:12 +0100 Subject: Can't resolve fedoralegacy.org! In-Reply-To: <1107766839.3538.345.camel@dirk.gingco.net> References: <1107766839.3538.345.camel@dirk.gingco.net> Message-ID: <1107852913.9321.112.camel@dirk.gingco.net> Am Montag, den 07.02.2005, 10:00 +0100 schrieb Schlueri: > Hi, > > i can't resolve the domain fedoralegacy.org. > I've checked the nameservers in the whois database: > > Name Server:DNS1.J2SOLUTIONS.NET > Name Server:DNS2.J2SOLUTIONS.NET > > $ dig @DNS1.J2SOLUTIONS.NET fedoralegacy.org > > ; <<>> DiG 9.2.4 <<>> @DNS1.J2SOLUTIONS.NET fedoralegacy.org > ;; global options: printcmd > ;; connection timed out; no servers could be reached It's back. As i see, the nameservers in the whois database are changed now: Name Server:NS2.LINUXPOWERED.COM Name Server:URCHIN.EARTH.LI Name Server:NS1.LINUXPOWERED.COM DNS-Resolution now works fine again. Greetz Dirk From euckew at sierraelectronics.com Tue Feb 8 14:33:34 2005 From: euckew at sierraelectronics.com (Eucke) Date: Tue, 08 Feb 2005 06:33:34 -0800 Subject: RH9 Password Expiration Bug Message-ID: <4208CDBE.3030203@sierraelectronics.com> Does anyone know if the password expiration bug was ever fixed in RH9? This is the bug where from time to time password expiration will suddenly become enabled for all accounts? I have seen references on RH's sites but they all seem to indicate that this was to be fixed in future versions and would not be touched for RH9. If not fixed is there perhaps a workaround or does anyone have some idea as to the trigger? Thanks! -- Eucke From ismanager at ccbnpts.com Tue Feb 8 19:00:58 2005 From: ismanager at ccbnpts.com (Pettit, Paul) Date: Tue, 8 Feb 2005 13:00:58 -0600 Subject: LWN article about us In-Reply-To: <42080D03.3000901@realityfailure.org> Message-ID: <01d501c50e10$863da660$7202a8c0@ccb2vpjza> > -----Original Message----- > John Jasen spoke: > > > The same goes for RH9 which we have installed. Though not a > server-only > > distro it's possibly the best of all the old Pro series (and yes, we > > paid full price for it too) and is the acknoledged basis > for the first > > RHEL version to come out. It's been stable and is as solid > an OS as you > > can find. While we could upgrade to RHEL again the cost its > not worth > > the cost to just replace it when the server has not had a single > > problem. > > Errr ... RHEL 2.1 was based on 7.2, with some 7.3 thrown in ... > Your correct, I had (oddly) forgoten about 2.1. Might be due to the naming change they did after it was released (i.e. from 'Red Hat Linux Advanced Server 2.1' to 'Red Hat Enterprise Linux 2.1 AS') ... or my memory is just going. :p Paul P. From jgiglio at smythco.com Tue Feb 8 19:09:12 2005 From: jgiglio at smythco.com (Jason Giglio) Date: Tue, 08 Feb 2005 14:09:12 -0500 Subject: Is it worth forming a "collective"? [Was Can't resolve fedoralegacy.org] In-Reply-To: <1107826107.28135.13.camel@core1.inhouse.serverpeak.com> References: <200502080058.j180wG0k015837@umpire.fmfts.net> <1107826107.28135.13.camel@core1.inhouse.serverpeak.com> Message-ID: <42090E58.7010105@smythco.com> I know my company was happy paying Red Hat about $1000/year for the servers we had under their old system. Then they increased their prices by 1000% when RHEL came out. We paid progeny for their legacy updates before fedora legacy formed up, but their stupid system of downloading over authenticated HTTP with curl makes it very tedious to use, so we use fedora legacy on the few boxes we have left running older versions. As for a collective, you would have to make it have a corporate image, otherwise most companies will never pay it money for support. I know I can't go to my boss and say "Hey a bunch of guys are getting together to pay some guy to try to make legacy packages faster, can I have $500 a month (more than RHEL would cost us)?" And I consider us pretty open minded when it comes to contracting open source services. -Jason Stuart Low wrote: > Hmm, > > With all the Fedora Legacy related issues lately (the project is dead, > the website is dead, the server is down etc. etc.) I can't help but > wonder if perhaps it would be worth considering forming a "collective" > of companies who use the services the most to contribute a monthly > amount to pay someone to do ensure everything was kept up to date? > > In Australia it'd be possible to hire a full time maintainer for ~40-50K > per year. That translates to ~$4.2K per month on the upper end. If it > was possible to have 10 companies commit to $500/month the longevity of > the project could be maintained for all distributions. In addition the > resolution time on issues could be massively decreased. > > I don't know if Jesse would be interested in being paid for his work (I > believe he has a fulltime job elsewhere?) but it seems to me that many > users of the project seem to want support for all distributions, a fast > resolution time yet they are unwilling to pay or contribute a thing to > it. Clearly Jesse is a pretty busy guy (understandable since he has to > eat) and the project at this point in time doesn't have the time or > resources to maintain all the distributions users want. > > Just a thought. :) > > Stuart Low > Manager > > On Mon, 2005-02-07 at 19:58 -0500, John Gotts wrote: > >>Anybody feel like giving Jesse Keating a call to ask him what's up? >> >>John >> > > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list -- Jason Giglio IT Coordinator Smyth Bedford, VA, USA Phone: 540-586-2311x113 From rostetter at mail.utexas.edu Tue Feb 8 23:57:29 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Tue, 8 Feb 2005 17:57:29 -0600 Subject: LWN article about us In-Reply-To: <42085218.4000406@gkg.net> References: <42085218.4000406@gkg.net> Message-ID: <1107907049.b75f1dd4db456@mail.ph.utexas.edu> Quoting Michael J Schout : > We had hoped that fedora legacy would enable us to stay with 7.3 > indefinately, but it just hasn't worked out that way. It is working for me, so far... Not the best in the world, but sufficient. > Currently, the state of fedora legacy is that there are over 15 packages > just "waiting" for packages to be built for updates-tesitng. In > addition, about 5 or more packages have been built for updates-testing, > have the appropriate number of VERIFY votes in bugzilla, but they have > not been released to "updates" yet. But how many of those are really critical packages? And how long have the critical ones been waiting? And shouldn't we cut them some slack considering the problems of late? > As far as I can tell, only one > person can do those tasks (build updates-testing packages and/or release > from updates-testing to updates) I don't believe this is true. I think 3 people can do these things. I may be wrong. > and no number of community volunteers > will help with a that unless some control is given to the community over > the release/package building process. And no control can be given over until the community both wants to take it over, and proves their trustworthy to do so. > So in other words, about 20 fixes > are held up by the package building and/or "move to updates" process. > I'm not sure what is the best way to fix that :). More people working together to get things done more quickly. > So we are in the process of migrating to another distribution. One will need to do this sooner or later. Each much choose their own pace. For you, it might be sooner. For me, I'm still hoping for later. > My employeer is currently using a private yum repository in which we > publish many of the fixes from fedora's bugzilla system in the meantime. Why not contribute some of that back to FL? > I have started to contribute QA work on the 7.3 related issues, but > overall, it just takes too long for things to get published in FL. I'm Well, sometimes it is fast, sometimes it is slow, and the reasons are many and varied. The only way it will improve is with more help, cooperation, communication, and understanding. > not sure what the best solution is to that. More help, cooperation, communication, and understanding. :) > I don't know enough about > what happens during the package building/publish process :). What don't you know? What do you want/need to know? > Regards, > Michael Schout -- Eric Rostetter From Oisin.Curtin at PhoenixFltOps.com Wed Feb 9 00:01:19 2005 From: Oisin.Curtin at PhoenixFltOps.com (Oisin Curtin) Date: Wed, 09 Feb 2005 00:01:19 +0000 Subject: LWN article about us In-Reply-To: <1107849661.22237.8.camel@blue> References: <20050203234603.GS987@tirian.magd.ox.ac.uk> <20050203235807.GV987@tirian.magd.ox.ac.uk> <1107523202.21046.6.camel@blue> <42083815.3020403@PhoenixFltOps.com> <1107849661.22237.8.camel@blue> Message-ID: <420952CF.30905@PhoenixFltOps.com> Jim Popovitch wrote: > On Tue, 2005-02-08 at 03:55 +0000, Oisin Curtin wrote: > >>Yes. Hope to soon upgrade it to RH9 (workload permitting) but I need >>the older kernel in RH7.3 and RH9. > > > Let us know what you need to move on to RH9 (or even FC3) for your > desktop. Thanks! If you could send time in a bottle? I've already moved a lot to FC2, just haven't had the time to look at FC3 yet. I may skip directly to FC4 or even 5. I just have this one app that *requires* the 2.4 kernel. I've tested it on RH9, but as I said above, all you do is send me some time. Frex: yesterday and tomorrow I have to deal with M$ troubles. {{shudder}} -- Oisin "If you could make days last forever?" Curtin with apologies to Jim Croce. From mschout at gkg.net Wed Feb 9 04:22:13 2005 From: mschout at gkg.net (Michael J Schout) Date: Tue, 08 Feb 2005 22:22:13 -0600 Subject: LWN article about us In-Reply-To: <1107907049.b75f1dd4db456@mail.ph.utexas.edu> References: <42085218.4000406@gkg.net> <1107907049.b75f1dd4db456@mail.ph.utexas.edu> Message-ID: <42098FF5.1010806@gkg.net> Eric Rostetter wrote: > >>My employeer is currently using a private yum repository in which we >>publish many of the fixes from fedora's bugzilla system in the meantime. > > > Why not contribute some of that back to FL? Not sure what you mean by that, because I'm taking the packages out of FL's own bugzilla. I'm just installing them before they get into updates-testing. I have been doing QA on packages once they make it into updates-testing, but I just started doing this recently :). I can only do this for 7.3, and only some on FC1. I have local access to numerous 7.3 machines, and remote access to only one FC1 machine :). I dont have access to any RH9 machines so I am no help there :). My message may have sounded overly critical of the project. That was not my intent. I realize that FL is short handed and there just isn't enough help :). Regards, Michael Schout From lists at benjamindsmith.com Wed Feb 9 09:09:07 2005 From: lists at benjamindsmith.com (Benjamin Smith) Date: Wed, 9 Feb 2005 01:09:07 -0800 Subject: Is it worth forming a "collective"? In-Reply-To: <42090E58.7010105@smythco.com> References: <200502080058.j180wG0k015837@umpire.fmfts.net> <1107826107.28135.13.camel@core1.inhouse.serverpeak.com> <42090E58.7010105@smythco.com> Message-ID: <200502090109.07093.lists@benjamindsmith.com> On Tuesday 08 February 2005 11:09, Jason Giglio wrote: > We paid progeny for their legacy updates before fedora legacy formed up, > but their stupid system of downloading over authenticated HTTP with curl > makes it very tedious to use, so we use fedora legacy on the few boxes > we have left running older versions. I recognized pretty quickly that the progeny curl script was "functionally challenged", so I left it in place and turned it into a yum repository. It's worked like a dream ever since - with this setup, Progeny is an excellent resource! Every attempt I've ever made to verify that yum was in fact, working has passed 100%. I even contacted Progeny, and gave them copies of the below script(s) that I used to set it up, and got no response. Yum is an AWESOME tool - It's stupid-simple to use: ################################## #! /bin/sh cd /home/yum/updates/redhat/7.2/updates/i386 /home/yum/bin/get_updates.pl /usr/bin/yum-arch . ################################## get_updates.pl is the curl-based script that Progeny distributes. Docroot for the yum RPM archive is /home/yum/updates, and the changes in the yum.conf: [updates] name=Red Hat Linux $releasever updates baseurl=http://username:password at www.mywebserver.com/redhat/7.2/updates/i386 It's protected with an htaccess password since I'm effectively dealing with Progeny's I/P with these compiled RPMs, to prevent unauth access. Hope this helps. As you can see, I'm nursing along some 7.2 systems with this get up. s/7.2/$version/g for 7.3, 9.0, etc. -Ben -- "I kept looking around for somebody to solve the problem. Then I realized I am somebody" -Anonymous From rostetter at mail.utexas.edu Wed Feb 9 16:23:41 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Wed, 9 Feb 2005 10:23:41 -0600 Subject: LWN article about us In-Reply-To: <42098FF5.1010806@gkg.net> References: <42085218.4000406@gkg.net> <1107907049.b75f1dd4db456@mail.ph.utexas.edu> <42098FF5.1010806@gkg.net> Message-ID: <1107966221.e6b2afe5c0fef@mail.ph.utexas.edu> Quoting Michael J Schout : > Eric Rostetter wrote: > > > > >>My employeer is currently using a private yum repository in which we > >>publish many of the fixes from fedora's bugzilla system in the meantime. > > > > > > Why not contribute some of that back to FL? > > Not sure what you mean by that, because I'm taking the packages out of > FL's own bugzilla. I'm just installing them before they get into > updates-testing. You said "fedora's bugzilla" which I misinterpreted as being from Fedora Core (since they have the name "Fedora") and not from Fedora Legacy (which has the name Fedora Legacy). > My message may have sounded overly critical of the project. That was > not my intent. I realize that FL is short handed and there just isn't > enough help :). And I may have sounded overly critical of you, which wasn't my intent. Just trying to drum up some participation! > Regards, > Michael Schout -- Eric Rostetter From marcdeslauriers at videotron.ca Thu Feb 10 02:13:49 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 09 Feb 2005 21:13:49 -0500 Subject: Fedora Legacy Test Update Notification: gdk-pixbuf Message-ID: <420AC35D.3020801@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2005 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2005 2005-02-09 --------------------------------------------------------------------- Name : gdk-pixbuf Versions : rh7.3: gdk-pixbuf-0.22.0-7.73.2.legacy Versions : rh9: gdk-pixbuf-0.22.0-7.90.2.legacy Summary : An image loading library used with GNOME. Description : The gdk-pixbuf package contains an image loading library used with the GNOME desktop environment. The GdkPixBuf library provides image loading facilities, the rendering of a GdkPixBuf into various formats (drawables or GdkRGB buffers), and a cache interface. --------------------------------------------------------------------- Update Information: Updated gdk-pixbuf packages that fix several security flaws are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. Thomas Kristensen discovered a bitmap file that would cause the Evolution mail reader to crash. This issue was caused by a flaw that affects versions of the gdk-pixbuf package prior to 0.20. To exploit this flaw, a remote attacker could send (via email) a carefully-crafted BMP file, which would cause Evolution to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0111 to this issue. During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CAN-2004-0788) Users of gdk-pixbuf are advised to upgrade to these packages, which contain backported patches and are not vulnerable to these issues. --------------------------------------------------------------------- Changelogs rh73: * Thu Jan 06 2005 John Dalbec 1:0.22.0-7.73.2.legacy - added db1-devel buildreq because gnome-config --libs insists on it - added hack from Pavel Kankovsky to get loaders to install correctly * Sat Sep 18 2004 Marc Deslauriers 1:0.22.0-7.73.1.legacy - Changed release number and built packages * Thu Sep 16 2004 Pavel Kankovsky 1:0.22.0-7.legacy - added buildreqs from previous legacy pkgs (minus pointless libdb1-devel) - fix for CAN-2004-0111 included in 0.22.0 * Wed Sep 15 2004 Matthias Clasen - 1:0.22.0-11.2.2E - Fix a bug in the previous change that broke the xpm loader * Fri Sep 03 2004 Matthias Clasen - 1:0.22.0-11.1.2E - Fix issues in the xpm and ico loaders found by Chris Evans (#130711) * Fri Aug 20 2004 Owen Taylor - 1:0.22.0-10.0.2E - Fix problem with infinite loop on bad BMP data (#130455, test BMP from Chris Evans, fix from Manish Singh) rh9: * Sat Feb 05 2005 Marc Deslauriers 1:0.22.0-7.90.2.legacy - Added missing automake14 BuildRequires * Sat Sep 18 2004 Marc Deslauriers 1:0.22.0-7.90.1.legacy - Changed release number and ajusted spec file parameters for rh9 * Thu Sep 16 2004 Pavel Kankovsky 1:0.22.0-7.legacy - added buildreqs from previous legacy pkgs (minus pointless libdb1-devel) - fix for CAN-2004-0111 included in 0.22.0 * Wed Sep 15 2004 Matthias Clasen - 1:0.22.0-11.2.2E - Fix a bug in the previous change that broke the xpm loader * Fri Sep 03 2004 Matthias Clasen - 1:0.22.0-11.1.2E - Fix issues in the xpm and ico loaders found by Chris Evans (#130711) * Fri Aug 20 2004 Owen Taylor - 1:0.22.0-10.0.2E - Fix problem with infinite loop on bad BMP data (#130455, test BMP from Chris Evans, fix from Manish Singh) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: a29384912cdf63b635694050c1ecf2f8f56f2e3c redhat/7.3/updates-testing/i386/gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm 2e9223509766118f53b1934f77ed9d625558772c redhat/7.3/updates-testing/i386/gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm 550e131ff9707a021c1949472ed94c23aec2391c redhat/7.3/updates-testing/i386/gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm ed74d85b0419e4b3eba53a2a65cd87be1b460572 redhat/7.3/updates-testing/SRPMS/gdk-pixbuf-0.22.0-7.73.2.legacy.src.rpm rh9: 1783c789f1eca62ee264eb7dd5aaef93084a154a redhat/9/updates-testing/i386/gdk-pixbuf-0.22.0-7.90.2.legacy.i386.rpm a7c5d85e2d367b81425ddd0eab32fb18b1b316b2 redhat/9/updates-testing/i386/gdk-pixbuf-devel-0.22.0-7.90.2.legacy.i386.rpm 50eea5f1886468a5ec6c9d0d10765afcae9791a1 redhat/9/updates-testing/i386/gdk-pixbuf-gnome-0.22.0-7.90.2.legacy.i386.rpm ccc7442f3dd7dd696a5000cbd5cc1d9624f89673 redhat/9/updates-testing/SRPMS/gdk-pixbuf-0.22.0-7.90.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 02:14:24 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 09 Feb 2005 21:14:24 -0500 Subject: Fedora Legacy Test Update Notification: lesstif Message-ID: <420AC380.4090906@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2142 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2142 2005-02-09 --------------------------------------------------------------------- Name : lesstif 7.3 Version : lesstif-0.93.18-2.2.legacy 9 Version : lesstif-0.93.36-3.2.legacy fc1 Version : lesstif-0.93.36-4.2.legacy Summary : An OSF/Motif(R) clone. Description : LessTif is a free replacement for OSF/Motif(R), which provides a full set of widgets for application development (menus, text entry areas, scrolling windows, etc.). LessTif is source compatible with OSF/Motif(R) 1.2. The widget set code is the primary focus of development. If you are installing lesstif, you also need to install lesstif-clients. --------------------------------------------------------------------- Update Information: Updated lesstif packages that fix flaws in the Xpm image library are now available. lesstif is a free replacement for OSF/Motif(R), which provides a full set of widgets for application development. During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within LessTif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues. Users of lesstif are advised to upgrade to these erratum packages, which contain backported security patches to the embedded libXpm library. --------------------------------------------------------------------- Changelogs: rh73: * Fri Dec 03 2004 Rob Myers 0.93.18-2.2.legacy - apply diff from current lesstif cvs that removes the monolithic Xpm.c file and breaks it into the latest versions of the separate libXpm files. this should fix CAN-2004-0667, CAN-2004-0668, and CAN-2004-0914 (FL #2142) rh9: * Fri Dec 03 2004 Rob Myers 0.93.36-3.2.legacy - apply diff from current lesstif cvs that removes the monolithic Xpm.c file and breaks it into the latest versions of the separate libXpm files. this should fix CAN-2004-0667, CAN-2004-0668, and CAN-2004-0914 (FL #2142) fc1: * Fri Dec 03 2004 Rob Myers 0.93.36-4.2.legacy - apply diff from current lesstif cvs that removes the monolithic Xpm.c file and breaks it into the latest versions of the separate libXpm files. this should fix CAN-2004-0667, CAN-2004-0668, and CAN-2004-0914 (FL #2142) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 26c3a96c2a96318a571a764bf6cbcc2da51b864e redhat/7.3/updates-testing/i386/lesstif-0.93.18-2.2.legacy.i386.rpm 67cdd0f2ddcedd779b72dbe56a8a8b14c78776a5 redhat/7.3/updates-testing/i386/lesstif-devel-0.93.18-2.2.legacy.i386.rpm d5547933d225e222b84a214bc8da59f914b4daaa redhat/7.3/updates-testing/SRPMS/lesstif-0.93.18-2.2.legacy.src.rpm acd0cd8114977e042b846ed551dc3bbc4bceb5da redhat/9/updates-testing/i386/lesstif-0.93.36-3.2.legacy.i386.rpm 2214729452e380e0d7f792a44fb319f570b8cb92 redhat/9/updates-testing/i386/lesstif-devel-0.93.36-3.2.legacy.i386.rpm 555602673a35a96b35d4409eab2a6ce34b431588 redhat/9/updates-testing/SRPMS/lesstif-0.93.36-3.2.legacy.src.rpm 8eb15fc40c444e4b23c2400d83716b80d13ce338 fedora/1/updates-testing/i386/lesstif-0.93.36-4.2.legacy.i386.rpm 88ac0f340f86dd7030a78d77d8d8b8570c614a55 fedora/1/updates-testing/i386/lesstif-devel-0.93.36-4.2.legacy.i386.rpm 57b16fc90fd0dadd13f2db2899de976e1f4c08aa fedora/1/updates-testing/SRPMS/lesstif-0.93.36-4.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 02:14:47 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 09 Feb 2005 21:14:47 -0500 Subject: Fedora Legacy Test Update Notification: nfs-utils Message-ID: <420AC397.6030108@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2339 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2339 2005-02-09 --------------------------------------------------------------------- Name : nfs-utils Versions : rh7.3: nfs-utils-0.3.3-6.73.1.legacy Versions : rh9: nfs-utils-1.0.1-3.9.1.legacy Versions : fc1: nfs-utils-1.0.6-1.1.legacy Summary : NFS utilities and supporting daemons for the kernel NFS server. Description : The nfs-utils package provides a daemon for the kernel NFS server and related tools, providing a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. --------------------------------------------------------------------- Update Information: An updated nfs-utils package that fixes a security issue is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools, providing a much higher level of performance than the traditional Linux NFS server used by most users. SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1014 to this issue. All users of nfs-utils should upgrade to this updated package, which resolves this issue. --------------------------------------------------------------------- Changelogs rh73: * Thu Dec 23 2004 Pekka Savola 0.3.3-6.73.1.legacy - Backport statd fixes from RHEL3 to fix CAN-2004-1014. (#2339) rh9: * Thu Dec 23 2004 Pekka Savola 1.0.1-3.9.1.legacy - Backport statd fixes from RHEL3 to fix CAN-2004-1014. (#2339) fc1: * Thu Dec 23 2004 Pekka Savola 1.0.6-1.1.legacy - statd fixes from RHEL3 to fix CAN-2004-1014. (#2339) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 8c5abe86dcf8c54d71fdb7431df159405fed830b redhat/7.3/updates-testing/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm e6ed500f9a027f882410942eeba7807a02e7684a redhat/7.3/updates-testing/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm rh9: 4b5a41715061a0d4e04d2b7310657ccf9cb1a3cb redhat/9/updates-testing/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm 37e2bb721b47e569bd9e6ee922532f9d9e8dcde3 redhat/9/updates-testing/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm fc1: 8720cd5101f6d989e2f0695a54049561644ccd93 fedora/1/updates-testing/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm 7320e145578c605b50ab7dcfb46ff4c152b0487c fedora/1/updates-testing/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 02:15:07 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 09 Feb 2005 21:15:07 -0500 Subject: Fedora Legacy Test Update Notification: openmotif Message-ID: <420AC3AB.9010306@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2143 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2143 2005-02-09 --------------------------------------------------------------------- Name : openmotif 7.3 Version : openmotif-2.2.2-5.2.legacy, openmotif21-2.1.30-1.2.legacy 9 Version : openmotif-2.2.2-14.2.legacy, openmotif21-2.1.30-8.0.9.2.legacy fc1 Version : openmotif-2.2.2-16.1.2.legacy, openmotif21-2.1.30-8.2.legacy Summary : Open Motif runtime libraries and executables. Description : This is the Open Motif 2.2.1 runtime environment. It includes the Motif shared libraries, needed to run applications which are dynamically linked against Motif, and the Motif Window Manager "mwm". --------------------------------------------------------------------- Update Information: Updated openmotif packages that fix flaws in the Xpm image library are now available. OpenMotif provides libraries which implement the Motif industry standard graphical user interface. During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues. Users of OpenMotif are advised to upgrade to these erratum packages, which contain backported security patches to the embedded libXpm library. --------------------------------------------------------------------- openmotif21 changelogs: rh73: * Thu Dec 02 2004 Rob Myers 2.1.30-1.2.legacy - apply patch for CAN-2004-0914 (FL #2143) - use redhat's patch for CAN-2004-0687, CAN-2004-0688 - added BuildRequires: flex, byacc * Thu Nov 04 2004 Rob Myers 2.1.30-1.1.legacy - apply patch for CAN-2004-0687, CAN-2004-0688 (FL #2143) - added BuildRequires: automake, XFree86-devel rh9: * Wed Dec 01 2004 Rob Myers 2.1.30-8.0.9.2.legacy - apply patch for CAN-2004-0914 (FL #2143) - use redhat's patch for CAN-2004-0687, CAN-2004-0688 - added BuildRequires: flex, byacc * Thu Nov 04 2004 Rob Myers 2.1.30-8.1.legacy - apply patch for CAN-2004-0687, CAN-2004-0688 (FL #2143) - added BuildRequires: automake, XFree86-devel fc1: * Wed Dec 01 2004 Rob Myers 2.1.30-8.2.legacy - apply patch for CAN-2004-0914 (FL #2143) - use redhat's patch for CAN-2004-0687, CAN-2004-0688 - added BuildRequires: flex, byacc * Thu Nov 04 2004 Rob Myers 2.1.30-8.1.legacy - apply patch for CAN-2004-0687, CAN-2004-0688 (FL #2143) - added BuildRequires: automake, XFree86-devel openmotif changelogs: rh73: * Thu Dec 02 2004 Rob Myers 2.2.2-5.2.legacy - apply rediff'd version of redhat's patch for CAN-2004-0914 (FL #2143) - use redhat's patch for CAN-2004-0687, CAN-2004-0688 - add patch to ltmain.sh to link properly * Thu Nov 04 2004 Rob Myers 2.2.2-5.1.legacy - apply patch for CAN-2004-0687, CAN-2004-0688 (FL #2143) - added BuildRequires: flex, byacc, XFree86-devel rh9: * Thu Dec 02 2004 Rob Myers 2.2.2-14.2.legacy - apply rediff'd version of redhat's patch for CAN-2004-0914 (FL #2143) - use redhat's patch for CAN-2004-0687, CAN-2004-0688 * Thu Nov 04 2004 Rob Myers 2.2.2-14.1.legacy - apply patch for CAN-2004-0687, CAN-2004-0688 (FL #2143) - add BuildPreReq: libtool, XFree86-devel fc1: * Thu Dec 02 2004 Rob Myers 2.2.2-16.1.2.legacy - apply rediff'd version of redhat's patch for CAN-2004-0914 (FL #2143) - use redhat's patch for CAN-2004-0687, CAN-2004-0688 * Thu Nov 04 2004 Rob Myers 2.2.2-16.1.1.legacy - apply patch for CAN-2004-0687, CAN-2004-0688 (FL #2143) - add BuildPreReq: libtool, XFree86-devel --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fdb330d0eb404befeab472a98001c7a3e9a3a285 redhat/7.3/updates-testing/i386/openmotif21-2.1.30-1.2.legacy.i386.rpm 069006be17df36fb8bdd4f3144922f2a82b3f255 redhat/7.3/updates-testing/i386/openmotif-2.2.2-5.2.legacy.i386.rpm a687cebff8a3bd4083953a127acc4c5aa47abd56 redhat/7.3/updates-testing/i386/openmotif-devel-2.2.2-5.2.legacy.i386.rpm 015a88a9538a818261d0841a56d77be8135d80a9 redhat/7.3/updates-testing/SRPMS/openmotif21-2.1.30-1.2.legacy.src.rpm b21a945dc27b5a485f31acf2f9c30deb2fc4eddd redhat/7.3/updates-testing/SRPMS/openmotif-2.2.2-5.2.legacy.src.rpm e215ee7469ba2087b03d92754703089fea7d3daf redhat/9/updates-testing/i386/openmotif21-2.1.30-8.0.9.2.legacy.i386.rpm 685a0ac8194730e6ccd4f56ae375052beca011b8 redhat/9/updates-testing/i386/openmotif-2.2.2-14.2.legacy.i386.rpm 55805c44030bd081907ef461a9d752c16ec66907 redhat/9/updates-testing/i386/openmotif-devel-2.2.2-14.2.legacy.i386.rpm 4ac7fe6bbc1c51cc954349fa7fb9428184d0da79 redhat/9/updates-testing/SRPMS/openmotif21-2.1.30-8.0.9.2.legacy.src.rpm 4e4a5d7c2554a082075bbd7990aaa2c289cc74df redhat/9/updates-testing/SRPMS/openmotif-2.2.2-14.2.legacy.src.rpm 4b3d11f17b6997670140d6b39086050ea77928bc fedora/1/updates-testing/i386/openmotif21-2.1.30-8.2.legacy.i386.rpm 1e7c9aa8fa59add13c049193bfcadc6cf9f18613 fedora/1/updates-testing/i386/openmotif-2.2.2-16.1.2.legacy.i386.rpm 14b5b94cad04f7d08e287651be552ff37adb38f8 fedora/1/updates-testing/i386/openmotif-devel-2.2.2-16.1.2.legacy.i386.rpm 45fb3379e2a7c981bc5f7a43395bf793ba1135ac fedora/1/updates-testing/SRPMS/openmotif21-2.1.30-8.2.legacy.src.rpm 301a695b034118ceee64f92b0778a08919871374 fedora/1/updates-testing/SRPMS/openmotif-2.2.2-16.1.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 02:15:36 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 09 Feb 2005 21:15:36 -0500 Subject: Fedora Legacy Test Update Notification: rp-pppoe Message-ID: <420AC3C8.6000804@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2116 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2116 2005-02-09 --------------------------------------------------------------------- Name : rp-pppoe 7.3 Version : rp-pppoe-3.3-10.legacy 9 Version : rp-pppoe-3.5-2.2.legacy fc1 Version : rp-pppoe-3.5-8.2.legacy Summary : A PPP over Ethernet client (for xDSL support). Description : PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used by many ADSL Internet Service Providers. This package contains the Roaring Penguin PPPoE client, a user-mode program that does not require any kernel modifications. It is fully compliant with RFC 2516, the official PPPoE specification. --------------------------------------------------------------------- Update Information: An updated rp-pppoe package that fixes a security vulnerability is now available. The rp-pppoe package is a PPP over Ethernet client (for xDSL support). Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Red Hat Linux or Fedora Core installation), an attacker could overwrite any file on the file system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0564 to this issue. All users of rp-pppoe should upgrade to this updated package, which resolves this issue. --------------------------------------------------------------------- Changelogs: rh73: * Sat Feb 05 2005 Marc Deslauriers 3.3.8-10.legacy - added missing autoconf to BuildRequires * Sat Oct 09 2004 Marc Deslauriers 3.3.8-9.legacy - added better patch for CAN-2004-0564 * Thu Oct 07 2004 Simon Weller 3.3.8-7.x.legacy - added patch for CAN-2004-0564, setuid root file overwriting issue rh9: * Sat Feb 05 2005 Marc Deslauriers 3.5-2.2.legacy - added missing autoconf to BuildRequires * Sat Oct 09 2004 Marc Deslauriers 3.5-2.1.legacy - add rp-pppoe-3.5-CAN-2004-0564.patch fc1: * Sat Feb 05 2005 Marc Deslauriers 3.5-8.2.legacy - added missing autoconf to BuildRequires * Thu Oct 07 2004 Rob Myers 3.5-8.1.legacy - add rp-pppoe-3.5-CAN-2004-0564.patch --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 3f7646466059606af82392573647db2757a07184 redhat/7.3/updates-testing/i386/rp-pppoe-3.3-10.legacy.i386.rpm 0c9fdb6d3ad087cdedef83dc564ae1b21d8f5bab redhat/7.3/updates-testing/SRPMS/rp-pppoe-3.3-10.legacy.src.rpm dda91513cd724e0175550465b19c8fab00876f9a redhat/9/updates-testing/i386/rp-pppoe-3.5-2.2.legacy.i386.rpm a5806f7bbcb5cd62f33a9b36904d08548da976b8 redhat/9/updates-testing/SRPMS/rp-pppoe-3.5-2.2.legacy.src.rpm 8f808a8239aeebf880c9b9b894531dd26db849a9 fedora/1/updates-testing/i386/rp-pppoe-3.5-8.2.legacy.i386.rpm ef55f4b9380d5551129f806ae76ba548bfb7bdb4 fedora/1/updates-testing/SRPMS/rp-pppoe-3.5-8.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 02:15:55 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 09 Feb 2005 21:15:55 -0500 Subject: Fedora Legacy Test Update Notification: sharutils Message-ID: <420AC3DB.4050606@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2155 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2155 2005-02-09 --------------------------------------------------------------------- Name : sharutils 7.3 Version : sharutils-4.2.1-12.7.x.legacy 9 Version : sharutils-4.2.1-16.9.1.legacy fc1 Version : sharutils-4.2.1-17.2.legacy Summary : The GNU shar utilities for managing shell archives. Description : The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files (in binary or text format) in a special plain text format called shell archives (shar). This format can be sent through email (which can be problematic for regular binary files). The shar utility supports a wide range of capabilities (compressing, uuencoding, splitting long files for multi-part mailings, providing checksums), which make it very flexible. After the files have been sent, the unshar tool scans mail messages looking for shar files. Unshar automatically strips off mail headers and introductory text and then unpacks the shar files. --------------------------------------------------------------------- Update Information: Updated packages for sharutils which fix security vulnerabilities are now available. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow in unshar.c. Shaun Colley discovered a stack-based buffer overflow vulnerability in the -o command-line option handler. An attacker could exploit these vulnerabilities to execute arbitrary code as the user running one of the sharutils programs. All users of sharutils should upgrade to these packages, which resolve these issues. --------------------------------------------------------------------- Changelogs: rh73: * Sat Feb 05 2005 Marc Deslauriers 4.2.1-12.7.x.legacy - Added missing gettext and mailx BuildRequires * Tue Oct 19 2004 Simon Weller 4.2.1-11.7.x.legacy - Added missed patch for Buffer overflow in handling of -o option - Reference: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123230 * Mon Oct 18 2004 Simon Weller 4.2.1-10.7.x.legacy - Added patch for shar.c buffer overflow - Added patch for unshar.c buffer overflow - Reference: http://www.securityfocus.com/advisories/7268 rh9: * Sat Feb 05 2005 Marc Deslauriers 4.2.1-16.9.1.legacy - Added missing gettext and mailx BuildRequires * Tue Oct 19 2004 Simon Weller 4.2.1-16.9.legacy - Added missed patch for Buffer overflow in handling of -o option - Reference: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123230 * Mon Oct 18 2004 Simon Weller 4.2.1-15.9.legacy - Added patch for shar.c buffer overflow - Added patch for unshar.c buffer overflow - Reference: http://www.securityfocus.com/advisories/7268 fc1: * Sat Feb 05 2005 Marc Deslauriers 4.2.1-17.2.legacy - Added missing gettext and mailx to BuildRequires * Thu Oct 21 2004 Rob Myers 4.2.1-17.1.legacy - add patches for multiple buffer overflows (FL #2155) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 192306ce2a6cecb89a950040b850f86a28b26998 redhat/7.3/updates-testing/i386/sharutils-4.2.1-12.7.x.legacy.i386.rpm 25fdf9cb3237bb9a7f9cd5fd211412d74f4f05c6 redhat/7.3/updates-testing/SRPMS/sharutils-4.2.1-12.7.x.legacy.src.rpm d6f2e705ae07f48f5dbbc742f44cbc4dea4c446d redhat/9/updates-testing/i386/sharutils-4.2.1-16.9.1.legacy.i386.rpm 678acff4ea03db0aa8bc8f8d90630ffe51d27625 redhat/9/updates-testing/SRPMS/sharutils-4.2.1-16.9.1.legacy.src.rpm 457f8c7a9bc795c5d33bd8bb3e508e2b1e884df0 fedora/1/updates-testing/i386/sharutils-4.2.1-17.2.legacy.i386.rpm 7fad3189ab60428f22869daf15304aa1c24b3037 fedora/1/updates-testing/SRPMS/sharutils-4.2.1-17.