From pekkas at netcore.fi Sun May 1 06:36:57 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 1 May 2005 09:36:57 +0300 (EEST) Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050412173110.GJ24240@urchin.earth.li> References: <20050412173110.GJ24240@urchin.earth.li> Message-ID: Hi, On Tue, 12 Apr 2005, Dominic Hargreaves wrote: > I've transferred all the information from issues.txt into the status > whiteboard at bugzilla.redhat.com. > > The tags I've used are as follows, they should all be self-explanatory: > > NEEDSWORK (retain from bugzilla.fedora.us) > discussion > publish-rhl73 > publish-rhl9 > publish-core1 > publish-fc2 > verify-rhl73 > verify-rhl9 > verify-core1 > verify-fc2 > needsbuild > needsrelease I got a bit bored at looking at the tinyurls and having to surf them back and forth looking for stuff that I could help with; having just one page which would include all the relevant information would be good. Hence, I hacked up two scripts to fetch the information from bugzilla and merge it on one page. See for example: http://netcore.fi/pekkas/buglist.html The scripts are attached. Maybe someone can clean the output a bit (if needed) and run them regularly somewhere ? "All packages needing new packages" certainly looks a bit redundant.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------- next part -------------- A non-text attachment was scrubbed... Name: create-buglist.sh Type: application/x-sh Size: 1691 bytes Desc: URL: -------------- next part -------------- #!/usr/bin/perl $inputfile='-'; $match_buglist=0; open(FILE, $inputfile) || die "Can't open $inputfile: $!\n"; while() { $match_buglist=1 if (/table class=/ && $match_buglist != -1); next unless $match_buglist eq 1; $match_buglist=-1 if /<\/table>/; print; } From marcdeslauriers at videotron.ca Sun May 1 07:02:00 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sun, 01 May 2005 03:02:00 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> Message-ID: <1114930920.17391.0.camel@mdlinux> On Sun, 2005-05-01 at 09:36 +0300, Pekka Savola wrote: > Hence, I hacked up two scripts to fetch the information from bugzilla > and merge it on one page. See for example: > > http://netcore.fi/pekkas/buglist.html Wow...that is _really_ cool. Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From mattdm at mattdm.org Sun May 1 15:53:10 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sun, 1 May 2005 11:53:10 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> Message-ID: <20050501155310.GA31095@jadzia.bu.edu> On Sun, May 01, 2005 at 09:36:57AM +0300, Pekka Savola wrote: > I got a bit bored at looking at the tinyurls and having to surf them > back and forth looking for stuff that I could help with; having just > one page which would include all the relevant information would be > good. > Hence, I hacked up two scripts to fetch the information from bugzilla > and merge it on one page. See for example: > http://netcore.fi/pekkas/buglist.html > The scripts are attached. Nice. It'd probably be good to add the "component" column to the chart, too. > Maybe someone can clean the output a bit (if needed) and run them > regularly somewhere ? "All packages needing new packages" certainly > looks a bit redundant.. I'll take a look at doing that next week if no one else speaks up. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 76 degrees Fahrenheit. From michal at harddata.com Sun May 1 17:00:05 2005 From: michal at harddata.com (Michal Jaegermann) Date: Sun, 1 May 2005 11:00:05 -0600 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <1114930920.17391.0.camel@mdlinux>; from marcdeslauriers@videotron.ca on Sun, May 01, 2005 at 03:02:00AM -0400 References: <20050412173110.GJ24240@urchin.earth.li> <1114930920.17391.0.camel@mdlinux> Message-ID: <20050501110005.A19272@mail.harddata.com> On Sun, May 01, 2005 at 03:02:00AM -0400, Marc Deslauriers wrote: > On Sun, 2005-05-01 at 09:36 +0300, Pekka Savola wrote: > > > Hence, I hacked up two scripts to fetch the information from bugzilla > > and merge it on one page. See for example: > > > > http://netcore.fi/pekkas/buglist.html > > Wow...that is _really_ cool. Indeed! "All packages needing new packages" could be replaced by "New packages wanted"; or "New packages needed for these" if something more verbose is desired, or something like that. Michal From pekkas at netcore.fi Sun May 1 18:16:02 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 1 May 2005 21:16:02 +0300 (EEST) Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050501155310.GA31095@jadzia.bu.edu> References: <20050412173110.GJ24240@urchin.earth.li> <20050501155310.GA31095@jadzia.bu.edu> Message-ID: On Sun, 1 May 2005, Matthew Miller wrote: > On Sun, May 01, 2005 at 09:36:57AM +0300, Pekka Savola wrote: >> I got a bit bored at looking at the tinyurls and having to surf them >> back and forth looking for stuff that I could help with; having just >> one page which would include all the relevant information would be >> good. >> Hence, I hacked up two scripts to fetch the information from bugzilla >> and merge it on one page. See for example: >> http://netcore.fi/pekkas/buglist.html >> The scripts are attached. > > Nice. It'd probably be good to add the "component" column to the chart, too. If you can find a way for Red Hat's bugzilla to print that out (i.e., a bugzilla search URL), why not. I haven't looked at it but I fear it may be impossible. I'd certainly be very interested if the summary page was able to clearly show which release (rhl73,rhl9,fc1,fc2,...) requires more work, so those who are able/interested in working on just that release can quickly pick their own. In particular, if folks with access to (for example) FC1 saw that a particular update had already VERIFY votes for RHL73, RHL9, and FC2, but FC1 was missing, could prioritize sending in the VERIFY over the case of "no VERIFIES done yet at all". This is the most frustrating case of missing VERIFY votes.. >> Maybe someone can clean the output a bit (if needed) and run them >> regularly somewhere ? "All packages needing new packages" certainly >> looks a bit redundant.. > > I'll take a look at doing that next week if no one else speaks up. I don't care much -- just that it finds a good home. I'm hoping it would be done at fedoralegacy.org or at least visible linked from there, so that folks who'd want to contribute would find it easily. Michal: >Indeed! "All packages needing new packages" could be replaced >by "New packages wanted"; or "New packages needed for these" if >something more verbose is desired, or something like that. That last category seems to match all the Fedora Legacy bugs, so I'm not sure how useful it is (at least it should not list the same things which have already been listed earlier..?). But I'm not sure if that's doable as a bugzilla query URL. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From mattdm at mattdm.org Sun May 1 18:31:29 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sun, 1 May 2005 14:31:29 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> <20050501155310.GA31095@jadzia.bu.edu> Message-ID: <20050501183128.GA3267@jadzia.bu.edu> On Sun, May 01, 2005 at 09:16:02PM +0300, Pekka Savola wrote: > >Nice. It'd probably be good to add the "component" column to the chart, > >too. > If you can find a way for Red Hat's bugzilla to print that out (i.e., > a bugzilla search URL), why not. I haven't looked at it but I fear > it may be impossible. You can add something like "&columnlist=status,resolution,component,qa_contact" and it will work. (Although probably not that list -- I just copied that out of one of my own scripts.) > I'd certainly be very interested if the summary page was able to > clearly show which release (rhl73,rhl9,fc1,fc2,...) requires more > work, so those who are able/interested in working on just that release > can quickly pick their own. Hopefully we can make that work better in bugzilla itself. But if not, a wrapper layer like this can definitely help. > >I'll take a look at doing that next week if no one else speaks up. > I don't care much -- just that it finds a good home. I'm hoping it > would be done at fedoralegacy.org or at least visible linked from > there, so that folks who'd want to contribute would find it easily. Definitely. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 76 degrees Fahrenheit. From michal at harddata.com Sun May 1 18:58:18 2005 From: michal at harddata.com (Michal Jaegermann) Date: Sun, 1 May 2005 12:58:18 -0600 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: ; from pekkas@netcore.fi on Sun, May 01, 2005 at 09:36:57AM +0300 References: <20050412173110.GJ24240@urchin.earth.li> Message-ID: <20050501125818.A23250@mail.harddata.com> On Sun, May 01, 2005 at 09:36:57AM +0300, Pekka Savola wrote: > See for example: > > http://netcore.fi/pekkas/buglist.html > > The scripts are attached. If you will filter an output of 'fetch-bugzilla.pl' by an attached script then resulting tables are sorted in a numerical ascending order by bug id's. Easy to add in 'create-buglist.sh' or one can pipe through a subprocess in 'fetch-bugzilla.pl' before showing results. This relies to an extent on a particular format produced by bugzilla but I wanted to avoid additional Perl modules for parsing HTML. Michal -------------- next part -------------- #!/usr/bin/perl use strict; while (<>) { print; last if m{}; } my $bug_entry = ''; my %bugs; sub next_bug { local $_ = shift; my $id; ($id) = ($_ =~ /show_bug.cgi\?id=(\d+)\"/m); $bugs{$id} = $_; } sub print_bugs { foreach (sort {$a <=> $b} keys %bugs) { print $bugs{$_}; } } while (<>) { if (m{}) { print_bugs; print $_; last; } if (m{}) { next_bug $bug_entry . $_; $bug_entry = ''; } else { $bug_entry .= $_; } } while (<>) { print $_; } From marcdeslauriers at videotron.ca Mon May 2 11:56:47 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 02 May 2005 07:56:47 -0400 Subject: Fedora Legacy Test Update Notification: kernel Message-ID: <4276157F.3090902@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152532 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 2005-05-02 --------------------------------------------------------------------- Name : kernel Versions : rh7.3: kernel-2.4.20-43.7.legacy Versions : rh9: kernel-2.4.20-43.9.legacy Versions : fc1: kernel-2.4.22-1.2199.5.legacy Summary : The Linux kernel (the core of the Linux operating system). Description : The kernel package contains the Linux kernel (vmlinuz), the core of the Red Hat Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: Updated kernel packages that fix several security issues are now available. The Linux kernel handles the basic functions of the operating system. This update includes fixes for several security issues: A race condition was discovered. Local users could use this flaw to read the environment variables of another process that is still spawning via /proc/.../cmdline. (CAN-2004-1058) An integer overflow was discovered in the vc_resize function. A local user could cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. (CAN-2004-1333) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CAN-2005-0384) A flaw was discovered in ext2 filesystem support. When a new directory is created, the ext2 block written to disk is not initialized, leading to an information leak. (CAN-2005-0400) A flaw in fragment queuing was discovered affecting the netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CAN-2005-0449) The moxa char driver was missing a CAP_SYS_RAWIO check which could allow a local user the ability to do things like replace the firmware. (CAN-2005-0504) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (system crash). (CAN-2005-0749) A flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CAN-2005-0750) Michal Zalewski discovered some flaws in the iso9660 filesystem. These flaws could allow a malicious iso filesystem to cause a DoS or potentially execute arbitrary code if mounted/examined. (CAN-2005-0815) All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Please note that the fix for CAN-2005-0449 required changing the external symbol linkages (kernel module ABI) for the ip_defrag() and ip_ct_gather_frags() functions. Any third-party module using either of these would also need to be fixed. --------------------------------------------------------------------- Changelogs rh73: * Mon Apr 25 2005 Marc Deslauriers 2.4.20-43.7.legacy - Added patch for CAN-2004-1058 proc_pid_cmdline race based on part of the linux-2.4.18-smallpatches.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2004-1333 vtresize based on vtresize from kernel-source-2.4.20.SuSE-133.src.rpm - Added patch for CAN-2005-0384 based on linux-2.4.21-netfixes.patch in kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0400 (ext2 mkdir leak) from bitkeeper (see patch header) - Added patch for CAN-2005-0449 (ipfrag flush) from rediffed linux-2.4.21-ipfrag-flush.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0504 moxy CAP_SYS_RAWIO from Bitkeeper (see patch header) - Added patch for CAN-2005-0749 load_elf_library DoS based on linux-2.4.21-binfmt-elf.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0750 bluetooth security issue based on linux-2.4.21-netfixes.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0815 (isofs range checking flaw) from bitkeeper (see patch header) rh9: * Mon Apr 25 2005 Marc Deslauriers 2.4.20-43.7.legacy - Added patch for CAN-2004-1058 proc_pid_cmdline race based on part of the linux-2.4.18-smallpatches.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2004-1333 vtresize based on vtresize from kernel-source-2.4.20.SuSE-133.src.rpm - Added patch for CAN-2005-0384 based on linux-2.4.21-netfixes.patch in kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0400 (ext2 mkdir leak) from bitkeeper (see patch header) - Added patch for CAN-2005-0449 (ipfrag flush) from rediffed linux-2.4.21-ipfrag-flush.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0504 moxy CAP_SYS_RAWIO from Bitkeeper (see patch header) - Added patch for CAN-2005-0749 load_elf_library DoS based on linux-2.4.21-binfmt-elf.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0750 bluetooth security issue based on linux-2.4.21-netfixes.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0815 (isofs range checking flaw) from bitkeeper (see patch header) fc1: * Tue Apr 26 2005 Marc Deslauriers 2.4.22-1.2199.5.legacy.nptl - Added patch for CAN-2004-1058 proc_pid_cmdline race based on part of the linux-2.4.18-smallpatches.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2004-1333 vtresize based on vtresize from kernel-source-2.4.20.SuSE-133.src.rpm - Added patch for CAN-2005-0384 based on linux-2.4.21-netfixes.patch in kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0400 (ext2 mkdir leak) from bitkeeper (see patch header) - Added patch for CAN-2005-0449 (ipfrag flush) from rediffed linux-2.4.21-ipfrag-flush.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0749 load_elf_library DoS based on linux-2.4.21-binfmt-elf.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0750 bluetooth security issue based on linux-2.4.21-netfixes.patch from kernel-2.4.21-27.0.4.EL.src.rpm - Added patch for CAN-2005-0815 (isofs range checking flaw) from bitkeeper (see patch header) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 33794472a5fa20539f29eb7cc4a1d2e6ce769b06 redhat/7.3/updates-testing/i386/kernel-2.4.20-43.7.legacy.athlon.rpm 230a9443c30eb7d9733c16568a4d937ea2276bd4 redhat/7.3/updates-testing/i386/kernel-2.4.20-43.7.legacy.i386.rpm 17d0026c8cf717ed74be70b25b13da6063ec7e30 redhat/7.3/updates-testing/i386/kernel-2.4.20-43.7.legacy.i586.rpm 5dc8f0385fd068bd2274337989faebc7c6ec1726 redhat/7.3/updates-testing/i386/kernel-2.4.20-43.7.legacy.i686.rpm f286d3c08cf28c9c4a20c950d2eb795c5b5737ff redhat/7.3/updates-testing/i386/kernel-bigmem-2.4.20-43.7.legacy.i686.rpm ddb00a518b2426230fe5e1da5e115691e39f09c8 redhat/7.3/updates-testing/i386/kernel-BOOT-2.4.20-43.7.legacy.i386.rpm 904f2b51aaed8aa96583b7e2bd40365b75cb6faa redhat/7.3/updates-testing/i386/kernel-doc-2.4.20-43.7.legacy.i386.rpm b332b272d0a4854af3131693708c05f39797e9af redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-43.7.legacy.athlon.rpm 933b9cb0ca14334c320c7458f61a700a8e002abd redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-43.7.legacy.i586.rpm 95339a7d9b57381d6a967d7fa0c70675b1c2e34a redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-43.7.legacy.i686.rpm c054c08870c77ce47030511ebfc35566fcd216f5 redhat/7.3/updates-testing/i386/kernel-source-2.4.20-43.7.legacy.i386.rpm c7b8495a1c84cdcf22bf99748e1346614777cdba redhat/7.3/updates-testing/SRPMS/kernel-2.4.20-43.7.legacy.src.rpm rh9: 06664b11750a20c552ef4f9f391976429335516e redhat/9/updates-testing/i386/kernel-2.4.20-43.9.legacy.athlon.rpm 523c7336e869cc3aac6356b838eb3e7458f7b471 redhat/9/updates-testing/i386/kernel-2.4.20-43.9.legacy.i386.rpm 66a5186361dcdb4cb4c8c1dccb63e56d11a14f58 redhat/9/updates-testing/i386/kernel-2.4.20-43.9.legacy.i586.rpm a138ce79569e85745c9cc2e352ec03c32d048de5 redhat/9/updates-testing/i386/kernel-2.4.20-43.9.legacy.i686.rpm e595403bc87b08c1dd4090de032bf7d9b4400a67 redhat/9/updates-testing/i386/kernel-bigmem-2.4.20-43.9.legacy.i686.rpm ec99c85958ab259128855cc1b0be74c83e6e3f0e redhat/9/updates-testing/i386/kernel-BOOT-2.4.20-43.9.legacy.i386.rpm 536fa79aa0a5f02e9f8b54c5c88e5a429dbdb114 redhat/9/updates-testing/i386/kernel-doc-2.4.20-43.9.legacy.i386.rpm b16cc40913f423d5c8adbcf755c07621d42b1df0 redhat/9/updates-testing/i386/kernel-smp-2.4.20-43.9.legacy.athlon.rpm 8db2f89803e02ee40af386e192813c3441d9ef12 redhat/9/updates-testing/i386/kernel-smp-2.4.20-43.9.legacy.i586.rpm 9665eda39738126699e2e999c5563e47826270c8 redhat/9/updates-testing/i386/kernel-smp-2.4.20-43.9.legacy.i686.rpm 6a61f8971a1ba0f51399956aed24789065ece2b4 redhat/9/updates-testing/i386/kernel-source-2.4.20-43.9.legacy.i386.rpm 35d0fc7714b2c0274b6af35996c26335ea8d3555 redhat/9/updates-testing/SRPMS/kernel-2.4.20-43.9.legacy.src.rpm fc1: e1dd5d1ee6ba69871dd06ce679734eadf5c4c9ed fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.5.legacy.nptl.athlon.rpm 23a4afe07cd72f23b429730c32f88f5fe92e8f6f fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.5.legacy.nptl.i586.rpm 5da916582b12a4625e54eb0cfb3d200dbeb5360b fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.5.legacy.nptl.i686.rpm fbdf463056180fd41abe4d8afc165d187163390d fedora/1/updates-testing/i386/kernel-BOOT-2.4.22-1.2199.5.legacy.nptl.i386.rpm 03298f9d3057661b2912fefa73cde94c42d2377e fedora/1/updates-testing/i386/kernel-doc-2.4.22-1.2199.5.legacy.nptl.i386.rpm 2419d19c66420c55a50ca82d0ef41aaab7992136 fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.athlon.rpm 8dcd88461c7922a07b7c1bad054b480a997828ea fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.i586.rpm c95bddfc477c11c46d562c3bd28f407ebdcd8ae3 fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.5.legacy.nptl.i686.rpm 0fe3402917235049865cedc80ad5eb72c1984df2 fedora/1/updates-testing/i386/kernel-source-2.4.22-1.2199.5.legacy.nptl.i386.rpm cfb0d7b297116b99ef08a30d7d9fef0c9e24a490 fedora/1/updates-testing/SRPMS/kernel-2.4.22-1.2199.5.legacy.nptl.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Mon May 2 11:57:20 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 02 May 2005 07:57:20 -0400 Subject: Fedora Legacy Test Update Notification: sharutils Message-ID: <427615A0.8060605@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-154991 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154991 2005-05-02 --------------------------------------------------------------------- Name : sharutils 7.3 Version : sharutils-4.2.1-12.7.x.1.legacy 9 Version : sharutils-4.2.1-16.9.2.legacy fc1 Version : sharutils-4.2.1-17.3.legacy fc2 Version : sharutils-4.2.1-18.3.FC2.legacy Summary : The GNU shar utilities for managing shell archives. Description : The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files (in binary or text format) in a special plain text format called shell archives (shar). This format can be sent through email (which can be problematic for regular binary files). The shar utility supports a wide range of capabilities (compressing, uuencoding, splitting long files for multi-part mailings, providing checksums), which make it very flexible. After the files have been sent, the unshar tool scans mail messages looking for shar files. Unshar automatically strips off mail headers and introductory text and then unpacks the shar files. --------------------------------------------------------------------- Update Information: Updated packages for sharutils which fix a security vulnerability are now available. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A bug was found in the way unshar creates temporary files. A local user could use symlinks to overwrite arbitrary files the victim running unshar has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0990 to this issue. All users of sharutils should upgrade to these packages, which resolve this issue. --------------------------------------------------------------------- Changelogs: rh73: * Sat Apr 16 2005 Marc Deslauriers 4.2.1-12.7.x.1.legacy - Added security fix for CAN-2005-0990 rh9: * Sun Apr 17 2005 Marc Deslauriers 4.2.1-16.9.2.legacy - Added security fix for CAN-2005-0990 fc1: * Sat Apr 16 2005 Marc Deslauriers 4.2.1-17.3.legacy - Added security fix for CAN-2005-0990 fc2: * Sun May 01 2005 Marc Deslauriers 4.2.1-18.3.FC2.legacy - Added missing gettext and mailx BuildRequires * Sun Apr 17 2005 Marc Deslauriers 4.2.1-18.2.FC2.legacy - Added security fix for CAN-2005-0990 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 2e1dfc02e869e5f6ecd740ff6191e87af555f577 redhat/7.3/updates-testing/i386/sharutils-4.2.1-12.7.x.1.legacy.i386.rpm a8e1c4190b1482cb6f4ec10f6339e68a854c5fbc redhat/7.3/updates-testing/SRPMS/sharutils-4.2.1-12.7.x.1.legacy.src.rpm 00132d8850d0db03c6adae00ecece7c99de20223 redhat/9/updates-testing/i386/sharutils-4.2.1-16.9.2.legacy.i386.rpm 715cf1cc13d0a99c379466299d67a0028bbc29c8 redhat/9/updates-testing/SRPMS/sharutils-4.2.1-16.9.2.legacy.src.rpm 000778eae9c2f079a98f5579669eecf841fba6c7 fedora/1/updates-testing/i386/sharutils-4.2.1-17.3.legacy.i386.rpm 3e2f5b5babcd978e4d1ef96af504f8ee6eb50fdc fedora/1/updates-testing/SRPMS/sharutils-4.2.1-17.3.legacy.src.rpm 1211acde10ecca361e1ac19e72a82fd6dcda10f4 fedora/2/updates-testing/i386/sharutils-4.2.1-18.3.FC2.legacy.i386.rpm 08292d722a234c43a4fd9f0c24c33e36da8a35ed fedora/2/updates-testing/SRPMS/sharutils-4.2.1-18.3.FC2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Mon May 2 11:57:38 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 02 May 2005 07:57:38 -0400 Subject: Fedora Legacy Test Update Notification: mysql Message-ID: <427615B2.3040707@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152925 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152925 2005-05-02 --------------------------------------------------------------------- Name : mysql Versions : rh7.3: mysql-3.23.58-1.73.6.legacy Versions : rh9: mysql-3.23.58-1.90.6.legacy Versions : fc1: mysql-3.23.58-4.4.legacy Summary : The MySQL server and related files. Description : MySQL is a true multi-user, multi-threaded SQL database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs and libraries. This package contains the MySQL server and some accompanying files and directories. --------------------------------------------------------------------- Update Information: Updated mysql packages that fix various security issues are now available. MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL server. Stefano Di Paola discovered two bugs in the way MySQL handles user- defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0709 and CAN-2005-0710 to these issues. Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0711 to this issue. All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Apr 13 2005 Marc Deslauriers 3.23.58-1.73.6.legacy - Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 - Fix init script to not need a valid username for startup check - Don't assume /etc/my.cnf will specify pid-file - add sleep to mysql.init restart(); rh9: * Wed Apr 13 2005 Marc Deslauriers 3.23.58-1.90.6.legacy - Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 - Fix init script to not need a valid username for startup check - Don't assume /etc/my.cnf will specify pid-file - add sleep to mysql.init restart(); fc1: * Wed Apr 13 2005 Marc Deslauriers 3.23.58-4.4.legacy - Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 - Fix init script to not need a valid username for startup check - Don't assume /etc/my.cnf will specify pid-file - add sleep to mysql.init restart(); --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 6b9ad2acc6eaaebeef935feb6e32b1e59f8d1e94 redhat/7.3/updates-testing/i386/mysql-3.23.58-1.73.6.legacy.i386.rpm 090bce8a56c5cc7fedbca223925eb9d15dca5cd5 redhat/7.3/updates-testing/i386/mysql-devel-3.23.58-1.73.6.legacy.i386.rpm 8d8565f44b2de5f7d36274803d04e4b06e2abf81 redhat/7.3/updates-testing/i386/mysql-server-3.23.58-1.73.6.legacy.i386.rpm 1d8f01787f7824c2d2638c8e48e9e8c03d7c0c28 redhat/7.3/updates-testing/SRPMS/mysql-3.23.58-1.73.6.legacy.src.rpm rh9: c838b40be12cd10b40f4b2c7e4c14c368734da23 redhat/9/updates-testing/i386/mysql-3.23.58-1.90.6.legacy.i386.rpm dc86a50ecfef42f4f85aaf798f84beea0bf656fa redhat/9/updates-testing/i386/mysql-devel-3.23.58-1.90.6.legacy.i386.rpm dc24c3c52eeb2874b3547b0d2347e214b321da02 redhat/9/updates-testing/i386/mysql-server-3.23.58-1.90.6.legacy.i386.rpm 4f713ffcf56fd07d19e12f291a87a4feea6fbd23 redhat/9/updates-testing/SRPMS/mysql-3.23.58-1.90.6.legacy.src.rpm fc1: ed3ddb39dbadf121a87348c9b7cfb3d6fc3917c4 fedora/1/updates-testing/i386/mysql-3.23.58-4.4.legacy.i386.rpm 3c57f554ed37cbb29e05773c1527f389f4601b16 fedora/1/updates-testing/i386/mysql-bench-3.23.58-4.4.legacy.i386.rpm d08b91055dae251b192de109a453a4bbe03828c9 fedora/1/updates-testing/i386/mysql-devel-3.23.58-4.4.legacy.i386.rpm 950b5116ba77127478cb02d5a9b7e23711376daf fedora/1/updates-testing/i386/mysql-server-3.23.58-4.4.legacy.i386.rpm 56257305e480c2db1669de92024033f7bb9f1702 fedora/1/updates-testing/SRPMS/mysql-3.23.58-4.4.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Mon May 2 11:57:56 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 02 May 2005 07:57:56 -0400 Subject: Fedora Legacy Test Update Notification: gaim Message-ID: <427615C4.4030709@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152916 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152916 2005-05-02 --------------------------------------------------------------------- Name : gaim 7.3 Version : gaim-1.2.1-0.73.2.legacy 9 Version : gaim-1.2.1-0.90.2.legacy fc1 Version : gaim-1.2.1-1.fc1.1.legacy Summary : A GTK+ clone of the AOL Instant Messenger client. Description : Gaim is a clone of America Online's Instant Messenger client. It features nearly all of the functionality of the official AIM client while also being smaller, faster, and commercial-free. --------------------------------------------------------------------- Update Information: An updated gaim package that fixes various security issues as well as a number of bugs is now available. The Gaim application is a multi-protocol instant messaging client. Two HTML parsing bugs were discovered in Gaim. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to these issues. A bug in the way Gaim processes SNAC packets was discovered. It is possible that a remote attacker could send a specially crafted SNAC packet to a Gaim client, causing the client to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472 to this issue. A buffer overflow bug was found in the way gaim escapes HTML. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0965 to this issue. A bug was found in several of gaim's IRC processing functions. These functions fail to properly remove various markup tags within an IRC message. It is possible that a remote attacker could send a specially crafted message to a Gaim client connected to an IRC server, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0966 to this issue. A bug was found in gaim's Jabber message parser. It is possible for a remote Jabber user to send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0967 to this issue. Additionally, various client crashes, memory leaks, and protocol issues have been resolved. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 1.2.1 and is not vulnerable to these issues. --------------------------------------------------------------------- 7.3 changelog: * Sun May 01 2005 Marc Deslauriers 1.2.1-0.73.2.legacy - Added fix for perl plugin * Sat Apr 16 2005 Marc Deslauriers 1.2.1-0.73.1.legacy - Updated to 1.2.1 to fix security issues - Added CVS backport patches from RHEL * Thu Mar 10 2005 Marc Deslauriers 1.1.4-0.73.1.legacy - Updated to 1.1.4 to fix security issues - Added CVS backport patches from RHEL 9 changelog: * Sun May 01 2005 Marc Deslauriers 1:1.2.1-0.90.2.legacy - Added fix and reactivated perl plugin * Fri Apr 15 2005 Marc Deslauriers 1:1.2.1-0.90.1.legacy - Rebuilt as Fedora Legacy rh9 security update - Added mozilla-nspr-devel and mozilla-nss BuildRequires - Reverted to rh9-style desktop file - Disabled PIE patch fc1 changelog: * Fri Apr 15 2005 Marc Deslauriers 1:1.2.1-1.fc1.1.legacy - Rebuilt as Fedora Legacy FC1 security update --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 70712d44b9190d1ee829674e646453fc22fadf55 redhat/7.3/updates-testing/i386/gaim-1.2.1-0.73.2.legacy.i386.rpm adf46f079446e6d8991bdc24ebb3f711e81f82cb redhat/7.3/updates-testing/SRPMS/gaim-1.2.1-0.73.2.legacy.src.rpm 3312e74638ea74b1581426097037f738c6dec7e1 redhat/9/updates-testing/i386/gaim-1.2.1-0.90.2.legacy.i386.rpm f0c12bb9aa51a701954f86cddb1dfa9136d0ca12 redhat/9/updates-testing/SRPMS/gaim-1.2.1-0.90.2.legacy.src.rpm c49100adede08301fd65f40d884c12c6c5e183f7 fedora/1/updates-testing/i386/gaim-1.2.1-1.fc1.1.legacy.i386.rpm bda6c9aa95776128a907517fe3e73913d90cafb6 fedora/1/updates-testing/SRPMS/gaim-1.2.1-1.fc1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Mon May 2 11:58:23 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 02 May 2005 07:58:23 -0400 Subject: Fedora Legacy Test Update Notification: php Message-ID: <427615DF.4000608@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-155505 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155505 2005-05-02 --------------------------------------------------------------------- Name : php Versions : rh7.3: php-4.1.2-7.3.17.legacy Versions : rh9: php-4.2.2-17.14.legacy Versions : fc1: php-4.3.11-1.fc1.1.legacy Versions : fc2: php-4.3.11-1.fc2.1.legacy Summary : The PHP HTML-embedded scripting language. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: Updated PHP packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue. A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue. The security fixes to the "unserializer" code in the previous release introduced some performance issues. A bug fix for that issue is also included in this update. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues. --------------------------------------------------------------------- 7.3 changelog: * Sun Apr 24 2005 Marc Deslauriers 4.1.2-7.3.17.legacy - Added security patch for CAN-2005-0524 and CAN-2005-0525 9 changelog: * Sat Apr 23 2005 Marc Deslauriers 4.2.2-17.14.legacy - Updated CAN-2004-1019 security patch to backported unserializer from 4.3.11 to fix performance regressions * Sat Apr 23 2005 Marc Deslauriers 4.2.2-17.13.legacy - Added security patches for CAN-2005-0524, CAN-2005-0525, CAN-2005-1042 and CAN-2005-1043 fc1 changelog: * Fri Apr 22 2005 Marc Deslauriers 4.3.11-1.fc1.1.legacy - update to 4.3.11 to fix security issues and extreme unserializer slowdown caused by update to 4.3.10 (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043) - snmp: disable MSHUTDOWN function to prevent error_log noise - revert default php.ini changes since 4.3.10 - restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP - remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect - don't configure with --enable-safe-mode (RH #148969) - install gd headers (RH #145891) - bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball) - Removed LDAP patch which is now included in 4.3.11 fc2 changelog: * Fri Apr 22 2005 Marc Deslauriers 4.3.11-1.fc2.1.legacy - update to 4.3.11 to fix security issues and extreme unserializer slowdown caused by update to 4.3.10 (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043) - snmp: disable MSHUTDOWN function to prevent error_log noise - revert default php.ini changes since 4.3.10 - restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP - remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect - don't configure with --enable-safe-mode (RH #148969) - install gd headers (RH #145891) - bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 422f8a972c62b1aa1d79e9f96cc39446852eb589 redhat/7.3/updates-testing/i386/php-4.1.2-7.3.17.legacy.i386.rpm 7c6d48ebbfb96004baee8515ae9517dcf500f43c redhat/7.3/updates-testing/i386/php-devel-4.1.2-7.3.17.legacy.i386.rpm 8f1837ee66212ede899189e09edf25d903a7e133 redhat/7.3/updates-testing/i386/php-imap-4.1.2-7.3.17.legacy.i386.rpm 79d4f45a887ce9df8232911f5aab6bf5bd77369d redhat/7.3/updates-testing/i386/php-ldap-4.1.2-7.3.17.legacy.i386.rpm 63edb9b27730ad5c782484cf4757905140ece1c2 redhat/7.3/updates-testing/i386/php-manual-4.1.2-7.3.17.legacy.i386.rpm 39b40cb4bae1374335cf7f82fbfa02501a4ed630 redhat/7.3/updates-testing/i386/php-mysql-4.1.2-7.3.17.legacy.i386.rpm 51d4baf10b3bc132ba9205aa6cd35615041c33bd redhat/7.3/updates-testing/i386/php-odbc-4.1.2-7.3.17.legacy.i386.rpm 42a557e7f68f290a6cf21de4c2ad1f7fe97cf763 redhat/7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.17.legacy.i386.rpm 5753d915ad5d32c14cbbaea33a7f35a3b5b908d3 redhat/7.3/updates-testing/i386/php-snmp-4.1.2-7.3.17.legacy.i386.rpm 576f29104b946e3773d4c7b77de5b80a942a0678 redhat/7.3/updates-testing/SRPMS/php-4.1.2-7.3.17.legacy.src.rpm bd793f717cca20745ab9c67cb6a7b4bcebe46d93 redhat/9/updates-testing/i386/php-4.2.2-17.14.legacy.i386.rpm 8df50f63c5d3525a4359a72587c6b902d8a3325f redhat/9/updates-testing/i386/php-devel-4.2.2-17.14.legacy.i386.rpm 665060794635ded7a76eaccb46cd09ffd04900ea redhat/9/updates-testing/i386/php-imap-4.2.2-17.14.legacy.i386.rpm 8b34f184aba7260a8eac2708e12e906c877c10cd redhat/9/updates-testing/i386/php-ldap-4.2.2-17.14.legacy.i386.rpm 1450f499aeac4db7d0d8c258b72d2f4c31747012 redhat/9/updates-testing/i386/php-manual-4.2.2-17.14.legacy.i386.rpm 37cb28e9531af331954903f6b8df8509aa962a5c redhat/9/updates-testing/i386/php-mysql-4.2.2-17.14.legacy.i386.rpm aa0378307ef06cd7f3464e59f4153d11d1d372f5 redhat/9/updates-testing/i386/php-odbc-4.2.2-17.14.legacy.i386.rpm 00b4e55c27460abaa6d02019d7b40a73d5bdd913 redhat/9/updates-testing/i386/php-pgsql-4.2.2-17.14.legacy.i386.rpm 8b9cf1cdafdf8f1afa9587c1f180d685632c1c65 redhat/9/updates-testing/i386/php-snmp-4.2.2-17.14.legacy.i386.rpm 7bf7cf164de61276adf952694ee7c7d2fb86ea2e redhat/9/updates-testing/SRPMS/php-4.2.2-17.14.legacy.src.rpm ca0fa574e713f27e91548a2e3e4dc2e8b087ff47 fedora/1/updates-testing/i386/php-4.3.11-1.fc1.1.legacy.i386.rpm 53c419397f8f3f7625503afd8ab1a8ca0d65a197 fedora/1/updates-testing/i386/php-devel-4.3.11-1.fc1.1.legacy.i386.rpm 72d65111cbaf7fb56ed879ee4278602e84868540 fedora/1/updates-testing/i386/php-domxml-4.3.11-1.fc1.1.legacy.i386.rpm fe8216746096b3a6070d43659944c158df23d1a9 fedora/1/updates-testing/i386/php-imap-4.3.11-1.fc1.1.legacy.i386.rpm fb6f8fb5dd77f0dc5f58b85f26e25b5520366ca6 fedora/1/updates-testing/i386/php-ldap-4.3.11-1.fc1.1.legacy.i386.rpm d36a8ac545d151a20817a95d441d221c36edcb74 fedora/1/updates-testing/i386/php-mbstring-4.3.11-1.fc1.1.legacy.i386.rpm f4d95a5cdb7fcbcdb1391a089a1ca65edf8e0e03 fedora/1/updates-testing/i386/php-mysql-4.3.11-1.fc1.1.legacy.i386.rpm a2a0944dfd1362ad186ab8b345d7e7ab32911a7a fedora/1/updates-testing/i386/php-odbc-4.3.11-1.fc1.1.legacy.i386.rpm 4d4546fecefc879004ebbfc596cd109f4d144ba7 fedora/1/updates-testing/i386/php-pgsql-4.3.11-1.fc1.1.legacy.i386.rpm 5d968e87611c5dce727a492f149b3583e1588e30 fedora/1/updates-testing/i386/php-snmp-4.3.11-1.fc1.1.legacy.i386.rpm 22a069541240a9ab4f9fe62887cd7ea45d961238 fedora/1/updates-testing/i386/php-xmlrpc-4.3.11-1.fc1.1.legacy.i386.rpm 08203f404d05ab58128b8b12c8b5a8e5ac53b34e fedora/1/updates-testing/SRPMS/php-4.3.11-1.fc1.1.legacy.src.rpm cf87d547555b25bec6bdbbacaed09bf59116462a fedora/2/updates-testing/i386/php-4.3.11-1.fc2.1.legacy.i386.rpm 8d0e85bb8608c0aaa67c0cd93fad51918504dca1 fedora/2/updates-testing/i386/php-devel-4.3.11-1.fc2.1.legacy.i386.rpm c34306f2c178aca2d40a2fb02ab92951481d7965 fedora/2/updates-testing/i386/php-domxml-4.3.11-1.fc2.1.legacy.i386.rpm d67efa4111be3ab2c11556981f3e21ef035c6bf2 fedora/2/updates-testing/i386/php-imap-4.3.11-1.fc2.1.legacy.i386.rpm 6a838167ef82524e12cea8ec4b663bfa463be127 fedora/2/updates-testing/i386/php-ldap-4.3.11-1.fc2.1.legacy.i386.rpm c15e35d8dd28b9092e857146cb971649e1e6e2d3 fedora/2/updates-testing/i386/php-mbstring-4.3.11-1.fc2.1.legacy.i386.rpm 8b8efb2dbf87e833c45fd18969eccfd82e6c0af0 fedora/2/updates-testing/i386/php-mysql-4.3.11-1.fc2.1.legacy.i386.rpm 68d579b5386545f37ef5f7ba9ad74b556b952b20 fedora/2/updates-testing/i386/php-odbc-4.3.11-1.fc2.1.legacy.i386.rpm efcf302bcaf1fbddd592140b8ed1401629654df7 fedora/2/updates-testing/i386/php-pear-4.3.11-1.fc2.1.legacy.i386.rpm 620540f63830340a425943cc2ca6b4ca20853e07 fedora/2/updates-testing/i386/php-pgsql-4.3.11-1.fc2.1.legacy.i386.rpm 212356f439acd229b7fd7ba82c9dab2acae06620 fedora/2/updates-testing/i386/php-snmp-4.3.11-1.fc2.1.legacy.i386.rpm a181288b9b5994b9334c3b7204d43f3e0a65e7d4 fedora/2/updates-testing/i386/php-xmlrpc-4.3.11-1.fc2.1.legacy.i386.rpm ae4b48eb0ff02f4577b1d42facd0821279b11510 fedora/2/updates-testing/SRPMS/php-4.3.11-1.fc2.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Mon May 2 11:58:44 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 02 May 2005 07:58:44 -0400 Subject: Fedora Legacy Test Update Notification: openoffice.org Message-ID: <427615F4.6070902@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-154988 2005-05-02 --------------------------------------------------------------------- Name : openoffice.org Versions : rh9: openoffice-1.0.2-11.2.legacy Versions : fc1: openoffice.org-1.1.0-16.2.legacy Versions : fc2: openoffice.org-1.1.3-11.4.0.fc2 Summary : OpenOffice.org comprehensive office suite. Description : OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. --------------------------------------------------------------------- Update Information: Updated openoffice.org packages that fix two security issues are now available. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Secunia Research reported an issue with the handling of temporary files. A malicious local user could use this flaw to access the contents of another user's open documents. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0752 to this issue. A heap based buffer overflow bug was found in the OpenOffice.org DOC file processor. An attacker could create a carefully crafted DOC file in such a way that it could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to this issue. All users of OpenOffice.org are advised to upgrade to these updated packages which contain backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh9: * Fri Apr 15 2005 Dan Williams 1.0.2-11.2.legacy - Fix CAN-2005-0941 (remove heap overflow vulnerability (bad .doc file can exec arbitrary code)) (RH BZ #154989) * Fri Sep 17 2004 Marc Deslauriers 1.0.2-11.1.legacy - Fix CAN-2004-0752 (tempfile permissions allow everyone to read data) (RH BZ #152784) fc1: * Thu Apr 14 2005 Dan Williams - 1.1.0-16.2.legacy - Fix CAN-2005-0941 (sot module overflow in .doc parsing) * Thu Sep 23 2004 Rob Myers 1.1.0-16.1.legacy - Fix CAN-2004-0752 (tempfile permissions allow everyone to read data) (RH #130132) with patch from 1.1.0-16.14 - fix "Freetype creeps in somehow", could probably be removed fc2: * Tue Apr 12 2005 Dan Williams - 1.1.3-11 - Fix CAN-2005-0941 (sot module overflow in .doc parsing) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 8b3935db6ed8864aa0839971c272eacd4cb46963 redhat/9/updates-testing/i386/openoffice-1.0.2-11.2.legacy.i386.rpm b3bbc948ec2c261fe0b44bc5f6ffd0d38243c241 redhat/9/updates-testing/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm fc5a82e620de2fd69f3327382a44c6159c73087d redhat/9/updates-testing/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm b71dd5e5630c2967e78d4e9339075d736b6b6773 redhat/9/updates-testing/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm e93f1b81c245b1d5168256b24aa8c82f6dacb2da fedora/1/updates-testing/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm 1adaa0cf3764aaef0cd8a9597d24f217ee547d0a fedora/1/updates-testing/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm 2ebd3693673e0320c2d6407696949cf0fef2b9b3 fedora/1/updates-testing/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm d9ca1a29721ad845db6de1a01c6096163e54078d fedora/1/updates-testing/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm a28d80af75d648060587326ef3872a240e339b87 fedora/2/updates-testing/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm ff7f301dfedbb042810991928ec59aee83c2b12e fedora/2/updates-testing/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm ed14c1e035b9a1fa44b1c16812bae81894d74828 fedora/2/updates-testing/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm 06e156914d032b19deb05c27da73fd6901b45fe5 fedora/2/updates-testing/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm a003e78128a72b0d297d0fdb5faf5e1793cd02e6 fedora/2/updates-testing/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm --------------------------------------------------------------------- Bugzilla rh9: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154989 fc1: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154988 fc2: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154742 --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From pekkas at netcore.fi Tue May 3 16:53:35 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Tue, 3 May 2005 19:53:35 +0300 (EEST) Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050501125818.A23250@mail.harddata.com> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> Message-ID: On Sun, 1 May 2005, Michal Jaegermann wrote: > On Sun, May 01, 2005 at 09:36:57AM +0300, Pekka Savola wrote: >> See for example: >> >> http://netcore.fi/pekkas/buglist.html >> >> The scripts are attached. > > If you will filter an output of 'fetch-bugzilla.pl' by > an attached script then resulting tables are sorted in a numerical > ascending order by bug id's. Easy to add in 'create-buglist.sh' > or one can pipe through a subprocess in 'fetch-bugzilla.pl' > before showing results. Actually, I took a bit more look at this, and this isn't necessary -- you can ask the bugzilla to sort the results in any manner you want. However, I think even better sorting criterium might be "last changed". That shows the bad apples which haven't progressed very much.. I've also tailored the column listing, taking out some unnecessary ones, adding a couple that seemed very useful. The table is a bit noisy now because some summary lines are obscenely long so it wraps to two lines, and the full list of all CVEs could probably be somewhere else. But it's still readable. Take a look at (revised): http://netcore.fi/pekkas/buglist.html The script no longer relies on those tinyurls; I also cleaned up the search string slightly so it can be manually adjusted. I dropped the generic search for "LEGACY"; if someone can figure a keyword search which would include that but exclude the rest, it could be OK. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------- next part -------------- A non-text attachment was scrubbed... Name: create-buglist.sh Type: application/x-sh Size: 2251 bytes Desc: URL: From mattdm at mattdm.org Tue May 3 17:23:00 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Tue, 3 May 2005 13:23:00 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> Message-ID: <20050503172300.GA30268@jadzia.bu.edu> On Tue, May 03, 2005 at 07:53:35PM +0300, Pekka Savola wrote: > http://netcore.fi/pekkas/buglist.html This looks really nice -- thanks! One more thing I'd really like to see is separate pages for each release (in addition to the unified one). Anyway can we get this up on fedoralegacy.org? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 76 degrees Fahrenheit. From michal at harddata.com Tue May 3 18:01:58 2005 From: michal at harddata.com (Michal Jaegermann) Date: Tue, 3 May 2005 12:01:58 -0600 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: ; from pekkas@netcore.fi on Tue, May 03, 2005 at 07:53:35PM +0300 References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> Message-ID: <20050503120158.A14453@mail.harddata.com> On Tue, May 03, 2005 at 07:53:35PM +0300, Pekka Savola wrote: > > However, I think even better sorting criterium might be "last > changed". That shows the bad apples which haven't progressed very > much.. I am not so sure. When I am searching for reports then a seemingly random order they show up in listings is a big drag. Even if there is some underlying principle for such sorting it is not apparent and that does not help very much. Opinions? Most likely the best would be to have various different "views". :-) I also would think that "All packages in a need of work" instead of "... needing work" (the same with "discussion") sounds better; but this is a nit. Michal From mattdm at mattdm.org Tue May 3 18:59:25 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Tue, 3 May 2005 14:59:25 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050503120158.A14453@mail.harddata.com> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503120158.A14453@mail.harddata.com> Message-ID: <20050503185925.GA2707@jadzia.bu.edu> On Tue, May 03, 2005 at 12:01:58PM -0600, Michal Jaegermann wrote: > Most likely the best would be to have various different "views". :-) > I also would think that "All packages in a need of work" instead > of "... needing work" (the same with "discussion") sounds better; > but this is a nit. Oooh, nits! Actually "...in need of work" or "...needing work", but not "a need". But best of all, I think, "...which need work". -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 77 degrees Fahrenheit. From rostetter at mail.utexas.edu Tue May 3 18:59:25 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Tue, 3 May 2005 13:59:25 -0500 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050503172300.GA30268@jadzia.bu.edu> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503172300.GA30268@jadzia.bu.edu> Message-ID: <1115146765.18792b285d73f@mail.ph.utexas.edu> Quoting Matthew Miller : > On Tue, May 03, 2005 at 07:53:35PM +0300, Pekka Savola wrote: > > http://netcore.fi/pekkas/buglist.html > > This looks really nice -- thanks! One more thing I'd really like to see is > separate pages for each release (in addition to the unified one). > > Anyway can we get this up on fedoralegacy.org? Once it is finalized, and finds a permanent home, then I'll link to it on the web site. -- Eric Rostetter From mattdm at mattdm.org Tue May 3 20:40:58 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Tue, 3 May 2005 16:40:58 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <1115146765.18792b285d73f@mail.ph.utexas.edu> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503172300.GA30268@jadzia.bu.edu> <1115146765.18792b285d73f@mail.ph.utexas.edu> Message-ID: <20050503204058.GA6280@jadzia.bu.edu> On Tue, May 03, 2005 at 01:59:25PM -0500, Eric Rostetter wrote: > > This looks really nice -- thanks! One more thing I'd really like to see is > > separate pages for each release (in addition to the unified one). > > Anyway can we get this up on fedoralegacy.org? > Once it is finalized, and finds a permanent home, then I'll link to it > on the web site. Can it actually run on the web site, or does it need hosting elsewhere? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 79 degrees Fahrenheit. From jkeating at j2solutions.net Tue May 3 21:40:03 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Tue, 03 May 2005 14:40:03 -0700 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050503204058.GA6280@jadzia.bu.edu> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503172300.GA30268@jadzia.bu.edu> <1115146765.18792b285d73f@mail.ph.utexas.edu> <20050503204058.GA6280@jadzia.bu.edu> Message-ID: <1115156404.5239.5.camel@localhost.localdomain> On Tue, 2005-05-03 at 16:40 -0400, Matthew Miller wrote: > Can it actually run on the web site, or does it need hosting > elsewhere? I don't see why it couldn't run on the website.... I just need the files and whatnot... Although the website is ran via CVS, so this could drop a bit of a wrinkle into things. I guess we could have a page or two that is out of the CVS tree. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From wstockal at compusmart.ab.ca Tue May 3 21:57:16 2005 From: wstockal at compusmart.ab.ca (William Stockall) Date: Tue, 03 May 2005 15:57:16 -0600 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <1115156404.5239.5.camel@localhost.localdomain> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503172300.GA30268@jadzia.bu.edu> <1115146765.18792b285d73f@mail.ph.utexas.edu> <20050503204058.GA6280@jadzia.bu.edu> <1115156404.5239.5.camel@localhost.localdomain> Message-ID: <4277F3BC.2060409@compusmart.ab.ca> Is there some reason these files can't be added to the CVS tree? Will. Jesse Keating wrote: > On Tue, 2005-05-03 at 16:40 -0400, Matthew Miller wrote: > >>Can it actually run on the web site, or does it need hosting >>elsewhere? > > > I don't see why it couldn't run on the website.... I just need the > files and whatnot... Although the website is ran via CVS, so this could > drop a bit of a wrinkle into things. I guess we could have a page or > two that is out of the CVS tree. > > > > ------------------------------------------------------------------------ > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list From jkeating at j2solutions.net Tue May 3 22:17:07 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Tue, 03 May 2005 15:17:07 -0700 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <4277F3BC.2060409@compusmart.ab.ca> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503172300.GA30268@jadzia.bu.edu> <1115146765.18792b285d73f@mail.ph.utexas.edu> <20050503204058.GA6280@jadzia.bu.edu> <1115156404.5239.5.camel@localhost.localdomain> <4277F3BC.2060409@compusmart.ab.ca> Message-ID: <1115158627.5239.14.camel@localhost.localdomain> On Tue, 2005-05-03 at 15:57 -0600, William Stockall wrote: > Is there some reason these files can't be added to the CVS tree? Unless the buglist page is generated on the fly each time people look at that web page, no. There would have to be files to generate the static content that people would view. -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From rostetter at mail.utexas.edu Wed May 4 02:01:00 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Tue, 3 May 2005 21:01:00 -0500 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050503204058.GA6280@jadzia.bu.edu> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503172300.GA30268@jadzia.bu.edu> <1115146765.18792b285d73f@mail.ph.utexas.edu> <20050503204058.GA6280@jadzia.bu.edu> Message-ID: <1115172060.7c8d006ced879@mail.ph.utexas.edu> Quoting Matthew Miller : > On Tue, May 03, 2005 at 01:59:25PM -0500, Eric Rostetter wrote: > > > This looks really nice -- thanks! One more thing I'd really like to see > is > > > separate pages for each release (in addition to the unified one). > > > Anyway can we get this up on fedoralegacy.org? > > Once it is finalized, and finds a permanent home, then I'll link to it > > on the web site. > > Can it actually run on the web site, or does it need hosting elsewhere? That would be up to Jesse to decide (if it can run on the web server or not), since it would require system interaction (cron et al). -- Eric Rostetter From rostetter at mail.utexas.edu Wed May 4 02:10:13 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Tue, 3 May 2005 21:10:13 -0500 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <1115156404.5239.5.camel@localhost.localdomain> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503172300.GA30268@jadzia.bu.edu> <1115146765.18792b285d73f@mail.ph.utexas.edu> <20050503204058.GA6280@jadzia.bu.edu> <1115156404.5239.5.camel@localhost.localdomain> Message-ID: <1115172613.c62e4b9ce0df0@mail.ph.utexas.edu> Quoting Jesse Keating : > On Tue, 2005-05-03 at 16:40 -0400, Matthew Miller wrote: > > Can it actually run on the web site, or does it need hosting > > elsewhere? > > I don't see why it couldn't run on the website.... I just need the > files and whatnot... Sounds fine to me. > Although the website is ran via CVS, so this could > drop a bit of a wrinkle into things. I guess we could have a page or > two that is out of the CVS tree. We already have pages outside it (wiki, download.fedoralegacy.org, etc). So why not one more? Sounds like no big deal to me. Just that anyone wanting to update the scripts would have to go through you (Jesse) or someone else with access to the machines. -- Eric Rostetter From pyz at brama.com Wed May 4 10:57:31 2005 From: pyz at brama.com (Max Pyziur) Date: Wed, 4 May 2005 06:57:31 -0400 (EDT) Subject: Fedora Legacy Test Update Notification: php In-Reply-To: <427615DF.4000608@videotron.ca> References: <427615DF.4000608@videotron.ca> Message-ID: <43244.70.107.57.254.1115204251.squirrel@webmail.brama.com> > --------------------------------------------------------------------- > Fedora Legacy Test Update Notification > FEDORALEGACY-2005-155505 > Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155505 > 2005-05-02 > --------------------------------------------------------------------- > > Name : php > Versions : rh7.3: php-4.1.2-7.3.17.legacy > Versions : rh9: php-4.2.2-17.14.legacy > Versions : fc1: php-4.3.11-1.fc1.1.legacy > Versions : fc2: php-4.3.11-1.fc2.1.legacy > Summary : The PHP HTML-embedded scripting language. > Description : > PHP is an HTML-embedded scripting language. PHP attempts to make it > easy for developers to write dynamically generated webpages. PHP also > offers built-in database integration for several commercial and > non-commercial database management systems, so writing a > database-enabled webpage with PHP is fairly simple. The most common > use of PHP coding is probably as a replacement for CGI scripts. The > mod_php module enables the Apache Web server to understand and process > the embedded PHP language in Web pages. > [...] > fedora/2/updates-testing/i386/php-4.3.11-1.fc2.1.legacy.i386.rpm ^^^^^^^^^^^^^ I take it that these are not production-ready releases? > 8d0e85bb8608c0aaa67c0cd93fad51918504dca1 > Please test and comment in bugzilla. > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list Max Pyziur pyz at brama.com From mark.scott at csuk-solutions.net Wed May 4 10:34:28 2005 From: mark.scott at csuk-solutions.net (Mark Scott) Date: Wed, 04 May 2005 11:34:28 +0100 Subject: Wiki Broken Message-ID: <4278A534.5060302@csuk-solutions.net> A heads up to all, and the maintainer of the Wiki if they don't already know, the Fedora Legacy wiki isn't currently working. http://www.fedoralegacy.org/wiki/ lib/WikiDB/backend/PearDB.php:32: Fatal[256]: Can't connect to database: wikidb_backend_mysql: fatal database error * DB Error: unknown error * ( [nativecode=Commands out of sync; You can't run this command now] ** mysql://legwik:XXXXXXXX at unix(/var/lib/mysql/mysql.sock)/legacywiki) Same problems as seen on 31 Mar 05. -- Mark Scott From mattdm at mattdm.org Wed May 4 12:48:20 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Wed, 4 May 2005 08:48:20 -0400 Subject: Fedora Legacy Test Update Notification: php In-Reply-To: <43244.70.107.57.254.1115204251.squirrel@webmail.brama.com> References: <427615DF.4000608@videotron.ca> <43244.70.107.57.254.1115204251.squirrel@webmail.brama.com> Message-ID: <20050504124820.GA1051@jadzia.bu.edu> On Wed, May 04, 2005 at 06:57:31AM -0400, Max Pyziur wrote: > > fedora/2/updates-testing/i386/php-4.3.11-1.fc2.1.legacy.i386.rpm > ^^^^^^^^^^^^^ > I take it that these are not production-ready releases? > Hence "Test Update Notification" in the subject line. :) The Wiki is currently down, but when it's back up up, check for the process. Basically, these testing packages now need someone (like you, perhaps?) to verify that the testing packages are actually good and to mark that in Bugzilla. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 75 degrees Fahrenheit. From jkeating at j2solutions.net Wed May 4 16:46:33 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 04 May 2005 09:46:33 -0700 Subject: Wiki Broken In-Reply-To: <4278A534.5060302@csuk-solutions.net> References: <4278A534.5060302@csuk-solutions.net> Message-ID: <1115225193.28515.5.camel@jkeating2.hq.pogolinux.com> On Wed, 2005-05-04 at 11:34 +0100, Mark Scott wrote: > A heads up to all, and the maintainer of the Wiki if they don't > already > know, the Fedora Legacy wiki isn't currently working. > > http://www.fedoralegacy.org/wiki/ > > lib/WikiDB/backend/PearDB.php:32: Fatal[256]: Can't connect to > database: > wikidb_backend_mysql: fatal database error > > * DB Error: unknown error > * ( [nativecode=Commands out of sync; You can't run this command > now] ** mysql://legwik:XXXXXXXX at unix > (/var/lib/mysql/mysql.sock)/legacywiki) > > > Same problems as seen on 31 Mar 05. Wiki is back. Looks like mysql and http got stuffed somehow. Business as usual. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From shiva at sewingwitch.com Wed May 4 16:59:41 2005 From: shiva at sewingwitch.com (Kenneth Porter) Date: Wed, 04 May 2005 09:59:41 -0700 Subject: New repository metadata format Message-ID: <382AE7E877C4CB520095C298@[10.0.0.14]> Would it be possible to get the newer yum metadata in the legacy repositories? One of my FC2 systems has the newer yum as RH was maintaining the repodata/repomd.xml stuff. OTOH, if I'm the only one interested in it, I wouldn't place too high a priority on it, as I plan to update to FC4 after it's been out a few weeks. From shurdeek at routehat.org Wed May 4 17:00:15 2005 From: shurdeek at routehat.org (Peter Surda) Date: Wed, 4 May 2005 19:00:15 +0200 Subject: Wiki Broken In-Reply-To: <1115225193.28515.5.camel@jkeating2.hq.pogolinux.com> References: <4278A534.5060302@csuk-solutions.net> <1115225193.28515.5.camel@jkeating2.hq.pogolinux.com> Message-ID: <20050504170014.GO17099@soldats.localdomain> On Wed, May 04, 2005 at 09:46:33AM -0700, Jesse Keating wrote: > Wiki is back. Looks like mysql and http got stuffed somehow. Business > as usual. Did you perhaps autoupdate mysql? ;-) > Jesse Keating RHCE (geek.j2solutions.net) Bye, Peter Surda (Shurdeek) , ICQ 10236103, +436505122023 -- Disclaimer: This E-mail, because of shabby security on the Internet, in no way reflects my thoughts or intentions. It may even not be from me! From jkeating at j2solutions.net Wed May 4 17:10:31 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 04 May 2005 10:10:31 -0700 Subject: Wiki Broken In-Reply-To: <20050504170014.GO17099@soldats.localdomain> References: <4278A534.5060302@csuk-solutions.net> <1115225193.28515.5.camel@jkeating2.hq.pogolinux.com> <20050504170014.GO17099@soldats.localdomain> Message-ID: <1115226631.28515.9.camel@jkeating2.hq.pogolinux.com> On Wed, 2005-05-04 at 19:00 +0200, Peter Surda wrote: > Did you perhaps autoupdate mysql? ;-) > > > Jesse Keating RHCE (geek.j2solutions.net) > Bye, > No. Both http and mysql were running, just not communicating properly. It looked like a few http processes had gotten into a state that didn't want to die. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From jkeating at j2solutions.net Wed May 4 17:11:15 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 04 May 2005 10:11:15 -0700 Subject: New repository metadata format In-Reply-To: <382AE7E877C4CB520095C298@[10.0.0.14]> References: <382AE7E877C4CB520095C298@[10.0.0.14]> Message-ID: <1115226675.28515.11.camel@jkeating2.hq.pogolinux.com> On Wed, 2005-05-04 at 09:59 -0700, Kenneth Porter wrote: > Would it be possible to get the newer yum metadata in the legacy > repositories? One of my FC2 systems has the newer yum as RH was > maintaining > the repodata/repomd.xml stuff. OTOH, if I'm the only one interested in > it, > I wouldn't place too high a priority on it, as I plan to update to > FC4 > after it's been out a few weeks. I can generate the data, however I was told that the latest official FC2 yum did not support the newer metadata. Did you hand update your yum? -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From shiva at sewingwitch.com Wed May 4 18:45:10 2005 From: shiva at sewingwitch.com (Kenneth Porter) Date: Wed, 04 May 2005 11:45:10 -0700 Subject: New repository metadata format In-Reply-To: <1115226675.28515.11.camel@jkeating2.hq.pogolinux.com> References: <382AE7E877C4CB520095C298@[10.0.0.14]> <1115226675.28515.11.camel@jkeating2.hq.pogolinux.com> Message-ID: --On Wednesday, May 04, 2005 10:11 AM -0700 Jesse Keating wrote: > I can generate the data, however I was told that the latest official FC2 > yum did not support the newer metadata. Did you hand update your yum? Yep, I installed the newer yum to get the more efficient metadata representation. (The tricky part was that one has to hand-update any customized yum.conf to include the new /etc/yum.d files, as yum.conf is marked noreplace. But this might have been addressed in more recent packages by a post scriptlet.) Eventually FC3 will move to Legacy and will need this, so effort to set up the mechanism wouldn't be wasted. From jkeating at j2solutions.net Wed May 4 18:53:01 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 04 May 2005 11:53:01 -0700 Subject: New repository metadata format In-Reply-To: References: <382AE7E877C4CB520095C298@[10.0.0.14]> <1115226675.28515.11.camel@jkeating2.hq.pogolinux.com> Message-ID: <1115232781.28515.27.camel@jkeating2.hq.pogolinux.com> On Wed, 2005-05-04 at 11:45 -0700, Kenneth Porter wrote: > > Yep, I installed the newer yum to get the more efficient metadata > representation. (The tricky part was that one has to hand-update any > customized yum.conf to include the new /etc/yum.d files, as yum.conf > is > marked noreplace. But this might have been addressed in more recent > packages by a post scriptlet.) > > Eventually FC3 will move to Legacy and will need this, so effort to > set up > the mechanism wouldn't be wasted. Yeah it's just an extra line in our 'upload' script. It will add a few minutes on our end is all. I'd rather not gen the metadata twice ): -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From dsccable at comcast.net Thu May 5 04:48:14 2005 From: dsccable at comcast.net (David Curry) Date: Thu, 05 May 2005 00:48:14 -0400 Subject: Fedora Legacy Test Update Notification: openoffice.org In-Reply-To: <427615F4.6070902@videotron.ca> References: <427615F4.6070902@videotron.ca> Message-ID: <4279A58E.3080403@comcast.net> Marc Deslauriers wrote: >--------------------------------------------------------------------- >Fedora Legacy Test Update Notification >FEDORALEGACY-2005-154988 >2005-05-02 >--------------------------------------------------------------------- > >Name : openoffice.org >Versions : rh9: openoffice-1.0.2-11.2.legacy >Versions : fc1: openoffice.org-1.1.0-16.2.legacy >Versions : fc2: openoffice.org-1.1.3-11.4.0.fc2 >Summary : OpenOffice.org comprehensive office suite. >Description : >OpenOffice.org is an Open Source, community-developed, multi-platform >office productivity suite. It includes the key desktop applications, >such as a word processor, spreadsheet, presentation manager, formula >editor and drawing program, with a user interface and feature set >similar to other office suites. Sophisticated and flexible, >OpenOffice.org also works transparently with a variety of file >formats, including Microsoft Office. > > > I'm willing to give QA testing a shot on the fc2 openoffice.org package, particularly if it is possible to retain my current oo installation in addition to running the test package. I presume that it is possible to setup a new user and install the test package in that user space without disturbing my existing program/user space. Hints or suggestions on how to proceed are welcome. Dave Curry From pekkas at netcore.fi Thu May 5 06:52:23 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Thu, 5 May 2005 09:52:23 +0300 (EEST) Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050503120158.A14453@mail.harddata.com> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503120158.A14453@mail.harddata.com> Message-ID: On Tue, 3 May 2005, Michal Jaegermann wrote: > On Tue, May 03, 2005 at 07:53:35PM +0300, Pekka Savola wrote: >> >> However, I think even better sorting criterium might be "last >> changed". That shows the bad apples which haven't progressed very >> much.. > > I am not so sure. When I am searching for reports then a seemingly > random order they show up in listings is a big drag. Even if there > is some underlying principle for such sorting it is not apparent and > that does not help very much. Opinions? Yeah, that's a problem. Actually, I can myself see why sorting by the ID would make sense -- those who look for new bugs to work on may remember which bug was the last on the list since they last checked, and if the newer additions always get added to the end, it's the logical place to look at... So, I've reverted back to bug_id based sorting. I also cleaned the text nits, and added an optional switch; if you run the script with '-rhl73', '-rhl9', '-core1', or '-fc2' (core1 is odd enough, but that's what's used..), it'll just list the verify/publishes for that version. Filtering out the rest would be quite a bit more bothersome and I'm not 100% sure whether it's worth it. See: http://netcore.fi/pekkas/buglist.html http://netcore.fi/pekkas/buglist-rhl73.html http://netcore.fi/pekkas/buglist-rhl9.html http://netcore.fi/pekkas/buglist-core1.html http://netcore.fi/pekkas/buglist-fc2.html That should help a bit for folks just focusing on particular versions. HTH, -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------- next part -------------- A non-text attachment was scrubbed... Name: create-buglist.sh Type: application/x-sh Size: 2275 bytes Desc: URL: From mattdm at mattdm.org Thu May 5 12:16:48 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Thu, 5 May 2005 08:16:48 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503120158.A14453@mail.harddata.com> Message-ID: <20050505121648.GA11426@jadzia.bu.edu> On Thu, May 05, 2005 at 09:52:23AM +0300, Pekka Savola wrote: > I also cleaned the text nits, and added an optional switch; if you run > the script with '-rhl73', '-rhl9', '-core1', or '-fc2' (core1 is odd > enough, but that's what's used..), it'll just list the Cool, thanks! -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 74 degrees Fahrenheit. From mattdm at mattdm.org Thu May 5 12:18:07 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Thu, 5 May 2005 08:18:07 -0400 Subject: Fedora Legacy Test Update Notification: openoffice.org In-Reply-To: <4279A58E.3080403@comcast.net> References: <427615F4.6070902@videotron.ca> <4279A58E.3080403@comcast.net> Message-ID: <20050505121807.GB11426@jadzia.bu.edu> On Thu, May 05, 2005 at 12:48:14AM -0400, David Curry wrote: > I'm willing to give QA testing a shot on the fc2 openoffice.org package, > particularly if it is possible to retain my current oo installation in > addition to running the test package. I presume that it is possible to > setup a new user and install the test package in that user space without > disturbing my existing program/user space. That's actually kind of hard. It's possible in theory, but a lot of work. You might as well set up your system to dual boot.... -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 74 degrees Fahrenheit. From marcdeslauriers at videotron.ca Thu May 5 12:21:04 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 05 May 2005 08:21:04 -0400 Subject: Fedora Legacy Test Update Notification: openoffice.org In-Reply-To: <4279A58E.3080403@comcast.net> References: <427615F4.6070902@videotron.ca> <4279A58E.3080403@comcast.net> Message-ID: <1115295665.12003.4.camel@mdlinux> On Thu, 2005-05-05 at 00:48 -0400, David Curry wrote: > > > I'm willing to give QA testing a shot on the fc2 openoffice.org package, > particularly if it is possible to retain my current oo installation in > addition to running the test package. I presume that it is possible to > setup a new user and install the test package in that user space without > disturbing my existing program/user space. I doubt it is possible to install those packages in addition to the ones you are currently using. You'll have to upgrade the ones you are currently using. If anything goes wrong, you can always "rpm -e" the new openoffice.org packages and re-install the older ones. Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From mattdm at mattdm.org Thu May 5 16:06:17 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Thu, 5 May 2005 12:06:17 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503120158.A14453@mail.harddata.com> Message-ID: <20050505160617.GA26975@jadzia.bu.edu> On Thu, May 05, 2005 at 09:52:23AM +0300, Pekka Savola wrote: > http://netcore.fi/pekkas/buglist.html > http://netcore.fi/pekkas/buglist-rhl73.html > http://netcore.fi/pekkas/buglist-rhl9.html > http://netcore.fi/pekkas/buglist-core1.html > http://netcore.fi/pekkas/buglist-fc2.html > That should help a bit for folks just focusing on particular versions. Are you currently regenerating these from cron at all? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 76 degrees Fahrenheit. From pekkas at netcore.fi Thu May 5 17:53:58 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Thu, 5 May 2005 20:53:58 +0300 (EEST) Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: <20050505160617.GA26975@jadzia.bu.edu> References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503120158.A14453@mail.harddata.com> <20050505160617.GA26975@jadzia.bu.edu> Message-ID: On Thu, 5 May 2005, Matthew Miller wrote: > On Thu, May 05, 2005 at 09:52:23AM +0300, Pekka Savola wrote: >> http://netcore.fi/pekkas/buglist.html >> http://netcore.fi/pekkas/buglist-rhl73.html >> http://netcore.fi/pekkas/buglist-rhl9.html >> http://netcore.fi/pekkas/buglist-core1.html >> http://netcore.fi/pekkas/buglist-fc2.html >> That should help a bit for folks just focusing on particular versions. > > Are you currently regenerating these from cron at all? Nope, just manual regeneration now and then.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From mattdm at mattdm.org Thu May 5 18:36:07 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Thu, 5 May 2005 14:36:07 -0400 Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503120158.A14453@mail.harddata.com> <20050505160617.GA26975@jadzia.bu.edu> Message-ID: <20050505183607.GA31530@jadzia.bu.edu> On Thu, May 05, 2005 at 08:53:58PM +0300, Pekka Savola wrote: > >Are you currently regenerating these from cron at all? > Nope, just manual regeneration now and then.. Okay, just curious. Thanks for your work on this -- it's very helpful. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 78 degrees Fahrenheit. From dsccable at comcast.net Thu May 5 18:40:34 2005 From: dsccable at comcast.net (David Curry) Date: Thu, 05 May 2005 14:40:34 -0400 Subject: Fedora Legacy Test Update Notification: openoffice.org In-Reply-To: <1115295665.12003.4.camel@mdlinux> References: <427615F4.6070902@videotron.ca> <4279A58E.3080403@comcast.net> <1115295665.12003.4.camel@mdlinux> Message-ID: <427A68A2.5090603@comcast.net> Mathew, Marc - thanks for the feedback. I will just make sure I have a backup copy of the currently installed version of oo.o and proceed with a QA attempt this weekend. From mattdm at mattdm.org Thu May 5 18:46:46 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Thu, 5 May 2005 14:46:46 -0400 Subject: Fedora Legacy Test Update Notification: openoffice.org In-Reply-To: <427A68A2.5090603@comcast.net> References: <427615F4.6070902@videotron.ca> <4279A58E.3080403@comcast.net> <1115295665.12003.4.camel@mdlinux> <427A68A2.5090603@comcast.net> Message-ID: <20050505184646.GA32103@jadzia.bu.edu> On Thu, May 05, 2005 at 02:40:34PM -0400, David Curry wrote: > Mathew, Marc - thanks for the feedback. I will just make sure I have a > backup copy of the currently installed version of oo.o and proceed with > a QA attempt this weekend. Cool. Thanks for helping out. The risk *should* be low for most packages in this state. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 78 degrees Fahrenheit. From marcdeslauriers at videotron.ca Fri May 6 02:04:06 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 05 May 2005 22:04:06 -0400 Subject: Fedora Legacy Test Update Notification: mozilla Message-ID: <427AD096.7000307@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152883 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152883 2005-05-05 --------------------------------------------------------------------- Name : mozilla Versions : rh7.3: mozilla-1.7.7-0.73.2.legacy Versions : rh9: mozilla-1.7.7-0.90.1.legacy Versions : fc1: mozilla-1.7.7-1.1.2.legacy Versions : fc2: mozilla-1.7.7-1.2.2.legacy Summary : A Web browser. Description : Mozilla is an open-source Web browser, designed for standards compliance, performance, and portability. --------------------------------------------------------------------- Update Information: Updated mozilla packages that fix various bugs are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla sets file permissions when installing XPI packages. It is possible for an XPI package to install some files world readable or writable, allowing a malicious local user to steal information or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0906 to this issue. A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156) iSEC Security Research has discovered a buffer overflow bug in the way Mozilla handles NNTP URLs. If a user visits a malicious web page or is convinced to click on a malicious link, it may be possible for an attacker to execute arbitrary code on the victim's machine. (CAN-2004-1316) A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CAN-2004-1380) A bug was found in the way Mozilla handles certain start tags followed by a NULL character. A malicious web page could cause Mozilla to crash when viewed by a victim. (CAN-2004-1613) A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CAN-2005-0141) Several bugs were found with the way Mozilla handles temporary files. A local user could view sensitive temporary information or delete arbitrary files. (CAN-2005-0142 CAN-2005-0578) Several bugs were found with the way Mozilla displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CAN-2005-0143 CAN-2005-0593) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CAN-2005-0144) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CAN-2005-0146) A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CAN-2005-0147) A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CAN-2005-0149) A bug was found in the Mozilla javascript security manager. If a user drags a malicious link to a tab, the javascript security manager is bypassed, which could result in remote code execution or information disclosure. (CAN-2005-0231) A bug was found in the way Mozilla allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CAN-2005-0233) A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. (CAN-2005-0399) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CAN-2005-0401) Several bugs were found in the way Mozilla displays alert dialogs. It is possible for a malicious webserver or website to trick a user into thinking the dialog window is being generated from a trusted site. (CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0590 CAN-2005-0591) A bug was found in the way Mozilla handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CAN-2005-0588) A bug was found in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. (CAN-2005-0989) A bug was found in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious javascript, the script will be executed with elevated privileges. (CAN-2005-1153) Several bugs were found in the Mozilla javascript engine. A malicious web page could leverage these issues to execute javascript with elevated privileges or steal sensitive information. (CAN-2005-1154 CAN-2005-1155 CAN-2005-1159 CAN-2005-1160) A bug was found in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CAN-2005-1156 CAN-2005-1157) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues. --------------------------------------------------------------------- Changelogs rh7.3: * Tue May 03 2005 Marc Deslauriers 37:1.7.7-0.73.2.legacy - Added missing freetype-devel BuildRequires * Thu Apr 28 2005 Marc Deslauriers 37:1.7.7-0.73.1.legacy - Rebuild as a Fedora Legacy update for Red Hat Linux 7.3 - Fix missing icons in desktop files rh9: * Fri Apr 29 2005 Marc Deslauriers 37:1.7.7-0.90.1.legacy - Rebuilt as a Fedora Legacy update for Red Hat Linux 9 - Disabled desktop-file-utils - Disabled gtk2 - Added missing BuildRequires - Force build with gcc296 to remain compatible with plugins - Added xft font preferences and patch back in - Removed mozilla-compose.desktop fc1: * Wed May 04 2005 Marc Deslauriers 37:1.7.7-1.1.2.legacy - Added missing gnome-vfs2-devel and desktop-file-utils to BuildRequires * Sat Apr 30 2005 Marc Deslauriers 37:1.7.7-1.1.1.legacy - Rebuilt as Fedora Legacy update for Fedora Core 1 - Changed useragent vendor tag to Fedora - Removed Network category from mozilla.desktop fc2: * Tue May 03 2005 Marc Deslauriers 37:1.7.7-1.2.2.legacy - Added missing gnome-vfs2-devel, desktop-file-utils and krb5-devel BuildPrereq * Sat Apr 30 2005 Marc Deslauriers 37:1.7.7-1.2.1.legacy - Rebuilt as a Fedora Legacy update to Fedora Core 2 - Reverted to desktop-file-utils 0.4 - Removed desktop-update-database - Disabled pango support --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 9acd3892e1ec3b272274ed250f630e316e72334c redhat/7.3/updates-testing/i386/mozilla-1.7.7-0.73.2.legacy.i386.rpm bdf6c767bd8d8a1dc74138e8da7c1672b1934764 redhat/7.3/updates-testing/i386/mozilla-chat-1.7.7-0.73.2.legacy.i386.rpm 7168b5bfcd5a090b62464f8b7d82d20bff365ba5 redhat/7.3/updates-testing/i386/mozilla-devel-1.7.7-0.73.2.legacy.i386.rpm 6baa66d77ecbaf4aefcd99e42dbc81dee8b5533b redhat/7.3/updates-testing/i386/mozilla-dom-inspector-1.7.7-0.73.2.legacy.i386.rpm c8fd69f3e6e3a63554382ec412208f74a48ba8fe redhat/7.3/updates-testing/i386/mozilla-js-debugger-1.7.7-0.73.2.legacy.i386.rpm 83a181ed9ecade3c9cb3cd3f64ac7cdd5add9057 redhat/7.3/updates-testing/i386/mozilla-mail-1.7.7-0.73.2.legacy.i386.rpm 904dd59f1b4d5e4426232549848b83a9e407e2ba redhat/7.3/updates-testing/i386/mozilla-nspr-1.7.7-0.73.2.legacy.i386.rpm 3513150062f0d54dfa14f3d4fc320114b72a95ad redhat/7.3/updates-testing/i386/mozilla-nspr-devel-1.7.7-0.73.2.legacy.i386.rpm f56ac87aae05c1530cfc49844f59410ac3db82d9 redhat/7.3/updates-testing/i386/mozilla-nss-1.7.7-0.73.2.legacy.i386.rpm d4a42d185260a6778133dc51beb0098b637306c5 redhat/7.3/updates-testing/i386/mozilla-nss-devel-1.7.7-0.73.2.legacy.i386.rpm 8f731240e4c04d12861836a20ebd51faac33db54 redhat/7.3/updates-testing/SRPMS/mozilla-1.7.7-0.73.2.legacy.src.rpm 265ca0a31dd9a66b3de6364b1a8e0bab108ebedc redhat/7.3/updates-testing/i386/galeon-1.2.14-0.73.2.legacy.i386.rpm 591f6a2ab89ae9b5995cc172017bc8d5b39f0236 redhat/7.3/updates-testing/SRPMS/galeon-1.2.14-0.73.2.legacy.src.rpm rh9: 3d70328b95b7af8ebb4a808ed2c6d58f8d8d3f32 redhat/9/updates-testing/i386/mozilla-1.7.7-0.90.1.legacy.i386.rpm f0602f47ebb9e66a600749832bf68b63787bde35 redhat/9/updates-testing/i386/mozilla-chat-1.7.7-0.90.1.legacy.i386.rpm 005590efef49bb5d39f665d61b335496ca18798d redhat/9/updates-testing/i386/mozilla-devel-1.7.7-0.90.1.legacy.i386.rpm 5a54884ce7108215746ac96668018bdbe2e70494 redhat/9/updates-testing/i386/mozilla-dom-inspector-1.7.7-0.90.1.legacy.i386.rpm 5fd7e6f7145787da6926807ad22a8cddaa14b927 redhat/9/updates-testing/i386/mozilla-js-debugger-1.7.7-0.90.1.legacy.i386.rpm 0ea4683b6d02b6605e7c515ee6c4717ee443eee3 redhat/9/updates-testing/i386/mozilla-mail-1.7.7-0.90.1.legacy.i386.rpm cd8c01029571274c79dc3b0b083a68f61f8276b4 redhat/9/updates-testing/i386/mozilla-nspr-1.7.7-0.90.1.legacy.i386.rpm c043f95965b668bc18adb9a58b8e0f332f295285 redhat/9/updates-testing/i386/mozilla-nspr-devel-1.7.7-0.90.1.legacy.i386.rpm 1b9952e1ae88be813398d47c56ccdb1c6297defb redhat/9/updates-testing/i386/mozilla-nss-1.7.7-0.90.1.legacy.i386.rpm 0048ddbfbccca48c2e3a20d436a8eeaeaa5e7d27 redhat/9/updates-testing/i386/mozilla-nss-devel-1.7.7-0.90.1.legacy.i386.rpm 3ef84161c6d31a0a022e30dccfa38c3e48bfc826 redhat/9/updates-testing/SRPMS/mozilla-1.7.7-0.90.1.legacy.src.rpm f34febaaa2e03ffc62097a8abf977cfa98bce03a redhat/9/updates-testing/i386/galeon-1.2.14-0.90.2.legacy.i386.rpm 72ddc204978e74630ef9cab1e17a80a6a2e06658 redhat/9/updates-testing/SRPMS/galeon-1.2.14-0.90.2.legacy.src.rpm fc1: 57100cb971334d7af508b63786aa08605515ca1c fedora/1/updates-testing/i386/mozilla-1.7.7-1.1.2.legacy.i386.rpm d46f3963c22c7dd5460e5dcb54fe48001b9f2bf0 fedora/1/updates-testing/i386/mozilla-chat-1.7.7-1.1.2.legacy.i386.rpm c1fb6304d59a2b40afb0f897068d4790f7188d58 fedora/1/updates-testing/i386/mozilla-devel-1.7.7-1.1.2.legacy.i386.rpm 2e6e6c51cc5f2ec33ed9da3f3cba5b8894cc41c6 fedora/1/updates-testing/i386/mozilla-dom-inspector-1.7.7-1.1.2.legacy.i386.rpm c341b4c436e57743b14fb535117fd22b0cbec5d9 fedora/1/updates-testing/i386/mozilla-js-debugger-1.7.7-1.1.2.legacy.i386.rpm 7132f5a85829789980a6d3e99dcb8b693c2ca2f5 fedora/1/updates-testing/i386/mozilla-mail-1.7.7-1.1.2.legacy.i386.rpm 97fc2ebf5fac4a9db7515d6ce040f69800d4b76f fedora/1/updates-testing/i386/mozilla-nspr-1.7.7-1.1.2.legacy.i386.rpm 4fc55c563a2dab1acea189205a74a55a3193fd90 fedora/1/updates-testing/i386/mozilla-nspr-devel-1.7.7-1.1.2.legacy.i386.rpm 013b70581b5719c09d31a3cd642c9508326ee785 fedora/1/updates-testing/i386/mozilla-nss-1.7.7-1.1.2.legacy.i386.rpm 0b166a9b048615bed8963512f3c14d0fe2b55df3 fedora/1/updates-testing/i386/mozilla-nss-devel-1.7.7-1.1.2.legacy.i386.rpm 78028c39bd74519585f30c5e9fb1811c17174ae6 fedora/1/updates-testing/SRPMS/mozilla-1.7.7-1.1.2.legacy.src.rpm 288dc1525d58a9bfb547dae233217f8560f793da fedora/1/updates-testing/i386/epiphany-1.0.8-1.fc1.2.legacy.i386.rpm 6d7fc5695a4dc5dfda8061d6f15f5f49d9e0ca25 fedora/1/updates-testing/SRPMS/epiphany-1.0.8-1.fc1.2.legacy.src.rpm fc2: e30cf25bc4833e0b19464b80edc6a40a022d84ec fedora/2/updates-testing/i386/mozilla-1.7.7-1.2.2.legacy.i386.rpm f6272d64f623060b3e3c312a51d9c4cf79517dbf fedora/2/updates-testing/i386/mozilla-chat-1.7.7-1.2.2.legacy.i386.rpm 3de604792b03c9be05094f93dfab05dc4025bf28 fedora/2/updates-testing/i386/mozilla-devel-1.7.7-1.2.2.legacy.i386.rpm be68ea6a7694e26583788619fd2983d79e7de2a0 fedora/2/updates-testing/i386/mozilla-dom-inspector-1.7.7-1.2.2.legacy.i386.rpm 5fb0ec03a8477716720fa5717096f51b947b3fc7 fedora/2/updates-testing/i386/mozilla-js-debugger-1.7.7-1.2.2.legacy.i386.rpm eaad0dd9b651f50a95645a483874e388c8e8d6ff fedora/2/updates-testing/i386/mozilla-mail-1.7.7-1.2.2.legacy.i386.rpm eab0bd24445c45116bb438c3ab039549aeaf9fff fedora/2/updates-testing/i386/mozilla-nspr-1.7.7-1.2.2.legacy.i386.rpm 230443db97ade4cd419149aac9be2647b9d8e1a9 fedora/2/updates-testing/i386/mozilla-nspr-devel-1.7.7-1.2.2.legacy.i386.rpm 93d1521088d28943d1bb8a3f95b9fe33afbb6cce fedora/2/updates-testing/i386/mozilla-nss-1.7.7-1.2.2.legacy.i386.rpm 69f0872295fcc76410236cbdcfa68ad714fd1019 fedora/2/updates-testing/i386/mozilla-nss-devel-1.7.7-1.2.2.legacy.i386.rpm 9ee87c561862efad6914604117ca1b77347ddce2 fedora/2/updates-testing/SRPMS/mozilla-1.7.7-1.2.2.legacy.src.rpm 2a2d210670d354d8640266735d2ce15ca3a6c637 fedora/2/updates-testing/i386/epiphany-1.2.10-0.2.3.legacy.i386.rpm 0b8dcb95ee3ac871fac5adda63cbe1ec62340540 fedora/2/updates-testing/SRPMS/epiphany-1.2.10-0.2.3.legacy.src.rpm 50bab23717bd9e8f80c1f037d89fea75c240404a fedora/2/updates-testing/i386/devhelp-0.9.1-0.2.6.legacy.i386.rpm 19dd014eda39deb1bafdfa34c47a4e81bf9cf880 fedora/2/updates-testing/i386/devhelp-devel-0.9.1-0.2.6.legacy.i386.rpm 1fa21cf570fa5a210594820c17eacfe764df8a52 fedora/2/updates-testing/SRPMS/devhelp-0.9.1-0.2.6.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 6 02:04:58 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 05 May 2005 22:04:58 -0400 Subject: Fedora Legacy Test Update Notification: cvs Message-ID: <427AD0CA.50709@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-155508 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155508 2005-05-05 --------------------------------------------------------------------- Name : cvs Versions : rh73: cvs-1.11.1p1-17.legacy Versions : rh9: cvs-1.11.2-25.legacy Versions : fc1: cvs-1.11.17-1.2.legacy Versions : fc2: cvs-1.11.17-2.2.legacy Summary : A version control system. Description : CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. --------------------------------------------------------------------- Update Information: An updated cvs package that fixes security bugs is now available. CVS (Concurrent Version System) is a version control system. A buffer overflow bug was found in the way the CVS client processes version and author information. If a user can be tricked into connecting to a malicious CVS server, an attacker could execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0753 to this issue. All users of cvs should upgrade to this updated package, which includes a backported patch to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Thu Apr 21 2005 Michal Jaegermann 1.11.1p1-17.legacy - added originally cvs-1.11.17-CAN-2005-0753.patch from cvs-1.11.17-6.FC3 adjusted to 1.11.1p1 (two obvious rejects fixed and changed offsets). rh9: * Thu Apr 21 2005 Marc Deslauriers 1.11.2-25.legacy - add security fix for CAN-2005-0753 fc1: * Mon May 02 2005 Marc Deslauriers 1.11.17-1.2.legacy - added missing vim-minimal, sendmail and tcsh BuildRequires * Thu Apr 21 2005 Marc Deslauriers 1.11.17-1.1.legacy - add security fix CAN-2005-0753 (Derek Price) fc2: * Mon May 02 2005 Marc Deslauriers 1.11.17-2.2.legacy - added missing vim-minimal, sendmail and tcsh BuildRequires * Thu Apr 21 2005 Marc Deslauriers 1.11.17-2.1.legacy - add security fix CAN-2005-0753 (Derek Price) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 44748e23bd996cce24d4ee94f8d690d54c9f02bd redhat/7.3/updates-testing/i386/cvs-1.11.1p1-17.legacy.i386.rpm 742788f35e8aaaa5ea2914cc30138f81ca733720 redhat/7.3/updates-testing/SRPMS/cvs-1.11.1p1-17.legacy.src.rpm rh9: 388ff1fb3678bbe9f548dd0de3b4c34a6b96edd0 redhat/9/updates-testing/i386/cvs-1.11.2-25.legacy.i386.rpm cbe6667d386716c93de98f33f6a0e52ab4b2224f redhat/9/updates-testing/SRPMS/cvs-1.11.2-25.legacy.src.rpm fc1: e88e07e612ef9a98760d7621feb62676c18744c2 fedora/1/updates-testing/i386/cvs-1.11.17-1.2.legacy.i386.rpm 83f4ea1da32946f9d77dd0fc70ea8d8b651b15d3 fedora/1/updates-testing/SRPMS/cvs-1.11.17-1.2.legacy.src.rpm fc2: e939ea46087822a17a68b6997ffd47df6cbe60bd fedora/2/updates-testing/i386/cvs-1.11.17-2.2.legacy.i386.rpm b5fc3ff86a90d18e9515fe151e1915878c2aabf6 fedora/2/updates-testing/SRPMS/cvs-1.11.17-2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 6 02:04:41 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 05 May 2005 22:04:41 -0400 Subject: Fedora Legacy Test Update Notification: gftp Message-ID: <427AD0B9.8040404@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152908 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152908 2005-05-05 --------------------------------------------------------------------- Name : gftp Versions : rh7.3: gftp-2.0.11-2.2.legacy Versions : rh9: gftp-2.0.14-2.2.legacy Versions : fc1: gftp-2.0.17-0.FC1.1.legacy Summary : A multi-threaded FTP client for the X Window System. Description : gFTP is a multi-threaded FTP client for the X Window System. gFTP supports simultaneous downloads, resumption of interrupted file transfers, file transfer queues to allow downloading of multiple files, support for downloading entire directories/subdirectories, a bookmarks menu to allow quick connection to FTP sites, caching of remote directory listings, local and remote chmod, drag and drop, a connection manager, and much more. --------------------------------------------------------------------- Update Information: Updated gftp packages that fix a security issue are now available. gFTP is a multi-threaded FTP client for the X Window System. A directory traversal vulnerability was discovered in gftp. A remote malicious FTP server could read, overwrite or create arbitrary files via .. (dot dot) sequences in the filenames returned from a LIST command. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0372 to this issue. Users of gftp are advised to upgrade to these errata packages, which contain a backported patch correcting this issue. --------------------------------------------------------------------- Changelogs rh73: * Thu May 05 2005 Marc Deslauriers 2.0.11-2.2.legacy - Added missing glib-devel and gtk+-devel to BuildRequires * Wed Mar 09 2005 Marc Deslauriers 2.0.11-2.1.legacy - Added security patch for CAN-2005-0372 rh9: * Thu May 05 2005 Marc Deslauriers 2.0.14-2.2.legacy - Added missing glib-devel, gtk2-devel, desktop-file-utils, ncurses-devel and readline-devel BuildRequires * Wed Mar 09 2005 Marc Deslauriers 2.0.14-2.1.legacy - Added security patch for CAN-2005-0372 fc1: * Wed Mar 09 2005 Marc Deslauriers 2.0.17-0.FC1.1.legacy - Added security patch for CAN-2005-0372 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 49e794d3f8b144e55560c79960cedc487d737bb6 redhat/7.3/updates-testing/i386/gftp-2.0.11-2.2.legacy.i386.rpm 428080cb2efba4e5ad3df31150fc244f13f6b02c redhat/7.3/updates-testing/SRPMS/gftp-2.0.11-2.2.legacy.src.rpm rh9: 3c1812e77892b5a00167a3894983398dc467e262 redhat/9/updates-testing/i386/gftp-2.0.14-2.2.legacy.i386.rpm ddf0ebe73fa8410ac213f6141ca97b3b75e34d5f redhat/9/updates-testing/SRPMS/gftp-2.0.14-2.2.legacy.src.rpm fc1: 93823674913c4796c06d8f4e37895e3573ea17fe fedora/1/updates-testing/i386/gftp-2.0.17-0.FC1.1.legacy.i386.rpm 6d5276c8e90ebf111e907e04602fac5e45624737 fedora/1/updates-testing/SRPMS/gftp-2.0.17-0.FC1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 6 02:05:17 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 05 May 2005 22:05:17 -0400 Subject: Fedora Legacy Test Update Notification: lvm Message-ID: <427AD0DD.4060300@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152842 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152842 2005-05-05 --------------------------------------------------------------------- Name : lvm Versions : rh73: lvm-1.0.3-4.1.legacy Versions : rh9: lvm-1.0.3-12.1.legacy Versions : fc1: lvm-1.0.3-13.1.legacy Summary : Linux Logical Volume Manager utilities. Description : LVM includes all of the support for handling read/write operations on physical volumes (hard disks, RAID-Systems, magneto optical, etc., multiple devices (MD), see mdadd(8) or even loop devices, see losetup(8)), creating volume groups (kind of virtual disks) from one or more physical volumes and creating one or more logical volumes (kind of logical partitions) in volume groups. --------------------------------------------------------------------- Update Information: An updated lvm package that fixes a security flaw is now available. LVM is the Linux Logical Volume Manager utilities. A vulnerability has been reported in LVM, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the "lvmcreate_initrd" script creating temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files on the system with the privileges of the user invoking the vulnerable script. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0972 to this issue. Users of lvm are advised to upgrade to this errata package, which contains a backported patch correcting this issue. --------------------------------------------------------------------- Changelogs rh73: * Sat Mar 05 2005 Marc Deslauriers 1.0.3-4.1.legacy - Added security patch for CAN-2004-0972 rh9: * Sat Mar 05 2005 Marc Deslauriers 1.0.3-12.1.legacy - Added security patch for CAN-2004-0972 fc1: * Sat Mar 05 2005 Marc Deslauriers 1.0.3-13.1.legacy - Added patch for CAN-2004-0972 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 2f33b8e68c37dea86b0059275184d366a1bffddf redhat/7.3/updates-testing/i386/lvm-1.0.3-4.1.legacy.i386.rpm a4d6f9581baf72a6facf9ae2184eddc5c22aa562 redhat/7.3/updates-testing/SRPMS/lvm-1.0.3-4.1.legacy.src.rpm rh9: 3f66e70eef52374a49d9ab4dc87ec1ada14dec32 redhat/9/updates-testing/i386/lvm-1.0.3-12.1.legacy.i386.rpm 3b852bbe5291bb43910920b51612b087bf8603aa redhat/9/updates-testing/SRPMS/lvm-1.0.3-12.1.legacy.src.rpm fc1: 9378ae503e4d43934813b93951160ed705f41cd3 fedora/1/updates-testing/i386/lvm-1.0.3-13.1.legacy.i386.rpm 0d3176879d28e673fc18158d643870b1acf367fd fedora/1/updates-testing/SRPMS/lvm-1.0.3-13.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 6 02:05:39 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 05 May 2005 22:05:39 -0400 Subject: Fedora Legacy Test Update Notification: sharutils Message-ID: <427AD0F3.3040305@videotron.ca> The rh73 packages had a version bump so they would upgrade the previous release properly. --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-154991 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154991 2005-05-05 --------------------------------------------------------------------- Name : sharutils 7.3 Version : sharutils-4.2.1-12.8.legacy 9 Version : sharutils-4.2.1-16.9.2.legacy fc1 Version : sharutils-4.2.1-17.3.legacy fc2 Version : sharutils-4.2.1-18.3.FC2.legacy Summary : The GNU shar utilities for managing shell archives. Description : The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files (in binary or text format) in a special plain text format called shell archives (shar). This format can be sent through email (which can be problematic for regular binary files). The shar utility supports a wide range of capabilities (compressing, uuencoding, splitting long files for multi-part mailings, providing checksums), which make it very flexible. After the files have been sent, the unshar tool scans mail messages looking for shar files. Unshar automatically strips off mail headers and introductory text and then unpacks the shar files. --------------------------------------------------------------------- Update Information: Updated packages for sharutils which fix a security vulnerability are now available. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A bug was found in the way unshar creates temporary files. A local user could use symlinks to overwrite arbitrary files the victim running unshar has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0990 to this issue. All users of sharutils should upgrade to these packages, which resolve this issue. --------------------------------------------------------------------- Changelogs: rh73: * Thu May 05 2005 Marc Deslauriers 4.2.1-12.8.legacy - Bumped version number * Sat Apr 16 2005 Marc Deslauriers 4.2.1-12.7.x.1.legacy - Added security fix for CAN-2005-0990 rh9: * Sun Apr 17 2005 Marc Deslauriers 4.2.1-16.9.2.legacy - Added security fix for CAN-2005-0990 fc1: * Sat Apr 16 2005 Marc Deslauriers 4.2.1-17.3.legacy - Added security fix for CAN-2005-0990 fc2: * Sun May 01 2005 Marc Deslauriers 4.2.1-18.3.FC2.legacy - Added missing gettext and mailx BuildRequires * Sun Apr 17 2005 Marc Deslauriers 4.2.1-18.2.FC2.legacy - Added security fix for CAN-2005-0990 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) b7bc64c53c9352cd872da7d6b05087a403eeb342 redhat/7.3/updates-testing/i386/sharutils-4.2.1-12.8.legacy.i386.rpm ecd2c836c88cd4deee0f421695cf69c59dbd6895 redhat/7.3/updates-testing/SRPMS/sharutils-4.2.1-12.8.legacy.src.rpm 00132d8850d0db03c6adae00ecece7c99de20223 redhat/9/updates-testing/i386/sharutils-4.2.1-16.9.2.legacy.i386.rpm 715cf1cc13d0a99c379466299d67a0028bbc29c8 redhat/9/updates-testing/SRPMS/sharutils-4.2.1-16.9.2.legacy.src.rpm 000778eae9c2f079a98f5579669eecf841fba6c7 fedora/1/updates-testing/i386/sharutils-4.2.1-17.3.legacy.i386.rpm 3e2f5b5babcd978e4d1ef96af504f8ee6eb50fdc fedora/1/updates-testing/SRPMS/sharutils-4.2.1-17.3.legacy.src.rpm 1211acde10ecca361e1ac19e72a82fd6dcda10f4 fedora/2/updates-testing/i386/sharutils-4.2.1-18.3.FC2.legacy.i386.rpm 08292d722a234c43a4fd9f0c24c33e36da8a35ed fedora/2/updates-testing/SRPMS/sharutils-4.2.1-18.3.FC2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From dsccable at comcast.net Fri May 6 03:46:01 2005 From: dsccable at comcast.net (David Curry) Date: Thu, 05 May 2005 23:46:01 -0400 Subject: Network Printing Message-ID: <427AE879.2060209@comcast.net> Greetings everyone. After years of resistance, I recently capitulated to the demands of the wife for a windows laptop (started biting nails and gnashing teeth almost immediately when the damn thing went into hibernation mode and would not subsequently even turn on). But, I digress. Despite having used linux since Redhat 4.1, my desktop pc has never been part of a local area network. Now I need to do just that with the lan consisting of a netgear WGR614v5 router, my desktop system running FC2, the Windows XP home Laptop, and a network printer for joint use of my pc and the laptop. The printer is currently connected directly to my desktop system, but otherwise the network is up and running with wireless connections through a secure mode (WPA-PSK). O'Reilly's Linux Cookbook, chapter 14, tells me that using my desktop system as a printer-server running CUPS I should be able to share printers with a Windows PC. That is, I should not need to run samba as well as cups. Presently, two printers are connected directly to my desktop - an HP laserjet and an HP multifunction copier/fax/printer/scanner. What I think I would like to do is connect the multifunction machine directly to the netgear router for network use and keep the laserjet connected directly to the desktop. Questions I would like to pose are: 1. Will my desktop be able to function as the print server for a "remote" printer connected to it through a rounter? 2. Would moving the multifunction machine to the router necessarily result in loss of its scanning capabilities? Suggestions/thoughts on the lan arrangement would be appreciated. Dave Curry From jkosin at beta.intcomgrp.com Fri May 6 14:53:58 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Fri, 06 May 2005 10:53:58 -0400 Subject: [OT FC1] : Updates.... Message-ID: <427B8506.6030401@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Everyone, I've not forgotten all the FC1 users out there. I have a few more packages... (1) A vanilla kernel compiled from the latest sources from kernel.org.. This is version 2.4.x kernels we are talking about not version 2.6.x. ~ Be careful, I tried applying all the patches from RedHat; but, they either are too many differences, couldn't find good reason, already applied, or just too difficult to sort through without taking 6-9 months to patch. On top of all that, I wasn't sure someone didn't already have another (better) method of patching the problem already there. ~ The kernel says it is 2.4.30-1.fc1.vanilla but is really patched to 2.4.31-pre1-bk2 (2005-05-01) level. You can read all about the kernel from www.kernel.org. Please keep your old kernels!!! http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-2.4.30-1.fc1.vanilla.i686.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-source-2.4.30-1.fc1.vanilla.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-doc-2.4.30-1.fc1.vanilla.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/src/kernel-2.4.30-1.fc1.vanilla.src.rpm (2) ClamAV 0.84 I'll announce it only because I do keep a version on my server. There are many other places you can get it for FC1 now. You can get more information from http://www.clamav.net ... Be careful about upgrading though, many file permissions are changing ... check your logs!!! Most if not all the directories need clamav.clamav as the owner.group and have write permissions. They include the /var/run/clamav, /var/log/clamav directories, and others. http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-0.84-1.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-devel-0.84-1.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-milter-0.84-1.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/src/clamav-0.84-1.fc1.src.rpm (3) Sendmail 8.13.4 On 3/27/2005 sendmail.org announced the new version. I just decided to upgrade. Be careful, I've included the -cf rpm and there may be problems installing to upgrading this version. I'm not sure most users need this rpm. http://support.intcomgrp.com/mirror/fedora-core/beta/i386/sendmail-8.13.4-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/sendmail-devel-8.13.4-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/sendmail-doc-8.13.4-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/sendmail-cf-8.13.4-2.