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 02:16:17 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 09 Feb 2005 21:16:17 -0500 Subject: Fedora Legacy Test Update Notification: zlib Message-ID: <420AC3F1.5000201@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2043 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2043 2005-02-09 --------------------------------------------------------------------- Name : zlib Versions : fc1: zlib-1.2.0.7-2.1.legacy Summary : The zlib compression and decompression library. Description : Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs. --------------------------------------------------------------------- Update Information: An updated zlib package that fixes a security flaws is now available. Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs. Johan Thelmen reported that a specially crafted file can cause a segmentation fault in zlib as the inflate() and inflateBack() functions do not properly handle errors. An attacker could construct a carefully crafted file that could cause a crash or possibly execute arbitrary code when opened. The specific impact depends on the application using zlib. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0797 to this issue. Users of zlib are advised to upgrade to this errata package, which contains a backported patch correcting this issue. --------------------------------------------------------------------- Changelogs fc1: * Fri Nov 19 2004 Rob Myers 1.2.0.7-2.1.legacy - apply patch for CAN-2004-0797 (FL #2043) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fc1: 815ce5cc7d77184e8075d7b81f16ae94f620ffea fedora/1/updates-testing/i386/zlib-1.2.0.7-2.1.legacy.i386.rpm e7364e589e0a06615c3a02235e54619ca58d0997 fedora/1/updates-testing/i386/zlib-devel-1.2.0.7-2.1.legacy.i386.rpm 4013ab1384694342ed5083f843c2b78d1f4082a7 fedora/1/updates-testing/SRPMS/zlib-1.2.0.7-2.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From purbon at abra.uab.es Tue Feb 8 09:16:38 2005 From: purbon at abra.uab.es (Pere =?ISO-8859-1?Q?Urb=F3n?= Bayes) Date: Tue, 08 Feb 2005 10:16:38 +0100 Subject: Some PostgreSQL Bug Fixing Message-ID: <1107854198.24747.6.camel@localhost.localdomain> Some days ago was discovered some errors on arbitrary library loading with PostgreSQL. Will FedoraLegacy project take out one security patch for fedora core 1? Regard's -- /********************************************************* * Pere Urb?n Bayes * * E-mail: purbon (a) ccd (punt) uab (punt) es * * T?cnic Especialista de Suport a la Recerca * * Dept. Enginyeria de la Informaci? i les Comunicacions * * * * Tel: 93.581.35.73 * * Fax: 93.581.30.33 * ********************************************************/ From dom at earth.li Thu Feb 10 01:40:45 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 10 Feb 2005 01:40:45 +0000 Subject: [FLSA-2005:1943] Updated libpng resolves security vulnerabilities Message-ID: <20050210014044.GA22176@home.thedom.org> ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated libpng resolves security vulnerabilities Advisory ID: FLSA:1943 Issue date: 2005-02-08 Product: Red Hat Linux Fedora Core Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1943 https://bugzilla.fedora.us/show_bug.cgi?id=1550 CVE Names: CVE-2002-1363, CAN-2004-0597, CAN-2004-0598, CAN-2004-0599, CAN-2004-0768 ----------------------------------------------------------------------- ----------------------------------------------------------------------- 1. Topic: Updated libpng packages that fix security vulnerabilities are now available. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0597 to these issues. In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim. These patches also include a more complete fix for the out of bounds memory access flaw (CVE-2002-1363), in which there was a buffer overrun while adding filler bytes to 16-bit RGBA samples, and a similar patch (CAN-2004-0768) that fixes a buffer overrun while adding filler bytes to 16-bit grayscale samples. All users are advised to update to the updated libpng packages which contain backported security patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs/ for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - 1943 - CAN-2004-0597to0599 libpng buffer overflows 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/libpng-1.0.15-0.7x.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/libpng-1.0.15-0.7x.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/libpng-devel-1.0.15-0.7x.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/libpng-1.2.2-20.3.legacy.src.rpm http://download.fedoralegacy.org/redhat/9/updates/SRPMS/libpng10-1.0.15-0.9.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/libpng10-1.0.15-0.9.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/libpng10-devel-1.0.15-0.9.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/libpng-1.2.2-20.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/libpng-devel-1.2.2-20.3.legacy.i386.rpm Fedora Core 1 SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/libpng-1.2.5-7.1.legacy.src.rpm http://download.fedoralegacy.org/fedora/1/updates/SRPMS/libpng10-1.0.15-7.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/libpng10-1.0.15-7.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/libpng10-devel-1.0.15-7.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/libpng-1.2.5-7.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/libpng-devel-1.2.5-7.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------------- e291de4ff9cfdb558b38722a12481c3807f21983 redhat/7.3/updates/SRPMS/libpng-1.0.15-0.7x.1.legacy.src.rpm 1c286b40e2ad76146a9a4480e9db26bc04aaadb7 redhat/7.3/updates/i386/libpng-1.0.15-0.7x.1.legacy.i386.rpm 0dc1beac1fa548eeb4d59fab754c4b42e05ff541 redhat/7.3/updates/i386/libpng-devel-1.0.15-0.7x.1.legacy.i386.rpm cdd4dd5844581c8aa9b16e9738f9529f77a9804d redhat/9/updates/SRPMS/libpng10-1.0.15-0.9.1.legacy.src.rpm be705f7823d379c5c99f88f4b2c2364e333379cb redhat/9/updates/SRPMS/libpng-1.2.2-20.3.legacy.src.rpm d71f34a57a80386cdbe2bc9738f0e2b778c639e7 redhat/9/updates/i386/libpng10-1.0.15-0.9.1.legacy.i386.rpm e89ca650e1839e4ad3155097cf6c70e239befe7c redhat/9/updates/i386/libpng10-devel-1.0.15-0.9.1.legacy.i386.rpm 7cd0d3d36280449e6cb0fe1b4478d14701ec11c5 redhat/9/updates/i386/libpng-1.2.2-20.3.legacy.i386.rpm 36ddbdaac4cc3ec1f9e23521a0ad1029714a80a2 redhat/9/updates/i386/libpng-devel-1.2.2-20.3.legacy.i386.rpm 8c0ab7f220cfd7022f682772098d5efbd2811526 fedora/1/updates/SRPMS/libpng10-1.0.15-7.1.legacy.src.rpm 6a6643b6e1f01e6f8540f36e9a7518c44826a783 fedora/1/updates/SRPMS/libpng-1.2.5-7.1.legacy.src.rpm 0afca5b729899b1fedeed263ddd2ac7aa506eb5b fedora/1/updates/i386/libpng10-1.0.15-7.1.legacy.i386.rpm 6a7a6ecaa0435e2254e48bc5ea4c2d1724d5b160 fedora/1/updates/i386/libpng10-devel-1.0.15-7.1.legacy.i386.rpm 8e28d39029ff88510d3899c2848273a76b6e71f4 fedora/1/updates/i386/libpng-1.2.5-7.1.legacy.i386.rpm 405443b2e0e56b3d5e5f3f9b6a89bd3a83c24afb fedora/1/updates/i386/libpng-devel-1.2.5-7.1.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: https://rhn.redhat.com/errata/RHSA-2004-402.html 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dom at earth.li Thu Feb 10 01:42:13 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 10 Feb 2005 01:42:13 +0000 Subject: [FLSA-2005:1906] Updated abiword packages fix security issue Message-ID: <20050210014213.GA22338@home.thedom.org> ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated abiword resolves security vulnerabilities Advisory ID: FLSA:1906 Issue date: 2005-02-08 Product: Red Hat Linux Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1906 CVE Names: CAN-2004-0645 ----------------------------------------------------------------------- ----------------------------------------------------------------------- 1. Topic: Updated abiword packages that fix a security vulnerability are now available. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 3. Problem description: AbiWord is a cross-platform, open-source word processor. A buffer overflow in the wv library included in abiword allows remote attackers to execute arbitrary code via a document with a long DateTime field. All users are advised to upgrade to these updated packages, which contain a backported fix and are not vulnerable to this issue. Fedora Legacy would like to thank Marc Deslauriers for reporting this issue, and Dave Botsch and Marc Deslauriers and preparing updated RPMs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - 1906 - CAN-2004-0645-Abiword wv component buffer overflow 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/abiword-0.99.5-5.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/abiword-0.99.5-5.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/abiword-1.0.4-5.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/abiword-1.0.4-5.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------------- 00dd8f5f01ce6682a351cff89fc7e3ae146ce2fb redhat/7.3/updates/SRPMS/abiword-0.99.5-5.legacy.src.rpm 6fae7b296b25173f3c275e5b6d57e44a1e8dd453 redhat/7.3/updates/i386/abiword-0.99.5-5.legacy.i386.rpm 40ec194cf69f56ee176e6c7bb995a6b34bad5cb2 redhat/9/updates/SRPMS/abiword-1.0.4-5.legacy.src.rpm fadc8f407110a121ced851d20748c7807f2f71a2 redhat/9/updates/i386/abiword-1.0.4-5.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://www.abisource.com/release-notes/2.0.9.phtml http://xforce.iss.net/xforce/xfdb/16660 http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dom at earth.li Fri Feb 11 01:19:45 2005 From: dom at earth.li (Dominic Hargreaves) Date: Fri, 11 Feb 2005 01:19:45 +0000 Subject: Fedora Legacy Test Update Notification: mailman Message-ID: <20050211011944.GA28370@home.thedom.org> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2419 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2419 2005-02-11 --------------------------------------------------------------------- Name : mailman Versions : rh9: mailman-2.1.1-8.legacy Versions : fc1: mailman-2.1.5-8.legacy Summary : Mailing list manager with built in Web access. Description : Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the Web. Mailman also integrates most things people want to do with mailing lists, including archiving, mail <-> news gateways, and so on. --------------------------------------------------------------------- Update Information: Updated mailman packages that correct a mailman security issue are now available. A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0202 to this issue. Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to this issue. Users of mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue. --------------------------------------------------------------------- Changelogs rh9: * Thu Feb 10 2005 Dominic Hargreaves 3:2.1.1-8.legacy - Fix CAN-2005-0202 (password exposure) fc1: * Thu Feb 10 2005 Dominic Hargreaves - 3:2.1.5-8.legacy - Added python, autoconf and automake build prerequisites * Thu Feb 10 2005 Jeff Sheltren - 3:2.1.5-7.legacy - Patch CAN-2005-0202 (using RHEL patch) - Add legacy release tag --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh9: 25326c2d67924ff669ec8577e1f3da8090c7a94c redhat/9/updates-testing/SRPMS/mailman-2.1.1-8.legacy.src.rpm df9db43206a4d4394d2ca9a0ebf473b4520df5ec redhat/9/updates-testing/i386/mailman-2.1.1-8.legacy.i386.rpm ae868e1bf44d1e3fa94b00e91b7df385643daa37 fedora/1/updates-testing/SRPMS/mailman-2.1.5-8.legacy.src.rpm 556f7cd0bf69c4d72c6a5630523d0609f9b85aba fedora/1/updates-testing/i386/mailman-2.1.5-8.legacy.i386.rpm --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 23:02:17 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 10 Feb 2005 18:02:17 -0500 Subject: [FLSA-2005:2353] Updated gpdf package fixes security issues Message-ID: <420BE7F9.8080404@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated gpdf package fixes security issues Advisory ID: FLSA:2353 Issue date: 2005-02-10 Product: Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2353 CVE Names: CAN-2004-0888 CAN-2004-1125 CAN-2005-0064 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated gpdf package that fixes a number of integer overflow security flaws is now available. GPdf is a viewer for Portable Document Format (PDF) files for GNOME. 2. Relevant releases/architectures: Fedora Core 1 - i386 3. Problem description: During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. These issues also affect gpdf as it is based on xpdf source code. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. This flaw also affects gpdf as it is based on xpdf source code. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. Users of gpdf are advised to upgrade to this errata package, which contains backported patches correcting these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2353 - xpdf buffer overflows apply to gpdf 6. RPMs required: Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/gpdf-0.110-1.4.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/gpdf-0.110-1.4.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 63438a137ac33d1355bc6b8065fef0a03dde7e68 fedora/1/updates/i386/gpdf-0.110-1.4.legacy.i386.rpm 19c4e9fd40a135b4ad782c228990edcdc38dad04 fedora/1/updates/SRPMS/gpdf-0.110-1.4.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 23:03:06 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 10 Feb 2005 18:03:06 -0500 Subject: [FLSA-2005:2252] Updated iptables packages resolve security issues Message-ID: <420BE82A.8050600@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated iptables packages resolve security issues Advisory ID: FLSA:2252 Issue date: 2005-02-10 Product: Red Hat Linux, Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2252 CVE Names: CAN-2004-0986 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated iptables packages that correct a security problem are now available. The iptables utility controls the network packet filtering code in the Linux kernel. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: Under certain conditions, iptables did not properly load the required modules at system startup, which caused the firewall rules to fail to load and protect the system from remote attackers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0986 to this issue. Users of iptables are advised to upgrade to these errata packages, which contain backported patches correcting these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2252 - iptables May Fail to Automatically Load Some Modules 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/iptables-1.2.8-8.73.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/iptables-1.2.8-8.73.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/iptables-ipv6-1.2.8-8.73.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/iptables-1.2.8-8.90.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-1.2.8-8.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-ipv6-1.2.8-8.90.1.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/iptables-1.2.9-1.0.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-1.2.9-1.0.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-devel-1.2.9-1.0.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/iptables-ipv6-1.2.9-1.0.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 83895bb3697fc2c0a6442a12a481e5670a4c4e36 redhat/7.3/updates/i386/iptables-1.2.8-8.73.1.legacy.i386.rpm a4fbd94e3307c8f6915e9cdf23b98069e7c9e44c redhat/7.3/updates/i386/iptables-ipv6-1.2.8-8.73.1.legacy.i386.rpm d0630819c5a33d60976b5b3c0ed5b7e67bbfc1f6 redhat/7.3/updates/SRPMS/iptables-1.2.8-8.73.1.legacy.src.rpm 1bf551072cb97cb4dfcec90530dbe5f71d3eb4b0 redhat/9/updates/i386/iptables-1.2.8-8.90.1.legacy.i386.rpm e80b93d0c4161576a2707253b25240a2330f7d43 redhat/9/updates/i386/iptables-ipv6-1.2.8-8.90.1.legacy.i386.rpm 5a7849fa4cc500bf6bc0d8320080fb6ba23d9e32 redhat/9/updates/SRPMS/iptables-1.2.8-8.90.1.legacy.src.rpm 87484b5ab4fed7ddaeea720d5303e7f9eca88d16 fedora/1/updates/i386/iptables-1.2.9-1.0.1.legacy.i386.rpm 6aa4eab81a36ddbbd00d4bde0280dd673dfd5324 fedora/1/updates/i386/iptables-devel-1.2.9-1.0.1.legacy.i386.rpm 4d545e88fbec8ff2371a4ed9c5bc494400db6d63 fedora/1/updates/i386/iptables-ipv6-1.2.9-1.0.1.legacy.i386.rpm 7ded8f4994d1a0017d804969318d8d0a6fa5053c fedora/1/updates/SRPMS/iptables-1.2.9-1.0.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 23:03:47 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 10 Feb 2005 18:03:47 -0500 Subject: [FLSA-2005:2352] Updated Xpdf package fixes security issues Message-ID: <420BE853.3020609@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated Xpdf package fixes security issues Advisory ID: FLSA:2352 Issue date: 2005-02-10 Product: Red Hat Linux, Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2352 CVE Names: CAN-2004-0888 CAN-2004-1125 CAN-2005-0064 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated Xpdf packages that fix several security issues are now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. Users of xpdf are advised to upgrade to these errata packages, which contain backported patches correcting these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2352 - xpdf 3.00 Buffer overflow 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/xpdf-1.00-7.4.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-1.00-7.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-chinese-simplified-1.00-7.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-chinese-traditional-1.00-7.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-japanese-1.00-7.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/xpdf-korean-1.00-7.4.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/xpdf-2.01-11.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-2.01-11.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-chinese-simplified-2.01-11.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-chinese-traditional-2.01-11.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-japanese-2.01-11.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/xpdf-korean-2.01-11.3.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/xpdf-2.03-1.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/xpdf-2.03-1.3.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 423ffbb749b7ee88eeb10e6a859eeb0bf065e14f redhat/7.3/updates/i386/xpdf-1.00-7.4.legacy.i386.rpm c73127114f7369b5b7dc47f888bd751aff93126e redhat/7.3/updates/i386/xpdf-chinese-simplified-1.00-7.4.legacy.i386.rpm fc92215a4b5767adc4fc97dbdab273116ba4d633 redhat/7.3/updates/i386/xpdf-chinese-traditional-1.00-7.4.legacy.i386.rpm f723ea683d914c4a07715a06aa986f91617bd4ea redhat/7.3/updates/i386/xpdf-japanese-1.00-7.4.legacy.i386.rpm 81c63ff5b9f1fc0e6a9a384407a46bd699f33feb redhat/7.3/updates/i386/xpdf-korean-1.00-7.4.legacy.i386.rpm e4a7aabeaaac53c1773f2cee640ec1052cffb820 redhat/7.3/updates/SRPMS/xpdf-1.00-7.4.legacy.src.rpm 67e76b9214471447bf79ea1b5b191b16122ba2c0 redhat/9/updates/i386/xpdf-2.01-11.3.legacy.i386.rpm 7c6d5c6374dd7e5c952d37ead71071500ac9fda3 redhat/9/updates/i386/xpdf-chinese-simplified-2.01-11.3.legacy.i386.rpm e351ec803bc2e7c27aa4677dcd57ad9f4772c492 redhat/9/updates/i386/xpdf-chinese-traditional-2.01-11.3.legacy.i386.rpm fcde9f1758de64bd50e5ef003cf344c63264b940 redhat/9/updates/i386/xpdf-japanese-2.01-11.3.legacy.i386.rpm a5e48c1ef2bca6e59b4c27f442078231d6dd68c2 redhat/9/updates/i386/xpdf-korean-2.01-11.3.legacy.i386.rpm 118304e7529774f84fd2a7ac23c4220fe5f92a52 redhat/9/updates/SRPMS/xpdf-2.01-11.3.legacy.src.rpm 604172c53feadba2f6049a41e214dd61ec24fd95 fedora/1/updates/i386/xpdf-2.03-1.3.legacy.i386.rpm 93454fd7f71a3fe88bcc89593312c6120e7168fc fedora/1/updates/SRPMS/xpdf-2.03-1.3.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 10 23:04:25 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 10 Feb 2005 18:04:25 -0500 Subject: [FLSA-2005:2188] Updated gaim package resolves security issues Message-ID: <420BE879.1090609@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated gaim package resolves security issues Advisory ID: FLSA:2188 Issue date: 2005-02-10 Product: Red Hat Linux, Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2188 CVE Names: CAN-2004-0891 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated gaim package that fixes security issues and various bugs is now avaliable. The gaim application is a multi-protocol instant messaging client. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: A buffer overflow has been discovered in the MSN protocol handler. When receiving unexpected sequence of MSNSLP messages, it is possible that an attacker could cause an internal buffer overflow, leading to a crash or possible code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0891 to this issue. This updated gaim package also fixes multiple user interface, protocol, and error handling problems, including an ICQ communication encoding issue. Users of gaim are advised to upgrade to this updated package which contains gaim version 1.0.2 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2188 - gaim MSN protocol buffer overflow. 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gaim-1.0.2-0.FC0.73.0.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/gaim-1.0.2-0.FC0.73.0.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gaim-1.0.2-0.FC0.90.0.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/gaim-1.0.2-0.FC0.90.0.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gaim-1.0.2-0.FC1.0.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/gaim-1.0.2-0.FC1.0.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- a174d3f8283b608124a7d1061d951d3f44eaf5df redhat/7.3/updates/i386/gaim-1.0.2-0.FC0.73.0.legacy.i386.rpm b16668fdeddf34c3534065ab971b511774c346a8 redhat/7.3/updates/SRPMS/gaim-1.0.2-0.FC0.73.0.legacy.src.rpm 4b1ebfc27b5b05868f5737064f16711d72904565 redhat/9/updates/i386/gaim-1.0.2-0.FC0.90.0.legacy.i386.rpm 23dc361672ef204e40dcdba7f5c3a395200625f4 redhat/9/updates/SRPMS/gaim-1.0.2-0.FC0.90.0.legacy.src.rpm 78e9993c468e49abf30779c99a9436046fcce426 fedora/1/updates/i386/gaim-1.0.2-0.FC1.0.legacy.i386.rpm bed1c8a428c099d51086ddc4acf90571f3a04a98 fedora/1/updates/SRPMS/gaim-1.0.2-0.FC1.0.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From blists at nobaloney.net Fri Feb 11 19:36:31 2005 From: blists at nobaloney.net (Jeff Lasman) Date: Fri, 11 Feb 2005 11:36:31 -0800 Subject: Can't install YUM Message-ID: <200502111136.31381.blists@nobaloney.net> I can't install YUM on a RH9 system. When I try I get a list of dependencies. I've managed to find and resolve them all, except this one: libgmp.so.3 I can't find it in an RPM. I loaded it into /usr/lib, copying exactly a setup on a working RH9 system that had it. But rpm -Uvh still won't find it. Can anyone tell me how to resolve this dependency? Thanks. Jeff -- Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US Professional Internet Services & Support / Consulting / Colocation Our blists address used on lists is for list email only Phone +1 951 324-9706, or see: "http://www.nobaloney.net/contactus.html" From khudnut at ucar.edu Fri Feb 11 19:42:51 2005 From: khudnut at ucar.edu (Karl Hudnut) Date: Fri, 11 Feb 2005 12:42:51 -0700 (MST) Subject: Can't install YUM In-Reply-To: <200502111136.31381.blists@nobaloney.net> References: <200502111136.31381.blists@nobaloney.net> Message-ID: Hi Jeff, You know that rpm -qf /path.../filename gives the rpm that provides a file? On a FC1 machine I typed: rpm -qf /usr/lib/libgmp.so.3.3.2 That gives: gmp-4.1.2-9 So that means you need gmp-4.1.2-9...rpm installed. You can get it from rpmfind: rpmfind.net/linux/RPM/ fedora/1/i386/gmp-4.1.2-9.i386.html -- Dr. Karl Hudnut System Administrator UCAR - COSMIC khudnut at ucar.edu http://www.cosmic.ucar.edu 303 497 8024 On Fri, 11 Feb 2005, Jeff Lasman wrote: > I can't install YUM on a RH9 system. > > When I try I get a list of dependencies. I've managed to find and > resolve them all, except this one: > > libgmp.so.3 > > I can't find it in an RPM. > > I loaded it into /usr/lib, copying exactly a setup on a working RH9 > system that had it. > > But rpm -Uvh still won't find it. > > Can anyone tell me how to resolve this dependency? > > Thanks. > > Jeff > -- > Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US > Professional Internet Services & Support / Consulting / Colocation > Our blists address used on lists is for list email only > Phone +1 951 324-9706, or see: "http://www.nobaloney.net/contactus.html" > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > From blists at nobaloney.net Fri Feb 11 19:57:18 2005 From: blists at nobaloney.net (Jeff Lasman) Date: Fri, 11 Feb 2005 11:57:18 -0800 Subject: Can't install YUM In-Reply-To: References: <200502111136.31381.blists@nobaloney.net> Message-ID: <200502111157.18535.blists@nobaloney.net> On Friday 11 February 2005 11:42 am, Karl Hudnut wrote: > You know that > rpm -qf /path.../filename > gives the rpm that provides a file? Not if the package isn't installed: [root at eunlv01 RPMs]# rpm -qf /usr/lib/libgmp.so.3.3.2 file /usr/lib/libgmp.so.3.3.2 is not owned by any package > On a FC1 machine I typed: > > rpm -qf /usr/lib/libgmp.so.3.3.2 > > That gives: > > gmp-4.1.2-9 > > So that means you need gmp-4.1.2-9...rpm installed. You can get it > from rpmfind: > > rpmfind.net/linux/RPM/ fedora/1/i386/gmp-4.1.2-9.i386.html Thanks. Jeff -- Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US Professional Internet Services & Support / Consulting / Colocation Our blists address used on lists is for list email only Phone +1 951 324-9706, or see: "http://www.nobaloney.net/contactus.html" From stickstr at cox.net Fri Feb 11 19:59:01 2005 From: stickstr at cox.net (Paul W. Frields) Date: Fri, 11 Feb 2005 14:59:01 -0500 Subject: Can't install YUM In-Reply-To: References: <200502111136.31381.blists@nobaloney.net> Message-ID: <1108151941.26595.34.camel@localhost.localdomain> On Fri, 2005-02-11 at 12:42 -0700, Karl Hudnut wrote: > Hi Jeff, > > You know that > rpm -qf /path.../filename > gives the rpm that provides a file? > > On a FC1 machine I typed: > > rpm -qf /usr/lib/libgmp.so.3.3.2 > > That gives: > > gmp-4.1.2-9 > > So that means you need gmp-4.1.2-9...rpm installed. You can get it from > rpmfind: > > rpmfind.net/linux/RPM/ fedora/1/i386/gmp-4.1.2-9.i386.html Solving this might seem harder if you didn't have access to another box with gmp installed. You can still solve it, however, by installing the rpmdb-redhat RPM on your system (which is useful for a number of purposes), and running: rpm -q --dbpath /usr/lib/rpmdb/i386-redhat-linux/redhat/ --whatprovides libgmp.so.3 That will provide the answer from the actual distribution: gmp-4.1.2-2 Get that RPM from your Red Hat 9 distribution and install, and you should be set. By the way, if you have that rpmdb-redhat RPM installed, you can use the rpm -ivh --aid switch, so if the stock distro knows what the solution to a dependency is, it will simply suggest the resolution to you. Have fun! -- Paul W. Frields, RHCE From michal at harddata.com Fri Feb 11 20:49:31 2005 From: michal at harddata.com (Michal Jaegermann) Date: Fri, 11 Feb 2005 13:49:31 -0700 Subject: Can't install YUM In-Reply-To: <1108151941.26595.34.camel@localhost.localdomain>; from stickstr@cox.net on Fri, Feb 11, 2005 at 02:59:01PM -0500 References: <200502111136.31381.blists@nobaloney.net> <1108151941.26595.34.camel@localhost.localdomain> Message-ID: <20050211134931.C12907@mail.harddata.com> On Fri, Feb 11, 2005 at 02:59:01PM -0500, Paul W. Frields wrote: > On Fri, 2005-02-11 at 12:42 -0700, Karl Hudnut wrote: > > > > So that means you need gmp-4.1.2-9...rpm installed. You can get it from > > rpmfind: > > > > Solving this might seem harder if you didn't have access to another box > with gmp installed. As it was said - use rpmfind.net. This is a full URL you will get after typing /usr/lib/libgmp.so.3.3.2 into a search field: http://rpmfind.net/linux/rpm2html/search.php?query=%2Fusr%2Flib%2Flibgmp.so.3.3.2 "Found 19 RPM for /usr/lib/libgmp.so.3.3.2" and you can specify a distro in which you are interested, and arch, too. Michal From blists at nobaloney.net Fri Feb 11 20:53:05 2005 From: blists at nobaloney.net (Jeff Lasman) Date: Fri, 11 Feb 2005 12:53:05 -0800 Subject: Can't install YUM In-Reply-To: <1108151941.26595.34.camel@localhost.localdomain> References: <200502111136.31381.blists@nobaloney.net> <1108151941.26595.34.camel@localhost.localdomain> Message-ID: <200502111253.05409.blists@nobaloney.net> On Friday 11 February 2005 11:59 am, Paul W. Frields wrote: > Solving this might seem harder if you didn't have access to another > box with gmp installed. You can still solve it, however, by > installing the rpmdb-redhat RPM on your system (which is useful for a > number of purposes), and running: > > rpm -q --dbpath /usr/lib/rpmdb/i386-redhat-linux/redhat/ > --whatprovides libgmp.so.3 > > That will provide the answer from the actual distribution: > > gmp-4.1.2-2 > > Get that RPM from your Red Hat 9 distribution and install, and you > should be set. By the way, if you have that rpmdb-redhat RPM > installed, you can use the rpm -ivh --aid switch, so if the stock > distro knows what the solution to a dependency is, it will simply > suggest the resolution to you. Have fun! Thanks for improving my knowledge! Jeff -- Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US Professional Internet Services & Support / Consulting / Colocation Our blists address used on lists is for list email only Phone +1 951 324-9706, or see: "http://www.nobaloney.net/contactus.html" From sheltren at cs.ucsb.edu Sun Feb 13 01:33:49 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Sat, 12 Feb 2005 17:33:49 -0800 Subject: Wiki Spam Message-ID: There's some serious spam going on with the FL wiki, for example: http://www.fedoralegacy.org/wiki/index.php/QaTesting Can we do something about this? -Jeff From maillist at jasonlim.com Sun Feb 13 06:18:36 2005 From: maillist at jasonlim.com (Jason Lim) Date: Sun, 13 Feb 2005 14:18:36 +0800 Subject: Wiki Spam References: Message-ID: <1fb501c51194$424b72c0$0900a8c0@SYSTEM9> Don't see it... where? ----- Original Message ----- From: "Jeff Sheltren" To: Sent: Sunday, 13 February, 2005 9:33 AM Subject: Wiki Spam > There's some serious spam going on with the FL wiki, for example: > http://www.fedoralegacy.org/wiki/index.php/QaTesting > > Can we do something about this? > > -Jeff > > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > From jimpop at yahoo.com Sun Feb 13 08:12:25 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Sun, 13 Feb 2005 03:12:25 -0500 Subject: Wiki Spam In-Reply-To: <1fb501c51194$424b72c0$0900a8c0@SYSTEM9> References: <1fb501c51194$424b72c0$0900a8c0@SYSTEM9> Message-ID: <1108282345.4557.1.camel@blue> On Sun, 2005-02-13 at 14:18 +0800, Jason Lim wrote: > Don't see it... where? I saw it late last night but it is no longer there now. Personally I hate wiki's the value they bring come with too much openness. -Jim P. > > > ----- Original Message ----- > From: "Jeff Sheltren" > To: > Sent: Sunday, 13 February, 2005 9:33 AM > Subject: Wiki Spam > > > > There's some serious spam going on with the FL wiki, for example: > > http://www.fedoralegacy.org/wiki/index.php/QaTesting > > > > Can we do something about this? > > > > -Jeff > > > > > > -- > > fedora-legacy-list mailing list > > fedora-legacy-list at redhat.com > > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > > > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list From leonard at den.ottolander.nl Sun Feb 13 12:09:49 2005 From: leonard at den.ottolander.nl (Leonard den Ottolander) Date: Sun, 13 Feb 2005 13:09:49 +0100 Subject: Wiki Spam In-Reply-To: <1108282345.4557.1.camel@blue> References: <1fb501c51194$424b72c0$0900a8c0@SYSTEM9> <1108282345.4557.1.camel@blue> Message-ID: <1108296589.4812.5.camel@athlon.localdomain> Hi Jim, On Sun, 2005-02-13 at 09:12, Jim Popovitch wrote: > I saw it late last night but it is no longer there now. Personally I > hate wiki's the value they bring come with too much openness. Can't the wiki be setup to require a valid email address to which it sends a password? Of course such a setup can't completely stop such spam, but at least it makes the spammer somewhat traceable. By the way, when you notice such spam you all can edit a previous revision and put that back. That's what I did last night. The sooner this gets done the less attractive it gets for the spammer to return. Leonard. -- mount -t life -o ro /dev/dna /genetic/research From dom at earth.li Sun Feb 13 18:21:53 2005 From: dom at earth.li (Dominic Hargreaves) Date: Sun, 13 Feb 2005 18:21:53 +0000 Subject: Some PostgreSQL Bug Fixing In-Reply-To: <1107854198.24747.6.camel@localhost.localdomain> References: <1107854198.24747.6.camel@localhost.localdomain> Message-ID: <20050213182153.GA987@tirian.magd.ox.ac.uk> On Tue, Feb 08, 2005 at 10:16:38AM +0100, Pere Urb?n Bayes wrote: > Some days ago was discovered some errors on arbitrary library loading > with PostgreSQL. > Will FedoraLegacy project take out one security patch for fedora core 1? Hi, It looks like postgres issues are being tracked at but that noone has stepped up to fix these packages yet. Cheers, -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From dom at earth.li Tue Feb 15 23:41:09 2005 From: dom at earth.li (Dominic Hargreaves) Date: Tue, 15 Feb 2005 23:41:09 +0000 Subject: Fedora Legacy Test Update Notification: mailman In-Reply-To: <20050211011944.GA28370@home.thedom.org> References: <20050211011944.GA28370@home.thedom.org> Message-ID: <20050215234108.GA31458@home.thedom.org> On Fri, Feb 11, 2005 at 01:19:45AM +0000, Dominic Hargreaves wrote: > Updated mailman packages that correct a mailman security issue are now > available. rh73 too: c6ee495537e89fed3deb68810404c4786200861c SRPMS/mailman-2.0.13-7.legacy.src.rpm defb763778aab1f04de4f76164afe8d71611e99a i386/mailman-2.0.13-7.legacy.i386.rpm Please verify. * Fri Feb 11 2005 Dominic Hargreaves 3:2.0.13-7.legacy - Add legacy tag, add build dependencies * Tue Feb 08 2005 John Dennis - 3:2.0.13-7 - fix security vulnerability CAN-2005-0202, errata RHSA-2005:136, bug #147342 * Thu Apr 01 2004 John Dennis 3:2.0.13-6 - fix bug 118669, which was filed against errata RHSA-2004:019-04 can-2003-0991, bug 113472. * Fri Jan 23 2004 John Dennis 3:2.0.13-4 - security errata can-2003-0991, Matt G. DoS patch * Tue Nov 12 2002 Tim Powers 2.0.13-4 - remove files from $$RPM_BUILD_ROOT that we don't intent to ship * Wed Aug 14 2002 Nalin Dahyabhai 2.0.13-3 - set MAILHOST and WWWHOST in case the configure script can't figure out the local host name * Fri Aug 02 2002 Nalin Dahyabhai 2.0.13-2 - rebuild -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From jimpop at yahoo.com Wed Feb 16 01:11:54 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Tue, 15 Feb 2005 20:11:54 -0500 Subject: Fedora Legacy Test Update Notification: mailman In-Reply-To: <20050215234108.GA31458@home.thedom.org> References: <20050211011944.GA28370@home.thedom.org> <20050215234108.GA31458@home.thedom.org> Message-ID: <1108516314.8025.73.camel@blue> On Tue, 2005-02-15 at 23:41 +0000, Dominic Hargreaves wrote: > On Fri, Feb 11, 2005 at 01:19:45AM +0000, Dominic Hargreaves wrote: > > > Updated mailman packages that correct a mailman security issue are now > > available. > > rh73 too: > > c6ee495537e89fed3deb68810404c4786200861c SRPMS/mailman-2.0.13-7.legacy.src.rpm > defb763778aab1f04de4f76164afe8d71611e99a i386/mailman-2.0.13-7.legacy.i386.rpm > > Please verify. > > * Fri Feb 11 2005 Dominic Hargreaves 3:2.0.13-7.legacy > > - Add legacy tag, add build dependencies > > * Tue Feb 08 2005 John Dennis - 3:2.0.13-7 > > - fix security vulnerability CAN-2005-0202, errata RHSA-2005:136, bug #147342 Why was this applied to Mailman v2.0.13? According to http://www.list.org/security.html it only affects v2.1 to v2.1.16 -Jim P. From dom at earth.li Wed Feb 16 01:15:35 2005 From: dom at earth.li (Dominic Hargreaves) Date: Wed, 16 Feb 2005 01:15:35 +0000 Subject: Fedora Legacy Test Update Notification: mailman In-Reply-To: <1108516314.8025.73.camel@blue> References: <20050211011944.GA28370@home.thedom.org> <20050215234108.GA31458@home.thedom.org> <1108516314.8025.73.camel@blue> Message-ID: <20050216011535.GL987@tirian.magd.ox.ac.uk> On Tue, Feb 15, 2005 at 08:11:54PM -0500, Jim Popovitch wrote: > Why was this applied to Mailman v2.0.13? According to > http://www.list.org/security.html it only affects v2.1 to v2.1.16 AFAICT the information on that page is incomplete. http://rhn.redhat.com/errata/RHSA-2005-136.html http://www.debian.org/security/2005/dsa-674 both have updates for the 2.0 series. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From jimpop at yahoo.com Wed Feb 16 01:43:36 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Tue, 15 Feb 2005 20:43:36 -0500 Subject: Fedora Legacy Test Update Notification: mailman In-Reply-To: <20050216011535.GL987@tirian.magd.ox.ac.uk> References: <20050211011944.GA28370@home.thedom.org> <20050215234108.GA31458@home.thedom.org> <1108516314.8025.73.camel@blue> <20050216011535.GL987@tirian.magd.ox.ac.uk> Message-ID: <1108518216.8025.96.camel@blue> On Wed, 2005-02-16 at 01:15 +0000, Dominic Hargreaves wrote: > On Tue, Feb 15, 2005 at 08:11:54PM -0500, Jim Popovitch wrote: > > > Why was this applied to Mailman v2.0.13? According to > > http://www.list.org/security.html it only affects v2.1 to v2.1.16 > > AFAICT the information on that page is incomplete. > > http://rhn.redhat.com/errata/RHSA-2005-136.html > http://www.debian.org/security/2005/dsa-674 > > both have updates for the 2.0 series. OK... Here is what Mailman 2.0 looked like (prior to CAN-2005-0202) ^L def true_path(path): "Ensure that the path is safe by removing .." path = string.replace(path, "../", "") path = string.replace(path, "./", "") <-- Double Quotes return path[1:] Here is what Mailman 2.1.5 looked like (prior to CAN-2005-0202). ^L def true_path(path): "Ensure that the path is safe by removing .." path = path.replace('../', '') path = path.replace('./', '') <-- Single Quotes return path[1:] Here is what Mailman developers themselves recommend as a fix to the 2.1 series for CAN-2005-0202, in addition to saying that 2.0.x is unaffected. SLASH = '/' ^L def true_path(path): "Ensure that the path is safe by removing .." parts = path.split(SLASH) safe = [x for x in parts if x not in ('.', '..')] if parts <> safe: syslog('mischief', 'Directory traversal attack thwarted') return SLASH.join(safe)[1:] Here is what is now in FedoraLegacy RH73 release 2.0.13-7 ^L def true_path(path): "Ensure that the path is safe by removing .." path = re.sub('\.+/+', '', path) return path[1:] So, why so much difference between what we are releasing and what is being recommended? (not that Mailman's recommendations are anything like the past versions) Also, what is "re.sub" ? Glad there is a fix, just curious to know the reasoning and path to resolution. Thanks, -Jim P. From sheltren at cs.ucsb.edu Wed Feb 16 05:07:19 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Tue, 15 Feb 2005 21:07:19 -0800 Subject: Fedora Legacy Test Update Notification: mailman In-Reply-To: <1108518216.8025.96.camel@blue> Message-ID: On 2/15/05 5:43 PM, "Jim Popovitch" wrote: > > OK... > > Here is what Mailman 2.0 looked like (prior to CAN-2005-0202) > > ^L > def true_path(path): > "Ensure that the path is safe by removing .." > path = string.replace(path, "../", "") > path = string.replace(path, "./", "") <-- Double Quotes > return path[1:] > > > Here is what Mailman 2.1.5 looked like (prior to CAN-2005-0202). > > ^L > def true_path(path): > "Ensure that the path is safe by removing .." > path = path.replace('../', '') > path = path.replace('./', '') <-- Single Quotes > return path[1:] > > > Here is what Mailman developers themselves recommend as a fix > to the 2.1 series for CAN-2005-0202, in addition to saying that > 2.0.x is unaffected. > > SLASH = '/' > > ^L > def true_path(path): > "Ensure that the path is safe by removing .." > parts = path.split(SLASH) > safe = [x for x in parts if x not in ('.', '..')] > if parts <> safe: > syslog('mischief', 'Directory traversal attack thwarted') > return SLASH.join(safe)[1:] > > > Here is what is now in FedoraLegacy RH73 release 2.0.13-7 > > ^L > def true_path(path): > "Ensure that the path is safe by removing .." > path = re.sub('\.+/+', '', path) > return path[1:] > > > So, why so much difference between what we are releasing and what is > being recommended? (not that Mailman's recommendations are anything like > the past versions) Also, what is "re.sub" ? > > Glad there is a fix, just curious to know the reasoning and path to > resolution. > > Thanks, > > -Jim P. Hi Jim, the patch in the 7.3 version in updates testing is nearly identical to the patch used for the RH9/FC1 versions which , IMO, is a good thing. True, what was recommended by the mailman devs should work fine, but it would change the functionality (ie. The extra logging to syslog), which I know is something FL is trying to avoid. Also, since we already have a working patch ala RHEL, why not use it (slightly changed) for all the packages released by FL? BTW, you can find out more about the python re (Regular Expression) module on their website: http://www.python.org/doc/2.2.3/lib/node99.html Also, I'm not a python expert by any means (although I'm learning), but I believe there is no functional difference between the single and double quotes from the code you pasted above. -Jeff From jkeating at j2solutions.net Thu Feb 17 18:24:03 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Thu, 17 Feb 2005 13:24:03 -0500 Subject: Wiki Spam In-Reply-To: <1108296589.4812.5.camel@athlon.localdomain> References: <1fb501c51194$424b72c0$0900a8c0@SYSTEM9> <1108282345.4557.1.camel@blue> <1108296589.4812.5.camel@athlon.localdomain> Message-ID: <1108664643.3296.0.camel@localhost.localdomain> On Sun, 2005-02-13 at 13:09 +0100, Leonard den Ottolander wrote: > Can't the wiki be setup to require a valid email address to which it > sends a password? Of course such a setup can't completely stop such > spam, but at least it makes the spammer somewhat traceable. > > By the way, when you notice such spam you all can edit a previous > revision and put that back. That's what I did last night. The sooner > this gets done the less attractive it gets for the spammer to return. > > Leonard. > I know this needs to be fixed. We may be moving our wiki needs directly to the Fedoraproject.org's wiki system, as the admin for that knows a bit more about them than I do and has more time to manage it. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From marcdeslauriers at videotron.ca Thu Feb 17 22:12:09 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 17 Feb 2005 17:12:09 -0500 Subject: Fedora Legacy Test Update Notification: samba Message-ID: <421516B9.8070709@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2349 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2349 2005-02-17 --------------------------------------------------------------------- Name : samba Versions : rh7.3: samba-2.2.12-0.73.7.legacy Versions : rh9: samba-2.2.12-0.90.6.legacy Versions : fc1: samba-3.0.10-1.fc1.1.legacy Summary : The Samba SMB server. Description : Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. --------------------------------------------------------------------- Update Information: Updated samba packages that fix various security vulnerabilities are now available. Samba provides file and printer sharing services to SMB/CIFS clients. During a code audit, Stefan Esser discovered a buffer overflow in Samba versions prior to 3.0.8 when handling unicode filenames. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0882 to this issue. A bug was found in the input validation routines in versions of Samba prior to 3.0.8 that caused the smbd process to consume abnormal amounts of system memory. An authenticated remote user could exploit this bug to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0930 to this issue. Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in Samba versions prior to 3.0.10. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the Samba server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1154 to this issue. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues. --------------------------------------------------------------------- Changelogs rh73: * Sun Feb 13 2005 Marc Deslauriers 2.2.12-0.73.7.legacy - Updated patch for CAN-2004-1154 - Removed print_cups section from patch 103 as it is now included in the main CAN-2004-1154 patch * Tue Jan 04 2005 Rob Myers 2.2.12-0.73.6.legacy - correct one usage of SMB_REALLOC_ARRAY in patch * Fri Dec 24 2004 Rob Myers 2.2.12-0.73.5.legacy - apply patch for CAN-2004-1154 (FL #2349) * Tue Nov 16 2004 Rob Myers 2.2.12-0.73.4.legacy - apply patches for CAN-2004-0882, CAN-2004-0930 (FL #2264) rh9: * Sun Feb 13 2005 Marc Deslauriers 2.2.12-0.90.6.legacy - Updated patch for CAN-2004-1154 - Removed print_cups section from patch 103 as it is now included in the main CAN-2004-1154 patch * Tue Jan 04 2005 Rob Myers 2.2.12-0.90.5.legacy - correct one usage of SMB_REALLOC_ARRAY in patch * Fri Dec 24 2004 Rob Myers 2.2.12-0.90.4.legacy - apply patch for CAN-2004-1154 (FL #2349) * Tue Nov 16 2004 Rob Myers 2.2.12-0.90.3.legacy - apply patches for CAN-2004-0882, CAN-2004-0930 (FL #2264) fc1: * Sun Feb 13 2005 Marc Deslauriers 3.0.10-1.fc1.1.legacy - Changed release tag to preserve upgrade path - Added changetrustpw patch to fix double-free bug - Added libattr-devel BuildRequires * Tue Jan 04 2005 Rob Myers 3.0.10-1.legacy - upgrade to 3.0.10 fixes CAN-2004-1154 (FL #2349) - upgrade logfiles, pie patches from FC-2 - disable old patches for CAN-2004-0882, CAN-2004-0930 since 3.0.10 includes them * Tue Nov 16 2004 Rob Myers 3.0.7-2.FC1.1.legacy - apply patches for CAN-2004-0882, CAN-2004-0930 (FL #2264) - add BuildRequires: openldap-devel, openssl-devel, and cups-devel --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 42ecbf32e60d20aad26f484f56f3ff8238693476 redhat/7.3/updates-testing/i386/samba-2.2.12-0.73.7.legacy.i386.rpm 8fd4d9cbba8086ccfd900d2f52606c2d54806988 redhat/7.3/updates-testing/i386/samba-client-2.2.12-0.73.7.legacy.i386.rpm 6daa57cd26b5e821863c3eb9cfe2ae3f0c663ddb redhat/7.3/updates-testing/i386/samba-common-2.2.12-0.73.7.legacy.i386.rpm e3675223b6b0bcd6dad4c2fe4012f4545ca7515a redhat/7.3/updates-testing/i386/samba-swat-2.2.12-0.73.7.legacy.i386.rpm 2c2a86f860e4e1d431d805baaf8677d3c9f48ac7 redhat/7.3/updates-testing/SRPMS/samba-2.2.12-0.73.7.legacy.src.rpm rh9: ff231fafc909e978892e585eb74fb3e7401eb31a redhat/9/updates-testing/i386/samba-2.2.12-0.90.6.legacy.i386.rpm 6b6e61f0b359f34188958e5a24e4899844e3d0e7 redhat/9/updates-testing/i386/samba-client-2.2.12-0.90.6.legacy.i386.rpm 9e26a3dae0f0fd7e4970fb5cafb29252be65cf2f redhat/9/updates-testing/i386/samba-common-2.2.12-0.90.6.legacy.i386.rpm f4a8520bad06083f5f472334d9b69e0ec36db5ed redhat/9/updates-testing/i386/samba-swat-2.2.12-0.90.6.legacy.i386.rpm 7e9fdd549b6e0ea6876a633ee4309d8eb648d7f7 redhat/9/updates-testing/SRPMS/samba-2.2.12-0.90.6.legacy.src.rpm fc1: 43f8acddedfb9ad2dcaee1fb6a9f00a76f0e5d14 fedora/1/updates-testing/i386/samba-3.0.10-1.fc1.1.legacy.i386.rpm 9c60ba3681f1ba637cf4683bd0f5ae82232506a8 fedora/1/updates-testing/i386/samba-client-3.0.10-1.fc1.1.legacy.i386.rpm df6025e7fb9539f3c728c3fef379f70076bd563b fedora/1/updates-testing/i386/samba-common-3.0.10-1.fc1.1.legacy.i386.rpm 9c8bf7b144c3aa4078216369936072b1b1e8c092 fedora/1/updates-testing/i386/samba-swat-3.0.10-1.fc1.1.legacy.i386.rpm f047f8ec8734653aee8b62683aae922a38bd606e fedora/1/updates-testing/SRPMS/samba-3.0.10-1.fc1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 17 22:12:41 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 17 Feb 2005 17:12:41 -0500 Subject: Fedora Legacy Test Update Notification: ruby Message-ID: <421516D9.5060509@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2007 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2007 2005-02-17 --------------------------------------------------------------------- Name : ruby Versions : rh7.3: ruby-1.6.7-5.legacy Versions : rh9: ruby-1.6.8-6.2.legacy Versions : fc1: ruby-1.8.0-5.legacy Summary : An interpreter of object-oriented scripting language. Description : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. --------------------------------------------------------------------- Update Information: An updated ruby package that fixes security issues is now available. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the CGI module of Ruby. If empty data is sent by the POST method to the CGI script which requires MIME type multipart/form-data, it can get stuck in a loop. A remote attacker could trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0983 to this issue. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0755 to this issue. Users are advised to upgrade to this erratum package, which contains backported patches fixing these issues. --------------------------------------------------------------------- Changelogs rh73: * Sun Feb 13 2005 Marc Deslauriers 1.6.7-5.legacy - Added missing bison and db1-devel BuildRequires * Mon Jan 17 2005 David Eisenstein 1.6.7-4.legacy - Added security patch for CAN-2004-0983, CGI Denial of Service (Fedora Legacy Bugzilla # 2007) * Fri Oct 08 2004 Marc Deslauriers 1.6.7-3.legacy - Added security patch for CAN-2004-0755 rh9: * Sun Feb 13 2005 Marc Deslauriers 1.6.8-6.2.legacy - Added missing db4-devel BuildRequires * Wed Jan 12 2005 Pekka Savola 1.6.8-6.1.legacy - fix CAN-2004-0755, CAN-2004-0983 (#2007) fc1: * Tue Feb 15 2005 Marc Deslauriers 1.8.0-5.legacy - Added missing groff, bison, tcl-devel, tk-devel, openssl-devel zlib-devel, db4-devel and libtermcap-devel BuildRequires * Sat Nov 20 2004 David Eisenstein 1.8.0-4.legacy - Redid security fix [CAN-2004-0755] - ruby-1.8.0-cgi_session_perms.patch: sets the permission of the session data file to 0600. Backport of FC2's patch to 1.8.1. (#2007) - Re-enabled make test. * Wed Nov 17 2004 David Eisenstein 1.8.0-3.legacy - security fix [CAN-2004-0983] - ruby-1.8.0-cgi-dos.patch: applied to fix a denial of service issue. (#2007) * Fri Oct 08 2004 Marc Deslauriers 1.8.0-2.legacy - Added security patch for CAN-2004-0755 - Disabled make test (for some reason, doesn't always work) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 20229f10316a40bf968cfd79e54326d9853d62fa redhat/7.3/updates-testing/i386/irb-1.6.7-5.legacy.i386.rpm 9221938904eb3752f6f662793590d0fd485717a3 redhat/7.3/updates-testing/i386/ruby-1.6.7-5.legacy.i386.rpm e75c9fb30e5cc1ce70cc626269ee694bdc4ea192 redhat/7.3/updates-testing/i386/ruby-devel-1.6.7-5.legacy.i386.rpm 2f0efc45d8fc54bc2dd1be177c104e09f0869e5a redhat/7.3/updates-testing/i386/ruby-docs-1.6.7-5.legacy.i386.rpm f57720143f0c3cc0414f35bac468d2a43a4f4ba5 redhat/7.3/updates-testing/i386/ruby-libs-1.6.7-5.legacy.i386.rpm c54372b3e92143c6a485a1eaec28e88084feda1c redhat/7.3/updates-testing/i386/ruby-mode-1.6.7-5.legacy.i386.rpm 074cef5949a3d172808a482a8ce0854c2f57dae9 redhat/7.3/updates-testing/i386/ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm 268350eb562c748eff321f7a60d4e8b2b35a75b4 redhat/7.3/updates-testing/i386/ruby-tcltk-1.6.7-5.legacy.i386.rpm 27418dc877d16766d22fc1906ce15b9937d2d631 redhat/7.3/updates-testing/SRPMS/ruby-1.6.7-5.legacy.src.rpm rh9: 2bdad0706f49449491a7e48158d8d2e5796fc043 redhat/9/updates-testing/i386/irb-1.6.8-6.2.legacy.i386.rpm 3ff73cc2715e1e05b89c793a990d632a6e2d5ebc redhat/9/updates-testing/i386/ruby-1.6.8-6.2.legacy.i386.rpm 4d9d86ee0b1393cd4d081404fb8905d0b58af1ec redhat/9/updates-testing/i386/ruby-devel-1.6.8-6.2.legacy.i386.rpm f8c4d14d8bbc90e974824eb355f7031d6d988fbb redhat/9/updates-testing/i386/ruby-docs-1.6.8-6.2.legacy.i386.rpm 679649deebf9ffcfbeadadf0797aa4becf19e61e redhat/9/updates-testing/i386/ruby-libs-1.6.8-6.2.legacy.i386.rpm dda4147c16cbbb684a96e41393d2d2e9d162718d redhat/9/updates-testing/i386/ruby-mode-1.6.8-6.2.legacy.i386.rpm 6146235cd606bbcccf6b5a0cfe3548aeccf06fa8 redhat/9/updates-testing/i386/ruby-tcltk-1.6.8-6.2.legacy.i386.rpm 42a4bbd8fb1938e18fd74bb6681f161bdf563048 redhat/9/updates-testing/SRPMS/ruby-1.6.8-6.2.legacy.src.rpm fc1: 04c2365f7f3e81d6301cea8202b6da93049d8830 fedora/1/updates-testing/i386/irb-1.8.0-5.legacy.i386.rpm f316e376df3ec8ef4d36492f1059fc830116579a fedora/1/updates-testing/i386/ruby-1.8.0-5.legacy.i386.rpm 99152c9afef3260c395d98918f6dce80cdde6b33 fedora/1/updates-testing/i386/ruby-devel-1.8.0-5.legacy.i386.rpm db7227360fff6dd7bfa038732267296867bfc100 fedora/1/updates-testing/i386/ruby-docs-1.8.0-5.legacy.i386.rpm a1cdd38cd7899553856b474ab8a83430be7c0416 fedora/1/updates-testing/i386/ruby-libs-1.8.0-5.legacy.i386.rpm ee5fb8899a19891ad523a0eedaa2b91ce9e99bd4 fedora/1/updates-testing/i386/ruby-mode-1.8.0-5.legacy.i386.rpm b04a2aab214b5acdcc244efd13953dca51255d64 fedora/1/updates-testing/i386/ruby-tcltk-1.8.0-5.legacy.i386.rpm e0776a0929040910b9059993a26ada0008f641c6 fedora/1/updates-testing/SRPMS/ruby-1.8.0-5.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 17 22:13:05 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 17 Feb 2005 17:13:05 -0500 Subject: Fedora Legacy Test Update Notification: vim Message-ID: <421516F1.7070209@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2343 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2343 2005-02-17 --------------------------------------------------------------------- Name : vim Versions : rh7.3: vim-6.1-18.7x.2.3.legacy Versions : rh9: vim-6.1-29.3.legacy Versions : fc1: vim-6.2.532-1.3.legacy Summary : The VIM editor. Description : VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. --------------------------------------------------------------------- Update Information: Updated vim packages that fix multiple vulnerabilities are now available. VIM (Vi IMproved) is an updated and improved version of the vi screen- based editor. Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1138 to this issue. Javier Fern?ndez-Sanguino Pe?a noticed that the auxillary scripts "tcltags" and "vimspell.sh" created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the script. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0069 to this issue. All users of VIM are advised to upgrade to these erratum packages, which contain backported patches for these issues. --------------------------------------------------------------------- Changelogs rh73: * Thu Jan 20 2005 Rob Myers 1:6.1-18.7x.2.3.legacy - remove -b backup option for CAN-2005-0069 patch - add BuildRequires: gettext, gpm-devel, libtermcap-devel, ncurses-devel for mach * Thu Jan 20 2005 Pekka Savola 1:6.1-18.7x.2.2.legacy - fix CAN-2005-0069, from Ubuntu (#2343) * Mon Jan 10 2005 Pekka Savola 1:6.1-18.7x.2.1.legacy - fix CAN-2004-1138 (#2343) rh9: * Thu Jan 20 2005 Rob Myers 1:6.1-29.3.legacy - remove -b backup option for CAN-2005-0069 patch - add BuildRequires: gettext, gpm-devel, libacl-devel, libtermcap-devel, ncurses-devel for mach * Thu Jan 20 2005 Pekka Savola 1:6.1-29.2.legacy - fix CAN-2005-0069 from Ubuntu (#2343) * Mon Jan 10 2005 Pekka Savola 1:6.1-29.1.legacy - fix CAN-2004-1138 (#2343) fc1: * Thu Jan 20 2005 Rob Myers 1:6.2.532-1.3.legacy - remove -b backup option for CAN-2005-0069 patch - add BuildRequires for mach: autoconf - fix CAN in previous changelog entry * Mon Jan 10 2005 Pekka Savola 1:6.2.532-1.2.legacy - fix CAN-2005-0069 from Ubuntu (#2343) * Mon Jan 10 2005 Pekka Savola 1:6.2.532-1.1.legacy - fix CAN-2004-1138 (#2343) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 06e66495cc5204b04791af26d8f907a04230f23e redhat/7.3/updates-testing/i386/vim-common-6.1-18.7x.2.3.legacy.i386.rpm c04107fabe009eb3de20c6835a5dbdbbe65f0683 redhat/7.3/updates-testing/i386/vim-enhanced-6.1-18.7x.2.3.legacy.i386.rpm 216fa044df92639f713b646af18a60dfc5c64b9e redhat/7.3/updates-testing/i386/vim-minimal-6.1-18.7x.2.3.legacy.i386.rpm 9d392b1080667ab00958382c85aeaaac8dcc998b redhat/7.3/updates-testing/i386/vim-X11-6.1-18.7x.2.3.legacy.i386.rpm 6619cf7606ef880604c02d794f379d5bfad274d0 redhat/7.3/updates-testing/SRPMS/vim-6.1-18.7x.2.3.legacy.src.rpm rh9: 3beeb08ce9c22babf5f24e6441b38789fedbebe3 redhat/9/updates-testing/i386/vim-common-6.1-29.3.legacy.i386.rpm f8e91400360d150e31ac789582aed420711b2ce6 redhat/9/updates-testing/i386/vim-enhanced-6.1-29.3.legacy.i386.rpm 876055e7796964cbf738a0c400d8e6aa2fbb8aa5 redhat/9/updates-testing/i386/vim-minimal-6.1-29.3.legacy.i386.rpm 75bd07034c2c09c932ea62aea6dc44cf54e429b1 redhat/9/updates-testing/i386/vim-X11-6.1-29.3.legacy.i386.rpm b9a8e25c2910eb2d14a524750799351307f310f0 redhat/9/updates-testing/SRPMS/vim-6.1-29.3.legacy.src.rpm fc1: e770d44e4b1d8da203d60adaf1974123deefc1fb fedora/1/updates-testing/i386/vim-common-6.2.532-1.3.legacy.i386.rpm 39f3cb5e4060acb72db1b4ca26d213d2e9be21cd fedora/1/updates-testing/i386/vim-enhanced-6.2.532-1.3.legacy.i386.rpm e2a394b9d036365671464985009e7fc7ae40bec4 fedora/1/updates-testing/i386/vim-minimal-6.2.532-1.3.legacy.i386.rpm 9b2121dc0fd781f613fc7440483f94c9ff099aad fedora/1/updates-testing/i386/vim-X11-6.2.532-1.3.legacy.i386.rpm e63c2df5b9c58c83e555e68eff9c38947481f8ac fedora/1/updates-testing/SRPMS/vim-6.2.532-1.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 17 22:13:26 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 17 Feb 2005 17:13:26 -0500 Subject: Fedora Legacy Test Update Notification: cdrtools Message-ID: <42151706.4050601@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2058 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2058 2005-02-17 --------------------------------------------------------------------- Name : cdrtools Versions : rh9: cdrtools-2.0-11.9.3.legacy Summary : A collection of CD/DVD utilities. Description : cdrtools is a collection of CD/DVD utilities. --------------------------------------------------------------------- Update Information: Updated cdrtools packages that fix a privilege escalation vulnerability are now available. Cdrtools is a collection of CD/DVD utilities. Max Vozeler found that the cdrecord program, when is set suid root, fails to drop privileges when it executes a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges. In the default configuration of Red Hat Linux 9, the cdrecord program is not set suid root and this attack is not possible. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0806 to this issue. Users of cdrtools are advised to upgrade to these errata packages, which contain a backported patch correcting this issue. --------------------------------------------------------------------- Changelogs rh9: * Sat Feb 12 2005 Marc Deslauriers 8:2.0-11.9.3.legacy - added missing automake, libtool, libacl-devel and groff BuildRequires * Fri Sep 10 2004 Marc Deslauriers 8:2.0-11.9.2.legacy - added rsh patch to fix CAN-2004-0806 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh9: 6ec40cf0eb0853bbb2cfe36d17349aaed55e82fa redhat/9/updates-testing/i386/cdda2wav-2.0-11.9.3.legacy.i386.rpm ca6510d1737dcc5d2a7491d4b908999bd4cf9003 redhat/9/updates-testing/i386/cdrecord-2.0-11.9.3.legacy.i386.rpm b524bf67a74450990cb95f249153c6e266acbf03 redhat/9/updates-testing/i386/cdrecord-devel-2.0-11.9.3.legacy.i386.rpm 291b49e8ab22b2d1f27052504b41bd1cd25a7c24 redhat/9/updates-testing/i386/mkisofs-2.0-11.9.3.legacy.i386.rpm b138f4696e00faa674c141b8152337f87d6c01f6 redhat/9/updates-testing/SRPMS/cdrtools-2.0-11.9.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 17 22:13:42 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 17 Feb 2005 17:13:42 -0500 Subject: Fedora Legacy Test Update Notification: qt Message-ID: <42151716.1040306@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2002 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2002 2005-02-17 --------------------------------------------------------------------- Name : qt Versions : rh7.3: qt-3.0.5-7.16.legacy Versions : rh9: qt-3.1.1-8.legacy Summary : The shared library for the Qt GUI toolkit. Description : Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run qt applications, as well as the README files for qt. --------------------------------------------------------------------- Update Information: Updated qt packages that fix security issues in several of the image decoders are now available. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. --------------------------------------------------------------------- Changelogs rh73: * Sat Feb 12 2005 Marc Deslauriers 3.0.5-7.16.legacy - Added missing BuildRequires: freetype-devel, expat-devel, XFree86-devel * Wed Sep 08 2004 Marc Deslauriers 3.0.5-7.15.legacy - Added security patch for CAN-2004-0691/0692/0693 rh9: * Sat Feb 12 2005 Marc Deslauriers 3.1.1-8.legacy - Added missing byacc BuildRequires * Wed Sep 08 2004 Marc Deslauriers 3.1.1-7.legacy - Added security patch for CAN-2004-0691/0692/0693 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 31dd5bcfd8477e31b15e0cdc52830a23024ada53 redhat/7.3/updates-testing/i386/qt2-2.3.1-4.legacy.i386.rpm 666926b1e02da9edcf44d025fee98326c86cd62d redhat/7.3/updates-testing/i386/qt2-designer-2.3.1-4.legacy.i386.rpm f8abe3a856df3b6f6328e3a097b47d0e5f2c270e redhat/7.3/updates-testing/i386/qt2-devel-2.3.1-4.legacy.i386.rpm 7916b1d34f01c8f30d0f99485e2a2d3882fa85fd redhat/7.3/updates-testing/i386/qt2-static-2.3.1-4.legacy.i386.rpm 9c9876dc717734169f27e0eaa4daeb2ab70ff61f redhat/7.3/updates-testing/i386/qt2-Xt-2.3.1-4.legacy.i386.rpm 45de88207a2ed8fcc9f6b9e25e38b7ecd2c3c543 redhat/7.3/updates-testing/i386/qt-3.0.5-7.16.legacy.i386.rpm f93cc80d6ef57b73c6be11cd055e5f7158b102fa redhat/7.3/updates-testing/i386/qt-designer-3.0.5-7.16.legacy.i386.rpm b8301c059ecb90c497812f082e226cb504505ff2 redhat/7.3/updates-testing/i386/qt-devel-3.0.5-7.16.legacy.i386.rpm d2168c04a5ad203d85b61217351f702a93b937e2 redhat/7.3/updates-testing/i386/qt-MySQL-3.0.5-7.16.legacy.i386.rpm 0ec08637df7a76b3512ecebc8705776770b797eb redhat/7.3/updates-testing/i386/qt-ODBC-3.0.5-7.16.legacy.i386.rpm 3374709a77752ffb1db8f4f4e82e67af58745007 redhat/7.3/updates-testing/i386/qt-PostgreSQL-3.0.5-7.16.legacy.i386.rpm f717c6632e65f2f18d99a76d19716e4c1f39445e redhat/7.3/updates-testing/i386/qt-static-3.0.5-7.16.legacy.i386.rpm a90a2ae47135a28830fb099dd9acdcfd1f83e199 redhat/7.3/updates-testing/i386/qt-Xt-3.0.5-7.16.legacy.i386.rpm c9c98eff73d7fe6147ffa72baba764cdbfdd0d93 redhat/7.3/updates-testing/SRPMS/qt2-2.3.1-4.legacy.src.rpm 884033926f37ed56e60a750a9ad394436f8b9b4a redhat/7.3/updates-testing/SRPMS/qt-3.0.5-7.16.legacy.src.rpm rh9: db6801606256ca8a27eb53737981194e0a1ea01c redhat/9/updates-testing/i386/qt2-2.3.1-14.legacy.i386.rpm 7f1718735932279b4a8a7ff480cda6186f4e0b52 redhat/9/updates-testing/i386/qt2-designer-2.3.1-14.legacy.i386.rpm 39fec48edde4bec460fba6781c19551a2454d52e redhat/9/updates-testing/i386/qt2-devel-2.3.1-14.legacy.i386.rpm 4aeee3f5f2db49275838920f4980b24f074aa1dc redhat/9/updates-testing/i386/qt2-static-2.3.1-14.legacy.i386.rpm a8c42841b7d5184f4668890bd04aa68c62fc23cb redhat/9/updates-testing/i386/qt2-Xt-2.3.1-14.legacy.i386.rpm 18f51017809f1a78289b3b1756c6944ef0c1ca71 redhat/9/updates-testing/i386/qt-3.1.1-8.legacy.i386.rpm c275220a14e1d3f67494eda9674b112dd1925aa7 redhat/9/updates-testing/i386/qt-designer-3.1.1-8.legacy.i386.rpm 4c90b5e9ffdc7c572c0cf4474cda40c46f07c5c0 redhat/9/updates-testing/i386/qt-devel-3.1.1-8.legacy.i386.rpm bb50a60d29c5b97a5033839f900781c1d7fa6af6 redhat/9/updates-testing/i386/qt-MySQL-3.1.1-8.legacy.i386.rpm 7f79b8bcad7a045614ac3f6cd34af6c2ee365cce redhat/9/updates-testing/i386/qt-ODBC-3.1.1-8.legacy.i386.rpm 2fa4db773641f4f0d67fddd2479a6d992e847825 redhat/9/updates-testing/i386/qt-PostgreSQL-3.1.1-8.legacy.i386.rpm 9537f1669fce9e3a9d9836e892e850315b7ecf39 redhat/9/updates-testing/i386/qt-Xt-3.1.1-8.legacy.i386.rpm a3ad6d0143139b7fa537cdcf7c121ce120d0bd92 redhat/9/updates-testing/SRPMS/qt2-2.3.1-14.legacy.src.rpm a5bd53a0a7be64720c4a70510344a5bd5ae5c64b redhat/9/updates-testing/SRPMS/qt-3.1.1-8.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 17 22:14:09 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 17 Feb 2005 17:14:09 -0500 Subject: Fedora Legacy Test Update Notification: php Message-ID: <42151731.7020105@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2344 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2344 2005-02-17 --------------------------------------------------------------------- Name : php Versions : rh7.3: php-4.1.2-7.3.13.legacy Versions : rh9: php-4.2.2-17.9.legacy Versions : fc1: php-4.3.8-1.4.legacy Summary : The PHP HTML-embedded scripting language. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. An information disclosure bug was discovered in the parsing of "GPC" variables in PHP (query strings or cookies, and POST form data). If particular scripts used the values of the GPC variables, portions of the memory space of an httpd child process could be revealed to the client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0958 to this issue. A file access bug was discovered in the parsing of "multipart/form-data" forms, used by PHP scripts which allow file uploads. In particular configurations, some scripts could allow a malicious client to upload files to an arbitrary directory where the "apache" user has write access. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0959 to this issue. Flaws were found in shmop_write, pack, and unpack PHP functions. These functions are not normally passed user supplied data, so would require a malicious PHP script to be exploited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to this issue. Flaws including possible information disclosure, double free, and negative reference index array underflow were found in the deserialization code of PHP. PHP applications may use the unserialize function on untrusted user data, which could allow a remote attacker to gain access to memory or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to this issue. A flaw in the exif extension of PHP was found which lead to a stack overflow. An attacker could create a carefully crafted image file in such a way that if parsed by a PHP script using the exif extension it could cause a crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1065 to this issue. Users of PHP should upgrade to these updated packages, which contain fixes for these issues. --------------------------------------------------------------------- 7.3 changelog: * Mon Jan 31 2005 John Dalbec 4.1.2-7.3.13.legacy - Fix typo in OpenPKG backport patch (filename -> filenamebuf) - * Sun Jan 23 2005 Leonard den Ottolander 4.1.2-7.3.11.legacy - fix possible double-free in unserializer (CAN-2004-1019) - fix integer overflows in pack() (CAN-2004-1018, requires malicious script to exploit) - Remove redundant CAN-2004-1018 sections from OpenPKG backport patch * Wed Jan 05 2005 Pekka Savola 4.1.2-6.3.12.legacy - Use a more complete patch, some parts had been left off by accident. * Mon Jan 03 2005 Marc Deslauriers 4.1.2-7.3.11.legacy - Added OpenPKG patch backport for CAN-2004-1018, CAN-2004-1019, CAN-2004-1063, CAN-2004-1064 and CAN-2004-1065 9 changelog: * Wed Dec 22 2004 Pekka Savola 4.2.2-17.9.legacy - Replace the previous patches with a complete OpenPKG backport, fixing the issues (and more of them) more extensively. * Tue Dec 21 2004 Marc Deslauriers 4.2.2-17.8.legacy - Added security patches for CAN-2004-1019 and CAN-2004-1065 fc1 changelog: * Fri Feb 11 2005 Marc Deslauriers 4.3.8-1.4.legacy - Added missing sendmail, w3c-libwww-devel and flex BuildRequires * Mon Jan 03 2005 Marc Deslauriers 4.3.8-1.3.legacy - Added patches for CAN-2004-0958 and CAN-2004-0959 * Tue Dec 21 2004 Marc Deslauriers 4.3.8-1.2.legacy - Added OpenPKG patch for CAN-2004-1018, CAN-2004-1019, CAN-2004-1063, CAN-2004-1064 and CAN-2004-1065 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 20ceb86ce6bfee68e7f6dc7e8512aa394a01a3ff redhat/7.3/updates-testing/i386/php-4.1.2-7.3.13.legacy.i386.rpm 5f4698e0e7f357b576b3be41c517ee6a271b67ef redhat/7.3/updates-testing/i386/php-devel-4.1.2-7.3.13.legacy.i386.rpm 3229575f1627cd90fd0e83ef1f59651734d7f896 redhat/7.3/updates-testing/i386/php-imap-4.1.2-7.3.13.legacy.i386.rpm 18a92f6fae26997069ce137ac5da2faa028e3d07 redhat/7.3/updates-testing/i386/php-ldap-4.1.2-7.3.13.legacy.i386.rpm e7df41696b4a65769e8ffc61c64fd993421ded1e redhat/7.3/updates-testing/i386/php-manual-4.1.2-7.3.13.legacy.i386.rpm 394af4b551dc12e330623f8ea7ae81c26f19d1d6 redhat/7.3/updates-testing/i386/php-mysql-4.1.2-7.3.13.legacy.i386.rpm f18d793145a92bddcc8a9ad12889634cab1dd1a7 redhat/7.3/updates-testing/i386/php-odbc-4.1.2-7.3.13.legacy.i386.rpm 65637930aae7002e74f173f137ad7ed5722cce71 redhat/7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.13.legacy.i386.rpm 503acf37e5d2afa3eef1d9c1f4b2241316a9a4b0 redhat/7.3/updates-testing/i386/php-snmp-4.1.2-7.3.13.legacy.i386.rpm cfe645d3341619ce5d8b64fe4d6041c7dd8f63dc redhat/7.3/updates-testing/SRPMS/php-4.1.2-7.3.13.legacy.src.rpm 2404b6151ce2d48fb52099670d05c23697fa1dc5 redhat/9/updates-testing/i386/php-4.2.2-17.9.legacy.i386.rpm 5ca9ec0eda28b7d40a6429ed67e70365fb718cef redhat/9/updates-testing/i386/php-devel-4.2.2-17.9.legacy.i386.rpm c3d8bde9bc7eaa15f48918c4806f6078d72f2340 redhat/9/updates-testing/i386/php-imap-4.2.2-17.9.legacy.i386.rpm 28ff3b0b003a939c4b2ff55e3eea913b353489d3 redhat/9/updates-testing/i386/php-ldap-4.2.2-17.9.legacy.i386.rpm 5b8a789a09ed58ab09622a326949b375de105e61 redhat/9/updates-testing/i386/php-manual-4.2.2-17.9.legacy.i386.rpm 53daa8f099545603c5fb1e99c16f26e579f9efcf redhat/9/updates-testing/i386/php-mysql-4.2.2-17.9.legacy.i386.rpm 00e9f225ad329b03f93eb53230987329dabce2ba redhat/9/updates-testing/i386/php-odbc-4.2.2-17.9.legacy.i386.rpm d98539ee8c8ec0c74300a2ebca09faece95e880f redhat/9/updates-testing/i386/php-pgsql-4.2.2-17.9.legacy.i386.rpm c1b98df3b0dae17b795790601e9f588a9ae40d87 redhat/9/updates-testing/i386/php-snmp-4.2.2-17.9.legacy.i386.rpm 1ef77dcc2fa8670f61ef5ae8b6cbafeed8c984ee redhat/9/updates-testing/SRPMS/php-4.2.2-17.9.legacy.src.rpm 7952222f4a7741740e1b96596e88c294c4ca4a0b fedora/1/updates-testing/i386/php-4.3.8-1.4.legacy.i386.rpm 3c17207bda513e7113f5c3af7a9791c7c8b9f53b fedora/1/updates-testing/i386/php-devel-4.3.8-1.4.legacy.i386.rpm a2ffa8a9252cb16b705974e07b5f5bfb08b2f18b fedora/1/updates-testing/i386/php-domxml-4.3.8-1.4.legacy.i386.rpm f26692e01ee5ccfbbb99903ff591e3d502a1e8b7 fedora/1/updates-testing/i386/php-imap-4.3.8-1.4.legacy.i386.rpm c42c6276460a5cd78b67a808f9fbfb71f5183130 fedora/1/updates-testing/i386/php-ldap-4.3.8-1.4.legacy.i386.rpm 14d898c1aa634bf0f4596ce06f3f8418b97247a1 fedora/1/updates-testing/i386/php-mbstring-4.3.8-1.4.legacy.i386.rpm dba959ecf3a65f3b92246d3d22f15346ad681eff fedora/1/updates-testing/i386/php-mysql-4.3.8-1.4.legacy.i386.rpm 7f45350d2c16cc6af08472e29f1cd321a090ec46 fedora/1/updates-testing/i386/php-odbc-4.3.8-1.4.legacy.i386.rpm 0042f60f7b3aeb1b8599f2c7c17cbce77e2d0dce fedora/1/updates-testing/i386/php-pgsql-4.3.8-1.4.legacy.i386.rpm dd8fc7d39d3f46d4c4467c1b4b3aa7ef9036ceca fedora/1/updates-testing/i386/php-snmp-4.3.8-1.4.legacy.i386.rpm 010e49a5ce6fe3ee33f399106c4bec93748bb7a7 fedora/1/updates-testing/i386/php-xmlrpc-4.3.8-1.4.legacy.i386.rpm 6df5177a5599bc58e9117a7b0e3bfda9366cf13e fedora/1/updates-testing/SRPMS/php-4.3.8-1.4.