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/src/sendmail-8.13.4-2.fc1.src.rpm James Kosin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCe4UGkNLDmnu1kSkRAoRKAJ9hemBMnkOmUAAcaXz0jSBK26TA+QCggXiL p2iAuYMI7X/+ImbcksjZ6uQ= =guyT -----END PGP SIGNATURE----- From adelste at yahoo.com Fri May 6 14:59:18 2005 From: adelste at yahoo.com (Tom Adelstein) Date: Fri, 06 May 2005 09:59:18 -0500 Subject: Network Printing In-Reply-To: <427AE879.2060209@comcast.net> References: <427AE879.2060209@comcast.net> Message-ID: <1115391558.2744.19.camel@localhost.localdomain> On Thu, 2005-05-05 at 23:46 -0400, David Curry wrote: > Greetings everyone. > > After years of resistance, I recently capitulated to the demands of the > wife for a windows laptop (started biting nails and gnashing teeth > almost immediately when the damn thing went into hibernation mode and > would not subsequently even turn on). But, I digress. > > Despite having used linux since Redhat 4.1, my desktop pc has never been > part of a local area network. Now I need to do just that with the lan > consisting of a netgear WGR614v5 router, my desktop system running FC2, > the Windows XP home Laptop, and a network printer for joint use of my pc > and the laptop. The printer is currently connected directly to my > desktop system, but otherwise the network is up and running with > wireless connections through a secure mode (WPA-PSK). > > O'Reilly's Linux Cookbook, chapter 14, tells me that using my desktop > system as a printer-server running CUPS I should be able to share > printers with a Windows PC. That is, I should not need to run samba as > well as cups. Presently, two printers are connected directly to my > desktop - an HP laserjet and an HP multifunction > copier/fax/printer/scanner. What I think I would like to do is connect > the multifunction machine directly to the netgear router for network use > and keep the laserjet connected directly to the desktop. > > Questions I would like to pose are: > 1. Will my desktop be able to function as the print server for a > "remote" printer connected to it through a rounter? > 2. Would moving the multifunction machine to the router necessarily > result in loss of its scanning capabilities? > > Suggestions/thoughts on the lan arrangement would be appreciated. > > Dave Curry > David, Cups works with Samba to allow network printing to Windows. When you use Windows network view (network neighborhood) the printer queue shows up. It's not the physical printer but the queue. I name mine lp0, lp1, etc. I run the cups web configuration tool localhost:631 and add the printers through there. I often delete the existing queues if they were not setup with cups. You also need to run in the RAW mode so the Windows printer sends its code to the Linux box directly to the queue. You have to set up Samba and share your printer by name. I use SWAT, even though many people scold me for it. But at home and in a controlled environment behind a firewall, it's pretty easy. You can get to it localhost:901. You should be able to use root + yourpassword to get there. I don't run SAMBA as a domain controller - and I use the name workgroup and use share level security. I've tested the set up at https://www.grc.com/x/ne.dll?bh0bkyd2 Take a look at this howto by Andrew Tridgell - the founder of SAMBA http://www.tek-tips.com/viewthread.cfm?qid=1031534&page=1 You may not have swat installed -- you may need a newer version http://rpmfind.net/linux/RPM/fedora/updates/3/i386/samba- swat-3.0.10-1.fc3.i386.html It your need further help, let me know. From rostetter at mail.utexas.edu Fri May 6 15:13:40 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Fri, 6 May 2005 10:13:40 -0500 Subject: Network Printing In-Reply-To: <427AE879.2060209@comcast.net> References: <427AE879.2060209@comcast.net> Message-ID: <1115392420.17621edd752e2@mail.ph.utexas.edu> Quoting David Curry : Note that this really isn't the appropriate mailing list for such questions but I'll answer it anyway. > well as cups. Presently, two printers are connected directly to my > desktop - an HP laserjet and an HP multifunction > copier/fax/printer/scanner. I'd leave them both connected the linux box, if you can leave the linux box on all the time (so the printer is always available). > What I think I would like to do is connect > the multifunction machine directly to the netgear router for network use > and keep the laserjet connected directly to the desktop. If the multifunction as a JetDirect card or similar, this would work. > Questions I would like to pose are: > 1. Will my desktop be able to function as the print server for a > "remote" printer connected to it through a rounter? Yes. > 2. Would moving the multifunction machine to the router necessarily > result in loss of its scanning capabilities? No idea. > Suggestions/thoughts on the lan arrangement would be appreciated. Leave the printers on the linux machine, leave the linux machine on all the time. Use cups or LPRng on the linux box. On windows, you may need to install the Unix Printer Utilities or some such. No reason this shouldn't work for printing. Scanning et al is a different can of worms. -- Eric Rostetter From andrewvong at finpress.com Fri May 6 21:52:55 2005 From: andrewvong at finpress.com (Andrew Vong) Date: Sat, 07 May 2005 05:52:55 +0800 Subject: Catch-22 on an old Red Hat Linux 7.2 box Message-ID: <6.1.2.0.2.20050507052435.023bd3e0@localhost> Dear Gurus, With the limited Linux knowledge I have, I have tried all that I can but seem to have hit a brickwall that I can't seem to get over. I hope someone out there can help me out. I refer to this page --> http://fedoralegacy.org/docs/quickstart.php I am trying to install yum on a very old RHL 7.2 box so that I can update it. However, I seem to be at a Catch-22 stuation. Here's why:- # rpm -U yum-1.0.3-6.0.7.x.legacy.noarch.rpm error: failed dependencies: rpm-python >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy rpm >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy From here, I go and download rpm-python and rpm from --> http://download.fedoralegacy.org/redhat/7.2/updates/i386/ Here are the results I get from trying to install both the RPMs:- rpm -U rpm-4.0.4-7x.i386.rpm error: failed dependencies: popt = 1.6.4 is needed by rpm-4.0.4-7x rpm = 4.0.3 is needed by rpm-python-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-build-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-devel-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-perl-4.0.3-1.03 librpm-4.0.3.so is needed by gnorpm-0.96-11 librpm-4.0.3.so is needed by kdeadmin-2.2-8 librpm-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpm-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpm-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpm-4.0.3.so is needed by rpm2html-1.7-1 librpm-4.0.3.so is needed by rpmfind-1.7-2 librpmbuild-4.0.3.so is needed by kdeadmin-2.2-8 librpmbuild-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmdb-4.0.3.so is needed by gnorpm-0.96-11 librpmdb-4.0.3.so is needed by kdeadmin-2.2-8 librpmdb-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm2html-1.7-1 librpmdb-4.0.3.so is needed by rpmfind-1.7-2 librpmio-4.0.3.so is needed by gnorpm-0.96-11 librpmio-4.0.3.so is needed by kdeadmin-2.2-8 librpmio-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm2html-1.7-1 librpmio-4.0.3.so is needed by rpmfind-1.7-2 AND rpm -U rpm-python-4.0.4-7x.i386.rpm error: failed dependencies: rpm = 4.0.4 is needed by rpm-python-4.0.4-7x popt = 1.6.4 is needed by rpm-python-4.0.4-7x librpm-4.0.4.so is needed by rpm-python-4.0.4-7x librpmdb-4.0.4.so is needed by rpm-python-4.0.4-7x librpmio-4.0.4.so is needed by rpm-python-4.0.4-7x So it seems that I'm in a catch-22 situation here as the system does not allow me to install any of the dependent rpms. Can anyone tell me what I can do to resolve this? Thank you in advance. Best Regards, Andrew From mark.allen at shavlik.com Fri May 6 22:13:04 2005 From: mark.allen at shavlik.com (Mark Allen) Date: Fri, 6 May 2005 17:13:04 -0500 Subject: Catch-22 on an old Red Hat Linux 7.2 box Message-ID: <46D0AACFB6ED3A4882B57AFB93EF266F022579C9@owa.shavlik.com> Try putting all your RPMs to install in the same command line. You're still going to have to locate, download and install popt-1.6.4 and probably a few other rpm related RPMs. In any case, you can specify more than one RPM on the command line. RPM should work out the dependencies (assuming they're all satisfied and do the right thing.) --Mark -----Original Message----- From: fedora-legacy-list-bounces at redhat.com [mailto:fedora-legacy-list-bounces at redhat.com] On Behalf Of Andrew Vong Sent: Friday, May 06, 2005 4:53 PM To: fedora-legacy-list at redhat.com Subject: Catch-22 on an old Red Hat Linux 7.2 box Dear Gurus, With the limited Linux knowledge I have, I have tried all that I can but seem to have hit a brickwall that I can't seem to get over. I hope someone out there can help me out. I refer to this page --> http://fedoralegacy.org/docs/quickstart.php I am trying to install yum on a very old RHL 7.2 box so that I can update it. However, I seem to be at a Catch-22 stuation. Here's why:- # rpm -U yum-1.0.3-6.0.7.x.legacy.noarch.rpm error: failed dependencies: rpm-python >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy rpm >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy From here, I go and download rpm-python and rpm from --> http://download.fedoralegacy.org/redhat/7.2/updates/i386/ Here are the results I get from trying to install both the RPMs:- rpm -U rpm-4.0.4-7x.i386.rpm error: failed dependencies: popt = 1.6.4 is needed by rpm-4.0.4-7x rpm = 4.0.3 is needed by rpm-python-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-build-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-devel-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-perl-4.0.3-1.03 librpm-4.0.3.so is needed by gnorpm-0.96-11 librpm-4.0.3.so is needed by kdeadmin-2.2-8 librpm-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpm-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpm-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpm-4.0.3.so is needed by rpm2html-1.7-1 librpm-4.0.3.so is needed by rpmfind-1.7-2 librpmbuild-4.0.3.so is needed by kdeadmin-2.2-8 librpmbuild-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmdb-4.0.3.so is needed by gnorpm-0.96-11 librpmdb-4.0.3.so is needed by kdeadmin-2.2-8 librpmdb-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm2html-1.7-1 librpmdb-4.0.3.so is needed by rpmfind-1.7-2 librpmio-4.0.3.so is needed by gnorpm-0.96-11 librpmio-4.0.3.so is needed by kdeadmin-2.2-8 librpmio-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm2html-1.7-1 librpmio-4.0.3.so is needed by rpmfind-1.7-2 AND rpm -U rpm-python-4.0.4-7x.i386.rpm error: failed dependencies: rpm = 4.0.4 is needed by rpm-python-4.0.4-7x popt = 1.6.4 is needed by rpm-python-4.0.4-7x librpm-4.0.4.so is needed by rpm-python-4.0.4-7x librpmdb-4.0.4.so is needed by rpm-python-4.0.4-7x librpmio-4.0.4.so is needed by rpm-python-4.0.4-7x So it seems that I'm in a catch-22 situation here as the system does not allow me to install any of the dependent rpms. Can anyone tell me what I can do to resolve this? Thank you in advance. Best Regards, Andrew -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list From andrewvong at finpress.com Fri May 6 21:55:25 2005 From: andrewvong at finpress.com (Andrew Vong) Date: Sat, 07 May 2005 05:55:25 +0800 Subject: Catch-22 on an old Red Hat Linux 7.2 box Message-ID: <6.1.2.0.2.20050507055522.023ce140@localhost> Dear Gurus, With the limited Linux knowledge I have, I have tried all that I can but seem to have hit a brickwall that I can't seem to get over. I hope someone out there can help me out. I refer to this page --> http://fedoralegacy.org/docs/quickstart.php I am trying to install yum on a very old RHL 7.2 box so that I can update it. However, I seem to be at a Catch-22 stuation. Here's why:- # rpm -U yum-1.0.3-6.0.7.x.legacy.noarch.rpm error: failed dependencies: rpm-python >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy rpm >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy From here, I go and download rpm-python and rpm from --> http://download.fedoralegacy.org/redhat/7.2/updates/i386/ Here are the results I get from trying to install both the RPMs:- rpm -U rpm-4.0.4-7x.i386.rpm error: failed dependencies: popt = 1.6.4 is needed by rpm-4.0.4-7x rpm = 4.0.3 is needed by rpm-python-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-build-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-devel-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-perl-4.0.3-1.03 librpm-4.0.3.so is needed by gnorpm-0.96-11 librpm-4.0.3.so is needed by kdeadmin-2.2-8 librpm-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpm-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpm-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpm-4.0.3.so is needed by rpm2html-1.7-1 librpm-4.0.3.so is needed by rpmfind-1.7-2 librpmbuild-4.0.3.so is needed by kdeadmin-2.2-8 librpmbuild-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmdb-4.0.3.so is needed by gnorpm-0.96-11 librpmdb-4.0.3.so is needed by kdeadmin-2.2-8 librpmdb-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm2html-1.7-1 librpmdb-4.0.3.so is needed by rpmfind-1.7-2 librpmio-4.0.3.so is needed by gnorpm-0.96-11 librpmio-4.0.3.so is needed by kdeadmin-2.2-8 librpmio-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm2html-1.7-1 librpmio-4.0.3.so is needed by rpmfind-1.7-2 AND rpm -U rpm-python-4.0.4-7x.i386.rpm error: failed dependencies: rpm = 4.0.4 is needed by rpm-python-4.0.4-7x popt = 1.6.4 is needed by rpm-python-4.0.4-7x librpm-4.0.4.so is needed by rpm-python-4.0.4-7x librpmdb-4.0.4.so is needed by rpm-python-4.0.4-7x librpmio-4.0.4.so is needed by rpm-python-4.0.4-7x So it seems that I'm in a catch-22 situation here as the system does not allow me to install any of the dependent rpms. Can anyone tell me what I can do to resolve this? Thank you in advance. Best Regards, Andrew From dsccable at comcast.net Fri May 6 23:57:29 2005 From: dsccable at comcast.net (David Curry) Date: Fri, 06 May 2005 19:57:29 -0400 Subject: Network Printing In-Reply-To: <1115391558.2744.19.camel@localhost.localdomain> References: <427AE879.2060209@comcast.net> <1115391558.2744.19.camel@localhost.localdomain> Message-ID: <427C0469.10703@comcast.net> Tom, Eric -- Thanks for the help. From bedouglas at earthlink.net Sat May 7 00:25:30 2005 From: bedouglas at earthlink.net (bruce) Date: Fri, 6 May 2005 17:25:30 -0700 Subject: Catch-22 on an old Red Hat Linux 7.2 box In-Reply-To: <6.1.2.0.2.20050507055522.023ce140@localhost> Message-ID: <06df01c5529b$46c28990$0301a8c0@Mesa.com> out of curiousity.. what happens if you do an install, instead of an update... i would think that if you did an install --nodeps.. then you might be able to get your version of yum working... although it might get confused.. but it should be ok... -bruce -----Original Message----- From: fedora-legacy-list-bounces at redhat.com [mailto:fedora-legacy-list-bounces at redhat.com]On Behalf Of Andrew Vong Sent: Friday, May 06, 2005 2:55 PM To: fedora-legacy-list at redhat.com Subject: Catch-22 on an old Red Hat Linux 7.2 box Dear Gurus, With the limited Linux knowledge I have, I have tried all that I can but seem to have hit a brickwall that I can't seem to get over. I hope someone out there can help me out. I refer to this page --> http://fedoralegacy.org/docs/quickstart.php I am trying to install yum on a very old RHL 7.2 box so that I can update it. However, I seem to be at a Catch-22 stuation. Here's why:- # rpm -U yum-1.0.3-6.0.7.x.legacy.noarch.rpm error: failed dependencies: rpm-python >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy rpm >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy From here, I go and download rpm-python and rpm from --> http://download.fedoralegacy.org/redhat/7.2/updates/i386/ Here are the results I get from trying to install both the RPMs:- rpm -U rpm-4.0.4-7x.i386.rpm error: failed dependencies: popt = 1.6.4 is needed by rpm-4.0.4-7x rpm = 4.0.3 is needed by rpm-python-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-build-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-devel-4.0.3-1.03 rpm = 4.0.3 is needed by rpm-perl-4.0.3-1.03 librpm-4.0.3.so is needed by gnorpm-0.96-11 librpm-4.0.3.so is needed by kdeadmin-2.2-8 librpm-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpm-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpm-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpm-4.0.3.so is needed by rpm2html-1.7-1 librpm-4.0.3.so is needed by rpmfind-1.7-2 librpmbuild-4.0.3.so is needed by kdeadmin-2.2-8 librpmbuild-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmdb-4.0.3.so is needed by gnorpm-0.96-11 librpmdb-4.0.3.so is needed by kdeadmin-2.2-8 librpmdb-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpmdb-4.0.3.so is needed by rpm2html-1.7-1 librpmdb-4.0.3.so is needed by rpmfind-1.7-2 librpmio-4.0.3.so is needed by gnorpm-0.96-11 librpmio-4.0.3.so is needed by kdeadmin-2.2-8 librpmio-4.0.3.so is needed by rpm-python-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm-build-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm-perl-4.0.3-1.03 librpmio-4.0.3.so is needed by rpm2html-1.7-1 librpmio-4.0.3.so is needed by rpmfind-1.7-2 AND rpm -U rpm-python-4.0.4-7x.i386.rpm error: failed dependencies: rpm = 4.0.4 is needed by rpm-python-4.0.4-7x popt = 1.6.4 is needed by rpm-python-4.0.4-7x librpm-4.0.4.so is needed by rpm-python-4.0.4-7x librpmdb-4.0.4.so is needed by rpm-python-4.0.4-7x librpmio-4.0.4.so is needed by rpm-python-4.0.4-7x So it seems that I'm in a catch-22 situation here as the system does not allow me to install any of the dependent rpms. Can anyone tell me what I can do to resolve this? Thank you in advance. Best Regards, Andrew -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list From dsccable at comcast.net Sat May 7 02:09:54 2005 From: dsccable at comcast.net (David Curry) Date: Fri, 06 May 2005 22:09:54 -0400 Subject: Openoffice.org Test Updates Message-ID: <427C2372.2040507@comcast.net> fc2: openoffice.org-1.1.3-11.4.0.fc2 packages were downloaded into a temporary directory, checked with rpm -K openoffice*, and installed without any exceptions or difficulty. In turn, openoffice.org calc, draw, impress, and writer were opened and used without encountering any exceptions. Project management and Math were opened and closed, but not used. Tests performed included the following. WRITER: 1. A new document was created and saved in native oo.o format. Writer was closed, reopened and the newly created writer document was opened and closed without exception or error. 2. A pre-existing native oo.o format document containing both text and tables imported from oo.o calc was loaded, edited slightly and saved without error. 3. A pre-existing .doc file was opened and saved in native oo.o format, as .pdf, as .rtf, and as .html. All created documents were subsequently opened with oo.o. The .rtf document was also opened with abiword, the .html document was opened with Konqueror, and the .pdf document was opened with PDF Viewer. CALC: 1. A pre-existing .xls spreadsheet document of greater size than oo.o can process was opened. oo.o continued running, advising the user that rows in excess of oo.o capacity were not imported. (Unexpected outcome: Loading of this spreadsheet file seemed a bit faster than I remembered from earlier versions of oo.o.) 2. A new spreadsheet was created using test data and four of the more simple built-in statistical functions. No errors or exceptions encountered. 3. Several existing .xls files containing table lookups, mutiple coloring of text, statistical functions, relatively sophisticated formating were successfully opened without observing any indications that formating had changed or that functions used were not accurately supported. DRAW, IMPRESS: 1. Simple new documents were created and saved. Oo.o was closed, reopened and the newly created documents were reopened without error. From dsccable at comcast.net Sat May 7 02:14:59 2005 From: dsccable at comcast.net (David Curry) Date: Fri, 06 May 2005 22:14:59 -0400 Subject: Openoffice.org Test Updates In-Reply-To: <427C2372.2040507@comcast.net> References: <427C2372.2040507@comcast.net> Message-ID: <427C24A3.1060105@comcast.net> PS to my earlier message. I see no reason to uninstall the test updates and revert to the last official fedora core release of oo.o so my current plan is to continue using the test update. FWIW Dave From dsccable at comcast.net Sat May 7 02:57:04 2005 From: dsccable at comcast.net (David Curry) Date: Fri, 06 May 2005 22:57:04 -0400 Subject: fc2: mozilla-1.7.7-1.2.2.legacy In-Reply-To: <427AD096.7000307@videotron.ca> References: <427AD096.7000307@videotron.ca> Message-ID: <427C2E80.2040707@comcast.net> FWIW, this email is composed using the subject version of Mozilla mail. I don't know whether it is the updated browser or the day and time of day, but I swear that the browser is responding faster than the previous version did just 15 -20 minuites earlier. From mattdm at mattdm.org Sat May 7 03:13:18 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Fri, 6 May 2005 23:13:18 -0400 Subject: Catch-22 on an old Red Hat Linux 7.2 box In-Reply-To: <6.1.2.0.2.20050507052435.023bd3e0@localhost> References: <6.1.2.0.2.20050507052435.023bd3e0@localhost> Message-ID: <20050507031318.GA28133@jadzia.bu.edu> On Sat, May 07, 2005 at 05:52:55AM +0800, Andrew Vong wrote: > I am trying to install yum on a very old RHL 7.2 box so that I can update > it. However, I seem to be at a Catch-22 stuation. Note that Red Hat Linux 7.2 is not supported by Fedora Legacy anymore. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 76 degrees Fahrenheit. From dsccable at comcast.net Sat May 7 04:47:54 2005 From: dsccable at comcast.net (David Curry) Date: Sat, 07 May 2005 00:47:54 -0400 Subject: Comments - Fedora Legacy Home Page Message-ID: <427C487A.7070703@comcast.net> Here are a few suggestions on possible simplifications and edits of the Fedora Legacy Project home page. 1. I find the About, FAQs, Updated Overview, and Project Overview links substantially redundant. It seems plausible to me that the material could/should be consolidated into About and FAQs. 2. Now that FC2 bugs have been vetted for security issues, are listed in Fedora Legacy Bugs, fixes for some bugs have been compiled and published for testing, I wonder if it is time to list Fedora Core 2 as a Supported Release along with RHL 7.3, RHL 9, and FC1. 3. The News section might be improved by deleting several links. "internetnews.com Article" directs readers to an article that is now 16 months old, leaving readers with a perception that the Fedora Legacy site is perhaps not kept up to date. Per my comment in item 1 above, the "Project Overview" link might be eliminated through consolidation of the material with that in "About". "CVS for Web Site" might be relocated to the documentation page. FWIW, Dave Curry From marcdeslauriers at videotron.ca Sat May 7 12:56:05 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sat, 07 May 2005 08:56:05 -0400 Subject: Openoffice.org Test Updates In-Reply-To: <427C2372.2040507@comcast.net> References: <427C2372.2040507@comcast.net> Message-ID: <1115470565.12755.4.camel@mdlinux> On Fri, 2005-05-06 at 22:09 -0400, David Curry wrote: > In turn, openoffice.org calc, draw, impress, and writer were opened and > used without encountering any exceptions. Project management and Math > were opened and closed, but not used. > > Tests performed included the following. Thanks for the test! Could you please paste the test you performed into the actual bug here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154742 and put a "+VERIFY" at the end. That way, it'll count as an official vote to publish the packages. Thanks. Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From dsccable at comcast.net Sat May 7 13:16:50 2005 From: dsccable at comcast.net (David Curry) Date: Sat, 07 May 2005 09:16:50 -0400 Subject: Openoffice.org Test Updates In-Reply-To: <1115470565.12755.4.camel@mdlinux> References: <427C2372.2040507@comcast.net> <1115470565.12755.4.camel@mdlinux> Message-ID: <427CBFC2.5020200@comcast.net> Marc Deslauriers wrote: >Thanks for the test! > >Could you please paste the test you performed into the actual bug here: > >https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154742 > >and put a "+VERIFY" at the end. > >That way, it'll count as an official vote to publish the packages. > >Thanks. > >Marc. > > Will do, Marc, as soon as I sign up for a gpg key and the like. I read some of the info in the wiki on that last night before posting my message but wanted to be sure I understood it and that my testing was filled the bill before acting on the bugzilla entry. From pekkas at netcore.fi Sat May 7 23:37:24 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Sun, 8 May 2005 02:37:24 +0300 (EEST) Subject: Just one verify missing.. Message-ID: Below is the list of bugs/package names and releases which have just one verify for one distro version missing. #152763 qt rhl73 (rhl9 OK) #152768 ruby fc1 (rhl73, rhl9 OK) #152804 openmotif fc1 (rhl73, rhl9 OK) #152835 dhcp rhl73 #152856 sudo fc1 (rhl73, rhl9 OK) #152871 nfs-utils fc1 (rhl73, rhl9 OK) #152895 mailman rhl73 (rhl9, fc1 OK) #152912 imap fc1 (rhl73, rhl9 OK) #155508 cvs fc2 (rhl73, rhl9, fc1 OK) I think it's pretty important to get these moving. Maybe packages need to move automatically from updates-testing to updates if there's at least one verify vote (for any arch) and there has been no activity in some time (e.g., 1 or 2 weeks). -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From dsccable at comcast.net Sun May 8 06:05:49 2005 From: dsccable at comcast.net (David Curry) Date: Sun, 08 May 2005 02:05:49 -0400 Subject: Wiki edit: Pgp Howto Message-ID: <427DAC3D.9000609@comcast.net> I just tried to access the wiki to try to post a suggested change, but the wiki was not accessible. But, I want to document the need for a slight change before I forget about it. Shortly following the section heading, Preliminary Steps, the wiki Pgp Howto page currently reads, in part, "Second, you must create a GPG key for yourself. .... However, the basic idea is to issue the command: pgp --key-gen" The command works much better if it reads, gpg --gen-key From beartooth at adelphia.net Sun May 8 14:21:42 2005 From: beartooth at adelphia.net (beartooth) Date: Sun, 08 May 2005 10:21:42 -0400 Subject: Comments - Fedora Legacy Home Page References: <427C487A.7070703@comcast.net> Message-ID: On Sat, 07 May 2005 00:47:54 -0400, David Curry wrote: [....] > 2. Now that FC2 bugs have been vetted for security issues, are listed > in Fedora Legacy Bugs, fixes for some bugs have been compiled and > published for testing, I wonder if it is time to list Fedora Core 2 as a > Supported Release along with RHL 7.3, RHL 9, and FC1. [....] Does that mean there's a sample yum.conf for FC2 somewhere at last? I haven't spotted it, and I for one am waiting for that before I upgrade from FC1 to FC2. -- Beartooth Neo-Redneck, Linux Evangelist FC 1, YDL 4; Pine 4.63, Pan 0.14.2; Privoxy 3.0.3; Dillo 0.8.4, Opera 8.0, Firefox 1.0.3, Epiphany 1.0.4 Remember that I have little idea what I am talking about. From mattdm at mattdm.org Sun May 8 14:32:06 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sun, 8 May 2005 10:32:06 -0400 Subject: Just one verify missing.. In-Reply-To: References: Message-ID: <20050508143205.GA30344@jadzia.bu.edu> On Sun, May 08, 2005 at 02:37:24AM +0300, Pekka Savola wrote: > #152763 qt rhl73 (rhl9 OK) > #152768 ruby fc1 (rhl73, rhl9 OK) > #152804 openmotif fc1 (rhl73, rhl9 OK) > #152835 dhcp rhl73 > #152856 sudo fc1 (rhl73, rhl9 OK) > #152871 nfs-utils fc1 (rhl73, rhl9 OK) > #152895 mailman rhl73 (rhl9, fc1 OK) > #152912 imap fc1 (rhl73, rhl9 OK) > #155508 cvs fc2 (rhl73, rhl9, fc1 OK) > > I think it's pretty important to get these moving. Maybe packages > need to move automatically from updates-testing to updates if there's > at least one verify vote (for any arch) and there has been no activity > in some time (e.g., 1 or 2 weeks). And/or do the per-release split thing. (But I think yours is a good idea when the patches are identical.) -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From mattdm at mattdm.org Sun May 8 14:34:51 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sun, 8 May 2005 10:34:51 -0400 Subject: setting up a mirror? In-Reply-To: References: Message-ID: <20050508143451.GB30344@jadzia.bu.edu> If I want to set up a mirror, who is authoritative to rsync from? And, what are the expectations? I don't have the disk space right now to mirror complete copies of all old releases -- can I mirror just the updates? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From mattdm at mattdm.org Sun May 8 14:51:00 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sun, 8 May 2005 10:51:00 -0400 Subject: setting up a mirror? In-Reply-To: <20050508143451.GB30344@jadzia.bu.edu> References: <20050508143451.GB30344@jadzia.bu.edu> Message-ID: <20050508145100.GC30344@jadzia.bu.edu> [oops; sorry for the thread hijack; hit the wrong key. will repost properly] -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From mattdm at mattdm.org Sun May 8 14:51:15 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sun, 8 May 2005 10:51:15 -0400 Subject: setting up a mirror? Message-ID: <20050508145115.GD30344@jadzia.bu.edu> If I want to set up a mirror, who is authoritative to rsync from? And, what are the expectations? I don't have the disk space right now to mirror complete copies of all old releases -- can I mirror just the updates? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From skvidal at phy.duke.edu Sun May 8 14:55:06 2005 From: skvidal at phy.duke.edu (seth vidal) Date: Sun, 08 May 2005 10:55:06 -0400 Subject: setting up a mirror? In-Reply-To: <20050508145115.GD30344@jadzia.bu.edu> References: <20050508145115.GD30344@jadzia.bu.edu> Message-ID: <1115564106.21549.6.camel@cutter> On Sun, 2005-05-08 at 10:51 -0400, Matthew Miller wrote: > If I want to set up a mirror, who is authoritative to rsync from? And, what > are the expectations? I don't have the disk space right now to mirror > complete copies of all old releases -- can I mirror just the updates? download.fedoralegacy.org is authoritative and it is running rsync. You should ask to get access to it via ip, though. I think Jesse does that. -sv From mattdm at mattdm.org Sun May 8 15:04:08 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sun, 8 May 2005 11:04:08 -0400 Subject: setting up a mirror? In-Reply-To: <1115564106.21549.6.camel@cutter> References: <20050508145115.GD30344@jadzia.bu.edu> <1115564106.21549.6.camel@cutter> Message-ID: <20050508150408.GA31708@jadzia.bu.edu> On Sun, May 08, 2005 at 10:55:06AM -0400, seth vidal wrote: > > If I want to set up a mirror, who is authoritative to rsync from? And, what > > are the expectations? I don't have the disk space right now to mirror > > complete copies of all old releases -- can I mirror just the updates? > download.fedoralegacy.org is authoritative and it is running rsync. > You should ask to get access to it via ip, though. I think Jesse does > that. Thanks Seth. Jesse, I'll e-mail you off-list about this. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From dsccable at comcast.net Mon May 9 03:59:56 2005 From: dsccable at comcast.net (David Curry) Date: Sun, 08 May 2005 23:59:56 -0400 Subject: Mozilla IRC Module Test Message-ID: <427EE03C.9070402@comcast.net> Well, I just gave up my IRC virginity for the sake of the project and joined #fedora-legacy for long enought to send a few messages. FC2 mozilla-chat-1.7.7-1.2.2.legacy.i386 worked without any difficulties that I could see. +verify From krzysztof.kosz at poczta.fm Sun May 8 00:38:17 2005 From: krzysztof.kosz at poczta.fm (Krzysztof Kosz) Date: 08 May 2005 02:38:17 +0200 Subject: Catch-22 on an old Red Hat Linux 7.2 box Message-ID: <20050508003817.A3FE0D54E3@poczta.interia.pl> >Dear Gurus, Hello Andrew, >With the limited Linux knowledge I have, I have tried all that I can but seem to have hit a brickwall >that I can't seem to get over. I hope someone out there can help me out. It's not that hard, because you've got all the information needed to solve your problem, it's just a matter of read and understand them. >I refer to this page --> http://fedoralegacy.org/docs/quickstart.php > >I am trying to install yum on a very old RHL 7.2 box so that I can update it. However, I seem to be at >a Catch-22 stuation. Fortunately it's not - read the explanation below. >Here's why:- > ># rpm -U yum-1.0.3-6.0.7.x.legacy.noarch.rpm >error: failed dependencies: > rpm-python >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy > rpm >= 0:4.0.4 is needed by yum-1.0.3-6.0.7.x.legacy Yes, you have to install several packages before you will install yum: if I remember, the legacy updates apply to the system with all updates originally issued by redhat - it also applies to yum. >From here, I go and download rpm-python and rpm from --> >http://download.fedoralegacy.org/redhat/7.2/updates/i386/ OK - it's apropriate place to get the packages from. >Here are the results I get from trying to install both the RPMs:- And below there's explanation what does the displayed messages mean. >rpm -U rpm-4.0.4-7x.i386.rpm >error: failed dependencies: > popt = 1.6.4 is needed by rpm-4.0.4-7x you need to install new (1.6.4) version of popt and there is updated package (at the place you indicated above): popt-1.6.4-7x.i386.rpm > rpm = 4.0.3 is needed by rpm-python-4.0.3-1.03 when you update rpm package you also have to update it's subpackages (almost always, the part of the name is the same - here we have part 'rpm') - the existence of older rpm-python package makes not possible to replace older rpm package with newer version, so you have to also upgrade rpm-python package, and there is the needed package: rpm-python-4.0.4-7x.i386.rpm > rpm = 4.0.3 is needed by rpm-build-4.0.3-1.03 as above, new package name: rpm-build-4.0.4-7x.i386.rpm > rpm = 4.0.3 is needed by rpm-devel-4.0.3-1.03 as above, new package name: rpm-devel-4.0.4-7x.i386.rpm > rpm = 4.0.3 is needed by rpm-perl-4.0.3-1.03 as above, new package name: rpm-perl-4.0.4-7x.i386.rpm > librpm-4.0.3.so is needed by gnorpm-0.96-11 the gnorpm package you already have, need older version of rpm (and thus librpm also) and won't let you replace rpm package with newer version, so you have to install an updated gnorpm package which will work with newer rpm package, the package name: gnorpm-0.96-12.7x.i386.rpm > librpm-4.0.3.so is needed by kdeadmin-2.2-8 as above, new package name: kdeadmin-2.2.2-3.i386.rpm > librpm-4.0.3.so is needed by rpm-python-4.0.3-1.03 > librpm-4.0.3.so is needed by rpm-build-4.0.3-1.03 > librpm-4.0.3.so is needed by rpm-perl-4.0.3-1.03 these three I explained above. > librpm-4.0.3.so is needed by rpm2html-1.7-1 as above, new package name: rpm2html-1.7-3.7x.i386.rpm > librpm-4.0.3.so is needed by rpmfind-1.7-2 as above, new package name: rpmfind-1.7-4.7x.i386.rpm > librpmbuild-4.0.3.so is needed by kdeadmin-2.2-8 > librpmbuild-4.0.3.so is needed by rpm-build-4.0.3-1.03 > librpmdb-4.0.3.so is needed by gnorpm-0.96-11 > librpmdb-4.0.3.so is needed by kdeadmin-2.2-8 > librpmdb-4.0.3.so is needed by rpm-python-4.0.3-1.03 > librpmdb-4.0.3.so is needed by rpm-build-4.0.3-1.03 > librpmdb-4.0.3.so is needed by rpm-perl-4.0.3-1.03 > librpmdb-4.0.3.so is needed by rpm2html-1.7-1 > librpmdb-4.0.3.so is needed by rpmfind-1.7-2 > librpmio-4.0.3.so is needed by gnorpm-0.96-11 > librpmio-4.0.3.so is needed by kdeadmin-2.2-8 > librpmio-4.0.3.so is needed by rpm-python-4.0.3-1.03 > librpmio-4.0.3.so is needed by rpm-build-4.0.3-1.03 > librpmio-4.0.3.so is needed by rpm-perl-4.0.3-1.03 > librpmio-4.0.3.so is needed by rpm2html-1.7-1 > librpmio-4.0.3.so is needed by rpmfind-1.7-2 all these were explained above. >rpm -U rpm-python-4.0.4-7x.i386.rpm >error: failed dependencies: > rpm = 4.0.4 is needed by rpm-python-4.0.4-7x > popt = 1.6.4 is needed by rpm-python-4.0.4-7x > librpm-4.0.4.so is needed by rpm-python-4.0.4-7x > librpmdb-4.0.4.so is needed by rpm-python-4.0.4-7x > librpmio-4.0.4.so is needed by rpm-python-4.0.4-7x yes, it may look like a catch-22 situation, but if you tell the rpm to upgrade all packages at once, it will solve this dependencies problems. So the complete command you have to issue is (of course after downloading apropriate packages): rpm -U rpm-4.0.4-7x.i386.rpm popt-1.6.4-7x.i386.rpm rpm-python-4.0.4-7x.i386.rpm rpm-build-4.0.4-7x.i386.rpm rpm-devel-4.0.4-7x.i386.rpm rpm-perl-4.0.4-7x.i386.rpm gnorpm-0.96-12.7x.i386.rpm kdeadmin-2.2.2-3.i386.rpm rpm2html-1.7-3.7x.i386.rpm rpmfind-1.7-4.7x.i386.rpm >So it seems that I'm in a catch-22 situation here as the system does not allow me to install any of >the dependent rpms. You have to install all the packages at once. And remembering the 7.2 times (when there weren't yum), when I wanted to to massive update I was downloading all the updates to one directory and the I was issuing a command: 'rpm -F *' which was installing all the provided new versions of installed packages (-F it's different than -U, because the latter will succeed also when you don't have an older package version installed, so 'rpm -U *' would install all the updated, even if the older version of the packages weren't installed). >Can anyone tell me what I can do to resolve this? I think, I explained all the things clearly. I hope you will manage to do an update. But speaking of updates, woldn't it be better to install newer redhat (or fedora) version? >Thank you in advance. Good luck. >Best Regards, Also regards, >Andrew Krzysiek. ---------------------------------------------------------------------- Znajdz swoja milosc na wiosne... >>> http://link.interia.pl/f187a From rostetter at mail.utexas.edu Mon May 9 14:59:25 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Mon, 9 May 2005 09:59:25 -0500 Subject: Comments - Fedora Legacy Home Page In-Reply-To: References: <427C487A.7070703@comcast.net> Message-ID: <1115650765.8a4e88ac8c315@mail.ph.utexas.edu> Quoting beartooth : > Does that mean there's a sample yum.conf for FC2 somewhere at last? I > haven't spotted it, and I for one am waiting for that before I upgrade > from FC1 to FC2. http://www.fedoralegacy.org/docs/yum-fc2.php has been available and unchanged since April 27th, 2005. Contains the yum.conf details that should work, though I've not had any confirmation of their correctness yet. -- Eric Rostetter From jung at one.ekof.bg.ac.yu Mon May 9 23:32:18 2005 From: jung at one.ekof.bg.ac.yu (Igor =?iso-8859-2?Q?Nestorovi=E6?=) Date: Tue, 10 May 2005 01:32:18 +0200 Subject: Problems With 2 Legacy Packages For Red Hat 9 Message-ID: <1115681538.6199.13.camel@lara> Hello hats, I posted this message to the Shrike-List a while ago, and suggested to repost it on this list. I encountered problems with two of fedora-legacy packages for the Shrike. First one was gnome-vfs2 package which crafted incorrectly my GNOME start menu, hatching everything above 'Run Program...' option. Luckilly there was a 'rpmsave' config that put things right. The second is serious, and it's concerned the kernel package, 2.4.20-42.9.legacysmp, as well as the latest one. 2.4.20-43.legacysmp. I lost automatic power off for the computer. The system just hangs after 'Power Down' message, instead of shutting off, like it used to. What was changed? Is there some new unconfigured module I should be aware? Below you can take a look at what "dmesg" reports. Here I extracted what should be interesting: An unexpected IO-APIC was found. If this kernel release is less than three months old please report this to linux-smp at vger.kernel.org Should I file bugs on these issues? Thank you for your support. 0 I/O APIC #2 Version 32 at 0xFEC00000. Enabling APIC mode: Flat. Using 1 I/O APICs Processors: 2 Kernel command line: ro root=LABEL=/ hdc=ide-scsi hdd=ide-scsi ide_setup: hdc=ide-scsi ide_setup: hdd=ide-scsi Initializing CPU#0 Detected 2405.499 MHz processor. Console: colour VGA+ 80x25 Calibrating delay loop... 4797.23 BogoMIPS Memory: 509928k/523456k available (1497k kernel code, 10964k reserved, 1101k data, 156k init, 0k highmem) Dentry cache hash table entries: 65536 (order: 7, 524288 bytes) Inode cache hash table entries: 32768 (order: 6, 262144 bytes) Mount cache hash table entries: 512 (order: 0, 4096 bytes) Buffer-cache hash table entries: 32768 (order: 5, 131072 bytes) Page-cache hash table entries: 131072 (order: 7, 524288 bytes) CPU: Trace cache: 12K uops, L1 D cache: 8K CPU: L2 cache: 512K CPU: Physical Processor ID: 0 Intel machine check architecture supported. Intel machine check reporting enabled on CPU#0. CPU: After generic, caps: bfebfbff 00000000 00000000 00000000 CPU: Common caps: bfebfbff 00000000 00000000 00000000 Enabling fast FPU save and restore... done. Enabling unmasked SIMD FPU exception support... done. Checking 'hlt' instruction... OK. POSIX conformance testing by UNIFIX mtrr: v1.40 (20010327) Richard Gooch (rgooch at atnf.csiro.au) mtrr: detected mtrr type: Intel CPU: Trace cache: 12K uops, L1 D cache: 8K CPU: L2 cache: 512K CPU: Physical Processor ID: 0 Intel machine check reporting enabled on CPU#0. CPU: After generic, caps: bfebfbff 00000000 00000000 00000000 CPU: Common caps: bfebfbff 00000000 00000000 00000000 CPU0: Intel(R) Pentium(R) 4 CPU 2.40GHz stepping 09 per-CPU timeslice cutoff: 1463.08 usecs. task migration cache decay timeout: 10 msecs. enabled ExtINT on CPU#0 ESR value before enabling vector: 00000000 ESR value after enabling vector: 00000000 Booting processor 1/1 eip 2000 Initializing CPU#1 masked ExtINT on CPU#1 ESR value before enabling vector: 00000000 ESR value after enabling vector: 00000000 Calibrating delay loop... 4810.34 BogoMIPS CPU: Trace cache: 12K uops, L1 D cache: 8K CPU: L2 cache: 512K CPU: Physical Processor ID: 0 Intel machine check reporting enabled on CPU#1. CPU: After generic, caps: bfebfbff 00000000 00000000 00000000 CPU: Common caps: bfebfbff 00000000 00000000 00000000 CPU1: Intel(R) Pentium(R) 4 CPU 2.40GHz stepping 09 Total of 2 processors activated (9607.57 BogoMIPS). cpu_sibling_map[0] = 1 cpu_sibling_map[1] = 0 ENABLING IO-APIC IRQs Setting 2 in the phys_id_present_map ...changing IO-APIC physical APIC ID to 2 ... ok. init IO_APIC IRQs IO-APIC (apicid-pin) 2-0, 2-5, 2-10, 2-11, 2-20 not connected. ..TIMER: vector=0x31 pin1=2 pin2=0 number of MP IRQ sources: 23. number of IO-APIC #2 registers: 24. testing the IO APIC....................... IO APIC #2...... .... register #00: 02000000 ....... : physical APIC id: 02 .... register #01: 00178020 ....... : max redirection entries: 0017 ....... : PRQ implemented: 1 ....... : IO APIC version: 0020 .... register #02: 00178020 ....... : arbitration: 00 An unexpected IO-APIC was found. If this kernel release is less than three months old please report this to linux-smp at vger.kernel.org .... IRQ redirection table: NR Log Phy Mask Trig IRR Pol Stat Dest Deli Vect: 00 000 00 1 0 0 0 0 0 0 00 01 0FF 0F 0 0 0 0 0 1 1 39 02 0FF 0F 0 0 0 0 0 1 1 31 03 0FF 0F 0 0 0 0 0 1 1 41 04 0FF 0F 0 0 0 0 0 1 1 49 05 000 00 1 0 0 0 0 0 0 00 06 0FF 0F 0 0 0 0 0 1 1 51 07 0FF 0F 0 0 0 0 0 1 1 59 08 0FF 0F 0 0 0 0 0 1 1 61 09 0FF 0F 0 0 0 0 0 1 1 69 0a 000 00 1 0 0 0 0 0 0 00 0b 000 00 1 0 0 0 0 0 0 00 0c 0FF 0F 0 0 0 0 0 1 1 71 0d 0FF 0F 0 0 0 0 0 1 1 79 0e 0FF 0F 0 0 0 0 0 1 1 81 0f 0FF 0F 0 0 0 0 0 1 1 89 10 0FF 0F 1 1 0 1 0 1 1 91 11 0FF 0F 1 1 0 1 0 1 1 99 12 0FF 0F 1 1 0 1 0 1 1 A1 13 0FF 0F 1 1 0 1 0 1 1 A9 14 000 00 1 0 0 0 0 0 0 00 15 0FF 0F 1 1 0 1 0 1 1 B1 16 0FF 0F 1 1 0 1 0 1 1 B9 17 0FF 0F 1 1 0 1 0 1 1 C1 IRQ to pin mappings: IRQ0 -> 0:2 IRQ1 -> 0:1 IRQ3 -> 0:3 IRQ4 -> 0:4 IRQ6 -> 0:6 IRQ7 -> 0:7 IRQ8 -> 0:8 IRQ9 -> 0:9 IRQ12 -> 0:12 IRQ13 -> 0:13 IRQ14 -> 0:14 IRQ15 -> 0:15 IRQ16 -> 0:16 IRQ17 -> 0:17 IRQ18 -> 0:18 IRQ19 -> 0:19 IRQ21 -> 0:21 IRQ22 -> 0:22 IRQ23 -> 0:23 .................................... done. Using local APIC timer interrupts. calibrating APIC timer ... ..... CPU clock speed is 2405.4576 MHz. ..... host bus clock speed is 200.4544 MHz. cpu: 0, clocks: 2004544, slice: 668181 CPU0 cpu: 1, clocks: 2004544, slice: 668181 CPU1 checking TSC synchronization across CPUs: passed. Starting migration thread for cpu 0 smp_num_cpus: 2. Starting migration thread for cpu 1 PCI: PCI BIOS revision 2.10 entry at 0xf0031, last bus=2 PCI: Using configuration type 1 PCI: Probing PCI hardware PCI: Ignoring BAR0-3 of IDE controller 00:1f.1 Transparent bridge - Intel Corp. 82801BA/CA/DB PCI Bridge PCI: Discovered primary peer bus ff [IRQ] PCI: Using IRQ router default [8086/24d0] at 00:1f.0 PCI->APIC IRQ transform: (B0,I29,P0) -> 16 PCI->APIC IRQ transform: (B0,I29,P1) -> 19 PCI->APIC IRQ transform: (B0,I29,P2) -> 18 PCI->APIC IRQ transform: (B0,I29,P0) -> 16 PCI->APIC IRQ transform: (B0,I29,P3) -> 23 PCI->APIC IRQ transform: (B0,I31,P0) -> 18 PCI->APIC IRQ transform: (B0,I31,P1) -> 17 PCI->APIC IRQ transform: (B1,I0,P0) -> 16 PCI->APIC IRQ transform: (B2,I9,P0) -> 21 PCI->APIC IRQ transform: (B2,I10,P0) -> 22 PCI->APIC IRQ transform: (B2,I11,P0) -> 23 isapnp: Scanning for PnP cards... isapnp: No Plug & Play device found Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16) apm: disabled - APM is not SMP safe. Starting kswapd VFS: Disk quotas vdquot_6.5.1 pty: 2048 Unix98 ptys configured Serial driver version 5.05c (2001-07-08) with MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI ISAPNP enabled ttyS0 at 0x03f8 (irq = 4) is a 16550A ttyS1 at 0x02f8 (irq = 3) is a 16550A Real Time Clock Driver v1.10e Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 NET4: Frame Diverter 0.46 RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize Uniform Multi-Platform E-IDE driver Revision: 7.00beta3-.2.4 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx ICH5: IDE controller at PCI slot 00:1f.1 PCI: Enabling device 00:1f.1 (0005 -> 0007) ICH5: chipset revision 2 ICH5: not 100% native mode: will probe irqs later ide0: BM-DMA at 0xfc00-0xfc07, BIOS settings: hda:DMA, hdb:pio ide1: BM-DMA at 0xfc08-0xfc0f, BIOS settings: hdc:DMA, hdd:DMA hda: Maxtor 6Y120L0, ATA DISK drive blk: queue c0459580, I/O limit 4095Mb (mask 0xffffffff) hdc: ASUS DVD-ROM DVD-E616P 0104, ATAPI CD/DVD-ROM drive hdd: ASUS DRW-1608P, ATAPI CD/DVD-ROM drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 ide1 at 0x170-0x177,0x376 on irq 15 hda: attached ide-disk driver. hda: host protected area => 1 hda: 240121728 sectors (122942 MB) w/2048KiB Cache, CHS=14946/255/63, UDMA(100) ide-floppy driver 0.99.newide Partition check: hda: hda1 hda2 hda3 hda4 < hda5 hda6 hda7 hda8 > ide-floppy driver 0.99.newide md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27 md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. pci_hotplug: PCI Hot Plug PCI Core version: 0.5 NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP, IGMP IP: routing cache hash table of 4096 buckets, 32Kbytes TCP: Hash tables configured (established 32768 bind 32768) Linux IP multicast router 0.06 plus PIM-SM NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. RAMDISK: Compressed image found at block 0 Freeing initrd memory: 146k freed VFS: Mounted root (ext2 filesystem). Journalled Block Device driver loaded kjournald starting. Commit interval 5 seconds EXT3-fs: mounted filesystem with ordered data mode. Freeing unused kernel memory: 156k freed usb.c: registered new driver usbdevfs usb.c: registered new driver hub PCI: Setting latency timer of device 00:1d.7 to 64 ehci-hcd 00:1d.7: PCI device 8086:24dd (Intel Corp.) ehci-hcd 00:1d.7: irq 23, pci mem e084cc00 usb.c: new USB bus registered, assigned bus number 1 ehci-hcd 00:1d.7: enabled 64bit PCI DMA PCI: 00:1d.7 PCI cache line size set incorrectly (0 bytes) by BIOS/FW. PCI: 00:1d.7 PCI cache line size corrected to 128. ehci-hcd 00:1d.7: USB 2.0 enabled, EHCI 1.00, driver 2003-Jan-22 hub.c: USB hub found hub.c: 8 ports detected usb-uhci.c: $Revision: 1.275 $ time 19:17:23 Apr 30 2005 usb-uhci.c: High bandwidth mode enabled PCI: Setting latency timer of device 00:1d.0 to 64 usb-uhci.c: USB UHCI at I/O 0xd480, IRQ 16 usb-uhci.c: Detected 2 ports usb.c: new USB bus registered, assigned bus number 2 hub.c: USB hub found hub.c: 2 ports detected PCI: Setting latency timer of device 00:1d.1 to 64 usb-uhci.c: USB UHCI at I/O 0xd800, IRQ 19 usb-uhci.c: Detected 2 ports usb.c: new USB bus registered, assigned bus number 3 hub.c: USB hub found hub.c: 2 ports detected PCI: Setting latency timer of device 00:1d.2 to 64 usb-uhci.c: USB UHCI at I/O 0xd880, IRQ 18 usb-uhci.c: Detected 2 ports usb.c: new USB bus registered, assigned bus number 4 hub.c: USB hub found hub.c: 2 ports detected PCI: Setting latency timer of device 00:1d.3 to 64 usb-uhci.c: USB UHCI at I/O 0xdc00, IRQ 16 usb-uhci.c: Detected 2 ports usb.c: new USB bus registered, assigned bus number 5 hub.c: USB hub found hub.c: 2 ports detected usb-uhci.c: v1.275:USB Universal Host Controller Interface driver usb.c: registered new driver hiddev usb.c: registered new driver hid hid-core.c: v1.8.1 Andreas Gal, Vojtech Pavlik hid-core.c: USB HID support drivers mice: PS/2 mouse device common for all mice EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,3), internal journal Adding Swap: 1052216k swap-space (priority -1) hub.c: new USB device 00:1d.1-1, assigned address 2 usb-uhci.c: interrupt, status 2, frame# 1056 input0: USB HID v1.10 Keyboard [13ec:000a] on usb3:2.0 input1: USB HID v1.10 Pointer [13ec:000a] on usb3:2.1 usb-uhci.c: ENXIO 84000280, flags 0, urb df747b00, burb df8e3380 usbdevfs: USBDEVFS_CONTROL failed dev 2 rqt 128 rq 6 len 18 ret -6 usb-uhci.c: ENXIO 84000280, flags 0, urb df8e3280, burb df8e3380 usbdevfs: USBDEVFS_CONTROL failed dev 2 rqt 128 rq 6 len 18 ret -6 usb-uhci.c: ENXIO 84000280, flags 0, urb df8e3280, burb df8e3380 usbdevfs: USBDEVFS_CONTROL failed dev 2 rqt 128 rq 6 len 18 ret -6 kjournald starting. Commit interval 5 seconds EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,2), internal journal EXT3-fs: mounted filesystem with ordered data mode. kjournald starting. Commit interval 5 seconds EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,5), internal journal EXT3-fs: mounted filesystem with ordered data mode. usbdevfs: remount parameter error SCSI subsystem driver Revision: 1.00 hdc: attached ide-scsi driver. hdd: attached ide-scsi driver. scsi0 : SCSI host adapter emulation for IDE ATAPI devices Vendor: ASUS Model: DVD-E616P Rev: 1.04 Type: CD-ROM ANSI SCSI revision: 02 Vendor: ASUS Model: DRW-1608P Rev: 1.02 Type: CD-ROM ANSI SCSI revision: 02 IA-32 Microcode Update Driver: v1.11 microcode: CPU0 no microcode found! (sig=f29, pflags=4) microcode: CPU1 no microcode found! (sig=f29, pflags=4) parport0: PC-style at 0x378 (0x778) [PCSPP,TRISTATE,EPP] parport0: irq 7 detected Attached scsi CD-ROM sr0 at scsi0, channel 0, id 0, lun 0 Attached scsi CD-ROM sr1 at scsi0, channel 0, id 1, lun 0 sr0: scsi3-mmc drive: 48x/48x cd/rw xa/form2 cdda tray Uniform CD-ROM driver Revision: 3.12 sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray ip_tables: (C) 2000-2002 Netfilter core team ip_conntrack version 2.1 (4089 buckets, 32712 max) - 292 bytes per conntrack Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky parport0: PC-style at 0x378 (0x778) [PCSPP,TRISTATE,EPP] parport0: irq 7 detected lp0: using parport0 (polling). lp0: console ready Model 1002 Rev 00000000 Serial 10021102 NVRM: loading NVIDIA Linux x86 NVIDIA Kernel Module 1.0-7167 Fri Feb 25 09:08:22 PST 2005 Linux agpgart interface v0.99 (c) Jeff Hartmann agpgart: Maximum main memory to use for agp memory: 439M agpgart: Detected an Intel(R) 865G, but could not find the secondary device. Assuming a non-integrated video card. agpgart: Detected Intel(R) 865G chipset agpgart: AGP aperture is 64M @ 0xf8000000 hub.c: new USB device 00:1d.1-2, assigned address 3 usb.c: USB device 3 (vend/prod 0x3f0/0xc17) is not claimed by any active driver. usb.c: registered new driver usblp printer.c: usblp0: USB Bidirectional printer dev 3 if 0 alt 1 proto 2 vid 0x03F0 pid 0x0C17 printer.c: v0.11: USB Printer Device Class driver usb.c: USB disconnect on device 00:1d.1-2 address 3 printer.c: usblp0: removed CSLIP: code copyright 1989 Regents of the University of California PPP generic driver version 2.4.2 divert: not allocating divert_blk for non-ethernet device ppp0 PPP Deflate Compression module registered divert: no divert_blk to free, ppp0 not ethernet ip_tables: (C) 2000-2002 Netfilter core team ip_conntrack version 2.1 (4089 buckets, 32712 max) - 292 bytes per conntrack -- Igor Nestorovi? Home Page: http://jung.ekof.bg.ac.yu ICQ UIN: 31079000 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: ??? ?? ??? ?????? ?? ?????????? ???????? URL: From marcdeslauriers at videotron.ca Tue May 10 00:56:08 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Mon, 09 May 2005 20:56:08 -0400 Subject: Problems With 2 Legacy Packages For Red Hat 9 In-Reply-To: <1115681538.6199.13.camel@lara> References: <1115681538.6199.13.camel@lara> Message-ID: <1115686569.30334.6.camel@mdlinux> On Tue, 2005-05-10 at 01:32 +0200, Igor Nestorovi? wrote: > First one was gnome-vfs2 package which crafted incorrectly my GNOME > start menu, hatching everything above 'Run Program...' option. Luckilly > there was a 'rpmsave' config that put things right. > What file had an "rpmsave" config? > The second is serious, and it's concerned the kernel package, > 2.4.20-42.9.legacysmp, as well as the latest one. 2.4.20-43.legacysmp. > I lost automatic power off for the computer. The system just hangs > after 'Power Down' message, instead of shutting off, like it used to. > What was changed? Is there some new unconfigured module I should be > aware? Does the problem occur with the last kernel Red Hat produced? Could you try it with kernel-2.4.20-31.9? Also, could you also post a dmesg from the last kernel Red Hat issued for rh9? Actually, AFAIK, the "smp" kernels don't have APM, so they would not shut down by themselves. Are you sure you weren't running a uniprocessor kernel before? Thanks. Marc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From dsccable at comcast.net Tue May 10 03:46:02 2005 From: dsccable at comcast.net (David Curry) Date: Mon, 09 May 2005 23:46:02 -0400 Subject: FC2 CVS update-testing Package Message-ID: <42802E7A.3000902@comcast.net> Some question about CVS: I have no experience with use of cvs and it is not currently installed on my system. I am willing to install the updated package on my system to help verify the update, but at the moment the only thing I could "test" would be package installaltion. As one who is unlikely to program anything or develop code to patch bugs, security exposures, etc., could CVS be useful to me for other purposes? I am open to suggestions and willing to spend a little time developing a CVS installation on my system to help out the QA process. Dave Curry From dsccable at comcast.net Tue May 10 03:49:15 2005 From: dsccable at comcast.net (David Curry) Date: Mon, 09 May 2005 23:49:15 -0400 Subject: Wiki Pgp Howto Page Message-ID: <42802F3B.2090307@comcast.net> A few days ago I called the list's attention to a transposition issue on the Wiki Pgp Howto page. A short while ago I edited the Wiki page to effect the change. From pekkas at netcore.fi Tue May 10 05:17:19 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Tue, 10 May 2005 08:17:19 +0300 (EEST) Subject: FC2 CVS update-testing Package In-Reply-To: <42802E7A.3000902@comcast.net> References: <42802E7A.3000902@comcast.net> Message-ID: On Mon, 9 May 2005, David Curry wrote: > Some question about CVS: > I have no experience with use of cvs and it is not currently installed on my > system. I am willing to install the updated package on my system to help > verify the update, but at the moment the only thing I could "test" would be > package installaltion. > > As one who is unlikely to program anything or develop code to patch bugs, > security exposures, etc., could CVS be useful to me for other purposes? I am > open to suggestions and willing to spend a little time developing a CVS > installation on my system to help out the QA process. Fortunately, CVS got just a couple of days ago enough VERIFY votes that the update can be published, so there is no dire need at this point. Whether you'd _really_ need CVS depends a lot on whether you have a lot of systems to manage which you need to manage in a systematic manner (e.g., by keeping a local repository of configuration file changes, etc.). But for testing purposes, it would be sufficient to take a development project, for example Fedora Core [http://cvs.fedora.redhat.com/core.shtml], and check out something from there (the page has emacs as an example). That allows you to play with cvs a bit. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From hjp+fedora-legacy at wsr.ac.at Tue May 10 07:24:25 2005 From: hjp+fedora-legacy at wsr.ac.at (Peter J. Holzer) Date: Tue, 10 May 2005 09:24:25 +0200 Subject: FC2 CVS update-testing Package In-Reply-To: <42802E7A.3000902@comcast.net> References: <42802E7A.3000902@comcast.net> Message-ID: <20050510072425.GA6869@wsr.ac.at> On 2005-05-09 23:46:02 -0400, David Curry wrote: > As one who is unlikely to program anything or develop code to patch > bugs, security exposures, etc., could CVS be useful to me for other > purposes? CVS is - as the name says - a "concurrent versioning system". It is useful if you need to keep multiple versions of the same files, especially if several people (or one person at several places) may change them concurrently. Source code is only one exampe, it works for all kinds of text files and (although less efficiently) also for binary files. For example, we keep configuration files in CVS to keep an annotated history of changes. We also keep the contents of several web servers in CVS to sync them between multiple computers (e.g., my laptop, a test web server, and the production web server). If you are new to versioning systems, you may want to have a look at Subversion (svn). It is very similar to CVS but lacks some of the more annoying restrictions of CVS. hp -- _ | Peter J. Holzer \Beta means "we're down to fixing misspelled comments in |_|_) | Sysadmin WSR \the source, and you might run into a memory leak if | | | hjp at wsr.ac.at \you enable embedded haskell as a loadable module and __/ | http://www.hjp.at/ \write your plugins upside-down in lisp". --ae at op5.se -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 388 bytes Desc: not available URL: From jpdalbec at ysu.edu Tue May 10 18:24:42 2005 From: jpdalbec at ysu.edu (John Dalbec) Date: Tue, 10 May 2005 14:24:42 -0400 Subject: Problems With 2 Legacy Packages For Red Hat 9 Message-ID: <4280FC6A.5070103@ysu.edu> Make sure your "kernel" line in grub.conf looks like this: kernel /vmlinuz-2.4.20-43.9.legacysmp ro root=LABEL=/ apm=power-off nosysinfo Also you probably want to change the commented-out section at the top so that its "kernel" line looks like this: # kernel /vmlinuz-version ro root=LABEL=/ apm=power-off Each time you upgrade the kernel the postinst runs a program called "grubby" that automatically generates a GRUB configuration for the new kernel based on the commented-out section. If you add apm=power-off to that section it will automatically be added to each new kernel configuration. John From presariod at gmail.com Thu May 12 13:07:28 2005 From: presariod at gmail.com (Filippos Klironomos) Date: Thu, 12 May 2005 09:07:28 -0400 Subject: ACPI woes with 2.6.10-1.771_FC2.stk16 Message-ID: <5844a3ae05051206077ac7152c@mail.gmail.com> Hello list, I have a Compaq Presario and have installed RH for sometime now with ACPI working just fine. I upgraded to FC2 last year and compiled my own version of the kernel with ACPI still working just fine. Recently I upgraded to 2.6.10-1.771_FC2 with 16K stacks instead of the 8K so that the wireless driver can play along with 'ndiswrapper' but ACPI does not play along anymore. It more or less works but there are mysterious delays in the update status of the battery for example. Or if I try ot change the brightness of the screen I have to press the fn-f1 a couple of times in order for the previous changes to take effect. Anybody with similar problems? Thanks, Filippos From marcdeslauriers at videotron.ca Fri May 13 00:32:33 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 12 May 2005 20:32:33 -0400 Subject: [FLSA-2005:155508] Updated cvs package fixes security issues Message-ID: <4283F5A1.1060504@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated cvs package fixes security issues Advisory ID: FLSA:155508 Issue date: 2005-05-12 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2005-0753 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated cvs package that fixes security bugs is now available. CVS (Concurrent Version System) is a version control system. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: A buffer overflow bug was found in the way the CVS client processes version and author information. If a user can be tricked into connecting to a malicious CVS server, an attacker could execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0753 to this issue. All users of cvs should upgrade to this updated package, which includes a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155508 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cvs-1.11.1p1-17.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/cvs-1.11.1p1-17.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cvs-1.11.2-25.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/cvs-1.11.2-25.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cvs-1.11.17-1.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/cvs-1.11.17-1.2.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/cvs-1.11.17-2.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/cvs-1.11.17-2.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 44748e23bd996cce24d4ee94f8d690d54c9f02bd redhat/7.3/updates/i386/cvs-1.11.1p1-17.legacy.i386.rpm 742788f35e8aaaa5ea2914cc30138f81ca733720 redhat/7.3/updates/SRPMS/cvs-1.11.1p1-17.legacy.src.rpm 388ff1fb3678bbe9f548dd0de3b4c34a6b96edd0 redhat/9/updates/i386/cvs-1.11.2-25.legacy.i386.rpm cbe6667d386716c93de98f33f6a0e52ab4b2224f redhat/9/updates/SRPMS/cvs-1.11.2-25.legacy.src.rpm e88e07e612ef9a98760d7621feb62676c18744c2 fedora/1/updates/i386/cvs-1.11.17-1.2.legacy.i386.rpm 83f4ea1da32946f9d77dd0fc70ea8d8b651b15d3 fedora/1/updates/SRPMS/cvs-1.11.17-1.2.legacy.src.rpm e939ea46087822a17a68b6997ffd47df6cbe60bd fedora/2/updates/i386/cvs-1.11.17-2.2.legacy.i386.rpm b5fc3ff86a90d18e9515fe151e1915878c2aabf6 fedora/2/updates/SRPMS/cvs-1.11.17-2.2.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 13 00:33:24 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 12 May 2005 20:33:24 -0400 Subject: [FLSA-2005:154988] Updated openoffice.org packages fix security issues Message-ID: <4283F5D4.6070903@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated openoffice.org packages fix security issues Advisory ID: FLSA:154988 Issue date: 2005-05-12 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-0752 CAN-2005-0941 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated openoffice.org packages that fix two security issues are now available. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. 2. Relevant releases/architectures: Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: Secunia Research reported an issue with the handling of temporary files. A malicious local user could use this flaw to access the contents of another user's open documents. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0752 to this issue. A heap based buffer overflow bug was found in the OpenOffice.org DOC file processor. An attacker could create a carefully crafted DOC file in such a way that it could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to this issue. All users of OpenOffice.org are advised to upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154989 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154988 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154742 6. RPMs required: Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-1.0.2-11.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 8b3935db6ed8864aa0839971c272eacd4cb46963 redhat/9/updates/i386/openoffice-1.0.2-11.2.legacy.i386.rpm b3bbc948ec2c261fe0b44bc5f6ffd0d38243c241 redhat/9/updates/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm fc5a82e620de2fd69f3327382a44c6159c73087d redhat/9/updates/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm b71dd5e5630c2967e78d4e9339075d736b6b6773 redhat/9/updates/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm e93f1b81c245b1d5168256b24aa8c82f6dacb2da fedora/1/updates/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm 1adaa0cf3764aaef0cd8a9597d24f217ee547d0a fedora/1/updates/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm 2ebd3693673e0320c2d6407696949cf0fef2b9b3 fedora/1/updates/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm d9ca1a29721ad845db6de1a01c6096163e54078d fedora/1/updates/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm a28d80af75d648060587326ef3872a240e339b87 fedora/2/updates/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm ff7f301dfedbb042810991928ec59aee83c2b12e fedora/2/updates/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm ed14c1e035b9a1fa44b1c16812bae81894d74828 fedora/2/updates/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm 06e156914d032b19deb05c27da73fd6901b45fe5 fedora/2/updates/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm a003e78128a72b0d297d0fdb5faf5e1793cd02e6 fedora/2/updates/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 13 00:34:02 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 12 May 2005 20:34:02 -0400 Subject: [FLSA-2005:152912] Updated imap packages fix security issues Message-ID: <4283F5FA.40205@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated imap packages fix security issues Advisory ID: FLSA:152912 Issue date: 2005-05-12 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2003-0297 CAN-2005-0198 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated imap packages that fix security issues are now available. The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: A buffer overflow flaw was found in the c-client IMAP client. An attacker could create a malicious IMAP server that if connected to by a victim could execute arbitrary code on the client machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0297 to this issue. A logic error in the CRAM-MD5 code in the University of Washington IMAP (UW-IMAP) server was discovered. When Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, UW-IMAP does not properly enforce all the required conditions for successful authentication, which could allow remote attackers to authenticate as arbitrary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0198 to this issue. Users of imap are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152912 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/imap-2001a-10.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/imap-2001a-10.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/imap-devel-2001a-10.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/imap-2001a-18.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/imap-2001a-18.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/imap-devel-2001a-18.1.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/imap-2002d-3.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/imap-2002d-3.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/imap-devel-2002d-3.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 3dac230d4b4ed898d1adaf3e58ce5b13e80159dc redhat/7.3/updates/i386/imap-2001a-10.1.legacy.i386.rpm 766f42e2292693d1b0500dc151823d13382595c5 redhat/7.3/updates/i386/imap-devel-2001a-10.1.legacy.i386.rpm 787996b44c48692932c345e72d32b4460576570e redhat/7.3/updates/SRPMS/imap-2001a-10.1.legacy.src.rpm f4998e31f0121b54e6b618007a6c1a7ff8a08182 redhat/9/updates/i386/imap-2001a-18.1.legacy.i386.rpm d99cd4c0c0c83328a309c0263682dfbaa4e752ed redhat/9/updates/i386/imap-devel-2001a-18.1.legacy.i386.rpm 6f8cac716e78dfcfe307dc5b4db6c604e2f47049 redhat/9/updates/SRPMS/imap-2001a-18.1.legacy.src.rpm 69ef237bbd50fc425e00be7093d3de1ddd919de1 fedora/1/updates/i386/imap-2002d-3.1.legacy.i386.rpm 028d73692c13e4182788605987d246629e24df07 fedora/1/updates/i386/imap-devel-2002d-3.1.legacy.i386.rpm 732db7ca229fc939456a2db14ae65c46f2fd7586 fedora/1/updates/SRPMS/imap-2002d-3.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0198 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 13 00:34:42 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 12 May 2005 20:34:42 -0400 Subject: [FLSA-2005:152871] Updated nfs-utils package fixes security issue Message-ID: <4283F622.8070302@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated nfs-utils package fixes security issue Advisory ID: FLSA:152871 Issue date: 2005-05-12 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-1014 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated nfs-utils package that fixes a security issue is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools, providing a much higher level of performance than the traditional Linux NFS server used by most users. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1014 to this issue. All users of nfs-utils should upgrade to this updated package, which resolves this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152871 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 8c5abe86dcf8c54d71fdb7431df159405fed830b redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm e6ed500f9a027f882410942eeba7807a02e7684a redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm 4b5a41715061a0d4e04d2b7310657ccf9cb1a3cb redhat/9/updates/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm 37e2bb721b47e569bd9e6ee922532f9d9e8dcde3 redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm 8720cd5101f6d989e2f0695a54049561644ccd93 fedora/1/updates/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm 7320e145578c605b50ab7dcfb46ff4c152b0487c fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 13 00:35:26 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 12 May 2005 20:35:26 -0400 Subject: [FLSA-2005:152856] Updated sudo packages fix security issue Message-ID: <4283F64E.9010500@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated sudo packages fix security issue Advisory ID: FLSA:152856 Issue date: 2005-05-12 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-1051 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated sudo packages that fix a security issue are now available. Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1051 to this issue. Users of sudo are advised to upgrade to these errata packages, which contain a patch correcting this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152856 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sudo-1.6.5p2-2.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/sudo-1.6.5p2-2.2.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sudo-1.6.6-3.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/sudo-1.6.6-3.2.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sudo-1.6.7p5-2.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/sudo-1.6.7p5-2.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 19c703b635c9e4299d39b60d9cd16d750a4f6d89 redhat/7.3/updates/i386/sudo-1.6.5p2-2.2.legacy.i386.rpm 9225335d8ca64ca7e1cb1fd98a09a9821ab9b0d8 redhat/7.3/updates/SRPMS/sudo-1.6.5p2-2.2.legacy.src.rpm 73e1ce58ba8f6c211da4271d8f7a792aa01acba2 redhat/9/updates/i386/sudo-1.6.6-3.2.legacy.i386.rpm 4a9c1de46d43694ec94688cfc021ade0dc0b1678 redhat/9/updates/SRPMS/sudo-1.6.6-3.2.legacy.src.rpm a990c5c070acd9ae8c50181487f2f9cdacb38378 fedora/1/updates/i386/sudo-1.6.7p5-2.2.legacy.i386.rpm fe6b14daf1f5190e7d39625d6048bb415ba8851c fedora/1/updates/SRPMS/sudo-1.6.7p5-2.2.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1051 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 13 00:36:03 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 12 May 2005 20:36:03 -0400 Subject: [FLSA-2005:152804] Updated openmotif packages fix image vulnerability Message-ID: <4283F673.8090105@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated openmotif packages fix image vulnerability Advisory ID: FLSA:152804 Issue date: 2005-05-12 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-0687 CAN-2004-0688 CAN-2004-0914 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated openmotif packages that fix flaws in the Xpm image library are now available. OpenMotif provides libraries which implement the Motif industry standard graphical user interface. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues. Users of OpenMotif are advised to upgrade to these erratum packages, which contain backported security patches to the embedded libXpm library. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152804 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openmotif21-2.1.30-1.2.legacy.src.rpm http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openmotif-2.2.2-5.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/openmotif21-2.1.30-1.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/openmotif-2.2.2-5.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/openmotif-devel-2.2.2-5.2.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openmotif21-2.1.30-8.0.9.2.legacy.src.rpm http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openmotif-2.2.2-14.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif21-2.1.30-8.0.9.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif-2.2.2-14.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif-devel-2.2.2-14.2.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openmotif21-2.1.30-8.2.legacy.src.rpm http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openmotif-2.2.2-16.1.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif21-2.1.30-8.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif-2.2.2-16.1.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif-devel-2.2.2-16.1.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- fdb330d0eb404befeab472a98001c7a3e9a3a285 redhat/7.3/updates/i386/openmotif21-2.1.30-1.2.legacy.i386.rpm 069006be17df36fb8bdd4f3144922f2a82b3f255 redhat/7.3/updates/i386/openmotif-2.2.2-5.2.legacy.i386.rpm a687cebff8a3bd4083953a127acc4c5aa47abd56 redhat/7.3/updates/i386/openmotif-devel-2.2.2-5.2.legacy.i386.rpm 015a88a9538a818261d0841a56d77be8135d80a9 redhat/7.3/updates/SRPMS/openmotif21-2.1.30-1.2.legacy.src.rpm b21a945dc27b5a485f31acf2f9c30deb2fc4eddd redhat/7.3/updates/SRPMS/openmotif-2.2.2-5.2.legacy.src.rpm e215ee7469ba2087b03d92754703089fea7d3daf redhat/9/updates/i386/openmotif21-2.1.30-8.0.9.2.legacy.i386.rpm 685a0ac8194730e6ccd4f56ae375052beca011b8 redhat/9/updates/i386/openmotif-2.2.2-14.2.legacy.i386.rpm 55805c44030bd081907ef461a9d752c16ec66907 redhat/9/updates/i386/openmotif-devel-2.2.2-14.2.legacy.i386.rpm 4ac7fe6bbc1c51cc954349fa7fb9428184d0da79 redhat/9/updates/SRPMS/openmotif21-2.1.30-8.0.9.2.legacy.src.rpm 4e4a5d7c2554a082075bbd7990aaa2c289cc74df redhat/9/updates/SRPMS/openmotif-2.2.2-14.2.legacy.src.rpm 4b3d11f17b6997670140d6b39086050ea77928bc fedora/1/updates/i386/openmotif21-2.1.30-8.2.legacy.i386.rpm 1e7c9aa8fa59add13c049193bfcadc6cf9f18613 fedora/1/updates/i386/openmotif-2.2.2-16.1.2.legacy.i386.rpm 14b5b94cad04f7d08e287651be552ff37adb38f8 fedora/1/updates/i386/openmotif-devel-2.2.2-16.1.2.legacy.i386.rpm 45fb3379e2a7c981bc5f7a43395bf793ba1135ac fedora/1/updates/SRPMS/openmotif21-2.1.30-8.2.legacy.src.rpm 301a695b034118ceee64f92b0778a08919871374 fedora/1/updates/SRPMS/openmotif-2.2.2-16.1.2.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 13 00:36:37 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 12 May 2005 20:36:37 -0400 Subject: [FLSA-2005:152768] Updated ruby package fixes security issues Message-ID: <4283F695.7070203@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated ruby package fixes security issues Advisory ID: FLSA:152768 Issue date: 2005-05-12 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-0755 CAN-2004-0983 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: An updated ruby package that fixes security issues is now available. Ruby is an interpreted scripting language for object-oriented programming. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: A flaw was discovered in the CGI module of Ruby. If empty data is sent by the POST method to the CGI script which requires MIME type multipart/form-data, it can get stuck in a loop. A remote attacker could trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0983 to this issue. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0755 to this issue. Users are advised to upgrade to this erratum package, which contains backported patches fixing these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152768 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ruby-1.6.7-5.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/irb-1.6.7-5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-1.6.7-5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-devel-1.6.7-5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-docs-1.6.7-5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-libs-1.6.7-5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-mode-1.6.7-5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-tcltk-1.6.7-5.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ruby-1.6.8-6.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/irb-1.6.8-6.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-1.6.8-6.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-devel-1.6.8-6.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-docs-1.6.8-6.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-libs-1.6.8-6.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-mode-1.6.8-6.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-tcltk-1.6.8-6.2.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/ruby-1.8.0-5.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/irb-1.8.0-5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-1.8.0-5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-devel-1.8.0-5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-docs-1.8.0-5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-libs-1.8.0-5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-mode-1.8.0-5.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-tcltk-1.8.0-5.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 20229f10316a40bf968cfd79e54326d9853d62fa redhat/7.3/updates/i386/irb-1.6.7-5.legacy.i386.rpm 9221938904eb3752f6f662793590d0fd485717a3 redhat/7.3/updates/i386/ruby-1.6.7-5.legacy.i386.rpm e75c9fb30e5cc1ce70cc626269ee694bdc4ea192 redhat/7.3/updates/i386/ruby-devel-1.6.7-5.legacy.i386.rpm 2f0efc45d8fc54bc2dd1be177c104e09f0869e5a redhat/7.3/updates/i386/ruby-docs-1.6.7-5.legacy.i386.rpm f57720143f0c3cc0414f35bac468d2a43a4f4ba5 redhat/7.3/updates/i386/ruby-libs-1.6.7-5.legacy.i386.rpm c54372b3e92143c6a485a1eaec28e88084feda1c redhat/7.3/updates/i386/ruby-mode-1.6.7-5.legacy.i386.rpm 074cef5949a3d172808a482a8ce0854c2f57dae9 redhat/7.3/updates/i386/ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm 268350eb562c748eff321f7a60d4e8b2b35a75b4 redhat/7.3/updates/i386/ruby-tcltk-1.6.7-5.legacy.i386.rpm 27418dc877d16766d22fc1906ce15b9937d2d631 redhat/7.3/updates/SRPMS/ruby-1.6.7-5.legacy.src.rpm 2bdad0706f49449491a7e48158d8d2e5796fc043 redhat/9/updates/i386/irb-1.6.8-6.2.legacy.i386.rpm 3ff73cc2715e1e05b89c793a990d632a6e2d5ebc redhat/9/updates/i386/ruby-1.6.8-6.2.legacy.i386.rpm 4d9d86ee0b1393cd4d081404fb8905d0b58af1ec redhat/9/updates/i386/ruby-devel-1.6.8-6.2.legacy.i386.rpm f8c4d14d8bbc90e974824eb355f7031d6d988fbb redhat/9/updates/i386/ruby-docs-1.6.8-6.2.legacy.i386.rpm 679649deebf9ffcfbeadadf0797aa4becf19e61e redhat/9/updates/i386/ruby-libs-1.6.8-6.2.legacy.i386.rpm dda4147c16cbbb684a96e41393d2d2e9d162718d redhat/9/updates/i386/ruby-mode-1.6.8-6.2.legacy.i386.rpm 6146235cd606bbcccf6b5a0cfe3548aeccf06fa8 redhat/9/updates/i386/ruby-tcltk-1.6.8-6.2.legacy.i386.rpm 42a4bbd8fb1938e18fd74bb6681f161bdf563048 redhat/9/updates/SRPMS/ruby-1.6.8-6.2.legacy.src.rpm 04c2365f7f3e81d6301cea8202b6da93049d8830 fedora/1/updates/i386/irb-1.8.0-5.legacy.i386.rpm f316e376df3ec8ef4d36492f1059fc830116579a fedora/1/updates/i386/ruby-1.8.0-5.legacy.i386.rpm 99152c9afef3260c395d98918f6dce80cdde6b33 fedora/1/updates/i386/ruby-devel-1.8.0-5.legacy.i386.rpm db7227360fff6dd7bfa038732267296867bfc100 fedora/1/updates/i386/ruby-docs-1.8.0-5.legacy.i386.rpm a1cdd38cd7899553856b474ab8a83430be7c0416 fedora/1/updates/i386/ruby-libs-1.8.0-5.legacy.i386.rpm ee5fb8899a19891ad523a0eedaa2b91ce9e99bd4 fedora/1/updates/i386/ruby-mode-1.8.0-5.legacy.i386.rpm b04a2aab214b5acdcc244efd13953dca51255d64 fedora/1/updates/i386/ruby-tcltk-1.8.0-5.legacy.i386.rpm e0776a0929040910b9059993a26ada0008f641c6 fedora/1/updates/SRPMS/ruby-1.8.0-5.