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From ben at charterworks.net Mon Feb 14 20:13:58 2005 From: ben at charterworks.net (Benjamin Smith) Date: Mon, 14 Feb 2005 12:13:58 -0800 Subject: Wiki Spam In-Reply-To: <1108296589.4812.5.camel@athlon.localdomain> References: <1108282345.4557.1.camel@blue> <1108296589.4812.5.camel@athlon.localdomain> Message-ID: <200502141213.58722.ben@charterworks.net> For PHP, it can be done easily using a "php auto_prepend" value in httpd.conf and a 20-liner php script, effectively wrapping any php-based application with some .htaccess style security, while providing a friendly means to prompt for signup. -Ben On Sunday 13 February 2005 04:09, Leonard den Ottolander wrote: > Hi Jim, > > On Sun, 2005-02-13 at 09:12, Jim Popovitch wrote: > > I saw it late last night but it is no longer there now. Personally I > > hate wiki's the value they bring come with too much openness. > > Can't the wiki be setup to require a valid email address to which it > sends a password? Of course such a setup can't completely stop such > spam, but at least it makes the spammer somewhat traceable. > > By the way, when you notice such spam you all can edit a previous > revision and put that back. That's what I did last night. The sooner > this gets done the less attractive it gets for the spammer to return. > > Leonard. > > -- > mount -t life -o ro /dev/dna /genetic/research > > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > > -- "I kept looking around for somebody to solve the problem. Then I realized I am somebody" -Anonymous From dom at earth.li Thu Feb 17 22:46:19 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 17 Feb 2005 22:46:19 +0000 Subject: [FLSA-2005:2137] Updated cyrus-sasl resolves security vulnerabilities Message-ID: <20050217224618.GA11404@home.thedom.org> ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated cyrus-sasl resolves security vulnerabilities Advisory ID: FLSA:2137 Issue date: 2005-02-17 Product: Red Hat Linux Fedora Core Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2137 CVE Names: CAN-2004-0884 ----------------------------------------------------------------------- ----------------------------------------------------------------------- 1. Topic: Updated cyrus-sasl packages that fix a security vulnerability are now available. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. At application startup, libsasl and libsasl2 attempts to build a list of all available SASL plug-ins which are available on the system. To do so, the libraries search for and attempt to load every shared library found within the plug-in directory. This location can be set with the SASL_PATH environment variable. In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0884 to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - 2137 - cyrus-sasl setuid/setgid flaw (CAN-2004-0884) 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cyrus-sasl-1.5.24-25.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cyrus-sasl-2.1.10-4.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm Fedora Core 1 SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cyrus-sasl-2.1.15-6.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------------- b1a8f0ec581a4241ad5426c66610fbd333d43cd6 redhat/7.3/updates/SRPMS/cyrus-sasl-1.5.24-25.2.legacy.src.rpm b4667fa03cb7395b7e0535fcdb74de78f4ee1a90 redhat/7.3/updates/i386/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm a5df6f8feca3944d60e10ec94264229d157b5ad6 redhat/7.3/updates/i386/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm bc1e6e9cae9e1065a90327c752558c1f891f91a7 redhat/7.3/updates/i386/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm 61d28e3fbab415d6b37ac759bb154a54d94995c1 redhat/7.3/updates/i386/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm 6c8b1eae837a084f29fd572e781acc38e54c5201 redhat/7.3/updates/i386/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm d7fdf0513e1b05543801354137b27660c7c1df9b redhat/9/updates/SRPMS/cyrus-sasl-2.1.10-4.2.legacy.src.rpm 99dae02364cc6ba8e26ef4b080e555d85647f9e2 redhat/9/updates/i386/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm a6d19e7fbfb6ea5ef16b37a98cf03bbde7467059 redhat/9/updates/i386/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm e1021e337cf247eb42d795f37e786783567ac39b redhat/9/updates/i386/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm df7f3f58cf8967b22b7c599e9d7cdbc151b7ee51 redhat/9/updates/i386/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm c8851e0319d7cdb337d9ce34fe0c099383770473 redhat/9/updates/i386/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm 67070836cf1f9ab742789e2d1787d9b5d18cb5c1 fedora/1/updates/SRPMS/cyrus-sasl-2.1.15-6.2.legacy.src.rpm ef9d0ad17d1f5e8b9fa1f054a3ee5686d6886eec fedora/1/updates/i386/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm d698f0da0e60a574052aa3c9780599f3a16c1af1 fedora/1/updates/i386/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm 40e3c0bd3a66bea24a255a9cc923c975d4848e65 fedora/1/updates/i386/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm 2d19e1de5a5f36574af71bf0eb1087f1322b03de fedora/1/updates/i386/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm a13820031b39c60ff44c32f3fb265f1b6101fa05 fedora/1/updates/i386/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: https://rhn.redhat.com/errata/RHSA-2004-546.html 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From info at hostinthebox.net Sat Feb 19 05:39:16 2005 From: info at hostinthebox.net (Dan Trainor) Date: Fri, 18 Feb 2005 22:39:16 -0700 Subject: FC1, "yum group*" commands Message-ID: <4216D104.2030908@hostinthebox.net> Hello, all - First off, let me appologize for asking what might be such a dumb question. I've become accustomed to using 'yum grouplist' in FC2 and FC2 to view and otherwise maintain available groups of packages installed on my system. However, when trying to do the same in FC1 with yum v2.0.5, it comes back with an error similar to the following: Getting groups from servers No groups provided or accessible on any server. Exiting. Is this because the group index really does not exist, or is it just something that is so out of date because FL has had other things going on, or am I using the wrong version of yum, or something - I'm not sure. yum.conf matches what it should be for Fedora Legacy support, so I don't think my problem is there. From what I understand, anything in yum that has to do with the group arguments grabs a list, presumably in XML format, that links packages with their corresponding groups. Further, I understand that if this list is not found, not compiled, missing, or otherwise inaccessable, yum will drop dead with this error. Is this something that should work, but is not for me, for some reason? Aside from doing QA, I would like to contribute to the Fedora Legacy project - so figuring out things like this might be where I can find my place. Any feedback would, of course, be very much appreciated. Thanks -dant From sheltren at cs.ucsb.edu Sat Feb 19 05:46:55 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Fri, 18 Feb 2005 21:46:55 -0800 Subject: FC1, "yum group*" commands In-Reply-To: <4216D104.2030908@hostinthebox.net> Message-ID: On 2/18/05 9:39 PM, "Dan Trainor" wrote: > I've become accustomed to using 'yum grouplist' in FC2 and FC2 to view > and otherwise maintain available groups of packages installed on my > system. However, when trying to do the same in FC1 with yum v2.0.5, it > comes back with an error similar to the following: > > Getting groups from servers > No groups provided or accessible on any server. > Exiting. > Hi Dan, the yum grouplist/groupupdate/groupinstall (etc.) commands will only work if there is a yumgroups.xml file setup in the repository you are using. If your /etc/yum.conf is only pointing to the FL base/updates directories, then you will not see any groups because there are none configured there. I hope that answered your question. -Jeff From info at hostinthebox.net Sat Feb 19 05:54:15 2005 From: info at hostinthebox.net (Dan Trainor) Date: Fri, 18 Feb 2005 22:54:15 -0700 Subject: FC1, "yum group*" commands In-Reply-To: References: Message-ID: <4216D487.1000404@hostinthebox.net> Jeff Sheltren wrote: > On 2/18/05 9:39 PM, "Dan Trainor" wrote: > >>I've become accustomed to using 'yum grouplist' in FC2 and FC2 to view >>and otherwise maintain available groups of packages installed on my >>system. However, when trying to do the same in FC1 with yum v2.0.5, it >>comes back with an error similar to the following: >> >>Getting groups from servers >>No groups provided or accessible on any server. >>Exiting. >> > > > Hi Dan, the yum grouplist/groupupdate/groupinstall (etc.) commands will only > work if there is a yumgroups.xml file setup in the repository you are using. > If your /etc/yum.conf is only pointing to the FL base/updates directories, > then you will not see any groups because there are none configured there. > > I hope that answered your question. > > -Jeff > > Good Evening, Jeff - Yes, it did answer my question absolutely. I am guessing that others are probably wishing this functionality did exist. So with that being said, what can I do to create a yumgroups.xml that can be used by the FL project? I would imagine that there is a specific format for such a file, so do you know where I might be able to get more information on this? Thanks a lot -dant From b.westra at xs4all.nl Sat Feb 19 11:46:51 2005 From: b.westra at xs4all.nl (Bart Westra) Date: Sat, 19 Feb 2005 12:46:51 +0100 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug Message-ID: <007601c51678$c6f8ae00$9a02a8c0@gpg4> Hi, After upgrading to iptables-1.2.8-8.90.1.legacy for Red Hat 9, I have found that ip_conntrack_ftp is not working on some interfaces of my system (it has 4 physical interfaces). It no longer recognizes the data sessions associated with an ftp control session. When I open the high ports in iptables, the data session will work. Downgrading to iptables-1.2.7a-2 makes the problem disappear again. Kernel version is 2.4.20-37.9.legacy. Is this the right place to address this issue, or should I send a report elsewhere? Regards Bart Westra From marcdeslauriers at videotron.ca Sat Feb 19 13:40:41 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sat, 19 Feb 2005 08:40:41 -0500 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: <007601c51678$c6f8ae00$9a02a8c0@gpg4> References: <007601c51678$c6f8ae00$9a02a8c0@gpg4> Message-ID: <1108820441.12557.0.camel@mdlinux> On Sat, 2005-02-19 at 12:46 +0100, Bart Westra wrote: > Hi, > > After upgrading to iptables-1.2.8-8.90.1.legacy for Red Hat 9, I have > found > that ip_conntrack_ftp is not working on some interfaces of my system > (it has > Is this the right place to address this issue, or should I send a > report > elsewhere? Hi Bart, Yes, this is the right place to post. I have re-opened the bug for this issue. You can see it here: https://bugzilla.fedora.us/show_bug.cgi?id=2252 Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From marcdeslauriers at videotron.ca Sat Feb 19 13:56:48 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sat, 19 Feb 2005 08:56:48 -0500 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: <007601c51678$c6f8ae00$9a02a8c0@gpg4> References: <007601c51678$c6f8ae00$9a02a8c0@gpg4> Message-ID: <1108821408.12557.3.camel@mdlinux> On Sat, 2005-02-19 at 12:46 +0100, Bart Westra wrote: > Hi, > > After upgrading to iptables-1.2.8-8.90.1.legacy for Red Hat 9, I have found > that ip_conntrack_ftp is not working on some interfaces of my system (it has > 4 physical interfaces). It no longer recognizes the data sessions associated > with an ftp control session. When I open the high ports in iptables, the > data session will work. With the new iptables package, you have to manually add "ip_conntrack_ftp" to the IPTABLES_MODULES="" variable in the /etc/sysconfig/iptables-config file and uncomment the line. Please try that and report back here if it worked so we can close the bug. Thanks. Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From sheltren at cs.ucsb.edu Sat Feb 19 15:40:04 2005 From: sheltren at cs.ucsb.edu (Jeff Sheltren) Date: Sat, 19 Feb 2005 07:40:04 -0800 Subject: FC1, "yum group*" commands In-Reply-To: <4216D487.1000404@hostinthebox.net> Message-ID: On 2/18/05 9:54 PM, "Dan Trainor" wrote: > > Good Evening, Jeff - > > Yes, it did answer my question absolutely. > > I am guessing that others are probably wishing this functionality did > exist. So with that being said, what can I do to create a yumgroups.xml > that can be used by the FL project? I would imagine that there is a > specific format for such a file, so do you know where I might be able to > get more information on this? > > Thanks a lot > -dant Hi Dan, in what context have you used the group* commands, and how would you like them to be used for FL? To me, this seems like the type of thing for an individual mirror maintainer to setup if they wish, but not something that is necessarily good to have on FL's download site. Personally I've used the group* features of yum quite a bit so that I can specify certain packages that need to be installed on say 'Instructional' machines or 'cluster' machines, but this isn't really related to the purpose of FL which is to put out fixes for security issues on past RH releases. By the way, there are a couple scripts you could use to create your yumgroups.xml file, and you can read more about it on the yum mailing list. Scripts are here (similar scripts; the perl one will look through directories of RPMs for you): http://www.linux.duke.edu/projects/yum/download/misc/yumgengroups.py http://www.linux.duke.edu/projects/yum/download/misc/yumgroups.pl And the mailing list is here: https://lists.linux.duke.edu/mailman/listinfo/yum -Jeff From pekkas at netcore.fi Sat Feb 19 18:39:45 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sat, 19 Feb 2005 20:39:45 +0200 (EET) Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: <1108821408.12557.3.camel@mdlinux> References: <007601c51678$c6f8ae00$9a02a8c0@gpg4> <1108821408.12557.3.camel@mdlinux> Message-ID: On Sat, 19 Feb 2005, Marc Deslauriers wrote: > On Sat, 2005-02-19 at 12:46 +0100, Bart Westra wrote: >> After upgrading to iptables-1.2.8-8.90.1.legacy for Red Hat 9, I have found >> that ip_conntrack_ftp is not working on some interfaces of my system (it has >> 4 physical interfaces). It no longer recognizes the data sessions associated >> with an ftp control session. When I open the high ports in iptables, the >> data session will work. > > With the new iptables package, you have to manually add > "ip_conntrack_ftp" to the IPTABLES_MODULES="" variable in > the /etc/sysconfig/iptables-config file and > uncomment the line. > > Please try that and report back here if it worked so we can close the bug. Umm.. that shouldn't be needed -- the whole point is that the modules are loaded properly? (Of course, it can be tried...) But that said, something _is_ wrong. I started hearing weird reports from our multi-interface RHL9-based firewall as well, and I couldn't associate them until now. It would be interesting to know whether conntrack_ftp is: - automatically loaded or not - actually loaded when conntracking fails - whether conntracking works on some interfaces and not in others -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From peak at argo.troja.mff.cuni.cz Sat Feb 19 19:49:52 2005 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Date: Sat, 19 Feb 2005 20:49:52 +0100 (CET) Subject: Fedora Legacy Test Update Notification: mailman In-Reply-To: <1108518216.8025.96.camel@blue> Message-ID: <20050219194952.10081.qmail@paddy.troja.mff.cuni.cz> On Tue, 15 Feb 2005, Jim Popovitch wrote: > Here is what Mailman 2.0 looked like (prior to CAN-2005-0202) > Here is what Mailman 2.1.5 looked like (prior to CAN-2005-0202). Afaik the semantics is the same i.e. 2.0 is affected as well. (Try true_path('/.....///b').) > Here is what Mailman developers themselves recommend as a fix > to the 2.1 series for CAN-2005-0202, in addition to saying that > 2.0.x is unaffected. Personally, I'd prefer this fix because it does the right thing (it gets rid of unsafe path components) rather than doing some text substitution magic. > Here is what is now in FedoraLegacy RH73 release 2.0.13-7 > path = re.sub('\.+/+', '', path) This is rather ugly but it should fix the problem too. re.sub is "regular expression substitution". It finds all sequences of one or more dots and one or more slashes and deletes them (replaces them with an empty string). It is not possible to create any input such that the output of this substitution would include "../". --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." From info at hostinthebox.net Sat Feb 19 23:21:48 2005 From: info at hostinthebox.net (Dan Trainor) Date: Sat, 19 Feb 2005 16:21:48 -0700 Subject: FC1, "yum group*" commands In-Reply-To: References: Message-ID: <4217CA0C.8060608@hostinthebox.net> Jeff Sheltren wrote: > On 2/18/05 9:54 PM, "Dan Trainor" wrote: > >>Good Evening, Jeff - >> >>Yes, it did answer my question absolutely. >> >>I am guessing that others are probably wishing this functionality did >>exist. So with that being said, what can I do to create a yumgroups.xml >>that can be used by the FL project? I would imagine that there is a >>specific format for such a file, so do you know where I might be able to >>get more information on this? >> >>Thanks a lot >>-dant > > > Hi Dan, in what context have you used the group* commands, and how would you > like them to be used for FL? To me, this seems like the type of thing for > an individual mirror maintainer to setup if they wish, but not something > that is necessarily good to have on FL's download site. Personally I've > used the group* features of yum quite a bit so that I can specify certain > packages that need to be installed on say 'Instructional' machines or > 'cluster' machines, but this isn't really related to the purpose of FL which > is to put out fixes for security issues on past RH releases. > > By the way, there are a couple scripts you could use to create your > yumgroups.xml file, and you can read more about it on the yum mailing list. > > Scripts are here (similar scripts; the perl one will look through > directories of RPMs for you): > http://www.linux.duke.edu/projects/yum/download/misc/yumgengroups.py > http://www.linux.duke.edu/projects/yum/download/misc/yumgroups.pl > > And the mailing list is here: > https://lists.linux.duke.edu/mailman/listinfo/yum > > -Jeff > Jeff - Very cool, I will definately look into it. Not being the center focus of what the FL project was all about, I was quite hesitant to even ask this question, because I know the group is very stressed for time. I have just moved, and after I get everything unpacked, I plan on having the resoueces and time to at the very least do some QA testing, and hopefully help out with the verification of packages and such. I've used the resources of the Fedora Legacy project on so many occasions, that it would only make sense for me to start to do my part. Thanks again for the help -dant From b.westra at xs4all.nl Sun Feb 20 00:39:54 2005 From: b.westra at xs4all.nl (Bart Westra) Date: Sun, 20 Feb 2005 01:39:54 +0100 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug References: <007601c51678$c6f8ae00$9a02a8c0@gpg4><1108821408.12557.3.camel@mdlinux> Message-ID: <01d501c516e4$b3f32c60$9a02a8c0@gpg4> ----- Original Message ----- From: "Pekka Savola" To: "Discussion of the Fedora Legacy Project" Sent: Saturday, February 19, 2005 7:39 PM Subject: Re: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug > On Sat, 19 Feb 2005, Marc Deslauriers wrote: >> On Sat, 2005-02-19 at 12:46 +0100, Bart Westra wrote: >>> After upgrading to iptables-1.2.8-8.90.1.legacy for Red Hat 9, I have >>> found >>> that ip_conntrack_ftp is not working on some interfaces of my system (it >>> has >>> 4 physical interfaces). It no longer recognizes the data sessions >>> associated >>> with an ftp control session. When I open the high ports in iptables, the >>> data session will work. >> >> With the new iptables package, you have to manually add >> "ip_conntrack_ftp" to the IPTABLES_MODULES="" variable in >> the /etc/sysconfig/iptables-config file and >> uncomment the line. >> >> Please try that and report back here if it worked so we can close the >> bug. > > Umm.. that shouldn't be needed -- the whole point is that the modules are > loaded properly? (Of course, it can be tried...) > > But that said, something _is_ wrong. I started hearing weird reports from > our multi-interface RHL9-based firewall as well, and I couldn't associate > them until now. > > It would be interesting to know whether conntrack_ftp is: > - automatically loaded or not > - actually loaded when conntracking fails > - whether conntracking works on some interfaces and not in others > Well, I have sorted it now :) I had set the system to load ip_conntrack, ip_conntrack_ftp and ip_nat_ftp in /etc/rc.modules with modprobe commands. This worked ok untill now, but the new iptables package then unloads the modules when it is (re)started, and only looks in /etc/sysconfig/iptables-config for what modules should be restarted. So none would. I have now added ip_conntrack_ftp and ip_nat_ftp in /etc/sysconfig/iptables-config (and removed them from /etc/rc.modules). The basic ip_conntrack is loaded automatically so I left it out. Now full ftp connection tracking is back :) About the phenomena observed: - eth0 seemed to work, but closer inspection showed that this was only the case if the remote ftp client was not using passive transfer mode. The difference between eth0 and the other interfaces in my system is that it allows all outgoing traffic. Hence the ftp data session set up by the server was allowed and tracked. Once I set the client to passive mode, it would also get a time out. - reloading iptables for new firewall rules now takes quite long at the step where modules are unloaded. During this time the policy is all accept.... not safe imo. - at first when I went back to iptables-1.2.8-8.90.1.legacy again to try Mark's suggestion, everything worked fine and I started to doubt my previous observations.... Eventually I found that some 1.2.7 code was still active. I then removed both iptables versions completely with rpm -e --nodeps and installed the new package from scratch. Then I could reproduce the error and test the solution. The question for me now is: what is the correct way to go back and forth between two versions? I use apt to update the system, and I see no way to reverse an upgrade using apt. Regards Bart Westra From pekkas at netcore.fi Sun Feb 20 07:29:16 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 20 Feb 2005 09:29:16 +0200 (EET) Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: <01d501c516e4$b3f32c60$9a02a8c0@gpg4> References: <007601c51678$c6f8ae00$9a02a8c0@gpg4><1108821408.12557.3.camel@mdlinux> <01d501c516e4$b3f32c60$9a02a8c0@gpg4> Message-ID: On Sun, 20 Feb 2005, Bart Westra wrote: > I had set the system to load ip_conntrack, ip_conntrack_ftp and ip_nat_ftp in > /etc/rc.modules with modprobe commands. This worked ok untill now, but the > new iptables package then unloads the modules when it is (re)started, and > only looks in /etc/sysconfig/iptables-config for what modules should be > restarted. So none would. > > I have now added ip_conntrack_ftp and ip_nat_ftp in > /etc/sysconfig/iptables-config (and removed them from /etc/rc.modules). The > basic ip_conntrack is loaded automatically so I left it out. Now full ftp > connection tracking is back :) This is good to know. However, did you explicitly check whether the modules were or were not loaded after a restart and loading int he rules without changing iptables-config? That is, the whole purpose of the Fedora Legacy security update _was_ to fix the automatic loading of modules. If this doesn't work... we have a problem. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From pekkas at netcore.fi Sun Feb 20 07:47:10 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 20 Feb 2005 09:47:10 +0200 (EET) Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: References: <007601c51678$c6f8ae00$9a02a8c0@gpg4><1108821408.12557.3.camel@mdlinux> <01d501c516e4$b3f32c60$9a02a8c0@gpg4> Message-ID: On Sun, 20 Feb 2005, Pekka Savola wrote: >> I have now added ip_conntrack_ftp and ip_nat_ftp in >> /etc/sysconfig/iptables-config (and removed them from /etc/rc.modules). The >> basic ip_conntrack is loaded automatically so I left it out. Now full ftp >> connection tracking is back :) > > This is good to know. However, did you explicitly check whether the modules > were or were not loaded after a restart and loading int he rules without > changing iptables-config? > > That is, the whole purpose of the Fedora Legacy security update _was_ to fix > the automatic loading of modules. If this doesn't work... we have a problem. Hmm. Could you try out RPMs at: http://www.netcore.fi/pekkas/linux/iptables-1.2.8-8.90.2.legacy.i386.rpm http://www.netcore.fi/pekkas/linux/iptables-1.2.8-8.90.2.legacy.src.rpm http://www.netcore.fi/pekkas/linux/iptables-ipv6-1.2.8-8.90.2.legacy.i386.rpm The only change was to replace: + ret = malloc(PROCFILE_BUFSIZ); with: + ret = (char *) malloc(PROCFILE_BUFSIZ); because that's how it's done in upstream CVS and Debian. If that fixes it, Red Hat's FC3 fix that we used was broken.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From fedora-legacy at spampot.com Sun Feb 20 12:35:41 2005 From: fedora-legacy at spampot.com (Ralph at Fedora Legacy) Date: Sun, 20 Feb 2005 13:35:41 +0100 (CET) Subject: httpd 2.0.53? Message-ID: <2790.192.168.123.101.1108902941.squirrel@192.168.123.101> Should I be concerned that Fedora Legacy is still only offering httpd 2.0.51 whereas the latest version from apache.org is 2.0.53? I'm guessing those bug fixes are for something, right? Best regards, Ralph. From marcdeslauriers at videotron.ca Sun Feb 20 13:08:11 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sun, 20 Feb 2005 08:08:11 -0500 Subject: httpd 2.0.53? In-Reply-To: <2790.192.168.123.101.1108902941.squirrel@192.168.123.101> References: <2790.192.168.123.101.1108902941.squirrel@192.168.123.101> Message-ID: <1108904892.22299.0.camel@mdlinux> On Sun, 2005-02-20 at 13:35 +0100, Ralph at Fedora Legacy wrote: > Should I be concerned that Fedora Legacy is still only offering httpd > 2.0.51 whereas the latest version from apache.org is 2.0.53? I'm guessing > those bug fixes are for something, right? We don't upgrade the while http package, we backport the necessary security patches to whatever version shipped with the release for stability purposes. Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From marcdeslauriers at videotron.ca Sun Feb 20 13:19:16 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sun, 20 Feb 2005 08:19:16 -0500 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: References: <007601c51678$c6f8ae00$9a02a8c0@gpg4> <1108821408.12557.3.camel@mdlinux> <01d501c516e4$b3f32c60$9a02a8c0@gpg4> Message-ID: <1108905557.22299.7.camel@mdlinux> On Sun, 2005-02-20 at 09:29 +0200, Pekka Savola wrote: > That is, the whole purpose of the Fedora Legacy security update _was_ > to fix the automatic loading of modules. If this doesn't work... we > have a problem. > ip_nat_ftp and ip_conntrack_ftp never load by themselves. They have to be manually loaded. The problem here, is we upgraded the iptables version to the newer version that Red Hat released for rh 7.3 instead of just patching the current version. The newer version has an updated init script. The new init script explicitly unloads all loaded modules at startup. This changes the previous rh9 behaviour. If people were loading the modules manually before the init script came up, the update essentially broke their firewall. Another case that proves backporting is better than updating versions... Do you guys have any bugs besides your modules not loading anymore? Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From michal at harddata.com Sun Feb 20 17:26:40 2005 From: michal at harddata.com (Michal Jaegermann) Date: Sun, 20 Feb 2005 10:26:40 -0700 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: ; from pekkas@netcore.fi on Sun, Feb 20, 2005 at 09:47:10AM +0200 References: <007601c51678$c6f8ae00$9a02a8c0@gpg4><1108821408.12557.3.camel@mdlinux> <01d501c516e4$b3f32c60$9a02a8c0@gpg4> Message-ID: <20050220102640.B24238@mail.harddata.com> On Sun, Feb 20, 2005 at 09:47:10AM +0200, Pekka Savola wrote: > > The only change was to replace: > + ret = malloc(PROCFILE_BUFSIZ); > with: > + ret = (char *) malloc(PROCFILE_BUFSIZ); > > because that's how it's done in upstream CVS and Debian. A context is missing but assuming that the source is mildly sane, and a compiler does not have here a hair-raising bug, then the above is a "null change". 'malloc()' is prototyped as 'void *malloc(size_t size)' and an explicit cast to a 'ret' type, assuming that this is a pointer, is then redundant. > If that fixes it, Red Hat's FC3 fix that we used was broken.. If that makes any difference then there are serious issues with a toolchain. Michal From b.westra at xs4all.nl Sun Feb 20 19:19:45 2005 From: b.westra at xs4all.nl (Bart Westra) Date: Sun, 20 Feb 2005 20:19:45 +0100 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug References: <007601c51678$c6f8ae00$9a02a8c0@gpg4><1108821408.12557.3.camel@mdlinux><01d501c516e4$b3f32c60$9a02a8c0@gpg4> Message-ID: <019901c51784$babbf810$9a02a8c0@gpg4> ----- Original Message ----- From: "Pekka Savola" To: "Discussion of the Fedora Legacy Project" Sent: Sunday, February 20, 2005 8:29 AM Subject: Re: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug > This is good to know. However, did you explicitly check whether the > modules were or were not loaded after a restart and loading int he rules > without changing iptables-config? Yes, it was clearly visible that ip_conntrack_ftp was removed by running the new iptables init script. Bart From b.westra at xs4all.nl Sun Feb 20 19:13:24 2005 From: b.westra at xs4all.nl (Bart Westra) Date: Sun, 20 Feb 2005 20:13:24 +0100 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug References: <007601c51678$c6f8ae00$9a02a8c0@gpg4><1108821408.12557.3.camel@mdlinux><01d501c516e4$b3f32c60$9a02a8c0@gpg4> <1108905557.22299.7.camel@mdlinux> Message-ID: <019801c51784$ba9cfe60$9a02a8c0@gpg4> ----- Original Message ----- From: "Marc Deslauriers" To: Sent: Sunday, February 20, 2005 2:19 PM Subject: Re: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug ip_nat_ftp and ip_conntrack_ftp never load by themselves. They have to be manually loaded. The problem here, is we upgraded the iptables version to the newer version that Red Hat released for rh 7.3 instead of just patching the current version. The newer version has an updated init script. The new init script explicitly unloads all loaded modules at startup. This changes the previous rh9 behaviour. If people were loading the modules manually before the init script came up, the update essentially broke their firewall. Another case that proves backporting is better than updating versions... Do you guys have any bugs besides your modules not loading anymore? Marc. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Well as far as I can tell, the firewall is running ok now. But althought the result is working, that new init script is only lucky to do so. The rmmod_r function is set up to work recursively, but it uses global variables for mod, ret, ref and i. I have put in a patch to display what modules are actually being stopped and can see it fails to remove modules that are referred to by others, i.e. when a recursive call is done. Still after an iptables stop, all modules related to iptables are gone... Also, the stopping of ip_conntrack_ftp takes a long time, at least one minute. What I have done now as a test is: - added a 'local' declaration for mod, ret, ref and i in the rmmod_r function - commented out the stopping of ip_conntrack in the stop function Now reloading to apply new firewall rules is fast and doesn't break my ssh connection to the box. Question is if the original bug is still fixed with these changes? Regards Bart From peak at argo.troja.mff.cuni.cz Sun Feb 20 20:34:25 2005 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Date: Sun, 20 Feb 2005 21:34:25 +0100 (CET) Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: <1108905557.22299.7.camel@mdlinux> Message-ID: <20050220203425.954.qmail@paddy.troja.mff.cuni.cz> On Sun, 20 Feb 2005, Marc Deslauriers wrote: > If people were loading the modules manually before the init script came > up, the update essentially broke their firewall. They should have used IPTABLES_MODULES. Even 7.3 has got it. I'd call their setup broken. Perhaps we could change the script to warn the user when it sees it is going to unload some modules that won't be reloaded later because they are missing in IPTABLES_MODULES. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." From marcdeslauriers at videotron.ca Sun Feb 20 22:30:24 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sun, 20 Feb 2005 17:30:24 -0500 Subject: Fedora Legacy Test Update Notification: squid Message-ID: <42190F80.6030303@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2150 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2150 2005-02-20 --------------------------------------------------------------------- Name : squid Versions : rh7.3: squid-2.4.STABLE7-0.73.1.legacy Versions : rh9: squid-2.5.STABLE1-8.9.legacy Versions : fc1: squid-2.5.STABLE3-2.fc1.4.legacy Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. --------------------------------------------------------------------- Update Information: An updated Squid package that fixes several security issues is now available. Squid is a full-featured Web proxy cache. A buffer overflow was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could potentially execute arbitrary code by sending a lengthy password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0541 to this issue. An out of bounds memory read bug was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could send a carefully crafted NTLM authentication packet and cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0832 to this issue. iDEFENSE reported a flaw in the squid SNMP module. This flaw could allow an attacker who has the ability to send arbitrary packets to the SNMP port to restart the server, causing it to drop all open connections. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0918 to this issue. A buffer overflow flaw was found in the Gopher relay parser. This bug could allow a remote Gopher server to crash the Squid proxy that reads data from it. Although Gopher servers are now quite rare, a malicious web page (for example) could redirect or contain a frame pointing to an attacker's malicious gopher server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0094 to this issue. An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid's "home router". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0095 to this issue. A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0096 to this issue. A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. It is possible for an attacker to send a malformed NTLM type 3 message, causing the Squid server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0097 to this issue. A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0173 to this issue. The way Squid handles HTTP responses was found to need strengthening. It is possible that a malicious web server could send a series of HTTP responses in such a way that the Squid cache could be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0174 and CAN-2005-0175 to these issues. When processing the configuration file, Squid parses empty Access Control Lists (ACLs) and proxy_auth ACLs without defined auth schemes in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0194 to this issue. A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0211 to this issue. A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0241 to this issue. Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Feb 16 2005 Marc Deslauriers 7:2.4.STABLE7-0.73.1.legacy - Rebuilt as Fedora Legacy security update for Red Hat Linux 7.3 * Tue Feb 01 2005 Jay Fenlason - Two more security fixes: * CAN-2005-0211 bz#146777 buffer overflow in wccp recvfrom() call * bz#146780 correct handling of oversize reply headers * Mon Jan 31 2005 Jay Fenlason - Change the squid user's login shell to /sbin/nologin * Mon Jan 31 2005 Jay Fenlason 7:2.4.STABLE7-1.21as.3 - Don't include the 0-length files created by patch in the errors directory. * Fri Jan 28 2005 Jay Fenlason 7:2.4.STABLE7-1.21as.2 - Backport three more security fixes to close bz#146159 - Also backport the -reply_header_max_size patch - Reorganize this spec file to apply upstream patches first. * Thu Jan 20 2005 Jay Fenlason 7:2.4.STABLE7-1.21as.1 - Backport fixes for CAN-2005-0094 (remote DOS in parsing malformed Gopher messages). and CAN-2005-0095 (remote DOS in parsing malformed wccp messages). - This version of squid is not vulnerable to CAN-2005-0096 and CAN-2005-0097 because it does not contain the ntlm_auth helper. * Tue Oct 12 2004 Jay Fenlason 7:2.4.STABLE7-1.21as - Backport SNMP_core_dump patch from 2.5.STABLE6 to fix CAN-2004-0918 (Remote DoS) * Mon Jun 21 2004 Jay Fenlason 7:2.4.STABLE7-0.21as - bump to 2.4.STABLE7 to pick up all the post STABLE6 patches - Include the three upstream patches to 2.4.STABLE7 - Add the forward_retries one-line patch for bugzilla #120849 rh9: * Sat Feb 19 2005 Marc Deslauriers 7:2.5.STABLE1-8.9.legacy - Added openssl-devel and cyrus-sasl-devel BuildPrereq * Wed Feb 16 2005 Marc Deslauriers 7:2.5.STABLE1-7.9.legacy - Security patches for CAN-2005-0094, CAN-2005-0095, CAN-2005-0096, CAN-2005-0097, CAN-2005-0173, CAN-2005-0174, CAN-2005-0175, CAN-2005-0194, CAN-2005-0211, CAN-2005-0241 * Sat Oct 16 2004 Marc Deslauriers 7:2.5.STABLE1-6.9.legacy - CAN-2004-0918 security patch (snmp DoS) * Fri Sep 10 2004 Marc Deslauriers 7:2.5.STABLE1-5.9.legacy - CAN-2004-0832 security patch (malformed NTLMSSP packets crash NTLM helpers) * Tue Jun 08 2004 Marc Deslauriers 7:2.5.STABLE1-4.9.legacy - CAN-2004-0541 security patch (NTLM Authentication Helper Buffer Overflow) fc1: * Sun Feb 20 2005 Marc Deslauriers 7:2.5.STABLE3-2.fc1.4.legacy - Added missing openssl-devel and cyrus-sasl-devel BuildPrereq * Wed Feb 16 2005 Marc Deslauriers 7:2.5.STABLE3-2.fc1.3.legacy - Security patches for CAN-2005-0094, CAN-2005-0095, CAN-2005-0096, CAN-2005-0097, CAN-2005-0173, CAN-2005-0174, CAN-2005-0175, CAN-2005-0194, CAN-2005-0211, CAN-2005-0241 * Tue Oct 12 2004 Rob Myers 7:2.5.STABLE3-2.fc1.2.legacy - apply patch for CAN-2004-0918 bug #2150 - group last patch under fedora legacy security updates * Tue Oct 05 2004 Rob Myers 7:2.5.STABLE3-2.fc1.1.legacy - apply patch from 2.5.STABLE3-1.fc1 RHEL3 for CAN-2004-0832 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: c926b9ea0a621e8c43f212fcafa0e055a716e111 redhat/7.3/updates-testing/i386/squid-2.4.STABLE7-0.73.1.legacy.i386.rpm 95d6d4f03127ef826a52cef9d96937eab77e9d19 redhat/7.3/updates-testing/SRPMS/squid-2.4.STABLE7-0.73.1.legacy.src.rpm rh9: 7385ffd5cd640687632742020c121cb0d3eb2c4d redhat/9/updates-testing/i386/squid-2.5.STABLE1-8.9.legacy.i386.rpm 933b43abb420fe4a16694f0d6e134aa3cd08bc6f redhat/9/updates-testing/SRPMS/squid-2.5.STABLE1-8.9.legacy.src.rpm fc1: b09fa932d900d1d33c044306f7d73760be2cca62 fedora/1/updates-testing/i386/squid-2.5.STABLE3-2.fc1.4.legacy.i386.rpm a7ab01398dbce5d1b89f401a700c6c2026b27608 fedora/1/updates-testing/SRPMS/squid-2.5.STABLE3-2.fc1.4.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Sun Feb 20 22:27:47 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sun, 20 Feb 2005 17:27:47 -0500 Subject: [FLSA-2005:1944] GNOME VFS updates address extfs vulnerability Message-ID: <42190EE3.2050308@videotron.ca> ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: GNOME VFS updates address extfs vulnerability Advisory ID: FLSA:1944 Issue date: 2005-02-20 Product: Red Hat Linux Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1944 CVE Names: CAN-2004-0494 ----------------------------------------------------------------------- ----------------------------------------------------------------------- 1. Topic: Updated GNOME VFS packages that remove potential extfs-related vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 3. Problem description: GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for file systems, HTTP, FTP, and others. The extfs backends make it possible to implement file systems for GNOME VFS using scripts. Flaws have been found in several of the GNOME VFS extfs backend scripts. Red Hat Linux ships with vulnerable scripts, but they are not used by default. An attacker who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue. Users of Red Hat Linux should upgrade to these updated packages, which remove these unused scripts. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - 1944 - CAN-2004-0494 GNOME VFS extfs vulnerability 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gnome-vfs-1.0.5-4.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnome-vfs-1.0.5-4.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnome-vfs-devel-1.0.5-4.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gnome-vfs-1.0.5-13.1.legacy.src.rpm http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gnome-vfs2-2.2.2-4.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs-1.0.5-13.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs2-2.2.2-4.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs2-devel-2.2.2-4.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs-devel-1.0.5-13.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name ------------------------------------------------------------------------ 1b2e233aa6ae55ae23a6789fb13c5b6448a2a949 7.3/updates/i386/gnome-vfs-1.0.5-4.1.legacy.i386.rpm 7a651d8d5ddfc1838664551c97f0326a385f80d1 7.3/updates/i386/gnome-vfs-devel-1.0.5-4.1.legacy.i386.rpm 95d81f3f9744e57c41b80057fd9c1d210cb3f772 7.3/updates/SRPMS/gnome-vfs-1.0.5-4.1.legacy.src.rpm 0c4d06767ec7ffefbcdb77b66f8845502204d5da 9/updates/i386/gnome-vfs-1.0.5-13.1.legacy.i386.rpm 8f5c82ba289b2e7b51079af4867ddddaf66006d4 9/updates/i386/gnome-vfs2-2.2.2-4.1.legacy.i386.rpm 65650947bcc05f583b0833ad429e8204e7533fa2 9/updates/i386/gnome-vfs2-devel-2.2.2-4.1.legacy.i386.rpm e702fbcd55b20e6208fe460eb83035173e25a1c4 9/updates/i386/gnome-vfs-devel-1.0.5-13.1.legacy.i386.rpm 5a6db00010fefa6117f5b417262279c7d2645a6a 9/updates/SRPMS/gnome-vfs-1.0.5-13.1.legacy.src.rpm b48bb8e86f9300f2a0b6da398bf3004cba2c19c3 9/updates/SRPMS/gnome-vfs2-2.2.2-4.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0494 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Sun Feb 20 22:28:48 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sun, 20 Feb 2005 17:28:48 -0500 Subject: [FLSA-2005:1945] Updated sox packages fix buffer overflows Message-ID: <42190F20.9050803@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated sox packages fix buffer overflows Advisory ID: FLSA:1945 Issue date: 2005-02-20 Product: Red Hat Linux Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1945 CVE Names: CAN-2004-0557 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated sox packages that fix buffer overflows in the WAV file handling code are now available. SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 3. Problem description: Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0557 to these issues. All users of sox should upgrade to these updated packages, which contain a security patch to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #1945 - sox buffer overflows 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sox-12.17.3-4.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/sox-12.17.3-4.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/sox-devel-12.17.3-4.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sox-12.17.3-11.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/sox-12.17.3-11.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/sox-devel-12.17.3-11.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 5e0a7fa217885c997e7172017a61ee70ac2301b6 redhat/7.3/updates/i386/sox-12.17.3-4.1.legacy.i386.rpm 0f383f050988875f273e15d9c0aadd802d88001f redhat/7.3/updates/i386/sox-devel-12.17.3-4.1.legacy.i386.rpm b7735f908b893f2b3cd3d9681bc230af3a1344e7 redhat/7.3/updates/SRPMS/sox-12.17.3-4.1.legacy.src.rpm 42f91c34c3ce2ada6f0119961f92e747d962ab43 redhat/9/updates/i386/sox-12.17.3-11.1.legacy.i386.rpm bcc6f5c29e9df358703ff70233ba90a23e01e8cb redhat/9/updates/i386/sox-devel-12.17.3-11.1.legacy.i386.rpm 45f91336a69fb652fc1d4b0594a53784d3d1eb87 redhat/9/updates/SRPMS/sox-12.17.3-11.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0557 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Sun Feb 20 22:29:46 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sun, 20 Feb 2005 17:29:46 -0500 Subject: [FLSA-2005:2058] Updated cdrtools packages fix a security issue Message-ID: <42190F5A.7080002@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated cdrtools packages fix a security issue Advisory ID: FLSA:2058 Issue date: 2005-02-20 Product: Red Hat Linux Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2058 CVE Names: CAN-2004-0806 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated cdrtools packages that fix a privilege escalation vulnerability are now available. Cdrtools is a collection of CD/DVD utilities. 2. Relevant releases/architectures: Red Hat Linux 9 - i386 3. Problem description: Max Vozeler found that the cdrecord program, when is set suid root, fails to drop privileges when it executes a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges. In the default configuration of Red Hat Linux 9, the cdrecord program is not set suid root and this attack is not possible. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0806 to this issue. Users of cdrtools are advised to upgrade to these errata packages, which contain a backported patch correcting this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2058 - cdrecord suid privilege escalation 6. RPMs required: Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cdrtools-2.0-11.9.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/cdda2wav-2.0-11.9.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/cdrecord-2.0-11.9.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/cdrecord-devel-2.0-11.9.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mkisofs-2.0-11.9.3.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 6ec40cf0eb0853bbb2cfe36d17349aaed55e82fa redhat/9/updates/i386/cdda2wav-2.0-11.9.3.legacy.i386.rpm ca6510d1737dcc5d2a7491d4b908999bd4cf9003 redhat/9/updates/i386/cdrecord-2.0-11.9.3.legacy.i386.rpm b524bf67a74450990cb95f249153c6e266acbf03 redhat/9/updates/i386/cdrecord-devel-2.0-11.9.3.legacy.i386.rpm 291b49e8ab22b2d1f27052504b41bd1cd25a7c24 redhat/9/updates/i386/mkisofs-2.0-11.9.3.legacy.i386.rpm b138f4696e00faa674c141b8152337f87d6c01f6 redhat/9/updates/SRPMS/cdrtools-2.0-11.9.3.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0806 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From jkeating at j2solutions.net Sun Feb 20 23:34:50 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Sun, 20 Feb 2005 15:34:50 -0800 Subject: Problems reading announcements Message-ID: <1108942490.3563.1.camel@localhost.localdomain> Are any of you having difficulty reading the email announcements? Some have reported some problems with Pine (bleh), and I want to know if others are having problems, in particular with the formatting and the PGP sigs. Thanks. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From marcdeslauriers at videotron.ca Mon Feb 21 03:17:01 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sun, 20 Feb 2005 22:17:01 -0500 Subject: Fedora Legacy Test Update Notification: kernel Message-ID: <421952AD.4020202@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2336 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2336 2005-02-20 --------------------------------------------------------------------- Name : kernel Versions : rh7.3: kernel-2.4.20-42.7.legacy Versions : rh9: kernel-2.4.20-42.9.legacy Versions : fc1: kernel-2.4.22-1.2199.4.legacy Summary : The Linux kernel (the core of the Linux operating system). Description : The kernel package contains the Linux kernel (vmlinuz), the core of the Red Hat Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: Updated kernel packages that fix several security issues are now available. The Linux kernel handles the basic functions of the operating system. This update includes fixes for several security issues: The ext3 code in kernels before 2.4.26 did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0177 to this issue. Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685) Multiple race conditions in the terminal layer could allow local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread. This could also allow remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. (CAN-2004-0814) Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CAN-2004-0883, CAN-2004-0949) ISEC security research and Georgi Guninski independantly discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). (CAN-2004-1016) Multiple overflows were discovered and corrected in the io_edgeport driver. (CAN-2004-1017) The Direct Rendering Manager (DRM) driver does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. (CAN-2004-1056) A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. (CAN-2004-1068) Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use these flaws to gain read access to executable-only binaries or possibly gain privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073, CAN-2004-1074) ISEC security research discovered multiple vulnerabilities in the IGMP functionality of the kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. (CAN-2004-1137) Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). (CAN-2004-1234) iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. (CAN-2004-1235) iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. (CAN-2005-0001) All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. --------------------------------------------------------------------- Changelogs rh73: * Wed Feb 02 2005 Martin Siegert - replace patch for CAN-2004-0814 with patch extracted from the official kernel patch-2.4.29 (including previously missing patch for proc_fs.h). * Sun Jan 16 2005 Simon Weller - Back ported CAN-2005-0001 expand_stack patch based on Dave Botsch's patch - void changes to int in CAN-2004-1245 patch set_brk function - thanks to Martin Siegert * Fri Jan 07 2005 Simon Weller - back ported 2.4.29 sys_uselib-race-CAN-2004-1235 patch * Mon Jan 03 2005 Martin Siegert - replace patch for CAN-2004-0814 with slightly modified version of the gentoo-sources-2.4.20-CAN-2004-0814 patch. (http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/) - include drm_lock patch (CAN-2004-1056); modified version of patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138534 - include elf-loader-setuid patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-1070,CAN-2004-1071,CAN-2004-1072, and CAN-2004-1073) modified to apply after patch 11032 - include smbfs-overflows.patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-0883 and CAN-2004-0949) - include aout-leak patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-1074) - include linux-2.4.20-nfsd-signed and linux-2.4.20-nfsd-xdr-write-wrap patches from kernel-source-2.4.20.SuSE-127 - include cmsg-signedness patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-1016) - include dgram_recvmsg patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-1068) - include linux-2.4.20-ip-options-leak.patch from kernel-source-2.4.20.SuSE-127 - include binfmt_elf patch from http://linux.bkbits.net:8080/linux-2.4/gnupatch at 4076466d_SqUm4azg4_v3FIG2-X6XQ (CAN-2004-1234) - include linux-2.4.21-CAN-2004-1017-io_edgeport.patch from the linux-2.4.21-usb-update.patch from RedHat's kernel-2.4.21-27.0.1.EL (CAN-2004-1017) * Sat Oct 23 2004 Martin Siegert - include tty-ldisc patch from Jason Baron, CAN-2004-0814 (http://www.ussg.iu.edu/hypermail/linux/kernel/0409.3/0201.html, http://www.securityfocus.com/archive/1/379005). rh9: * Wed Feb 02 2005 Martin Siegert - replace patch for CAN-2004-0814 with patch extracted from the official kernel patch-2.4.29 (including previously missing patch for proc_fs.h). * Sun Jan 16 2005 Simon Weller - Back ported CAN-2005-0001 expand_stack patch based on Dave Botsch's patch - void changes to int in CAN-2004-1245 patch set_brk function - thanks to Martin Siegert * Fri Jan 07 2005 Simon Weller - back ported 2.4.29 sys_uselib-race-CAN-2004-1235 patch * Mon Jan 03 2005 Martin Siegert - replace patch for CAN-2004-0814 with slightly modified version of the gentoo-sources-2.4.20-CAN-2004-0814 patch. (http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/) - include drm_lock patch (CAN-2004-1056); modified version of patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138534 - include elf-loader-setuid patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-1070,CAN-2004-1071,CAN-2004-1072, and CAN-2004-1073) modified to apply after patch 11032 - include smbfs-overflows.patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-0883 and CAN-2004-0949) - include aout-leak patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-1074) - include linux-2.4.20-nfsd-signed and linux-2.4.20-nfsd-xdr-write-wrap patches from kernel-source-2.4.20.SuSE-127 - include cmsg-signedness patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-1016) - include dgram_recvmsg patch from kernel-source-2.4.20.SuSE-127 (CAN-2004-1068) - include linux-2.4.20-ip-options-leak.patch from kernel-source-2.4.20.SuSE-127 - include binfmt_elf patch from http://linux.bkbits.net:8080/linux-2.4/gnupatch at 4076466d_SqUm4azg4_v3FIG2-X6XQ (CAN-2004-1234) - include linux-2.4.21-CAN-2004-1017-io_edgeport.patch from the linux-2.4.21-usb-update.patch from RedHat's kernel-2.4.21-27.0.1.EL (CAN-2004-1017) * Sat Oct 23 2004 Martin Siegert - include tty-ldisc patch from Jason Baron, CAN-2004-0814 (http://www.ussg.iu.edu/hypermail/linux/kernel/0409.3/0201.html, http://www.securityfocus.com/archive/1/379005). fc1: * Fri Jan 14 2005 Rob Myers 2.4.22-1.2199.4.legacy.nptl - patch for expand_stack SMP race CAN-2005-0001 - patch for RLIMIT_MEMLOCK bypass NO-CAN-ASSIGNED - patch for random poolsize sysctl handler integer overflow NO-CAN-ASSIGNED - patch for moxa serial driver bss overflow NO-CAN-ASSIGNED - patch for xfs misc fixes - NO-CAN-ASSIGNED - patch for rose_rt_ioctl - lack of bounds checking NO-CAN-ASSIGNED - patch for sdla_xfer - lack of bounds checking NO-CAN-ASSIGNED - patch for coda - add bounds checking for tainted scalars NO-CAN-ASSIGNED * Fri Jan 07 2005 Rob Myers 2.4.22-1.2199.3.legacy.nptl - add patches for CAN-2004-1235 CAN-2004-1017 - add patch for ip options leak * Fri Jan 07 2005 Rob Myers 2.4.22-1.2199.2.legacy.nptl - clean up spec, rebuild * Thu Jan 06 2005 Rob Myers 2.4.22-1.2199.1.legacy.nptl - patch CAN-2004-0685 CAN-2004-0814 CAN-2004-0883 CAN-2004-0949 CAN-2004-1016 CAN-2004-1056 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073 CAN-2004-1074 CAN-2004-1137 CAN-2004-1234 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 7900b4d4608f6f23f1b19f8545a67bd733493c65 redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.athlon.rpm dad7ced597c96a258e11d0de8437356ac82e40f3 redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i386.rpm caea6cb5c96897341c71e023e71d90b1b01bdde9 redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i586.rpm ffe552201b6bfdc5359596ae901bc249a365cec6 redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i686.rpm 4be06cfe9783c4d045fbfff4774e50f308fa6934 redhat/7.3/updates-testing/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm 7d4b1b49e292ade40eb1f14e89338ae8df014981 redhat/7.3/updates-testing/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm 6a17058770d6e6c2b8706232d1ceb60866b36ab0 redhat/7.3/updates-testing/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm b8e1b78b834e48ec35906b3924eb2bd12a33e4d6 redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm 55e2477c5ddd3934c2bfbc770ff0df7cce44a6a0 redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm c923851d4e460a672891db11bbc98089189a5a93 redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm dfcf9626635256e898e9696b7c8e58d826069be4 redhat/7.3/updates-testing/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm f4620b08ec8e2ae3973d5b3e555893ab3a7ce340 redhat/7.3/updates-testing/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm rh9: 2d6d73763d1d7631b61c40b8093757466dd24cd7 redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.athlon.rpm 7b1f8f93eb586ae3fbe834670801d45b999700c2 redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i386.rpm 8d472f8c69a624b310758472c7f387c258f73c02 redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i586.rpm 618c079b5c9336a0bf0c4e7342616c001eea5f15 redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i686.rpm dcc66fd50b44cdb55c543d2d0496de595e627d7a redhat/9/updates-testing/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm d092d4efcc10b605fdf9724c5bd65560811063c4 redhat/9/updates-testing/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm d99388a8d0f9b0b7e19aa61d25399dc4e5489427 redhat/9/updates-testing/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm ccfaec93e1a5145ec9d91f0d3e7eeab19a3a81a4 redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm 75e49f1b57037546407f3631a3c5f75fb2d671ee redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm c7b63e8f26ccb8a237a5918d50e04b112e13f700 redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm f1e82fb01bcf318ee1e6d48ac3119ee8caa6be11 redhat/9/updates-testing/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm d11209f3d111ed3e633662c5f651772f11282f8e redhat/9/updates-testing/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm fc1: 91df569f7f98a976f2686628c9a45160c8f730c6 fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm 1ef2868a7a990521a080925ca81981cafa676258 fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm 5b093d72e5f7398f3b829c6ce557eb9817042732 fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm b66170a9431426138e454ddec7f3b98ec45a10fb fedora/1/updates-testing/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm 4c5895f14271a8b5bc6e5489c053fba1f96e71f8 fedora/1/updates-testing/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm a358e368bea67f2cbbf32a6a1c9242e1cd7dffeb fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm c16b6217ac2ade811576e303a7eb1ddc0214d692 fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm d307317b04336c289cddde005e11c30b188119cb fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm 3b0301c812ad4379c6eb7bbd7970ab4f9602b37c fedora/1/updates-testing/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm d14e7971299e22a38cdeee145028d797ea477a1c fedora/1/updates-testing/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From cra at WPI.EDU Mon Feb 21 05:26:33 2005 From: cra at WPI.EDU (Chuck R. Anderson) Date: Mon, 21 Feb 2005 00:26:33 -0500 Subject: Problems reading announcements In-Reply-To: <1108942490.3563.1.camel@localhost.localdomain> References: <1108942490.3563.1.camel@localhost.localdomain> Message-ID: <20050221052632.GA19098@angus.ind.WPI.EDU> On Sun, Feb 20, 2005 at 03:34:50PM -0800, Jesse Keating wrote: > Are any of you having difficulty reading the email announcements? Some > have reported some problems with Pine (bleh), and I want to know if > others are having problems, in particular with the formatting and the > PGP sigs. No problems reading the announcements or with PGP sigs here. I'm using mutt-1.4.1-4. From mgerber at leitwerk.de Mon Feb 21 05:35:54 2005 From: mgerber at leitwerk.de (Mike Gerber) Date: Mon, 21 Feb 2005 06:35:54 +0100 Subject: Problems reading announcements In-Reply-To: <20050221052632.GA19098@angus.ind.WPI.EDU> References: <1108942490.3563.1.camel@localhost.localdomain> <20050221052632.GA19098@angus.ind.WPI.EDU> Message-ID: <20050221053554.GB29254@nin.lan.rwsr-xr-x.de> > On Sun, Feb 20, 2005 at 03:34:50PM -0800, Jesse Keating wrote: > > Are any of you having difficulty reading the email announcements? Some > > have reported some problems with Pine (bleh), and I want to know if > > others are having problems, in particular with the formatting and the > > PGP sigs. > No problems reading the announcements or with PGP sigs here. I'm > using mutt-1.4.1-4. I'm having problems with the PGP sigs on Marc's announcements, but only if I use GnuPG 1.4 - no probs with GnuPG 1.2. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From sebenste at weather.admin.niu.edu Mon Feb 21 05:55:52 2005 From: sebenste at weather.admin.niu.edu (Gilbert Sebenste) Date: Sun, 20 Feb 2005 23:55:52 -0600 (CST) Subject: Problems reading announcements In-Reply-To: <20050221053554.GB29254@nin.lan.rwsr-xr-x.de> References: <1108942490.3563.1.camel@localhost.localdomain> <20050221052632.GA19098@angus.ind.WPI.EDU> <20050221053554.GB29254@nin.lan.rwsr-xr-x.de> Message-ID: On Mon, 21 Feb 2005, Mike Gerber wrote: > > No problems reading the announcements or with PGP sigs here. I'm > > using mutt-1.4.1-4. > > I'm having problems with the PGP sigs on Marc's announcements, but only > if I use GnuPG 1.4 - no probs with GnuPG 1.2. No problems using Pine here (what's wrong with Pine? :-) ) ******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** Staff Meteorologist, Northern Illinois University **** E-mail: sebenste at weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** Work phone: 815-753-5492 * ******************************************************************************* From hjp+fedora-legacy at wsr.ac.at Mon Feb 21 08:42:33 2005 From: hjp+fedora-legacy at wsr.ac.at (Peter J. Holzer) Date: Mon, 21 Feb 2005 09:42:33 +0100 Subject: "[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug In-Reply-To: <1108905557.22299.7.camel@mdlinux> References: <007601c51678$c6f8ae00$9a02a8c0@gpg4> <1108821408.12557.3.camel@mdlinux> <01d501c516e4$b3f32c60$9a02a8c0@gpg4> <1108905557.22299.7.camel@mdlinux> Message-ID: <20050221084233.GD22491@wsr.ac.at> On 2005-02-20 08:19:16 -0500, Marc Deslauriers wrote: > ip_nat_ftp and ip_conntrack_ftp never load by themselves. They have to > be manually loaded. The problem here, is we upgraded the iptables > version to the newer version that Red Hat released for rh 7.3 instead of > just patching the current version. The newer version has an updated init > script. The new init script explicitly unloads all loaded modules at > startup. This changes the previous rh9 behaviour. I was previously bitten by the fact that RH9 didn't behave like RH7.3. So, I like the change, it just came a little too late for me. hp -- _ | Peter J. Holzer | If the code is old but the problem is new |_|_) | Sysadmin WSR / LUGA | then the code probably isn't the problem. | | | hjp at wsr.ac.at | __/ | http://www.hjp.at/ | -- Tim Bunce on dbi-users, 2004-11-05 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 388 bytes Desc: not available URL: From patrickmailing at narmida.com Mon Feb 21 09:32:18 2005 From: patrickmailing at narmida.com (patrickmailing) Date: Mon, 21 Feb 2005 10:32:18 +0100 Subject: Making a ramdisk bigger then 512MB Message-ID: <4219AAA2.70005@narmida.com> Hello, I need for my database a ramdisk of 12 GB my problem is that i cannot go bigger then 512 see logs. Anyone exp. in this ? thnx for the help in advance 512 MB: bubbles:/ # mke2fs -vm0 /dev/ram0 524288 mke2fs 1.35 (28-Feb-2004) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 131072 inodes, 524288 blocks 0 blocks (0.00%) reserved for the super user First data block=1 64 block groups 8192 blocks per group, 8192 fragments per group 2048 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 31 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. bubbles:/ # mount /dev/ram0 /ramdisk bubbles:/ # df Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda2 152219220 684556 151534664 1% / tmpfs 512064 8 512056 1% /dev/shm /dev/ram0 507748 13 507735 1% /ramdisk 516 MB: bubbles:/ # mke2fs -vm0 /dev/ram0 530000 mke2fs 1.35 (28-Feb-2004) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) 66400 inodes, 132500 blocks 0 blocks (0.00%) reserved for the super user First data block=0 5 block groups 32768 blocks per group, 32768 fragments per group 13280 inodes per group Superblock backups stored on blocks: 32768, 98304 Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 32 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. bubbles:/ # mount /dev/ram0 /ramdisk mount: wrong fs type, bad option, bad superblock on /dev/ram0, or too many mounted file systems From harri.haataja at smilehouse.com Mon Feb 21 13:32:59 2005 From: harri.haataja at smilehouse.com (Harri Haataja) Date: Mon, 21 Feb 2005 15:32:59 +0200 Subject: Problems reading announcements In-Reply-To: References: <1108942490.3563.1.camel@localhost.localdomain> <20050221052632.GA19098@angus.ind.WPI.EDU> <20050221053554.GB29254@nin.lan.rwsr-xr-x.de> Message-ID: <20050221133259.GA6617@harriha-dsl.oulu.fi> On Sun, Feb 20, 2005 at 11:55:52PM -0600, Gilbert Sebenste wrote: > On Mon, 21 Feb 2005, Mike Gerber wrote: > > > No problems reading the announcements or with PGP sigs here. I'm > > > using mutt-1.4.1-4. > > I'm having problems with the PGP sigs on Marc's announcements, but only > > if I use GnuPG 1.4 - no probs with GnuPG 1.2. All seems fine here as well. 1.5.6+20040907i, gnupg 1.2.5. > No problems using Pine here (what's wrong with Pine? :-) ) What's wrong with everything coming out of WU and/or looking like a DOS program ;^) -- so, when they landed on the moon, why cant u see the stars in the pictures they took? it was daytime -- http://www.bash.org From brian.t.brunner at gai-tronics.com Mon Feb 21 14:12:21 2005 From: brian.t.brunner at gai-tronics.com (Brian T. Brunner) Date: Mon, 21 Feb 2005 06:12:21 -0800 Subject: Making a ramdisk bigger then 512MB Message-ID: 1: This is a kernel config question, not one of Fedora Legacy support per se. for a clue: grep RAM /usr/src/linux-x.y.mumble/.config 2: RAMDisks, by definition, are in RAM, not on a hard drive; a 12GB RAM disk would consume 12GB of RAM space. I doubt you have 12GB of physical RAM. Virtual RAM (which is on the hard drive, and thus not much faster than a simple file on the hard drive) could be used, if you have 12GB of free phys+swap Memory Space. 3: You can make a fake RAM space of any size using a loopback device. Before going farther, can you explain why you need a 12GB RAMdisk? Brian Brunner brian.t.brunner at gai-tronics.com (610)796-5838 >>> patrickmailing at narmida.com 02/21/05 04:32AM >>> Hello, I need for my database a ramdisk of 12 GB my problem is that i cannot go bigger then 512 see logs. Anyone exp. in this ? thnx for the help in advance -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated From jkeating at j2solutions.net Mon Feb 21 15:44:52 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Mon, 21 Feb 2005 07:44:52 -0800 Subject: Problems reading announcements In-Reply-To: <20050221133259.GA6617@harriha-dsl.oulu.fi> References: <1108942490.3563.1.camel@localhost.localdomain> <20050221052632.GA19098@angus.ind.WPI.EDU> <20050221053554.GB29254@nin.lan.rwsr-xr-x.de> <20050221133259.GA6617@harriha-dsl.oulu.fi> Message-ID: <1109000692.3563.5.camel@localhost.localdomain> On Mon, 2005-02-21 at 15:32 +0200, Harri Haataja wrote: > > What's wrong with everything coming out of WU and/or looking like a > DOS > program ;^) Their broken license maybe? If you've spent any serious time as a wu- imap client, you'd also not like stuff from wu very much. lets not forget wu-ftpd either.... -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From madlists at teaparty.net Mon Feb 21 15:52:15 2005 From: madlists at teaparty.net (Tom Yates) Date: Mon, 21 Feb 2005 15:52:15 +0000 (GMT) Subject: Problems reading announcements In-Reply-To: <1108942490.3563.1.camel@localhost.localdomain> References: <1108942490.3563.1.camel@localhost.localdomain> Message-ID: On Sun, 20 Feb 2005, Jesse Keating wrote: > Are any of you having difficulty reading the email announcements? Some > have reported some problems with Pine (bleh), and I want to know if > others are having problems, in particular with the formatting and the > PGP sigs. i use pine (4.61, on FC3) to read the list, and i'm having no problems with the formatting. i've never tried verifying the attached signatures, but that's because i use pinepg, which (afaict) doesn't deal with detached sigs - only inlined ones. if anyone can recommend a tool that allows pine to work with detached signatures, i'd be happy to try it out. -- Tom Yates Cambridge, UK. From jimpop at yahoo.com Mon Feb 21 15:58:29 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Mon, 21 Feb 2005 10:58:29 -0500 Subject: Fedora Legacy Test Update Notification: kernel In-Reply-To: <421952AD.4020202@videotron.ca> References: <421952AD.4020202@videotron.ca> Message-ID: <1109001509.25019.1.camel@blue> Yikes. What a mess. Any ideas on how to test this? Simply installing and just putting it though normal paces seems short-sighted. -Jim P. On Sun, 2005-02-20 at 22:17 -0500, Marc Deslauriers wrote: > --------------------------------------------------------------------- > Fedora Legacy Test Update Notification > FEDORALEGACY-2005-2336 > Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2336 > 2005-02-20 > --------------------------------------------------------------------- > > Name : kernel > Versions : rh7.3: kernel-2.4.20-42.7.legacy > Versions : rh9: kernel-2.4.20-42.9.legacy > Versions : fc1: kernel-2.4.22-1.2199.4.legacy > Summary : The Linux kernel (the core of the Linux operating system). > Description : > The kernel package contains the Linux kernel (vmlinuz), the core of > the Red Hat Linux operating system. The kernel handles the basic > functions of the operating system: memory allocation, process > allocation, device input and output, etc. > > --------------------------------------------------------------------- > Update Information: > > Updated kernel packages that fix several security issues are now > available. > > The Linux kernel handles the basic functions of the operating system. > > This update includes fixes for several security issues: > > The ext3 code in kernels before 2.4.26 did not properly initialize > journal descriptor blocks. A privileged local user could read portions > of kernel memory. The Common Vulnerabilities and Exposures project > (cve.mitre.org) has assigned the name CAN-2004-0177 to this issue. > > Conectiva discovered flaws in certain USB drivers affecting kernels > prior to 2.4.27 which used the copy_to_user function on uninitialized > structures. These flaws could allow local users to read small amounts > of kernel memory. (CAN-2004-0685) > > Multiple race conditions in the terminal layer could allow local users > to obtain portions of kernel data via a TIOCSETD ioctl call to a > terminal interface that is being accessed by another thread. This could > also allow remote attackers to cause a denial of service (panic) by > switching from console to PPP line discipline, then quickly sending data > that is received during the switch. (CAN-2004-0814) > > Stefan Esser discovered various flaws including buffer overflows in > the smbfs driver affecting kernels prior to 2.4.28. A local user may be > able to cause a denial of service (crash) or possibly gain privileges. > In order to exploit these flaws the user would require control of > a connected Samba server. (CAN-2004-0883, CAN-2004-0949) > > ISEC security research and Georgi Guninski independantly discovered a > flaw in the scm_send function in the auxiliary message layer. A local > user could create a carefully crafted auxiliary message which could > cause a denial of service (system hang). (CAN-2004-1016) > > Multiple overflows were discovered and corrected in the io_edgeport > driver. (CAN-2004-1017) > > The Direct Rendering Manager (DRM) driver does not properly check the > DMA lock, which could allow remote attackers or local users to cause a > denial of service (X Server crash) and possibly modify the video output. > (CAN-2004-1056) > > A missing serialization flaw in unix_dgram_recvmsg was discovered that > affects kernels prior to 2.4.28. A local user could potentially make > use of a race condition in order to gain privileges. (CAN-2004-1068) > > Paul Starzetz of iSEC discovered various flaws in the ELF binary loader > affecting kernels prior to 2.4.28. A local user could use these flaws to > gain read access to executable-only binaries or possibly gain > privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073, > CAN-2004-1074) > > ISEC security research discovered multiple vulnerabilities in the IGMP > functionality of the kernels. These flaws could allow a local user to > cause a denial of service (crash) or potentially gain privileges. Where > multicast applications are being used on a system, these flaws may also > allow remote users to cause a denial of service. (CAN-2004-1137) > > Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior > to 2.4.26. A local user could create a carefully crafted binary in such > a way that it would cause a denial of service (system crash). > (CAN-2004-1234) > > iSEC Security Research discovered a VMA handling flaw in the uselib(2) > system call of the Linux kernel. A local user could make use of this > flaw to gain elevated (root) privileges. (CAN-2004-1235) > > iSEC Security Research discovered a flaw in the page fault handler code > that could lead to local users gaining elevated (root) privileges on > multiprocessor machines. (CAN-2005-0001) > > All users are advised to upgrade their kernels to the packages > associated with their machine architectures and configurations as listed > in this erratum. > > --------------------------------------------------------------------- > Changelogs > > rh73: > * Wed Feb 02 2005 Martin Siegert > - replace patch for CAN-2004-0814 with patch extracted from the official > kernel patch-2.4.29 (including previously missing patch for proc_fs.h). > > * Sun Jan 16 2005 Simon Weller > - Back ported CAN-2005-0001 expand_stack patch based on Dave Botsch's patch > - void changes to int in CAN-2004-1245 patch set_brk function - thanks > to Martin Siegert > > * Fri Jan 07 2005 Simon Weller > - back ported 2.4.29 sys_uselib-race-CAN-2004-1235 patch > > * Mon Jan 03 2005 Martin Siegert > - replace patch for CAN-2004-0814 with slightly modified version of the > gentoo-sources-2.4.20-CAN-2004-0814 patch. > (http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/) > - include drm_lock patch (CAN-2004-1056); modified version of > patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138534 > - include elf-loader-setuid patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-1070,CAN-2004-1071,CAN-2004-1072, and CAN-2004-1073) > modified to apply after patch 11032 > - include smbfs-overflows.patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-0883 and CAN-2004-0949) > - include aout-leak patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-1074) > - include linux-2.4.20-nfsd-signed and linux-2.4.20-nfsd-xdr-write-wrap > patches from kernel-source-2.4.20.SuSE-127 > - include cmsg-signedness patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-1016) > - include dgram_recvmsg patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-1068) > - include linux-2.4.20-ip-options-leak.patch from > kernel-source-2.4.20.SuSE-127 > - include binfmt_elf patch from > http://linux.bkbits.net:8080/linux-2.4/gnupatch at 4076466d_SqUm4azg4_v3FIG2-X6XQ > (CAN-2004-1234) > - include linux-2.4.21-CAN-2004-1017-io_edgeport.patch from the > linux-2.4.21-usb-update.patch from RedHat's kernel-2.4.21-27.0.1.EL > (CAN-2004-1017) > > * Sat Oct 23 2004 Martin Siegert > - include tty-ldisc patch from Jason Baron, CAN-2004-0814 > (http://www.ussg.iu.edu/hypermail/linux/kernel/0409.3/0201.html, > http://www.securityfocus.com/archive/1/379005). > > rh9: > * Wed Feb 02 2005 Martin Siegert > - replace patch for CAN-2004-0814 with patch extracted from the official > kernel patch-2.4.29 (including previously missing patch for proc_fs.h). > > * Sun Jan 16 2005 Simon Weller > - Back ported CAN-2005-0001 expand_stack patch based on Dave Botsch's patch > - void changes to int in CAN-2004-1245 patch set_brk function - thanks > to Martin Siegert > > * Fri Jan 07 2005 Simon Weller > - back ported 2.4.29 sys_uselib-race-CAN-2004-1235 patch > > * Mon Jan 03 2005 Martin Siegert > - replace patch for CAN-2004-0814 with slightly modified version of the > gentoo-sources-2.4.20-CAN-2004-0814 patch. > (http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/) > - include drm_lock patch (CAN-2004-1056); modified version of > patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138534 > - include elf-loader-setuid patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-1070,CAN-2004-1071,CAN-2004-1072, and CAN-2004-1073) > modified to apply after patch 11032 > - include smbfs-overflows.patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-0883 and CAN-2004-0949) > - include aout-leak patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-1074) > - include linux-2.4.20-nfsd-signed and linux-2.4.20-nfsd-xdr-write-wrap > patches from kernel-source-2.4.20.SuSE-127 > - include cmsg-signedness patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-1016) > - include dgram_recvmsg patch from kernel-source-2.4.20.SuSE-127 > (CAN-2004-1068) > - include linux-2.4.20-ip-options-leak.patch from > kernel-source-2.4.20.SuSE-127 > - include binfmt_elf patch from > http://linux.bkbits.net:8080/linux-2.4/gnupatch at 4076466d_SqUm4azg4_v3FIG2-X6XQ > (CAN-2004-1234) > - include linux-2.4.21-CAN-2004-1017-io_edgeport.patch from the > linux-2.4.21-usb-update.patch from RedHat's kernel-2.4.21-27.0.1.EL > (CAN-2004-1017) > > * Sat Oct 23 2004 Martin Siegert > - include tty-ldisc patch from Jason Baron, CAN-2004-0814 > (http://www.ussg.iu.edu/hypermail/linux/kernel/0409.3/0201.html, > http://www.securityfocus.com/archive/1/379005). > > fc1: > * Fri Jan 14 2005 Rob Myers > 2.4.22-1.2199.4.legacy.nptl > - patch for expand_stack SMP race CAN-2005-0001 > - patch for RLIMIT_MEMLOCK bypass NO-CAN-ASSIGNED > - patch for random poolsize sysctl handler integer overflow NO-CAN-ASSIGNED > - patch for moxa serial driver bss overflow NO-CAN-ASSIGNED > - patch for xfs misc fixes - NO-CAN-ASSIGNED > - patch for rose_rt_ioctl - lack of bounds checking NO-CAN-ASSIGNED > - patch for sdla_xfer - lack of bounds checking NO-CAN-ASSIGNED > - patch for coda - add bounds checking for tainted scalars NO-CAN-ASSIGNED > > * Fri Jan 07 2005 Rob Myers > 2.4.22-1.2199.3.legacy.nptl > - add patches for CAN-2004-1235 CAN-2004-1017 > - add patch for ip options leak > > * Fri Jan 07 2005 Rob Myers > 2.4.22-1.2199.2.legacy.nptl > - clean up spec, rebuild > > * Thu Jan 06 2005 Rob Myers > 2.4.22-1.2199.1.legacy.nptl > - patch CAN-2004-0685 CAN-2004-0814 CAN-2004-0883 CAN-2004-0949 > CAN-2004-1016 CAN-2004-1056 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 > CAN-2004-1072 CAN-2004-1073 CAN-2004-1074 CAN-2004-1137 CAN-2004-1234 > > --------------------------------------------------------------------- > This update can be downloaded from: > http://download.fedoralegacy.org/ > (sha1sums) > > rh7.3: > 7900b4d4608f6f23f1b19f8545a67bd733493c65 > redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.athlon.rpm > dad7ced597c96a258e11d0de8437356ac82e40f3 > redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i386.rpm > caea6cb5c96897341c71e023e71d90b1b01bdde9 > redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i586.rpm > ffe552201b6bfdc5359596ae901bc249a365cec6 > redhat/7.3/updates-testing/i386/kernel-2.4.20-42.7.legacy.i686.rpm > 4be06cfe9783c4d045fbfff4774e50f308fa6934 > redhat/7.3/updates-testing/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm > 7d4b1b49e292ade40eb1f14e89338ae8df014981 > redhat/7.3/updates-testing/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm > 6a17058770d6e6c2b8706232d1ceb60866b36ab0 > redhat/7.3/updates-testing/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm > b8e1b78b834e48ec35906b3924eb2bd12a33e4d6 > redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm > 55e2477c5ddd3934c2bfbc770ff0df7cce44a6a0 > redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm > c923851d4e460a672891db11bbc98089189a5a93 > redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm > dfcf9626635256e898e9696b7c8e58d826069be4 > redhat/7.3/updates-testing/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm > f4620b08ec8e2ae3973d5b3e555893ab3a7ce340 > redhat/7.3/updates-testing/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm > > rh9: > 2d6d73763d1d7631b61c40b8093757466dd24cd7 > redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.athlon.rpm > 7b1f8f93eb586ae3fbe834670801d45b999700c2 > redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i386.rpm > 8d472f8c69a624b310758472c7f387c258f73c02 > redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i586.rpm > 618c079b5c9336a0bf0c4e7342616c001eea5f15 > redhat/9/updates-testing/i386/kernel-2.4.20-42.9.legacy.i686.rpm > dcc66fd50b44cdb55c543d2d0496de595e627d7a > redhat/9/updates-testing/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm > d092d4efcc10b605fdf9724c5bd65560811063c4 > redhat/9/updates-testing/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm > d99388a8d0f9b0b7e19aa61d25399dc4e5489427 > redhat/9/updates-testing/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm > ccfaec93e1a5145ec9d91f0d3e7eeab19a3a81a4 > redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm > 75e49f1b57037546407f3631a3c5f75fb2d671ee > redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm > c7b63e8f26ccb8a237a5918d50e04b112e13f700 > redhat/9/updates-testing/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm > f1e82fb01bcf318ee1e6d48ac3119ee8caa6be11 > redhat/9/updates-testing/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm > d11209f3d111ed3e633662c5f651772f11282f8e > redhat/9/updates-testing/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm > > fc1: > 91df569f7f98a976f2686628c9a45160c8f730c6 > fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm > 1ef2868a7a990521a080925ca81981cafa676258 > fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm > 5b093d72e5f7398f3b829c6ce557eb9817042732 > fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm > b66170a9431426138e454ddec7f3b98ec45a10fb > fedora/1/updates-testing/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm > 4c5895f14271a8b5bc6e5489c053fba1f96e71f8 > fedora/1/updates-testing/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm > a358e368bea67f2cbbf32a6a1c9242e1cd7dffeb > fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm > c16b6217ac2ade811576e303a7eb1ddc0214d692 > fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm > d307317b04336c289cddde005e11c30b188119cb > fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm > 3b0301c812ad4379c6eb7bbd7970ab4f9602b37c > fedora/1/updates-testing/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm > d14e7971299e22a38cdeee145028d797ea477a1c > fedora/1/updates-testing/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm > > --------------------------------------------------------------------- > > Please test and comment in bugzilla. > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list From skvidal at phy.duke.edu Mon Feb 21 16:00:19 2005 From: skvidal at phy.duke.edu (seth vidal) Date: Mon, 21 Feb 2005 11:00:19 -0500 Subject: Fedora Legacy Test Update Notification: kernel In-Reply-To: <1109001509.25019.1.camel@blue> References: <421952AD.4020202@videotron.ca> <1109001509.25019.1.camel@blue> Message-ID: <1109001619.14039.13.camel@opus.phy.duke.edu> On Mon, 2005-02-21 at 10:58 -0500, Jim Popovitch wrote: > Yikes. What a mess. Any ideas on how to test this? Simply installing > and just putting it though normal paces seems short-sighted. > What's the mess? This is just like all of the kernel updates. You install them, they're available from your grub or lilo boot menu - you move along. If they don't work like you want them to - you reboot and use the older kernel(s). where's the problem? -sv From jimpop at yahoo.com Mon Feb 21 16:07:25 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Mon, 21 Feb 2005 11:07:25 -0500 Subject: Fedora Legacy Test Update Notification: kernel In-Reply-To: <1109001619.14039.13.camel@opus.phy.duke.edu> References: <421952AD.4020202@videotron.ca> <1109001509.25019.1.camel@blue> <1109001619.14039.13.camel@opus.phy.duke.edu> Message-ID: <1109002046.25019.11.camel@blue> On Mon, 2005-02-21 at 11:00 -0500, seth vidal wrote: > What's the mess? The sheer list of changes. > This is just like all of the kernel updates. You install > them, they're available from your grub or lilo boot menu - you > move along. slow down partner, you're out in left field. ;-) > > If they don't work like you want them to - you reboot and > use the older kernel(s). > > where's the problem? I want to *TEST* the fixes, not just see if the dang thing (re)boots. -Jim P. From mgerber at leitwerk.de Mon Feb 21 16:26:23 2005 From: mgerber at leitwerk.de (Mike Gerber) Date: Mon, 21 Feb 2005 17:26:23 +0100 Subject: Problems reading announcements In-Reply-To: References: <1108942490.3563.1.camel@localhost.localdomain> Message-ID: <20050221162622.GD1281@nin.lan.rwsr-xr-x.de> > i've never tried verifying the attached signatures, but that's because i > use pinepg, which (afaict) doesn't deal with detached sigs - only inlined > ones. if anyone can recommend a tool that allows pine to work with > detached signatures, i'd be happy to try it out. For the record: I'm having problems with mutt and the sigs, not much pai...pine here :) Anyone with mutt and GnuPG 1.4 there without any trouble with Marc's announcements? That would give me reason to look for problems here. Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dsccable at comcast.net Mon Feb 21 23:00:57 2005 From: dsccable at comcast.net (David Curry) Date: Mon, 21 Feb 2005 18:00:57 -0500 Subject: FC2 Support Message-ID: <421A6829.7020807@comcast.net> Greetings, all, from a new subscriber. My system operates on FC2 and I have no immediate plans to follow the FC progression to release 3 or 4. In preparation for transfer of FC2 to legacy status I subscribed to your mailing list this afternoon. A few days ago, I downloaded of the official release srpm isos and all update srpms on a mirror site in Virginia, thinking that I might build some cd isos containing a complete set of the final official fedora core 2 rpms. This would be a learning experience for me and essentially provide a set of reinstallation CDs for my system as it now stands. I'm sure some time would pass before the task is completed. The question arises, though, Is this something that Fedora Legacy Project does at the onset of picking up support for a FC release? From vasco.dionisio at oniduo.pt Tue Feb 22 01:20:48 2005 From: vasco.dionisio at oniduo.pt (=?iso-8859-1?Q?Vasco_Dion=EDsio?=) Date: Tue, 22 Feb 2005 01:20:48 -0000 Subject: Putting a ADSL modem to work Message-ID: Hello, In order to put my ADSL modem to work I need to know two things first: 1. Does Red Hat 7.3 supports pppoatm? 2. If so where can I get the following RPMs: kernel-source gcc gcc-c++ glibc-devel libglib1.2 libglib1.2-devel libgpm1 libgpm1-devel libgtk+1.2 libgtk+1.2-devel ppp ppp-pppoatm I already compiled the drivers but I when I try to execut pppd I always get an error message saying that pppoatm.so is missing. Thanks in advance Vasco From marcdeslauriers at videotron.ca Tue Feb 22 02:46:09 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 21 Feb 2005 21:46:09 -0500 Subject: Fedora Legacy Test Update Notification: php Message-ID: <421A9CF1.2000504@videotron.ca> The fc1 packages have been updated to correct a minor build error. --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2344 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2344 2005-02-21 --------------------------------------------------------------------- Name : php Versions : rh7.3: php-4.1.2-7.3.13.legacy Versions : rh9: php-4.2.2-17.9.legacy Versions : fc1: php-4.3.8-1.5.legacy Summary : The PHP HTML-embedded scripting language. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. An information disclosure bug was discovered in the parsing of "GPC" variables in PHP (query strings or cookies, and POST form data). If particular scripts used the values of the GPC variables, portions of the memory space of an httpd child process could be revealed to the client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0958 to this issue. A file access bug was discovered in the parsing of "multipart/form-data" forms, used by PHP scripts which allow file uploads. In particular configurations, some scripts could allow a malicious client to upload files to an arbitrary directory where the "apache" user has write access. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0959 to this issue. Flaws were found in shmop_write, pack, and unpack PHP functions. These functions are not normally passed user supplied data, so would require a malicious PHP script to be exploited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to this issue. Flaws including possible information disclosure, double free, and negative reference index array underflow were found in the deserialization code of PHP. PHP applications may use the unserialize function on untrusted user data, which could allow a remote attacker to gain access to memory or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to this issue. A flaw in the exif extension of PHP was found which lead to a stack overflow. An attacker could create a carefully crafted image file in such a way that if parsed by a PHP script using the exif extension it could cause a crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1065 to this issue. Users of PHP should upgrade to these updated packages, which contain fixes for these issues. --------------------------------------------------------------------- 7.3 changelog: * Mon Jan 31 2005 John Dalbec 4.1.2-7.3.13.legacy - Fix typo in OpenPKG backport patch (filename -> filenamebuf) - * Sun Jan 23 2005 Leonard den Ottolander 4.1.2-7.3.11.legacy - fix possible double-free in unserializer (CAN-2004-1019) - fix integer overflows in pack() (CAN-2004-1018, requires malicious script to exploit) - Remove redundant CAN-2004-1018 sections from OpenPKG backport patch * Wed Jan 05 2005 Pekka Savola 4.1.2-6.3.12.legacy - Use a more complete patch, some parts had been left off by accident. * Mon Jan 03 2005 Marc Deslauriers 4.1.2-7.3.11.legacy - Added OpenPKG patch backport for CAN-2004-1018, CAN-2004-1019, CAN-2004-1063, CAN-2004-1064 and CAN-2004-1065 9 changelog: * Wed Dec 22 2004 Pekka Savola 4.2.2-17.9.legacy - Replace the previous patches with a complete OpenPKG backport, fixing the issues (and more of them) more extensively. * Tue Dec 21 2004 Marc Deslauriers 4.2.2-17.8.legacy - Added security patches for CAN-2004-1019 and CAN-2004-1065 fc1 changelog: * Mon Feb 21 2005 Marc Deslauriers 4.3.8-1.5.legacy - Added missing gnupg BuildRequires * Fri Feb 11 2005 Marc Deslauriers 4.3.8-1.4.legacy - Added missing sendmail, w3c-libwww-devel and flex BuildRequires * Mon Jan 03 2005 Marc Deslauriers 4.3.8-1.3.legacy - Added patches for CAN-2004-0958 and CAN-2004-0959 * Tue Dec 21 2004 Marc Deslauriers 4.3.8-1.2.legacy - Added OpenPKG patch for CAN-2004-1018, CAN-2004-1019, CAN-2004-1063, CAN-2004-1064 and CAN-2004-1065 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 20ceb86ce6bfee68e7f6dc7e8512aa394a01a3ff redhat/7.3/updates-testing/i386/php-4.1.2-7.3.13.legacy.i386.rpm 5f4698e0e7f357b576b3be41c517ee6a271b67ef redhat/7.3/updates-testing/i386/php-devel-4.1.2-7.3.13.legacy.i386.rpm 3229575f1627cd90fd0e83ef1f59651734d7f896 redhat/7.3/updates-testing/i386/php-imap-4.1.2-7.3.13.legacy.i386.rpm 18a92f6fae26997069ce137ac5da2faa028e3d07 redhat/7.3/updates-testing/i386/php-ldap-4.1.2-7.3.13.legacy.i386.rpm e7df41696b4a65769e8ffc61c64fd993421ded1e redhat/7.3/updates-testing/i386/php-manual-4.1.2-7.3.13.legacy.i386.rpm 394af4b551dc12e330623f8ea7ae81c26f19d1d6 redhat/7.3/updates-testing/i386/php-mysql-4.1.2-7.3.13.legacy.i386.rpm f18d793145a92bddcc8a9ad12889634cab1dd1a7 redhat/7.3/updates-testing/i386/php-odbc-4.1.2-7.3.13.legacy.i386.rpm 65637930aae7002e74f173f137ad7ed5722cce71 redhat/7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.13.legacy.i386.rpm 503acf37e5d2afa3eef1d9c1f4b2241316a9a4b0 redhat/7.3/updates-testing/i386/php-snmp-4.1.2-7.3.13.legacy.i386.rpm cfe645d3341619ce5d8b64fe4d6041c7dd8f63dc redhat/7.3/updates-testing/SRPMS/php-4.1.2-7.3.13.legacy.src.rpm 2404b6151ce2d48fb52099670d05c23697fa1dc5 redhat/9/updates-testing/i386/php-4.2.2-17.9.legacy.i386.rpm 5ca9ec0eda28b7d40a6429ed67e70365fb718cef redhat/9/updates-testing/i386/php-devel-4.2.2-17.9.legacy.i386.rpm c3d8bde9bc7eaa15f48918c4806f6078d72f2340 redhat/9/updates-testing/i386/php-imap-4.2.2-17.9.legacy.i386.rpm 28ff3b0b003a939c4b2ff55e3eea913b353489d3 redhat/9/updates-testing/i386/php-ldap-4.2.2-17.9.legacy.i386.rpm 5b8a789a09ed58ab09622a326949b375de105e61 redhat/9/updates-testing/i386/php-manual-4.2.2-17.9.legacy.i386.rpm 53daa8f099545603c5fb1e99c16f26e579f9efcf redhat/9/updates-testing/i386/php-mysql-4.2.2-17.9.legacy.i386.rpm 00e9f225ad329b03f93eb53230987329dabce2ba redhat/9/updates-testing/i386/php-odbc-4.2.2-17.9.legacy.i386.rpm d98539ee8c8ec0c74300a2ebca09faece95e880f redhat/9/updates-testing/i386/php-pgsql-4.2.2-17.9.legacy.i386.rpm c1b98df3b0dae17b795790601e9f588a9ae40d87 redhat/9/updates-testing/i386/php-snmp-4.2.2-17.9.legacy.i386.rpm 1ef77dcc2fa8670f61ef5ae8b6cbafeed8c984ee redhat/9/updates-testing/SRPMS/php-4.2.2-17.9.legacy.src.rpm e1c57bcdc7c8a0cf03e89f000af2de79a2a8a81e fedora/1/updates-testing/i386/php-4.3.8-1.5.legacy.i386.rpm ffd1bca0b41332af2ec52a2fbe28ad5523be5448 fedora/1/updates-testing/i386/php-devel-4.3.8-1.5.legacy.i386.rpm 76e00c348e2deef63cab82003bb6b064cf3f9705 fedora/1/updates-testing/i386/php-domxml-4.3.8-1.5.legacy.i386.rpm df0c0f658f1731d2e85a31a25ba636fa9147f7f2 fedora/1/updates-testing/i386/php-imap-4.3.8-1.5.legacy.i386.rpm 623114bf1affe0682aa697f8cd33c7230a7607b7 fedora/1/updates-testing/i386/php-ldap-4.3.8-1.5.legacy.i386.rpm 72df50daea46fdff1593043676f545fc5b14f54a fedora/1/updates-testing/i386/php-mbstring-4.3.8-1.5.legacy.i386.rpm 04b9fc5e2befc670a616dcc1e4cfff82e6c73c6c fedora/1/updates-testing/i386/php-mysql-4.3.8-1.5.legacy.i386.rpm 7a482b4c17be30153bef4db9d99befb1ad3d0aad fedora/1/updates-testing/i386/php-odbc-4.3.8-1.5.legacy.i386.rpm 10030f472076659de79366aa47ab933a0ead4840 fedora/1/updates-testing/i386/php-pgsql-4.3.8-1.5.legacy.i386.rpm eaddbe27af726556955dfd32bc61bc5f32de796a fedora/1/updates-testing/i386/php-snmp-4.3.8-1.5.legacy.i386.rpm 1c8ba29f9774bc695d0726c44abc18804e9a98f5 fedora/1/updates-testing/i386/php-xmlrpc-4.3.8-1.5.legacy.i386.rpm 8f167102ce07bccdc969022835937d34c036d454 fedora/1/updates-testing/SRPMS/php-4.3.8-1.5.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Tue Feb 22 02:46:53 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 21 Feb 2005 21:46:53 -0500 Subject: Fedora Legacy Test Update Notification: mysql Message-ID: <421A9D1D.2050602@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2129 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2129 2005-02-21 --------------------------------------------------------------------- Name : mysql Versions : rh7.3: mysql-3.23.58-1.73.5.legacy Versions : rh9: mysql-3.23.58-1.90.5.legacy Versions : fc1: mysql-3.23.58-4.3.legacy Summary : The MySQL server and related files. Description : MySQL is a true multi-user, multi-threaded SQL database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs and libraries. This package contains the MySQL server and some accompanying files and directories. --------------------------------------------------------------------- Update Information: Updated mysql packages that fix various security issues are now available. MySQL is a multi-user, multi-threaded SQL database server. This update fixes a number of potential security problems associated with careless handling of temporary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0381, CAN-2004-0388, CAN-2004-0457, and CAN-2005-0004 to these issues. Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT rights of the old table instead of the new one. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0835 to this issue. Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function. In order to exploit this issue an attacker would need to force the use of a malicious DNS server (CAN-2004-0836). Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION could cause the server to crash or stall (CAN-2004-0837). Sergei Golubchik discovered that if a user is granted privileges to a database with a name containing an underscore ("_"), the user also gains the ability to grant privileges to other databases with similar names (CAN-2004-0957). All users of mysql should upgrade to these updated packages, which resolve these issues. --------------------------------------------------------------------- Changelogs rh73: * Sun Feb 20 2005 Marc Deslauriers 3.23.58-1.73.5.legacy - Added time and libtermcap-devel BuildRequires * Fri Feb 11 2005 Marc Deslauriers 3.23.58-1.73.4.legacy - Added better security patch for CAN-2004-0457 - Added security patch for CAN-2005-0004 * Wed Oct 13 2004 Marc Deslauriers 3.23.58-1.73.3.legacy - Added security patch for CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 and privilege escalation issue on GRANT ALL ON `Foo\_Bar` (no CVE yet) * Fri Sep 10 2004 Marc Deslauriers 3.23.58-1.73.2.legacy - Added mysqlhotcopy patch to fix CAN-2004-0457 * Tue Jul 06 2004 Marc Deslauriers 3.23.58-1.73.1.legacy - Added symlink patch to fix CAN-2004-0381 and CAN-2004-0388 rh9: * Sun Feb 20 2005 Marc Deslauriers 3.23.58-1.90.5.legacy - Added time and libtermcap-devel BuildRequires * Fri Feb 11 2005 Marc Deslauriers 3.23.58-1.90.4.legacy - Added better security patch for CAN-2004-0457 - Added security patch for CAN-2005-0004 * Wed Oct 13 2004 Marc Deslauriers 3.23.58-1.90.3.legacy - Added security patch for CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 and privilege escalation issue on GRANT ALL ON `Foo\_Bar` (no CVE yet) * Fri Sep 10 2004 Marc Deslauriers 3.23.58-1.90.2.legacy - Added mysqlhotcopy patch to fix CAN-2004-0457 * Tue Jul 06 2004 Marc Deslauriers 3.23.58-1.90.1.legacy - Added symlink patch to fix CAN-2004-0381 and CAN-2004-0388 fc1: * Sun Feb 20 2005 Marc Deslauriers 3.23.58-4.3.legacy - Added time and libtermcap-devel BuildRequires * Fri Feb 11 2005 Marc Deslauriers 3.23.58-4.2.legacy - Added better security patch for CAN-2004-0457 - Added security patch for CAN-2005-0004 * Wed Oct 13 2004 Marc Deslauriers 3.23.58-4.1.legacy - Added security patch for CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 and privilege escalation issue on GRANT ALL ON `Foo\_Bar` (no CVE yet) - Added hotcopy patch to fix CAN-2004-0457 - Added symlink patch to fix CAN-2004-0381 and CAN-2004-0388 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 04ef0f04b389f7f9fc5bb46f35f81e8503a463ba redhat/7.3/updates-testing/i386/mysql-3.23.58-1.73.5.legacy.i386.rpm 879f133178898835609ec305988b473e7221f825 redhat/7.3/updates-testing/i386/mysql-devel-3.23.58-1.73.5.legacy.i386.rpm 9258ee1dd63f878c376a4e8a4f28e6dc8be11600 redhat/7.3/updates-testing/i386/mysql-server-3.23.58-1.73.5.legacy.i386.rpm f8dfbc8e8992bb56c1f8ba9f6917ab0fb11d0e80 redhat/7.3/updates-testing/SRPMS/mysql-3.23.58-1.73.5.legacy.src.rpm rh9: 246af76de738268375fee9c066efdabdc5a01f73 redhat/9/updates-testing/i386/mysql-3.23.58-1.90.5.legacy.i386.rpm 22b584c92e81cd29086fa2335910ba5b67d22711 redhat/9/updates-testing/i386/mysql-devel-3.23.58-1.90.5.legacy.i386.rpm 4fe21cae92371b5a3ed79858ec5432807bf2cee4 redhat/9/updates-testing/i386/mysql-server-3.23.58-1.90.5.legacy.i386.rpm 106480fe6f5d56513a4fd77592d5a8e88a9c4825 redhat/9/updates-testing/SRPMS/mysql-3.23.58-1.90.5.legacy.src.rpm fc1: 509f1caeef89bb626334be27e13c4269cc00ca75 fedora/1/updates-testing/i386/mysql-3.23.58-4.3.legacy.i386.rpm 7e0bf52038d1ccb3e56f8f2e48f32846e9cb52ec fedora/1/updates-testing/i386/mysql-bench-3.23.58-4.3.legacy.i386.rpm 08c25d36193f30dceb4d3f81fbdd69f713fd94b7 fedora/1/updates-testing/i386/mysql-devel-3.23.58-4.3.legacy.i386.rpm 8fa58175f2d1baf7d45e8c19939928d3faa113ba fedora/1/updates-testing/i386/mysql-server-3.23.58-4.3.legacy.i386.rpm 291ec6bb776126c3726dc7dfc067afad520300af fedora/1/updates-testing/SRPMS/mysql-3.23.58-4.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From pekkas at netcore.fi Tue Feb 22 10:10:50 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Tue, 22 Feb 2005 12:10:50 +0200 (EET) Subject: FC1 updates waiting for VERIFY Message-ID: Hi, Based on http://www-astro.physics.ox.ac.uk/~dom/legacy/issues.txt, there seem to be a largish number of packages which need a final VERIFY, for _FC1_ in particular. Could folks running FC1 give these a try? Verifying is pretty straightforward -- basically just installing the package and checking that it seems to work OK. See more under 'Publish criteria for updates (VERIFY)' at: http://www.fedoralegacy.org/wiki/index.php/QaTesting -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From guallar at easternrad.com Tue Feb 22 13:43:31 2005 From: guallar at easternrad.com (Josep L. Guallar-Esteve) Date: Tue, 22 Feb 2005 08:43:31 -0500 Subject: FC2 Support In-Reply-To: <421A6829.7020807@comcast.net> References: <421A6829.7020807@comcast.net> Message-ID: <200502220843.36504.guallar@easternrad.com> On Monday 21 February 2005 18:00, David Curry wrote: > A few days ago, I downloaded of the official release srpm isos and all > update srpms on a mirror site in Virginia, thinking that I might build > some cd isos containing a complete set of the final official fedora core > 2 rpms. This would be a learning experience for me and essentially > provide a set of reinstallation CDs for my system as it now stands. I'm > sure some time would pass before the task is completed. > The question arises, though, Is this something that Fedora Legacy > Project does at the onset of picking up support for a FC release? I've never heard of it. I know that CERN (?) used to build ISOs for Red Hat 7.3 plus the updates du jour, calling the result "Red Hat Linux 7.3.4" and things like that. But, aside from them, I've never heard of such a thing. Regards, Josep -- Josep L. Guallar-Esteve Eastern Radiologists, Inc. Systems and PACS Administration http://www.easternrad.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From dsccable at comcast.net Tue Feb 22 17:53:39 2005 From: dsccable at comcast.net (David Curry) Date: Tue, 22 Feb 2005 12:53:39 -0500 Subject: FC2 Support In-Reply-To: <200502220843.36504.guallar@easternrad.com> References: <421A6829.7020807@comcast.net> <200502220843.36504.guallar@easternrad.com> Message-ID: <421B71A3.4070304@comcast.net> Josep L. Guallar-Esteve wrote: >On Monday 21 February 2005 18:00, David Curry wrote: > > > >>A few days ago, I downloaded of the official release srpm isos and all >>update srpms on a mirror site in Virginia, thinking that I might build >>some cd isos containing a complete set of the final official fedora core >>2 rpms. This would be a learning experience for me and essentially >>provide a set of reinstallation CDs for my system as it now stands. I'm >>sure some time would pass before the task is completed. >> >> > > > >>The question arises, though, Is this something that Fedora Legacy >>Project does at the onset of picking up support for a FC release? >> >> > >I've never heard of it. I know that CERN (?) used to build ISOs for Red Hat >7.3 plus the updates du jour, calling the result "Red Hat Linux 7.3.4" and >things like that. > >But, aside from them, I've never heard of such a thing. > > >Regards, >Josep > > > > Thanks, Josep. From pekkas at netcore.fi Tue Feb 22 18:04:51 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Tue, 22 Feb 2005 20:04:51 +0200 (EET) Subject: FC2 Support In-Reply-To: <200502220843.36504.guallar@easternrad.com> References: <421A6829.7020807@comcast.net> <200502220843.36504.guallar@easternrad.com> Message-ID: On Tue, 22 Feb 2005, Josep L. Guallar-Esteve wrote: > On Monday 21 February 2005 18:00, David Curry wrote: >> A few days ago, I downloaded of the official release srpm isos and all >> update srpms on a mirror site in Virginia, thinking that I might build >> some cd isos containing a complete set of the final official fedora core >> 2 rpms. This would be a learning experience for me and essentially >> provide a set of reinstallation CDs for my system as it now stands. I'm >> sure some time would pass before the task is completed. > >> The question arises, though, Is this something that Fedora Legacy >> Project does at the onset of picking up support for a FC release? > > I've never heard of it. I know that CERN (?) used to build ISOs for Red Hat > 7.3 plus the updates du jour, calling the result "Red Hat Linux 7.3.4" and > things like that. > > But, aside from them, I've never heard of such a thing. Well, we have also done something like this -- it's actually quite trivial after you get to learn how the ISOs are built. But because the updates are constantly appearing, we just install the system using FTP from the tree which has been modified to include all the latest RPMs. Much easier than constantly creating and updating ISOs. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From guallar at easternrad.com Tue Feb 22 18:19:21 2005 From: guallar at easternrad.com (Josep L. Guallar-Esteve) Date: Tue, 22 Feb 2005 13:19:21 -0500 Subject: FC2 Support In-Reply-To: References: <421A6829.7020807@comcast.net> <200502220843.36504.guallar@easternrad.com> Message-ID: <200502221319.24454.guallar@easternrad.com> On Tuesday 22 February 2005 13:04, Pekka Savola wrote: > > I've never heard of it. I know that CERN (?) used to build ISOs for Red > > Hat 7.3 plus the updates du jour, calling the result "Red Hat Linux > > 7.3.4" and things like that. > > But, aside from them, I've never heard of such a thing. > Well, we have also done something like this -- it's actually quite > trivial after you get to learn how the ISOs are built. ?But because > the updates are constantly appearing, we just install the system using > FTP from the tree which has been modified to include all the latest > RPMs. ?Much easier than constantly creating and updating ISOs. If you want to create your own Red Hat Linux ISOs, you might want to review this interesting article: "Linux: Updating and Rebuilding Fedora Core 2 Installation CDs" http://www.techonthenet.com/linux/fc2_update.htm Regards, Josep -- Josep L. Guallar-Esteve Eastern Radiologists, Inc. Systems and PACS Administration http://www.easternrad.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From ad+lists at uni-x.org Tue Feb 22 19:05:17 2005 From: ad+lists at uni-x.org (Alexander Dalloz) Date: Tue, 22 Feb 2005 20:05:17 +0100 Subject: Putting a ADSL modem to work In-Reply-To: References: Message-ID: <1109099117.7775.71.camel@serendipity.dogma.lan> Am Di, den 22.02.2005 schrieb Vasco Dion?sio um 2:20:+ > In order to put my ADSL modem to work I need to know two things first: > > 1. Does Red Hat 7.3 supports pppoatm? No. You will have to patch the ppp RPM for example. > 2. If so where can I get the following RPMs: > > kernel-source > gcc > gcc-c++ > glibc-devel > libglib1.2 > libglib1.2-devel > libgpm1 > libgpm1-devel > libgtk+1.2 > libgtk+1.2-devel > ppp > ppp-pppoatm http://tux.cprm.net/pub/ftp.redhat.com/fedoralegacy/redhat/7.3 Didn't have a look at the download server with the release packages? But you will not find any "ppp-pppoatm" for RH7.3. > I already compiled the drivers but I when I try to execut pppd I always get > an error message saying that pppoatm.so is missing. Because the ppp lacks PPPoATM support. > Vasco Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.10-1.14_FC2smp Serendipity 20:02:33 up 1 day, 7:11, load average: 0.90, 0.72, 0.64 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil URL: From dsccable at comcast.net Tue Feb 22 20:13:08 2005 From: dsccable at comcast.net (David Curry) Date: Tue, 22 Feb 2005 15:13:08 -0500 Subject: FC2 Support In-Reply-To: <200502221319.24454.guallar@easternrad.com> References: <421A6829.7020807@comcast.net> <200502220843.36504.guallar@easternrad.com> <200502221319.24454.guallar@easternrad.com> Message-ID: <421B9254.8080708@comcast.net> Josep L. Guallar-Esteve wrote: >On Tuesday 22 February 2005 13:04, Pekka Savola wrote: > > >>>I've never heard of it. I know that CERN (?) used to build ISOs for Red >>>Hat 7.3 plus the updates du jour, calling the result "Red Hat Linux >>>7.3.4" and things like that. >>> >>> > > > >>>But, aside from them, I've never heard of such a thing. >>> >>> > > > >>Well, we have also done something like this -- it's actually quite >>trivial after you get to learn how the ISOs are built. But because >>the updates are constantly appearing, we just install the system using >>FTP from the tree which has been modified to include all the latest >>RPMs. Much easier than constantly creating and updating ISOs. >> >> > >If you want to create your own Red Hat Linux ISOs, you might want to review >this interesting article: > >"Linux: Updating and Rebuilding Fedora Core 2 Installation CDs" > >http://www.techonthenet.com/linux/fc2_update.htm > > > >Regards, >Josep > > >------------------------------------------------------------------------ > >-- >fedora-legacy-list mailing list >fedora-legacy-list at redhat.com >http://www.redhat.com/mailman/listinfo/fedora-legacy-list > Thanks for the alternative approach, Pekka. And again, Josep for the feedback. The fc2_update howto website will be put to use in my learning process before turning to Pekka's suggested alternative. From dom at earth.li Wed Feb 23 01:23:52 2005 From: dom at earth.li (Dominic Hargreaves) Date: Wed, 23 Feb 2005 01:23:52 +0000 Subject: Round-up, 2005-02-23 Message-ID: <20050223012352.GA28121@home.thedom.org> $Id: issues.txt,v 1.187 2005/02/23 01:20:50 dom Exp $ See bottom for changes This list is also available at http://www-astro.physics.ox.ac.uk/~dom/legacy/issues.txt Packages that have been verified and should be fully released ------------------------------------------------------------- mc - https://bugzilla.fedora.us/show_bug.cgi?id=2405 gdk-pixbuf - https://bugzilla.fedora.us/show_bug.cgi?id=2005 zlib - https://bugzilla.fedora.us/show_bug.cgi?id=2043 Packages waiting to be built for updates-testing ------------------------------------------------ yum - https://bugzilla.fedora.us/show_bug.cgi?id=1604 gtk2 - https://bugzilla.fedora.us/show_bug.cgi?id=2073 openoffice - https://bugzilla.fedora.us/show_bug.cgi?id=2074 ImageMagick - https://bugzilla.fedora.us/show_bug.cgi?id=2052 (but more?) ethereal - https://bugzilla.fedora.us/show_bug.cgi?id=2407 kdelibs - https://bugzilla.fedora.us/show_bug.cgi?id=2008 kdefax - https://bugzilla.fedora.us/show_bug.cgi?id=2164 Packages in state RESOLVED (ie exist in updates-testing) that need active work. ------------------------------------------------------------------ redhat-config-nfs - https://bugzilla.fedora.us/show_bug.cgi?id=2086 Needs VERIFY [rh9,fc1] rp-pppoe - https://bugzilla.fedora.us/show_bug.cgi?id=2116 Needs VERIFY [rh73,rh9,fc1] lesstiff - https://bugzilla.fedora.us/show_bug.cgi?id=2142 Needs VERIFY [rh73,rh9,fc1] openmotif - https://bugzilla.fedora.us/show_bug.cgi?id=2143 Needs VERIFY [fc1] sharutils - https://bugzilla.fedora.us/show_bug.cgi?id=2155 Needs VERIFY [fc1] XFree86 - https://bugzilla.fedora.us/show_bug.cgi?id=2314 Needs VERIFY [fc1] cups - https://bugzilla.fedora.us/show_bug.cgi?id=2127 Needs VERIFY [rh73] nfs-utils - https://bugzilla.fedora.us/show_bug.cgi?id=2339 Needs VERIFY [rh73,rh9,fc1] squirrelmail - http://bugzilla.fedora.us/show_bug.cgi?id=2290 Needs VERIFY [rh9,fc1] (superceded by 2424) mailman - https://bugzilla.fedora.us/show_bug.cgi?id=2419 Needs VERIFY [rh73,fc1] samba - https://bugzilla.fedora.us/show_bug.cgi?id=2349 Needs VERIFY [rh73,rh9,fc1] ruby - https://bugzilla.fedora.us/show_bug.cgi?id=2007 Needs VERIFY [fc1] vim - https://bugzilla.fedora.us/show_bug.cgi?id=2343 Needs VERIFY [fc1] qt - https://bugzilla.fedora.us/show_bug.cgi?id=2002 Needs VERIFY [rh73] php - https://bugzilla.fedora.us/show_bug.cgi?id=2344 Needs VERIFY [fc1] kernel - https://bugzilla.fedora.us/show_bug.cgi?id=2336 Needs VERIFY [rh9,fc1] squid - https://bugzilla.fedora.us/show_bug.cgi?id=2150 Needs VERIFY [rh73,rh9,fc1] mysql - https://bugzilla.fedora.us/show_bug.cgi?id=2129 Needs VERIFY [rh9,fc1] Packages in state UNCONFIRMED, NEW, ASSIGNED or REOPENED: -------------------------------------------------------- libpng - https://bugzilla.fedora.us/show_bug.cgi?id=1943 Needs QA readline - https://bugzilla.fedora.us/show_bug.cgi?id=2017 decision on whether to release [rh9] pam_wheel - https://bugzilla.fedora.us/show_bug.cgi?id=2010 Needs PUBLISH and full auditing and packages for rh9 krb5 - https://bugzilla.fedora.us/show_bug.cgi?id=2040 Needs 1 PUBLISH for rh9 / investigate possible bug introduced / more work imlib - https://bugzilla.fedora.us/show_bug.cgi?id=2051 Needs PUBLISH [rh9] and package for fc1 kernel - https://bugzilla.fedora.us/show_bug.cgi?id=2128 Needs investigation/packages security.conf - https://bugzilla.fedora.us/show_bug.cgi?id=2146 Needs QA [fc1,rh9], packages [rh9], discussion of updated extras gettext - https://bugzilla.fedora.us/show_bug.cgi?id=2151 Needs investigation/packages libtiff - https://bugzilla.fedora.us/show_bug.cgi?id=2163 Needs PUBLISH [rh73,rh9,fc1] libxml2 - https://bugzilla.fedora.us/show_bug.cgi?id=2207 Needs PUBLISH [rh73,rh9,fc1], more work? links - https://bugzilla.fedora.us/show_bug.cgi?id=2213 Needs packages/investigation mozilla - https://bugzilla.fedora.us/show_bug.cgi?id=2214 Needs investigation/packages lynx - https://bugzilla.fedora.us/show_bug.cgi?id=2215 Needs investigation/packages w3m - https://bugzilla.fedora.us/show_bug.cgi?id=2216 Needs investigation/packages dhcp - https://bugzilla.fedora.us/show_bug.cgi?id=2251 Needs PUBLISH [rh73] shadow - https://bugzilla.fedora.us/show_bug.cgi?id=2253 Needs perhaps a couple of PUBLISH for [rh73,rh9,fc1] libgd - https://bugzilla.fedora.us/show_bug.cgi?id=2254 Needs PUBLISH [rh73,rh9,fc1] groff - https://bugzilla.fedora.us/show_bug.cgi?id=2256 Needs investigation/packages openssl - https://bugzilla.fedora.us/show_bug.cgi?id=2257 Needs investigation/packages lvm - https://bugzilla.fedora.us/show_bug.cgi?id=2258 Needs investigation/packages netatalk - https://bugzilla.fedora.us/show_bug.cgi?id=2259 Needs investigation/packages postgresql - https://bugzilla.fedora.us/show_bug.cgi?id=2260 Needs investigation/packages perl - https://bugzilla.fedora.us/show_bug.cgi?id=2261 Needs investigation/packages glibc - https://bugzilla.fedora.us/show_bug.cgi?id=2265 Needs investigation/packages ghostscript - https://bugzilla.fedora.us/show_bug.cgi?id=2266 Needs investigation/packages krb5 - https://bugzilla.fedora.us/show_bug.cgi?id=2267 Needs investigation/packages spamassassin - https://bugzilla.fedora.us/show_bug.cgi?id=2268 Needs PUBLISH [fc1] sudo - http://bugzilla.fedora.us/show_bug.cgi?id=2291 Needs PUBLISH [rh73,rh9,fc1] gzip - http://bugzilla.fedora.us/show_bug.cgi?id=2292 Needs investigation/packages file - https://bugzilla.fedora.us/show_bug.cgi?id=2331 Needs investigation/packages rpm - https://bugzilla.fedora.us/show_bug.cgi?id=2333 Haven't we seen this in some other bug? pdflatex - https://bugzilla.fedora.us/show_bug.cgi?id=2334 Needs PUBLISH [rh9], packages [rh73,fc1] a2ps - https://bugzilla.fedora.us/show_bug.cgi?id=2338 Needs PUBLISH [rh73,rh9,fc1] wget - https://bugzilla.fedora.us/show_bug.cgi?id=2340 Needs investigation/packages namazu - https://bugzilla.fedora.us/show_bug.cgi?id=2342 Needs investigation/packages xine - https://bugzilla.fedora.us/show_bug.cgi?id=2348 Needs PUBLISH [rh73] glibc - https://bugzilla.fedora.us/show_bug.cgi?id=2354 Minor but could be included if another glibc is needed mozilla - https://bugzilla.fedora.us/show_bug.cgi?id=2380 Needs work less - https://bugzilla.fedora.us/show_bug.cgi?id=2404 Needs PUBLISH [rh9,fc1] (more work) cpio - https://bugzilla.fedora.us/show_bug.cgi?id=2408 Needs PUBLISH [rh9,fc1] enscript - https://bugzilla.fedora.us/show_bug.cgi?id=2409 PUBLISH [rh73,rh9,fc1] https://bugzilla.fedora.us/show_bug.cgi?id=2252 Needs work General (non-package bugs) -------------------------- sample yum.conf - https://bugzilla.fedora.us/show_bug.cgi?id=2140 up2date - https://bugzilla.fedora.us/show_bug.cgi?id=2193 up2date - https://bugzilla.fedora.us/show_bug.cgi?id=2194 updates - http://bugzilla.fedora.us/show_bug.cgi?id=2281 up2date - http://bugzilla.fedora.us/show_bug.cgi?id=2306 yum - https://bugzilla.fedora.us/show_bug.cgi?id=2330 Notes ----- Needs PUBLISH means that there are packages available for QA that need to be QAd at the source level. Needs VERIFY means that there are updates-testing packages that need testing. This is the easy bit, let's get this old ones out of the way ASAP. * means that there is a judgement call that can be made on the bug system immediately. Please follow up onlist with opinions. Changes ------- $Log: issues.txt,v $ Revision 1.187 2005/02/23 01:20:50 dom zip to update-waiting Revision 1.186 2005/02/23 01:19:08 dom updates Revision 1.185 2005/02/23 01:18:13 dom udpates Revision 1.184 2005/02/21 12:28:21 dom updates Revision 1.183 2005/02/19 13:42:05 dom update Revision 1.182 2005/02/19 13:41:11 dom update Revision 1.181 2005/02/19 11:24:00 dom updates Revision 1.180 2005/02/18 23:30:09 dom updates Revision 1.179 2005/02/17 23:59:54 dom update php. Revision 1.178 2005/02/17 23:01:40 dom updates Revision 1.177 2005/02/17 23:00:22 dom updates Revision 1.176 2005/02/17 22:59:21 dom updates Revision 1.175 2005/02/15 23:57:25 dom updates Revision 1.174 2005/02/13 18:10:21 dom update mysql Revision 1.173 2005/02/13 14:11:07 dom updates Revision 1.172 2005/02/13 14:07:15 dom updates Revision 1.171 2005/02/11 13:03:20 dom stuff Revision 1.170 2005/02/11 13:01:33 dom remove modutils Revision 1.169 2005/02/11 01:22:14 dom update mailman ,. Revision 1.168 2005/02/11 01:14:27 dom updates Revision 1.167 2005/02/10 19:01:55 dom update Revision 1.166 2005/02/10 02:22:47 dom marc's updates-testing Revision 1.165 2005/02/10 01:50:39 dom udpates Revision 1.164 2005/02/10 01:44:10 dom remove abiword Revision 1.163 2005/02/08 19:49:06 dom move updates-testing qa -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From dom at earth.li Wed Feb 23 02:52:03 2005 From: dom at earth.li (Dominic Hargreaves) Date: Wed, 23 Feb 2005 02:52:03 +0000 Subject: Wiki RSS feed problem Message-ID: <20050223025203.GE987@tirian.magd.ox.ac.uk> Hi, I've just tried to subscribe to with bloglines, my RSS aggregator, and found I wasn't able to ("No feeds were found. [...]"). Furthermore, http://feedvalidator.org/ returns: "Not a gzipped file (Server response declares Content-Encoding: gzip; misconfigured server?)" when trying to validate the feed. I can't see any evidence of the content being gzipped, so I don't know what to attribute the above error to, but regardless, is anyone else either able to use the above feed, or have any idea what's going wrong? Cheers, -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From vascodionisio at hotmail.com Wed Feb 23 12:32:21 2005 From: vascodionisio at hotmail.com (Vasco Dionísio) Date: Wed, 23 Feb 2005 12:32:21 +0000 Subject: DNS Error Message-ID: Hello, I installed a ADSL Modem that uses unicorn chipset (IceData500), compiled the drivers, and configured pppoe to connect to my ISP Provider. I am using Red Hat 7.3. Everything went fine and I am able to connect to my ISP (when I do a ifconfig I can see the connection and I am able to ping the DNS servers of the ISP). My problem is that if I do a ping with a name I get an error message saying "host unknow". For instance, if I do ping www.google.com I get the error message but if I do ping xxx.xxx.xxx.xxx for the DNS address of the ISP everything goes fine. Could anyone give some hints please. I am new to linux... Thanks in advance, Vasco Here's my /etc/ppp/options lock ipparam ppp0 noipdefault noauth defaultroute user "user at domain.ext" noaccomp noccp nobsdcomp nodeflate nopcomp novj lcp-echo-interval 20 lcp-echo-failure 3 maxfail 25 updetach usepeerdns holdoff 4 persist Here's how I connect #modprobe unicorn_usb_eth PROTOCOL=pppoe ActivationMode=1 VPI=0 VCI=35 ENCAPS=llc-encaps #ifconfig dsl0 up #pppd pty 'pppoe -I dsl0 -m 1452' _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From joseph at ndimedia.com Wed Feb 23 13:55:52 2005 From: joseph at ndimedia.com (S.Joseph) Date: Wed, 23 Feb 2005 08:55:52 -0500 Subject: DNS Error References: Message-ID: <000801c519af$63534560$ba02a8c0@l> verify your DNS setup . This isn't the right place for your question. ----- Original Message ----- From: "Vasco Dion?sio" To: Sent: Wednesday, February 23, 2005 7:32 AM Subject: DNS Error > Hello, > > I installed a ADSL Modem that uses unicorn chipset (IceData500), compiled > the drivers, and configured pppoe to connect to my ISP Provider. I am > using Red Hat 7.3. Everything went fine and I am able to connect to my ISP > (when I do a ifconfig I can see the connection and I am able to ping the > DNS servers of the ISP). My problem is that if I do a ping with a name I > get an error message saying "host unknow". For instance, if I do ping > www.google.com I get the error message but if I do ping xxx.xxx.xxx.xxx > for the DNS address of the ISP everything goes fine. Could anyone give > some hints please. I am new to linux... > > Thanks in advance, > Vasco > > Here's my /etc/ppp/options > > lock > ipparam ppp0 > noipdefault > noauth > defaultroute > user "user at domain.ext" > noaccomp > noccp > nobsdcomp > nodeflate > nopcomp > novj > lcp-echo-interval 20 > lcp-echo-failure 3 > maxfail 25 > updetach > usepeerdns > holdoff 4 > persist > > Here's how I connect > > #modprobe unicorn_usb_eth PROTOCOL=pppoe ActivationMode=1 VPI=0 VCI=35 > ENCAPS=llc-encaps > > > #ifconfig dsl0 up > #pppd pty 'pppoe -I dsl0 -m 1452' > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > From vascodionisio at hotmail.com Wed Feb 23 14:25:49 2005 From: vascodionisio at hotmail.com (Vasco Dionísio) Date: Wed, 23 Feb 2005 14:25:49 +0000 Subject: DNS Error In-Reply-To: <000801c519af$63534560$ba02a8c0@l> Message-ID: Sorry about that... I thougth this mailing list was good to anything that has to do with "old" red hat releases... is this not true? If not, do you know a mailing list I could use to red hat 7.3 discussions? By the way could you tell me where can I verify my DNS setup? Thanks in advance and sorry for putting the issue into a wrong mailing list... I wil unsubscribe now... Best regards Vasco From: "S.Joseph" Reply-To: Discussion of the Fedora Legacy Project To: "Discussion of the Fedora Legacy Project" Subject: Re: DNS Error Date: Wed, 23 Feb 2005 08:55:52 -0500 verify your DNS setup . This isn't the right place for your question. ----- Original Message ----- From: "Vasco Dion?sio" To: Sent: Wednesday, February 23, 2005 7:32 AM Subject: DNS Error >Hello, > >I installed a ADSL Modem that uses unicorn chipset (IceData500), compiled >the drivers, and configured pppoe to connect to my ISP Provider. I am using >Red Hat 7.3. Everything went fine and I am able to connect to my ISP (when >I do a ifconfig I can see the connection and I am able to ping the DNS >servers of the ISP). My problem is that if I do a ping with a name I get an >error message saying "host unknow". For instance, if I do ping >www.google.com I get the error message but if I do ping xxx.xxx.xxx.xxx for >the DNS address of the ISP everything goes fine. Could anyone give some >hints please. I am new to linux... > >Thanks in advance, >Vasco > >Here's my /etc/ppp/options > >lock >ipparam ppp0 >noipdefault >noauth >defaultroute >user "user at domain.ext" >noaccomp >noccp >nobsdcomp >nodeflate >nopcomp >novj >lcp-echo-interval 20 >lcp-echo-failure 3 >maxfail 25 >updetach >usepeerdns >holdoff 4 >persist > >Here's how I connect > >#modprobe unicorn_usb_eth PROTOCOL=pppoe ActivationMode=1 VPI=0 VCI=35 >ENCAPS=llc-encaps > > >#ifconfig dsl0 up >#pppd pty 'pppoe -I dsl0 -m 1452' > >_________________________________________________________________ >Express yourself instantly with MSN Messenger! Download today it's FREE! >http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > >-- >fedora-legacy-list mailing list >fedora-legacy-list at redhat.com >http://www.redhat.com/mailman/listinfo/fedora-legacy-list > -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From brian.t.brunner at gai-tronics.com Wed Feb 23 14:41:32 2005 From: brian.t.brunner at gai-tronics.com (Brian T. Brunner) Date: Wed, 23 Feb 2005 06:41:32 -0800 Subject: DNS Error Message-ID: There is a valhalla list (I'm on it) and it's virtually dead. A better (meaning more help available) would be the shrike list (RH9), Just don't mention being on 7.3 ;^) Brian Brunner brian.t.brunner at gai-tronics.com (610)796-5838 >>> vascodionisio at hotmail.com 02/23/05 09:25AM >>> Sorry about that... I thougth this mailing list was good to anything that has to do with "old" red hat releases... is this not true? If not, do you know a mailing list I could use to red hat 7.3 discussions? By the way could you tell me where can I verify my DNS setup? Thanks in advance and sorry for putting the issue into a wrong mailing list... I wil unsubscribe now... Best regards Vasco From: "S.Joseph" Reply-To: Discussion of the Fedora Legacy Project To: "Discussion of the Fedora Legacy Project" Subject: Re: DNS Error Date: Wed, 23 Feb 2005 08:55:52 -0500 verify your DNS setup . This isn't the right place for your question. ----- Original Message ----- From: "Vasco Dion?sio" To: Sent: Wednesday, February 23, 2005 7:32 AM Subject: DNS Error >Hello, > >I installed a ADSL Modem that uses unicorn chipset (IceData500), compiled >the drivers, and configured pppoe to connect to my ISP Provider. I am using >Red Hat 7.3. Everything went fine and I am able to connect to my ISP (when >I do a ifconfig I can see the connection and I am able to ping the DNS >servers of the ISP). My problem is that if I do a ping with a name I get an >error message saying "host unknow". For instance, if I do ping >www.google.com I get the error message but if I do ping xxx.xxx.xxx.xxx for >the DNS address of the ISP everything goes fine. Could anyone give some >hints please. I am new to linux... > >Thanks in advance, >Vasco ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated From dsccable at comcast.net Wed Feb 23 17:12:31 2005 From: dsccable at comcast.net (David Curry) Date: Wed, 23 Feb 2005 12:12:31 -0500 Subject: Wiki RSS feed problem In-Reply-To: <20050223025203.GE987@tirian.magd.ox.ac.uk> References: <20050223025203.GE987@tirian.magd.ox.ac.uk> Message-ID: <421CB97F.5020301@comcast.net> Dominic Hargreaves wrote: >Hi, > >I've just tried to subscribe to > >with bloglines, my RSS aggregator, and found I wasn't able to ("No feeds >were found. [...]"). > >Furthermore, http://feedvalidator.org/ returns: > >"Not a gzipped file (Server response declares Content-Encoding: gzip; >misconfigured server?)" > >when trying to validate the feed. > >I can't see any evidence of the content being gzipped, so I don't know >what to attribute the above error to, but regardless, is anyone else >either able to use the above feed, or have any idea what's going wrong? > >Cheers, > > > FWIW, I had no difficulty accessing http://feedvalidator.org/ a few minutes ago. OTOH, the first url in your message returned a blank screen. From dom at earth.li Wed Feb 23 17:22:02 2005 From: dom at earth.li (Dominic Hargreaves) Date: Wed, 23 Feb 2005 17:22:02 +0000 Subject: Wiki RSS feed problem In-Reply-To: <421CB97F.5020301@comcast.net> References: <20050223025203.GE987@tirian.magd.ox.ac.uk> <421CB97F.5020301@comcast.net> Message-ID: <20050223172202.GG987@tirian.magd.ox.ac.uk> On Wed, Feb 23, 2005 at 12:12:31PM -0500, David Curry wrote: > FWIW, I had no difficulty accessing http://feedvalidator.org/ a few > minutes ago. But I assume you get the same error that I do when you try to validate the feed? > OTOH, the first url in your message returned a blank screen. It's not intended to be viewed with a web browser, if that's what you tried. It's an XML file for feeding to an RSS reader application. Cheers, -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) From dsccable at comcast.net Wed Feb 23 18:04:15 2005 From: dsccable at comcast.net (David Curry) Date: Wed, 23 Feb 2005 13:04:15 -0500 Subject: Wiki RSS feed problem In-Reply-To: <20050223172202.GG987@tirian.magd.ox.ac.uk> References: <20050223025203.GE987@tirian.magd.ox.ac.uk> <421CB97F.5020301@comcast.net> <20050223172202.GG987@tirian.magd.ox.ac.uk> Message-ID: <421CC59F.6000109@comcast.net> Dominic Hargreaves wrote: >On Wed, Feb 23, 2005 at 12:12:31PM -0500, David Curry wrote: > > >>FWIW, I had no difficulty accessing http://feedvalidator.org/ a few >>minutes ago. >> >> > >But I assume you get the same error that I do when you try to validate >the feed? > > > >>OTOH, the first url in your message returned a blank screen. >> >> > >It's not intended to be viewed with a web browser, if that's what you >tried. It's an XML file for feeding to an RSS reader application. > >Cheers, > > > Please pardon the newbie noise. ;-) From marcdeslauriers at videotron.ca Thu Feb 24 03:57:17 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 23 Feb 2005 22:57:17 -0500 Subject: Fedora Legacy Test Update Notification: ethereal Message-ID: <421D509D.4010102@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2407 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2407 2005-02-23 --------------------------------------------------------------------- Name : ethereal Versions : rh7.3: ethereal-0.10.9-0.73.2.legacy Versions : rh9: ethereal-0.10.9-0.90.2.legacy Versions : fc1: ethereal-0.10.9-1.FC1.2.legacy Summary : Network traffic analyzer. Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. --------------------------------------------------------------------- Update Information: Updated Ethereal packages that fix various security vulnerabilities are now available. Ethereal is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws. A flaw in the DICOM dissector could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1139 to this issue. A invalid RTP timestamp could hang Ethereal and create a large temporary file, possibly filling available disk space. (CAN-2004-1140) The HTTP dissector could access previously-freed memory, causing a crash. (CAN-2004-1141) An improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142) The COPS dissector could go into an infinite loop. (CAN-2005-0006) The DLSw dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0007) The DNP dissector could cause memory corruption. (CAN-2005-0008) The Gnutella dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0009) The MMSE dissector could free static memory, causing a crash. (CAN-2005-0010) The X11 protocol dissector is vulnerable to a string buffer overflow. (CAN-2005-0084) Users of Ethereal should upgrade to these updated packages which contain version 0.10.9 that is not vulnerable to these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Feb 23 2005 Marc Deslauriers 0.10.9-0.73.2.legacy - Added the evil plugins hack to get plugins built * Mon Feb 07 2005 Marc Deslauriers 0.10.9-0.73.1.legacy - Updated to 0.10.9 to fix multiple security issues (FL#2407) - Modified configure parameters - Added gcc patch rh9: * Wed Feb 23 2005 Marc Deslauriers 0.10.9-0.90.2.legacy - Added the evil plugins hack to get plugins built * Tue Feb 08 2005 Marc Deslauriers 0.10.9-0.90.1.legacy - Updated to 0.10.9 to fix multiple security issues (FL#2407) - Modified configure parameters fc1: * Wed Feb 23 2005 Marc Deslauriers 0.10.9-1.FC1.2.legacy - Added the evil plugins hack to get plugins built * Tue Feb 08 2005 Marc Deslauriers 0.10.9-1.FC1.1.legacy - Updated to 0.10.9 to fix multiple security issues (FL#2407) - Added htmlview patch - Changed BuildRequires to gtk2 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: bf5ae992795eed466b9e005fd4d14e1f38bfd185 redhat/7.3/updates-testing/i386/ethereal-0.10.9-0.73.2.legacy.i386.rpm 339690967656c301408a873bf3ffea6f4b4311f4 redhat/7.3/updates-testing/i386/ethereal-gnome-0.10.9-0.73.2.legacy.i386.rpm c2fba17d1dd3e04dca158bd7583f1926e3f4374f redhat/7.3/updates-testing/SRPMS/ethereal-0.10.9-0.73.2.legacy.src.rpm rh9: fce29e1fdc627835a8ae16ec787fef0e8dfd428a redhat/9/updates-testing/i386/ethereal-0.10.9-0.90.2.legacy.i386.rpm ee03b51a09f7d324ed7377ebdd88e6412183606d redhat/9/updates-testing/i386/ethereal-gnome-0.10.9-0.90.2.legacy.i386.rpm 823e06972cc84611547ea5ac6d18cadf68ea5c93 redhat/9/updates-testing/SRPMS/ethereal-0.10.9-0.90.2.legacy.src.rpm fc1: 7be37b8141a229d5285f6bf09f9667555693e85e fedora/1/updates-testing/i386/ethereal-0.10.9-1.FC1.2.legacy.i386.rpm 0c1ed87b9ae7f513b9a224e57d2579f333dcda07 fedora/1/updates-testing/i386/ethereal-gnome-0.10.9-1.FC1.2.legacy.i386.rpm 950d6461873f7eac965133077cd959bbb0680e8a fedora/1/updates-testing/SRPMS/ethereal-0.10.9-1.FC1.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 24 03:57:38 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 23 Feb 2005 22:57:38 -0500 Subject: Fedora Legacy Test Update Notification: squirrelmail Message-ID: <421D50B2.4050009@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2424 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2424 2005-02-23 --------------------------------------------------------------------- Name : squirrelmail Versions : rh9: squirrelmail-1.4.3-0.f0.9.3.legacy Versions : fc1: squirrelmail-1.4.3-0.f1.1.2.legacy Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has a all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. --------------------------------------------------------------------- Update Information: An updated SquirrelMail package that fixes a cross-site scripting vulnerability is now available. SquirrelMail is a webmail package written in PHP. A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which could result in causing the victim's machine to execute a malicious script. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1036 to this issue. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting "register_globals" is set to "On". This is not a default or recommended setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0075 to this issue. A URL sanitisation bug was found in Squirrelmail. This flaw could allow a cross site scripting attack when loading the URL for the sidebar. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0103 to this issue. A missing variable initialization bug was found in Squirrelmail. This flaw could allow a cross site scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to this issue. Users of Squirrelmail are advised to upgrade to this updated package, which contains backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh9: * Wed Feb 16 2005 Marc Deslauriers 1.4.3-0.f0.9.3.legacy - Applied patches for CAN-2005-0075, CAN-2005-0103, CAN-2005-0104 * Tue Nov 30 2004 Rob Myers 1.4.3-0.f0.9.2.legacy - apply patch for CAN-2004-1036 (FL #2290) fc1: * Wed Feb 16 2005 Marc Deslauriers 1.4.3-0.f1.1.2.legacy - Applied patches for CAN-2005-0075, CAN-2005-0103, CAN-2005-0104 * Tue Nov 30 2004 Rob Myers 1.4.3-0.f1.1.1.legacy - apply patch for CAN-2004-1036 (FL #2290) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh9: 3196c12423fef52a83ad5e4636f7b74793c8e63e redhat/9/updates-testing/i386/squirrelmail-1.4.3-0.f0.9.3.legacy.noarch.rpm 7a07ddaffdf6cb57a5990839ad17e4f27d29eaf7 redhat/9/updates-testing/SRPMS/squirrelmail-1.4.3-0.f0.9.3.legacy.src.rpm fc1: fee964ec13662fc69361810ed6a4a4d3f2c16196 fedora/1/updates-testing/i386/squirrelmail-1.4.3-0.f1.1.2.legacy.noarch.rpm 3e0b6ab9bfb4b83c05de5d7ba3749e464ee2329d fedora/1/updates-testing/SRPMS/squirrelmail-1.4.3-0.f1.1.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 24 03:58:01 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 23 Feb 2005 22:58:01 -0500 Subject: Fedora Legacy Test Update Notification: subversion Message-ID: <421D50C9.5010603@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-1748 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1748 2005-02-23 --------------------------------------------------------------------- Name : subversion Versions : rh9: subversion-0.27.0-4.legacy Summary : A Concurrent Versioning system similar to CVS. Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion also keeps a log of who, when, and why changes occured. As such it basically does the same thing CVS does (Concurrent Versioning System) but has major enhancements compared to CVS and fixes a lot of the annoyances that CVS users face. --------------------------------------------------------------------- Update Information: Updated subversion packages that fix several security issues are now available. Subversion is a concurrent version control system. Subversion versions up to 1.0.2 are vulnerable to a date parsing vulnerability which can be abused to allow remote code execution on Subversion servers and therefore could lead to a repository compromise. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0397 to this issue. Subversion versions up to and including 1.0.4 have a potential Denial of Service and Heap Overflow issue related to the parsing of strings in the 'svn://' family of access protocols. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413 to this issue. Users of subversion are advised to upgrade to these errata packages, which contain backported patches correcting these issues. --------------------------------------------------------------------- Changelogs rh9: * Wed Feb 23 2005 Marc Deslauriers 0.27.0-4.legacy - Added missing bison, byacc and libxml2-devel BuildPrereq - Disable make_check * Mon Jun 14 2004 Marc Deslauriers 0.27.0-3.legacy - security patches for CAN-2004-0397 and CAN-2004-0413 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh9: 9d08a9754083238df10241291832f90892f25e8f redhat/9/updates-testing/i386/subversion-0.27.0-4.legacy.i386.rpm 68609fdd91802c5f3fb2f6d1a0fe9ba8e20ece39 redhat/9/updates-testing/i386/subversion-devel-0.27.0-4.legacy.i386.rpm 64c66197355f9424d18e62e589e4d377f4dd9b29 redhat/9/updates-testing/SRPMS/subversion-0.27.0-4.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 24 03:54:27 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 23 Feb 2005 22:54:27 -0500 Subject: [FLSA-2005:2005] Updated gdk-pixbuf packages fix security flaws Message-ID: <421D4FF3.6070301@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated gdk-pixbuf packages fix security flaws Advisory ID: FLSA:2005 Issue date: 2005-02-23 Product: Red Hat Linux Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2005 CVE Names: CAN-2004-0111 CAN-2004-0753 CAN-2004-0782 CAN-2004-0783 CAN-2004-0788 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated gdk-pixbuf packages that fix several security flaws are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 3. Problem description: Thomas Kristensen discovered a bitmap file that would cause the Evolution mail reader to crash. This issue was caused by a flaw that affects versions of the gdk-pixbuf package prior to 0.20. To exploit this flaw, a remote attacker could send (via email) a carefully-crafted BMP file, which would cause Evolution to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0111 to this issue. During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CAN-2004-0788) Users of gdk-pixbuf are advised to upgrade to these packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2005 - gdk-pixbuf bmp image loader DOS 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gdk-pixbuf-0.22.0-7.73.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gdk-pixbuf-0.22.0-7.90.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/gdk-pixbuf-0.22.0-7.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/gdk-pixbuf-devel-0.22.0-7.90.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/gdk-pixbuf-gnome-0.22.0-7.90.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- a29384912cdf63b635694050c1ecf2f8f56f2e3c redhat/7.3/updates/i386/gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm 2e9223509766118f53b1934f77ed9d625558772c redhat/7.3/updates/i386/gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm 550e131ff9707a021c1949472ed94c23aec2391c redhat/7.3/updates/i386/gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm ed74d85b0419e4b3eba53a2a65cd87be1b460572 redhat/7.3/updates/SRPMS/gdk-pixbuf-0.22.0-7.73.2.legacy.src.rpm 1783c789f1eca62ee264eb7dd5aaef93084a154a redhat/9/updates/i386/gdk-pixbuf-0.22.0-7.90.2.legacy.i386.rpm a7c5d85e2d367b81425ddd0eab32fb18b1b316b2 redhat/9/updates/i386/gdk-pixbuf-devel-0.22.0-7.90.2.legacy.i386.rpm 50eea5f1886468a5ec6c9d0d10765afcae9791a1 redhat/9/updates/i386/gdk-pixbuf-gnome-0.22.0-7.90.2.legacy.i386.rpm ccc7442f3dd7dd696a5000cbd5cc1d9624f89673 redhat/9/updates/SRPMS/gdk-pixbuf-0.22.0-7.90.2.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0788 http://bugzilla.gnome.org/show_bug.cgi?id=150601 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 24 03:55:29 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 23 Feb 2005 22:55:29 -0500 Subject: [FLSA-2005:2043] Updated zlib package fixes security issues Message-ID: <421D5031.2040400@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated zlib package fixes security issues Advisory ID: FLSA:2043 Issue date: 2005-02-23 Product: Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2043 CVE Names: CAN-2004-0797 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated zlib package that fixes a security flaw is now available. Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs. 2. Relevant releases/architectures: Fedora Core 1 - i386 3. Problem description: Johan Thelmen reported that a specially crafted file can cause a segmentation fault in zlib as the inflate() and inflateBack() functions do not properly handle errors. An attacker could construct a carefully crafted file that could cause a crash or possibly execute arbitrary code when opened. The specific impact depends on the application using zlib. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0797 to this issue. Users of zlib are advised to upgrade to this errata package, which contains a backported patch correcting this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2043 - Zlib Compression Library Denial Of Service Vulnerability 6. RPMs required: Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/zlib-1.2.0.7-2.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/zlib-1.2.0.7-2.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/zlib-devel-1.2.0.7-2.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 815ce5cc7d77184e8075d7b81f16ae94f620ffea fedora/1/updates/i386/zlib-1.2.0.7-2.1.legacy.i386.rpm e7364e589e0a06615c3a02235e54619ca58d0997 fedora/1/updates/i386/zlib-devel-1.2.0.7-2.1.legacy.i386.rpm 4013ab1384694342ed5083f843c2b78d1f4082a7 fedora/1/updates/SRPMS/zlib-1.2.0.7-2.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Thu Feb 24 03:56:34 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 23 Feb 2005 22:56:34 -0500 Subject: [FLSA-2005:2343] Updated vim packages fix security issues Message-ID: <421D5072.8060505@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated vim packages fix security issues Advisory ID: FLSA:2343 Issue date: 2005-02-23 Product: Red Hat Linux, Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2343 CVE Names: CAN-2004-1138 CAN-2005-0069 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated vim packages that fix multiple vulnerabilities are now available. VIM (Vi IMproved) is an updated and improved version of the vi screen- based editor. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1138 to this issue. The Debian Security Audit Project discovered an insecure temporary file usage in VIM. A local user could overwrite or create files as a different user who happens to run one of the the vulnerable utilities. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0069 to this issue. All users of VIM are advised to upgrade to these erratum packages, which contain backported patches for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2343 - multiple vim vulns 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/vim-6.1-18.7x.2.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/vim-common-6.1-18.7x.2.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/vim-enhanced-6.1-18.7x.2.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/vim-minimal-6.1-18.7x.2.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/vim-X11-6.1-18.7x.2.3.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/vim-6.1-29.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/vim-common-6.1-29.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/vim-enhanced-6.1-29.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/vim-minimal-6.1-29.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/vim-X11-6.1-29.3.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/vim-6.2.532-1.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/vim-common-6.2.532-1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/vim-enhanced-6.2.532-1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/vim-minimal-6.2.532-1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/vim-X11-6.2.532-1.3.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 06e66495cc5204b04791af26d8f907a04230f23e redhat/7.3/updates/i386/vim-common-6.1-18.7x.2.3.legacy.i386.rpm c04107fabe009eb3de20c6835a5dbdbbe65f0683 redhat/7.3/updates/i386/vim-enhanced-6.1-18.7x.2.3.legacy.i386.rpm 216fa044df92639f713b646af18a60dfc5c64b9e redhat/7.3/updates/i386/vim-minimal-6.1-18.7x.2.3.legacy.i386.rpm 9d392b1080667ab00958382c85aeaaac8dcc998b redhat/7.3/updates/i386/vim-X11-6.1-18.7x.2.3.legacy.i386.rpm 6619cf7606ef880604c02d794f379d5bfad274d0 redhat/7.3/updates/SRPMS/vim-6.1-18.7x.2.3.legacy.src.rpm 3beeb08ce9c22babf5f24e6441b38789fedbebe3 redhat/9/updates/i386/vim-common-6.1-29.3.legacy.i386.rpm f8e91400360d150e31ac789582aed420711b2ce6 redhat/9/updates/i386/vim-enhanced-6.1-29.3.legacy.i386.rpm 876055e7796964cbf738a0c400d8e6aa2fbb8aa5 redhat/9/updates/i386/vim-minimal-6.1-29.3.legacy.i386.rpm 75bd07034c2c09c932ea62aea6dc44cf54e429b1 redhat/9/updates/i386/vim-X11-6.1-29.3.legacy.i386.rpm b9a8e25c2910eb2d14a524750799351307f310f0 redhat/9/updates/SRPMS/vim-6.1-29.3.legacy.src.rpm e770d44e4b1d8da203d60adaf1974123deefc1fb fedora/1/updates/i386/vim-common-6.2.532-1.3.legacy.i386.rpm 39f3cb5e4060acb72db1b4ca26d213d2e9be21cd fedora/1/updates/i386/vim-enhanced-6.2.532-1.3.legacy.i386.rpm e2a394b9d036365671464985009e7fc7ae40bec4 fedora/1/updates/i386/vim-minimal-6.2.532-1.3.legacy.i386.rpm 9b2121dc0fd781f613fc7440483f94c9ff099aad fedora/1/updates/i386/vim-X11-6.2.532-1.3.legacy.i386.rpm e63c2df5b9c58c83e555e68eff9c38947481f8ac fedora/1/updates/SRPMS/vim-6.2.532-1.3.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0069 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289560 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From dom at earth.li Thu Feb 24 09:53:43 2005 From: dom at earth.li (Dominic Hargreaves) Date: Thu, 24 Feb 2005 09:53:43 +0000 Subject: Fedora Legacy Test Update Notification: gtk2 Message-ID: <20050224095342.GA5456@home.thedom.org> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2073 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2073 2005-02-23 --------------------------------------------------------------------- Name : gtk2 Versions : rh7.3: gtk2-2.0.2-4.1.legacy.1 rh9: gtk2-2.2.1-4.1.legacy.1 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. --------------------------------------------------------------------- Update Information: Updated gtk2 pacakges that fix security issues are now available. gtk2, the Gimp Toolkit, is a library for creating GUIs for X. During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CAN-2004-0788) --------------------------------------------------------------------- Changelogs rh73: * Thu Feb 17 2005 Dominic Hargreaves 2.0.2-4.1.legacy.1 - Add gettext, libtool, autoconf build dep * Sun Sep 19 2004 Marc Deslauriers 2.0.2-4.1.lega cy - Added security patch for CAN-2004-0782, CAN-2004-0783, CAN-2004-0788 rh9: * Wed Feb 23 2005 Dominic Hargreaves 2.2.1-4.1.legacy.1 - Fix build requirement for automake * Sun Sep 19 2004 Marc Deslauriers 2.2.1-4.1.lega cy - add security fixes for CAN-2004-0753, CAN-2004-0782, CAN-2004-0783, CAN-2004-0788 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 40a04f9de6f6c3c25ee15a275f15b5905c584cd5 redhat/7.3/updates-testing/SRPMS/gtk2-2.0.2-4.1.legacy.1.src.rpm 804021fcabd265dbf90eaf0ea5b5fa8e8e60a12b redhat/7.3/updates-testing/i386/gtk2-2.0.2-4.1.legacy.1.i386.rpm 3e1abc389122c5a5a76c4007d9c59584aabd0234 redhat/7.3/updates-testing/i386/gtk2-devel-2.0.2-4.1.legacy.1.i386.rpm rh9: 0a6fd49149977d627fc14a8a4eebe4dfe69fcfd9 redhat/9/updates-testing/SRPMS/gtk2-2.2.1-4.1.legacy.1.src.rpm eb8b595676024ccc5cb2f61eaeaa55e765cfa698 redhat/9/updates-testing/i386/gtk2-2.2.1-4.1.legacy.1.i386.rpm b64b81500f5815becc4a264c640e91221f596d00 redhat/9/updates-testing/i386/gtk2-devel-2.2.1-4.1.legacy.1.i386.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From fab at s-tunnel.com Thu Feb 24 13:10:16 2005 From: fab at s-tunnel.com (Alexey Fadyushin) Date: Thu, 24 Feb 2005 16:10:16 +0300 Subject: DNS Error In-Reply-To: References: Message-ID: <421DD238.5060502@s-tunnel.com> You have a problem with DNS name resolution. Most probably there are no nameserver records in the /etc/resolv.conf file on your computer. When you use option 'usepeerdns' in /etc/ppp/options PPP daemon will accept list of DNS servers from your provider and put appropriate 'nameserver' records in file /etc/ppp/resolv.conf. Therefore, you need to copy that file to /etc/resolv.conf when connection is established (you also may use a symbolic link instead of copying the file). If your ISP does not transmit DNS server addresses when your computer connects to ISP, you can ask your ISP about those addresses and manually put them into /etc/reslov.conf. Alternatively, you could run your own DNS server (caching only) on your computer. Alexey Fadyushin Brainbench MVP for Linux. http://www.brainbench.com Vasco Dion?sio wrote: > Hello, > > I installed a ADSL Modem that uses unicorn chipset (IceData500), > compiled the drivers, and configured pppoe to connect to my ISP > Provider. I am using Red Hat 7.3. Everything went fine and I am able > to connect to my ISP (when I do a ifconfig I can see the connection > and I am able to ping the DNS servers of the ISP). My problem is that > if I do a ping with a name I get an error message saying "host > unknow". For instance, if I do ping www.google.com I get the error > message but if I do ping xxx.xxx.xxx.xxx for the DNS address of the > ISP everything goes fine. Could anyone give some hints please. I am > new to linux... > > Thanks in advance, > Vasco > > Here's my /etc/ppp/options > > lock > ipparam ppp0 > noipdefault > noauth > defaultroute > user "user at domain.ext" > noaccomp > noccp > nobsdcomp > nodeflate > nopcomp > novj > lcp-echo-interval 20 > lcp-echo-failure 3 > maxfail 25 > updetach > usepeerdns > holdoff 4 > persist > > Here's how I connect > > #modprobe unicorn_usb_eth PROTOCOL=pppoe ActivationMode=1 VPI=0 VCI=35 > ENCAPS=llc-encaps > > > #ifconfig dsl0 up > #pppd pty 'pppoe -I dsl0 -m 1452' > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it's > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list From cave.dnb at tiscali.fr Thu Feb 24 14:37:02 2005 From: cave.dnb at tiscali.fr (nigel henry) Date: Thu, 24 Feb 2005 14:37:02 +0000 Subject: zlib updates fix apt segmentation fault on FC1 Message-ID: <200502241437.02528.cave.dnb@tiscali.fr> Hi all. I have 2 Fedora Core 1 installs on this machine. One has apt from planetccrma as I use their music software. On this one I just added the Fedora Legacy URL's to the apt sources.list and it works fine. The other FC1 install I use for testing stuff and installed apt from Fedora Lecacy. Apt-get hit all the url's ok, downloading updates to the package lists, but then segfaulted before "Reading Package Lists". I installed yum then, which I knew worked ok, and updated from that. But since the zlib and other updates this morning, running apt again no longer produces segfaults. It reads the package lists, builds the dependency tree...Done. I am presuming that the updated zlib package has fixed this problem. Thanks to all those working so hard on the updates. Nigel. Both FC1 installs are using the kernel version 2.4.22-1.2199.nptl From vascodionisio at hotmail.com Thu Feb 24 15:17:09 2005 From: vascodionisio at hotmail.com (Vasco Dionísio) Date: Thu, 24 Feb 2005 15:17:09 +0000 Subject: DNS Error In-Reply-To: <421DD238.5060502@s-tunnel.com> Message-ID: Thanks to you all... the problem is solved... you were rigth: there were no entries in my /etc/resolv.conf file because I thougth that if I used usepeerdns I wouldn't need any entries in /etc/resolv.conf You have been much helpfull... Vasco >From: Alexey Fadyushin >Reply-To: Discussion of the Fedora Legacy Project > >To: Discussion of the Fedora Legacy Project >Subject: Re: DNS Error >Date: Thu, 24 Feb 2005 16:10:16 +0300 > >You have a problem with DNS name resolution. Most probably there are no >nameserver records in the /etc/resolv.conf file on your computer. When you >use option 'usepeerdns' in /etc/ppp/options PPP daemon will accept list of >DNS servers from your provider and put appropriate 'nameserver' records in >file /etc/ppp/resolv.conf. Therefore, you need to copy that file to >/etc/resolv.conf when connection is established (you also may use a >symbolic link instead of copying the file). If your ISP does not transmit >DNS server addresses when your computer connects to ISP, you can ask your >ISP about those addresses and manually put them into /etc/reslov.conf. >Alternatively, you could run your own DNS server (caching only) on your >computer. > >Alexey Fadyushin >Brainbench MVP for Linux. >http://www.brainbench.com > > >Vasco Dion?sio wrote: > >>Hello, >> >>I installed a ADSL Modem that uses unicorn chipset (IceData500), compiled >>the drivers, and configured pppoe to connect to my ISP Provider. I am >>using Red Hat 7.3. Everything went fine and I am able to connect to my ISP >>(when I do a ifconfig I can see the connection and I am able to ping the >>DNS servers of the ISP). My problem is that if I do a ping with a name I >>get an error message saying "host unknow". For instance, if I do ping >>www.google.com I get the error message but if I do ping xxx.xxx.xxx.xxx >>for the DNS address of the ISP everything goes fine. Could anyone give >>some hints please. I am new to linux... >> >>Thanks in advance, >>Vasco >> >>Here's my /etc/ppp/options >> >>lock >>ipparam ppp0 >>noipdefault >>noauth >>defaultroute >>user "user at domain.ext" >>noaccomp >>noccp >>nobsdcomp >>nodeflate >>nopcomp >>novj >>lcp-echo-interval 20 >>lcp-echo-failure 3 >>maxfail 25 >>updetach >>usepeerdns >>holdoff 4 >>persist >> >>Here's how I connect >> >>#modprobe unicorn_usb_eth PROTOCOL=pppoe ActivationMode=1 VPI=0 VCI=35 >>ENCAPS=llc-encaps >> >> >>#ifconfig dsl0 up >>#pppd pty 'pppoe -I dsl0 -m 1452' >> >>_________________________________________________________________ >>Express yourself instantly with MSN Messenger! Download today it's FREE! >>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >>-- >>fedora-legacy-list mailing list >>fedora-legacy-list at redhat.com >>http://www.redhat.com/mailman/listinfo/fedora-legacy-list > > >-- >fedora-legacy-list mailing list >fedora-legacy-list at redhat.com >http://www.redhat.com/mailman/listinfo/fedora-legacy-list From pekkas at netcore.fi Fri Feb 25 09:04:25 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Fri, 25 Feb 2005 11:04:25 +0200 (EET) Subject: Fedora Legacy advistory list is lacking Message-ID: Hi, It appears the advisories haven't been updated on: http://www.fedoralegacy.org/updates/ .. hopefully these aren't updated manually?!?!? Or did a script break? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From bdm at fenrir.org.uk Fri Feb 25 10:10:29 2005 From: bdm at fenrir.org.uk (Brian Morrison) Date: Fri, 25 Feb 2005 10:10:29 +0000 Subject: Fedora Legacy advistory list is lacking In-Reply-To: References: Message-ID: <20050225101029.3881c385@ickx.fenrir.org.uk> On Fri, 25 Feb 2005 11:04:25 +0200 (EET) in Pine.LNX.4.61.0502251102380.25569 at netcore.fi Pekka Savola wrote: > Hi, > > It appears the advisories haven't been updated on: > > http://www.fedoralegacy.org/updates/ > > .. hopefully these aren't updated manually?!?!? Or did a script break? > yum check-update has returned nothing for me for a fair few weeks now, I've taken to applying the patched versions by hand.... -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From marcdeslauriers at videotron.ca Fri Feb 25 12:55:35 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 25 Feb 2005 07:55:35 -0500 Subject: Fedora Legacy advistory list is lacking In-Reply-To: References: Message-ID: <1109336135.14050.1.camel@mdlinux> On Fri, 2005-02-25 at 11:04 +0200, Pekka Savola wrote: > .. hopefully these aren't updated manually?!?!? Or did a script break? > They are updated manually. Eric, who usually updates the page is on vacation AFAIK. Although he explained to us how to update the page, nobody has done it yet. Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From marcdeslauriers at videotron.ca Fri Feb 25 12:59:08 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Fri, 25 Feb 2005 07:59:08 -0500 Subject: Fedora Legacy advistory list is lacking In-Reply-To: <20050225101029.3881c385@ickx.fenrir.org.uk> References: <20050225101029.3881c385@ickx.fenrir.org.uk> Message-ID: <1109336349.14050.4.camel@mdlinux> On Fri, 2005-02-25 at 10:10 +0000, Brian Morrison wrote: > yum check-update has returned nothing for me for a fair few weeks now, > I've taken to applying the patched versions by hand.... What platform are you using? What mirror are you using? Could you please post your yum.conf file? Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From pekkas at netcore.fi Fri Feb 25 13:48:43 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Fri, 25 Feb 2005 15:48:43 +0200 (EET) Subject: Fedora Legacy advistory list is lacking In-Reply-To: <1109336135.14050.1.camel@mdlinux> References: <1109336135.14050.1.camel@mdlinux> Message-ID: On Fri, 25 Feb 2005, Marc Deslauriers wrote: > On Fri, 2005-02-25 at 11:04 +0200, Pekka Savola wrote: >> .. hopefully these aren't updated manually?!?!? Or did a script break? >> > > They are updated manually. Eric, who usually updates the page is on > vacation AFAIK. Although he explained to us how to update the page, > nobody has done it yet. This should _really_ be done by e.g., - having a script automatically demultiplex these messages from fedora-devel-list - requiring that the announce message that is sent out is also copied on the web server, from which the list of advisories is created immediately, or - not provide any list at all, just point to the list archives for the advisories Manually updating seems to be a waste of energy, error prone, and incurs unnecessary delays. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jkeating at j2solutions.net Fri Feb 25 18:03:53 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 25 Feb 2005 10:03:53 -0800 Subject: Fedora Legacy advistory list is lacking In-Reply-To: References: <1109336135.14050.1.camel@mdlinux> Message-ID: <1109354633.28467.74.camel@jkeating2.hq.pogolinux.com> On Fri, 2005-02-25 at 15:48 +0200, Pekka Savola wrote: > This should _really_ be done by e.g., > - having a script automatically demultiplex these messages from > fedora-devel-list > - requiring that the announce message that is sent out is also > copied > on the web server, from which the list of advisories is created > immediately, or > - not provide any list at all, just point to the list archives for > the advisories > > Manually updating seems to be a waste of energy, error prone, and > incurs unnecessary delays. Are you offering to code us up something that does this? Currently we are spending our efforts on getting packages out, moving to RH bugzilla, and other higher level things which are of more importance. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From pekkas at netcore.fi Fri Feb 25 19:37:22 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Fri, 25 Feb 2005 21:37:22 +0200 (EET) Subject: Fedora Legacy advistory list is lacking In-Reply-To: <1109354633.28467.74.camel@jkeating2.hq.pogolinux.com> References: <1109336135.14050.1.camel@mdlinux> <1109354633.28467.74.camel@jkeating2.hq.pogolinux.com> Message-ID: On Fri, 25 Feb 2005, Jesse Keating wrote: >> - requiring that the announce message that is sent out is also >> copied on the web server, from which the list of advisories is >> created immediately, or [...] >> Manually updating seems to be a waste of energy, error prone, and >> incurs unnecessary delays. > > Are you offering to code us up something that does this? Currently we > are spending our efforts on getting packages out, moving to RH bugzilla, > and other higher level things which are of more importance. Since you ask so nicely, here's a quick hack which does it for you. Feel free to extend and embrace it if you want. Below is the quick summary how to use the scripts. Don't get me wrong -- this isn't mission critical thing, but it boggles me that someone has actually maintained these manually when the work really _has_ to be automated in one way or the other! For that person doing the maintenance, the work is much better justified by spending a bit of time in the scripting business than continuous updates. ---------- Create two directories on the web server: - X, where you put advisories like FLSA-1222 (in text) under name '1222' - Y, where you have the web directory publish stuff. Put script htmlize.sh in cron (e.g., hourly run) with: 'cd X; for i in *; do htmlize.sh $i Y/$i.html; done' Put script 'create-summary.sh' somewhere and put three instances in cron: cd X; for i in *; do create-summary.sh $i 7 > Y/rhl73-updates.html; done cd X; for i in *; do create-summary.sh $i 9 > Y/rhl9-updates.html; done cd X; for i in *; do create-summary.sh $i 1 > Y/fc1-updates.html; done .. now you should get barebones pages "fc1|rhl9|rhl73-updates.html" pages which link to a html-ized version of the advisory. (We can forget about rhl72 and rhl8 updates.) If it's unreasonable for those mailing out the advisories to copy them on the web server in a particular format, you can implement the logic to automatically deal with that e.g., by setting up a procmail at the web server. ------------------ -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------- next part -------------- A non-text attachment was scrubbed... Name: htmlize.sh Type: application/x-sh Size: 208 bytes Desc: URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: create-summary.sh Type: application/x-sh Size: 849 bytes Desc: URL: From jkeating at j2solutions.net Fri Feb 25 22:12:27 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 25 Feb 2005 14:12:27 -0800 Subject: Fedora Legacy advistory list is lacking In-Reply-To: References: <1109336135.14050.1.camel@mdlinux> <1109354633.28467.74.camel@jkeating2.hq.pogolinux.com> Message-ID: <1109369547.28467.96.camel@jkeating2.hq.pogolinux.com> On Fri, 2005-02-25 at 21:37 +0200, Pekka Savola wrote: > > Since you ask so nicely, here's a quick hack which does it for you. > Feel free to extend and embrace it if you want. Below is the quick > summary how to use the scripts. Thanks a bunch Pekka. I will try to get some time free this weekend to look at this. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From pekkas at netcore.fi Sat Feb 26 10:57:24 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sat, 26 Feb 2005 12:57:24 +0200 (EET) Subject: updated 'tree' on download.fedoralegacy.org Message-ID: Hi, It seems that the file http://download.fedoralegacy.org/tree has not been updated since the start of December or so. This was probably due to the server move/crash. Could this be re-added to cron (e.g., a daily or weekly run) -- the file is very useful for me to check which versions which RHL/FC versions have of a particular package.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jkeating at j2solutions.net Sat Feb 26 20:02:14 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Sat, 26 Feb 2005 12:02:14 -0800 Subject: updated 'tree' on download.fedoralegacy.org In-Reply-To: References: Message-ID: <1109448134.3258.66.camel@localhost.localdomain> On Sat, 2005-02-26 at 12:57 +0200, Pekka Savola wrote: > It seems that the file http://download.fedoralegacy.org/tree has not > been updated since the start of December or so. > > This was probably due to the server move/crash. > > Could this be re-added to cron (e.g., a daily or weekly run) -- the > file is very useful for me to check which versions which RHL/FC > versions have of a particular package.. > oh, whoops! That file was a test run to see if people liked the generated output. Given that it doesn't use full paths, none of the packages are 'clickable' and some people didn't like that. I'll re-add this to my to-do list of generating this file in an automated way w/ clickable files. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From pekkas at netcore.fi Sun Feb 27 06:33:48 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 27 Feb 2005 08:33:48 +0200 (EET) Subject: updated 'tree' on download.fedoralegacy.org In-Reply-To: <1109448134.3258.66.camel@localhost.localdomain> References: <1109448134.3258.66.camel@localhost.localdomain> Message-ID: On Sat, 26 Feb 2005, Jesse Keating wrote: >> This was probably due to the server move/crash. >> >> Could this be re-added to cron (e.g., a daily or weekly run) -- the >> file is very useful for me to check which versions which RHL/FC >> versions have of a particular package.. > > oh, whoops! That file was a test run to see if people liked the > generated output. Given that it doesn't use full paths, none of the > packages are 'clickable' and some people didn't like that. I'll re-add > this to my to-do list of generating this file in an automated way w/ > clickable files. Here's a script which does that for you. However, I'm not sure if that makes much sense (at least to be run on our master mirror), because tree.html is over 4MB. I don't treat this as a point'n'click thing. But maybe someone wants to download tree.html and use it in some unknown manner. Please just keep the text tree there as well.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------- next part -------------- A non-text attachment was scrubbed... Name: tree-to-html.sh Type: application/x-sh Size: 277 bytes Desc: URL: From beartooth at adelphia.net Thu Feb 24 21:19:52 2005 From: beartooth at adelphia.net (beartooth) Date: Thu, 24 Feb 2005 16:19:52 -0500 Subject: Which PC to try FC2 on first? Message-ID: What I call my backup machine or my map machine, according to use, is an athlon a couple years old, with 1.5 GB of RAM, a 14.5GB hard drive running Windows XP/SP2 for GPS/topo map stuff, and a new 80GB hard drive (of which 45 GB are a /shared partition, accessible to both drives), running FC1. I'm a little hesitant to upgrade it, for fear of somehow making XP even worse than it already is. (I have a tale of woe about XP and the new GPSs, but I'll save that -- except to say that I hosed it, and had forty hours' work getting XP back to where I had had it.) The other is a 1998 pentium2 with either 256MB or 384MB of RAM (I disremember), and two hard drives, a 20GB and a 30GB, running FC1 jointly on both; I plan to make it the LAN server, when I get as far as setting up a home LAN. Meanwhile, it's essentially a backup to the backup: tweaked the same way as both my main (FC1) and my backup (FC1) machine, and running the same applications when it runs at all. I'd prefer to try an upgrade rather than a clean install, just because, if I get away with it, I'll've spared myself the tedium of downloading and installing which a clean install would require to get it into the shape I want to run. So which machine would you try FC2 on first, and why? Or is a clean install the only way to get from FC1 to FC2 -- still? (I recall people here saying so when FC2 was newly out.) And in either case, how do I make sure when I get to the map machine that FC2 doesn't touch the XP part? -- Beartooth Implacable, Linux Evangelist & Gadfly neo-redneck, curmudgeonly codger with FC1, YDL4 -- & XP Pine 4.62, Pan 0.14.2; Privoxy 3.0.1; Opera 7.54, Firefox 1.0 Bear in mind that I have little idea what I am talking about. From marcdeslauriers at videotron.ca Fri Feb 25 03:39:58 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 24 Feb 2005 22:39:58 -0500 Subject: [FLSA-2005:2336] Updated kernel packages fix security issues Message-ID: <421E9E0E.1030000@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated kernel packages fix security issues Advisory ID: FLSA:2336 Issue date: 2005-02-24 Product: Red Hat Linux, Fedora Core Keywords: Bugfix Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2336 CVE Names: CAN-2004-0177 CAN-2004-0685 CAN-2004-0814 CAN-2004-0883 CAN-2004-0949 CAN-2004-1016 CAN-2004-1017 CAN-2004-1056 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073 CAN-2004-1074 CAN-2004-1137 CAN-2004-1234 CAN-2004-1235 CAN-2005-0001 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated kernel packages that fix several security issues are now available. The Linux kernel handles the basic functions of the operating system. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: This update includes fixes for several security issues: The ext3 code in kernels before 2.4.26 did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0177 to this issue. Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685) Multiple race conditions in the terminal layer could allow local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread. This could also allow remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. (CAN-2004-0814) Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CAN-2004-0883, CAN-2004-0949) ISEC security research and Georgi Guninski independantly discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). (CAN-2004-1016) Multiple overflows were discovered and corrected in the io_edgeport driver. (CAN-2004-1017) The Direct Rendering Manager (DRM) driver does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. (CAN-2004-1056) A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. (CAN-2004-1068) Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use these flaws to gain read access to executable-only binaries or possibly gain privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073, CAN-2004-1074) ISEC security research discovered multiple vulnerabilities in the IGMP functionality of the kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. (CAN-2004-1137) Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). (CAN-2004-1234) iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. (CAN-2004-1235) iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. (CAN-2005-0001) All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To install kernel packages manually, use "rpm -ivh " and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo) Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. Note that this may not automatically pull the new kernel in if you have configured apt/yum to ignore kernels. If so, follow the manual instructions above. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2336 - Kernel bugs 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm i586: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm i686: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm athlon: http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm i586: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm i686: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm athlon: http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm i586: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm i686: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm athlon: http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 7900b4d4608f6f23f1b19f8545a67bd733493c65 redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm dad7ced597c96a258e11d0de8437356ac82e40f3 redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm caea6cb5c96897341c71e023e71d90b1b01bdde9 redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm ffe552201b6bfdc5359596ae901bc249a365cec6 redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm 4be06cfe9783c4d045fbfff4774e50f308fa6934 redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm 7d4b1b49e292ade40eb1f14e89338ae8df014981 redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm 6a17058770d6e6c2b8706232d1ceb60866b36ab0 redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm b8e1b78b834e48ec35906b3924eb2bd12a33e4d6 redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm 55e2477c5ddd3934c2bfbc770ff0df7cce44a6a0 redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm c923851d4e460a672891db11bbc98089189a5a93 redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm dfcf9626635256e898e9696b7c8e58d826069be4 redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm f4620b08ec8e2ae3973d5b3e555893ab3a7ce340 redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm 2d6d73763d1d7631b61c40b8093757466dd24cd7 redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm 7b1f8f93eb586ae3fbe834670801d45b999700c2 redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm 8d472f8c69a624b310758472c7f387c258f73c02 redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm 618c079b5c9336a0bf0c4e7342616c001eea5f15 redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm dcc66fd50b44cdb55c543d2d0496de595e627d7a redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm d092d4efcc10b605fdf9724c5bd65560811063c4 redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm d99388a8d0f9b0b7e19aa61d25399dc4e5489427 redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm ccfaec93e1a5145ec9d91f0d3e7eeab19a3a81a4 redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm 75e49f1b57037546407f3631a3c5f75fb2d671ee redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm c7b63e8f26ccb8a237a5918d50e04b112e13f700 redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm f1e82fb01bcf318ee1e6d48ac3119ee8caa6be11 redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm d11209f3d111ed3e633662c5f651772f11282f8e redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm 91df569f7f98a976f2686628c9a45160c8f730c6 fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm 1ef2868a7a990521a080925ca81981cafa676258 fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm 5b093d72e5f7398f3b829c6ce557eb9817042732 fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm b66170a9431426138e454ddec7f3b98ec45a10fb fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm 4c5895f14271a8b5bc6e5489c053fba1f96e71f8 fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm a358e368bea67f2cbbf32a6a1c9242e1cd7dffeb fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm c16b6217ac2ade811576e303a7eb1ddc0214d692 fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm d307317b04336c289cddde005e11c30b188119cb fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm 3b0301c812ad4379c6eb7bbd7970ab4f9602b37c fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm d14e7971299e22a38cdeee145028d797ea477a1c fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature URL: From carl.sopchak at cegis123.com Fri Feb 25 23:42:09 2005 From: carl.sopchak at cegis123.com (Carl Sopchak) Date: Fri, 25 Feb 2005 18:42:09 -0500 Subject: Question re timing of "going legacy" Message-ID: <200502251842.09517.carl.sopchak@cegis123.com> I was wondering what the rationale was for moving FC to Fedora Legacy when FC test2 release is announced. (I.e., FC2 "going legacy" when FC4 test2 is released, as was also done with FC1/FC3.) Is it the "push" / extra resources required to get from test2 to final release? As an end user, it certainly would be more convenient if FC was "regularly" supported until FC was released. Two months seems like an awfully long time to go without (security) updates, and a very short time to have to reconfigure yum for (although I probably will...). But 6 months seems too frequently to do a full upgrade to the OS (which can be a relatively lot of work). To me, that two month window seems "so close, yet so far away"... Just to be clear, I *really* appreciate the Fedora Core project. I'm just expressing a point of view of one (perhaps class of) user... Thanks, Carl From beartooth at adelphia.net Sat Feb 26 20:29:15 2005 From: beartooth at adelphia.net (beartooth) Date: Sat, 26 Feb 2005 15:29:15 -0500 Subject: Error: ... correct GPG keys installed? Message-ID: On at least one machine whose yum.conf used to work fine, I keep getting : ===== Error: You may also check that you have the correct GPG keys installed ===== whenever I try to run yum update. It's Clint's sample file, which I don't *think* I recall touching, unless maybe to comment out one or two of the first things that seemed to be producing this. I did get GPG errors at first, until he kindly told me how to fix them. What has changed, and how do I cope? -- Beartooth Implacable, Linux Evangelist & Gadfly neo-redneck, curmudgeonly codger with FC1 & YDL 4.0 Pine 4.61, Pan 0.14.2; Privoxy 3.0.1; Opera 7.54, Firefox 1.0 Bear in mind that I have little idea what I am talking about.