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0983 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Fri May 13 00:37:13 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Thu, 12 May 2005 20:37:13 -0400 Subject: [FLSA-2005:152763] Updated qt packages fixes security issues Message-ID: <4283F6B9.6030905@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated qt packages fixes security issues Advisory ID: FLSA:152763 Issue date: 2005-05-12 Product: Red Hat Linux Keywords: Bugfix CVE Names: CAN-2004-0691 CAN-2004-0692 CAN-2004-0693 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated qt packages that fix security issues in several of the image decoders are now available. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 3. Problem description: During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152763 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/qt2-2.3.1-4.legacy.src.rpm http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/qt-3.0.5-7.16.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-2.3.1-4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-designer-2.3.1-4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-devel-2.3.1-4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-static-2.3.1-4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-Xt-2.3.1-4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-3.0.5-7.16.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-designer-3.0.5-7.16.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-devel-3.0.5-7.16.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-MySQL-3.0.5-7.16.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-ODBC-3.0.5-7.16.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-PostgreSQL-3.0.5-7.16.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-static-3.0.5-7.16.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-Xt-3.0.5-7.16.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/qt2-2.3.1-14.legacy.src.rpm http://download.fedoralegacy.org/redhat/9/updates/SRPMS/qt-3.1.1-8.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-2.3.1-14.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-designer-2.3.1-14.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-devel-2.3.1-14.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-static-2.3.1-14.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-Xt-2.3.1-14.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt-3.1.1-8.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt-designer-3.1.1-8.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt-devel-3.1.1-8.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt-MySQL-3.1.1-8.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt-ODBC-3.1.1-8.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt-PostgreSQL-3.1.1-8.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/qt-Xt-3.1.1-8.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 31dd5bcfd8477e31b15e0cdc52830a23024ada53 redhat/7.3/updates/i386/qt2-2.3.1-4.legacy.i386.rpm 666926b1e02da9edcf44d025fee98326c86cd62d redhat/7.3/updates/i386/qt2-designer-2.3.1-4.legacy.i386.rpm f8abe3a856df3b6f6328e3a097b47d0e5f2c270e redhat/7.3/updates/i386/qt2-devel-2.3.1-4.legacy.i386.rpm 7916b1d34f01c8f30d0f99485e2a2d3882fa85fd redhat/7.3/updates/i386/qt2-static-2.3.1-4.legacy.i386.rpm 9c9876dc717734169f27e0eaa4daeb2ab70ff61f redhat/7.3/updates/i386/qt2-Xt-2.3.1-4.legacy.i386.rpm 45de88207a2ed8fcc9f6b9e25e38b7ecd2c3c543 redhat/7.3/updates/i386/qt-3.0.5-7.16.legacy.i386.rpm f93cc80d6ef57b73c6be11cd055e5f7158b102fa redhat/7.3/updates/i386/qt-designer-3.0.5-7.16.legacy.i386.rpm b8301c059ecb90c497812f082e226cb504505ff2 redhat/7.3/updates/i386/qt-devel-3.0.5-7.16.legacy.i386.rpm d2168c04a5ad203d85b61217351f702a93b937e2 redhat/7.3/updates/i386/qt-MySQL-3.0.5-7.16.legacy.i386.rpm 0ec08637df7a76b3512ecebc8705776770b797eb redhat/7.3/updates/i386/qt-ODBC-3.0.5-7.16.legacy.i386.rpm 3374709a77752ffb1db8f4f4e82e67af58745007 redhat/7.3/updates/i386/qt-PostgreSQL-3.0.5-7.16.legacy.i386.rpm f717c6632e65f2f18d99a76d19716e4c1f39445e redhat/7.3/updates/i386/qt-static-3.0.5-7.16.legacy.i386.rpm a90a2ae47135a28830fb099dd9acdcfd1f83e199 redhat/7.3/updates/i386/qt-Xt-3.0.5-7.16.legacy.i386.rpm c9c98eff73d7fe6147ffa72baba764cdbfdd0d93 redhat/7.3/updates/SRPMS/qt2-2.3.1-4.legacy.src.rpm 884033926f37ed56e60a750a9ad394436f8b9b4a redhat/7.3/updates/SRPMS/qt-3.0.5-7.16.legacy.src.rpm db6801606256ca8a27eb53737981194e0a1ea01c redhat/9/updates/i386/qt2-2.3.1-14.legacy.i386.rpm 7f1718735932279b4a8a7ff480cda6186f4e0b52 redhat/9/updates/i386/qt2-designer-2.3.1-14.legacy.i386.rpm 39fec48edde4bec460fba6781c19551a2454d52e redhat/9/updates/i386/qt2-devel-2.3.1-14.legacy.i386.rpm 4aeee3f5f2db49275838920f4980b24f074aa1dc redhat/9/updates/i386/qt2-static-2.3.1-14.legacy.i386.rpm a8c42841b7d5184f4668890bd04aa68c62fc23cb redhat/9/updates/i386/qt2-Xt-2.3.1-14.legacy.i386.rpm 18f51017809f1a78289b3b1756c6944ef0c1ca71 redhat/9/updates/i386/qt-3.1.1-8.legacy.i386.rpm c275220a14e1d3f67494eda9674b112dd1925aa7 redhat/9/updates/i386/qt-designer-3.1.1-8.legacy.i386.rpm 4c90b5e9ffdc7c572c0cf4474cda40c46f07c5c0 redhat/9/updates/i386/qt-devel-3.1.1-8.legacy.i386.rpm bb50a60d29c5b97a5033839f900781c1d7fa6af6 redhat/9/updates/i386/qt-MySQL-3.1.1-8.legacy.i386.rpm 7f79b8bcad7a045614ac3f6cd34af6c2ee365cce redhat/9/updates/i386/qt-ODBC-3.1.1-8.legacy.i386.rpm 2fa4db773641f4f0d67fddd2479a6d992e847825 redhat/9/updates/i386/qt-PostgreSQL-3.1.1-8.legacy.i386.rpm 9537f1669fce9e3a9d9836e892e850315b7ecf39 redhat/9/updates/i386/qt-Xt-3.1.1-8.legacy.i386.rpm a3ad6d0143139b7fa537cdcf7c121ce120d0bd92 redhat/9/updates/SRPMS/qt2-2.3.1-14.legacy.src.rpm a5bd53a0a7be64720c4a70510344a5bd5ae5c64b redhat/9/updates/SRPMS/qt-3.1.1-8.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From pekkas at netcore.fi Fri May 13 09:01:28 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Fri, 13 May 2005 12:01:28 +0300 (EEST) Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503120158.A14453@mail.harddata.com> <20050505160617.GA26975@jadzia.bu.edu> Message-ID: Hi, I modified the script to exclude those packages which have NEEDSWORK from PUBLISH list (i.e., which have packages for some arches, but not for others). I think this is an improvement because a package can't be pushed to updates-testing in any case before the packages exist and are published for all the distro versions. I'm also updating the URLs below manually now and then (typically around once a day) for my own bug browsing benefit, but the others are welcome to using them until if you want until a more authoritative source appears. On Thu, 5 May 2005, Pekka Savola wrote: > On Thu, 5 May 2005, Matthew Miller wrote: >> On Thu, May 05, 2005 at 09:52:23AM +0300, Pekka Savola wrote: >>> http://netcore.fi/pekkas/buglist.html >>> http://netcore.fi/pekkas/buglist-rhl73.html >>> http://netcore.fi/pekkas/buglist-rhl9.html >>> http://netcore.fi/pekkas/buglist-core1.html >>> http://netcore.fi/pekkas/buglist-fc2.html >>> That should help a bit for folks just focusing on particular versions. >> >> Are you currently regenerating these from cron at all? > > Nope, just manual regeneration now and then.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------- next part -------------- A non-text attachment was scrubbed... Name: create-buglist.sh Type: application/x-sh Size: 2369 bytes Desc: URL: From igor.mozetic at gmail.com Fri May 13 09:26:26 2005 From: igor.mozetic at gmail.com (Igor Mozetic) Date: Fri, 13 May 2005 11:26:26 +0200 Subject: APT support? Message-ID: <342deca5050513022616bb7d15@mail.gmail.com> I'm trying to use APT for the legacy updates of FC2. It seems that the metadata are not (yet) correctly generated. This is the relevant part of my sources.list: rpm http://download.fedoralegacy.org apt/fedora/2/i386 updates and this is the response of "apt-get update": ... Get:1 http://download.fedoralegacy.org apt/fedora/2/i386/updates pkglist [883kB] Get:2 http://download.fedoralegacy.org apt/fedora/2/i386/updates release [126B] Fetched 883kB in 5s (158kB/s) Reading Package Lists... Done Building Dependency Tree... Done W: Release file did not contain checksum information for http://download.fedoralegacy.org/apt/fedora/2/i386/base/pkglist.updates W: Release file did not contain checksum information for http://download.fedoralegacy.org/apt/fedora/2/i386/base/release.updates W: You may want to run apt-get update to correct these problems Am I missing something? Regards, Igor From jbyrd at well.com Fri May 13 16:10:36 2005 From: jbyrd at well.com (John Byrd) Date: Fri, 13 May 2005 09:10:36 -0700 Subject: Thanks Message-ID: <000801c557d6$4d80ed40$6401a8c0@courtesan> Just a quick note of thanks to everyone on the list for tracking down and backporting all these patches. I really appreciate the efforts that have gone into maintaining RedHat 9 in particular, which has really increased the useful life of the web server that I maintain. Thank you all so much. Sincerely, John Byrd -------------- next part -------------- An HTML attachment was scrubbed... URL: From alberto.sera at arssys.com Sat May 14 13:45:04 2005 From: alberto.sera at arssys.com (Al Sera) Date: Sat, 14 May 2005 09:45:04 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update Message-ID: <428600E0.9000600@arssys.com> Basically the update is showing conflicts for mostly header files from the lesstif-devel-0.93.36-3 package. I wonder if anyone is having this same problem. Following is a copy of the "yum update" attempt. I am hoping this is the correct method to report the issue. If not, I apologize... and please advise with the correct method. Best regards. [ars]. [root]# yum update Gathering header information file(s) from server(s) Server: Red Hat Linux 9 - i386 - Base retrygrab() failed for: ftp://linux21.fnal.gov/linux/legacy/redhat/9/os/headers/header.info Executing failover method retrygrab() failed for: ftp://mirror.physics.ncsu.edu/mirror/download.fedoralegacy.org/redhat/i386/os/headers/header.info Executing failover method retrygrab() failed for: http://mirror.datapipe.net/fedoralegacy/redhat/i386/os/headers/header.info Executing failover method retrygrab() failed for: ftp://mirror.datapipe.net/fedoralegacy/redhat/i386/os/headers/header.info Executing failover method Server: Red Hat Linux 9 - i386 - Fedora Legacy utilities retrygrab() failed for: ftp://mirror.physics.ncsu.edu/mirror/download.fedoralegacy.org/redhat/9/legacy-utils/i386/headers/header.info Executing failover method Server: Red Hat Linux 9 - i386 - Updates retrygrab() failed for: ftp://linux21.fnal.gov/linux/legacy/redhat/9/updates/headers/header.info Executing failover method retrygrab() failed for: ftp://mirror.physics.ncsu.edu/mirror/download.fedoralegacy.org/redhat/i386/updates/headers/header.info Executing failover method retrygrab() failed for: http://mirror.datapipe.net/fedoralegacy/redhat/i386/updates/headers/header.info Executing failover method retrygrab() failed for: ftp://mirror.datapipe.net/fedoralegacy/redhat/i386/updates/headers/header.info Executing failover method Finding updated packages Downloading needed headers ruby-tcltk-0-1.6.8-6.2.le 100% |=========================| 6.0 kB 00:00 ruby-libs-0-1.6.8-6.2.leg 100% |=========================| 10 kB 00:00 openmotif-devel-0-2.2.2-1 100% |=========================| 27 kB 00:00 qt-devel-1-3.1.1-8.legacy 100% |=========================| 142 kB 00:01 ruby-devel-0-1.6.8-6.2.le 100% |=========================| 5.0 kB 00:00 qt-designer-1-3.1.1-8.leg 100% |=========================| 9.1 kB 00:00 openmotif21-0-2.1.30-8.0. 100% |=========================| 2.8 kB 00:00 qt2-devel-1-2.3.1-14.lega 100% |=========================| 15 kB 00:00 qt-1-3.1.1-8.legacy.i386. 100% |=========================| 9.7 kB 00:00 qt2-static-1-2.3.1-14.leg 100% |=========================| 5.5 kB 00:00 nfs-utils-0-1.0.1-3.9.1.l 100% |=========================| 6.7 kB 00:00 ruby-0-1.6.8-6.2.legacy.i 100% |=========================| 6.8 kB 00:00 irb-0-1.6.8-6.2.legacy.i3 100% |=========================| 5.5 kB 00:00 qt2-designer-1-2.3.1-14.l 100% |=========================| 5.5 kB 00:00 cvs-0-1.11.2-25.legacy.i3 100% |=========================| 6.3 kB 00:00 imap-devel-1-2001a-18.1.l 100% |=========================| 9.2 kB 00:00 qt2-1-2.3.1-14.legacy.i38 100% |=========================| 6.6 kB 00:00 openmotif-0-2.2.2-14.2.le 100% |=========================| 4.9 kB 00:00 openoffice-0-1.0.2-11.2.l 100% |=========================| 92 kB 00:01 openoffice-libs-0-1.0.2-1 100% |=========================| 13 kB 00:00 imap-1-2001a-18.1.legacy. 100% |=========================| 7.3 kB 00:00 qt-ODBC-1-3.1.1-8.legacy. 100% |=========================| 8.3 kB 00:00 qt-MySQL-1-3.1.1-8.legacy 100% |=========================| 8.3 kB 00:00 ruby-mode-0-1.6.8-6.2.leg 100% |=========================| 4.8 kB 00:00 qt-PostgreSQL-1-3.1.1-8.l 100% |=========================| 8.3 kB 00:00 qt2-Xt-1-2.3.1-14.legacy. 100% |=========================| 5.5 kB 00:00 ruby-docs-0-1.6.8-6.2.leg 100% |=========================| 19 kB 00:00 sudo-0-1.6.6-3.2.legacy.i 100% |=========================| 3.6 kB 00:00 qt-Xt-1-3.1.1-8.legacy.i3 100% |=========================| 8.4 kB 00:00 openoffice-i18n-0-1.0.2-1 100% |=========================| 36 kB 00:00 Resolving dependencies Dependencies resolved I will do the following: [update: qt-devel 1:3.1.1-8.legacy.i386] [update: ruby 1.6.8-6.2.legacy.i386] [update: ruby-devel 1.6.8-6.2.legacy.i386] [update: cvs 1.11.2-25.legacy.i386] [update: ruby-tcltk 1.6.8-6.2.legacy.i386] [update: qt-designer 1:3.1.1-8.legacy.i386] [update: openmotif-devel 2.2.2-14.2.legacy.i386] [update: imap-devel 1:2001a-18.1.legacy.i386] [update: openmotif 2.2.2-14.2.legacy.i386] [update: qt2 1:2.3.1-14.legacy.i386] [update: qt2-designer 1:2.3.1-14.legacy.i386] [update: ruby-libs 1.6.8-6.2.legacy.i386] [update: openmotif21 2.1.30-8.0.9.2.legacy.i386] [update: qt 1:3.1.1-8.legacy.i386] [update: qt2-static 1:2.3.1-14.legacy.i386] [update: qt2-devel 1:2.3.1-14.legacy.i386] [update: nfs-utils 1.0.1-3.9.1.legacy.i386] [update: irb 1.6.8-6.2.legacy.i386] Is this ok [y/N]: y Getting qt-devel-3.1.1-8.legacy.i386.rpm qt-devel-3.1.1-8.legacy.i 100% |=========================| 9.8 MB 00:57 Getting ruby-1.6.8-6.2.legacy.i386.rpm ruby-1.6.8-6.2.legacy.i38 100% |=========================| 173 kB 00:01 Getting ruby-devel-1.6.8-6.2.legacy.i386.rpm ruby-devel-1.6.8-6.2.lega 100% |=========================| 409 kB 00:02 Getting cvs-1.11.2-25.legacy.i386.rpm cvs-1.11.2-25.legacy.i386 100% |=========================| 1.1 MB 00:06 Getting ruby-tcltk-1.6.8-6.2.legacy.i386.rpm ruby-tcltk-1.6.8-6.2.lega 100% |=========================| 129 kB 00:01 Getting qt-designer-3.1.1-8.legacy.i386.rpm qt-designer-3.1.1-8.legac 100% |=========================| 683 kB 00:04 Getting openmotif-devel-2.2.2-14.2.legacy.i386.rpm openmotif-devel-2.2.2-14. 100% |=========================| 2.7 MB 00:15 Getting imap-devel-2001a-18.1.legacy.i386.rpm imap-devel-2001a-18.1.leg 100% |=========================| 730 kB 00:04 Getting openmotif-2.2.2-14.2.legacy.i386.rpm openmotif-2.2.2-14.2.lega 100% |=========================| 1.3 MB 00:08 Getting qt2-2.3.1-14.legacy.i386.rpm qt2-2.3.1-14.legacy.i386. 100% |=========================| 3.9 MB 00:22 Getting qt2-designer-2.3.1-14.legacy.i386.rpm qt2-designer-2.3.1-14.leg 100% |=========================| 2.1 MB 00:12 Getting ruby-libs-1.6.8-6.2.legacy.i386.rpm ruby-libs-1.6.8-6.2.legac 100% |=========================| 1.1 MB 00:06 Getting openmotif21-2.1.30-8.0.9.2.legacy.i386.rpm openmotif21-2.1.30-8.0.9. 100% |=========================| 923 kB 00:05 Getting qt-3.1.1-8.legacy.i386.rpm qt-3.1.1-8.legacy.i386.rp 100% |=========================| 4.0 MB 00:23 Getting qt2-static-2.3.1-14.legacy.i386.rpm qt2-static-2.3.1-14.legac 100% |=========================| 4.8 MB 00:27 Getting qt2-devel-2.3.1-14.legacy.i386.rpm qt2-devel-2.3.1-14.legacy 100% |=========================| 1.4 MB 00:08 Getting nfs-utils-1.0.1-3.9.1.legacy.i386.rpm nfs-utils-1.0.1-3.9.1.leg 100% |=========================| 191 kB 00:01 Getting irb-1.6.8-6.2.legacy.i386.rpm irb-1.6.8-6.2.legacy.i386 100% |=========================| 49 kB 00:00 Running test transaction: Errors reported doing trial run file /usr/X11R6/include/Mrm/MrmAppl.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Mrm/MrmDecls.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Mrm/MrmPublic.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ArrowB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ArrowBG.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ArrowBGP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ArrowBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/AtomMgr.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/BaseClassP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/BulletinB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/BulletinBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/CacheP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/CascadeB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/CascadeBG.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/CascadeBGP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/CascadeBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Command.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/CommandP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/CutPaste.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DesktopP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DialogS.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DialogSEP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DialogSP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Display.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DisplayP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DragC.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DragCP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DragDrop.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DragIcon.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DragIconP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DragOverS.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DragOverSP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DrawP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DrawingA.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DrawingAP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DrawnB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DrawnBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DropSMgr.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DropSMgrP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DropTrans.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/DropTransP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ExtObjectP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/FileSB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/FileSBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Form.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/FormP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Frame.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/FrameP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/GadgetP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Label.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/LabelG.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/LabelGP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/LabelP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/List.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ListP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/MainW.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/MainWP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ManagerP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/MenuShell.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/MenuShellP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/MenuUtilP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/MessageB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/MessageBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/MwmUtil.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/PanedW.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/PanedWP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/PrimitiveP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Protocols.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ProtocolsP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/PushB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/PushBG.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/PushBGP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/PushBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/RepType.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/RowColumn.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/RowColumnP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/SashP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Scale.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ScaleP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Screen.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ScreenP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ScrollBar.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ScrollBarP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ScrolledW.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ScrolledWP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/SelectioB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/SelectioBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/SeparatoG.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/SeparatoGP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Separator.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/SeparatorP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ShellEP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TearOffBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TearOffP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Text.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TextF.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TextFP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TextFSelP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TextInP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TextOutP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TextP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TextSelP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TextStrSoP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ToggleB.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ToggleBG.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ToggleBGP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/ToggleBP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/TransltnsP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/VaSimpleP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/VendorS.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/VendorSEP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/VendorSP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/VirtKeys.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/VirtKeysP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/Xm.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/XmAll.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/XmP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/XmStrDefs.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/Xm/XmosP.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/uil/Uil.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/uil/UilDBDef.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/uil/UilDef.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/uil/UilSymDef.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/uil/UilSymGl.h from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 file /usr/X11R6/include/uil/XmAppl.uil from install of openmotif-devel-2.2.2-14.2.legacy conflicts with file from package lesstif-devel-0.93.36-3 [root]# From bdm at fenrir.org.uk Sat May 14 14:08:40 2005 From: bdm at fenrir.org.uk (Brian Morrison) Date: Sat, 14 May 2005 15:08:40 +0100 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <428600E0.9000600@arssys.com> References: <428600E0.9000600@arssys.com> Message-ID: <20050514150840.73cdd7b9@ickx.fenrir.org.uk> On Sat, 14 May 2005 09:45:04 -0400 in 428600E0.9000600 at arssys.com Al Sera wrote: > Basically the update is showing conflicts for mostly header files > from the lesstif-devel-0.93.36-3 package. I wonder if anyone is > having this same problem. Following is a copy of the "yum update" > attempt. This is strange, I have no conflicts with the same two packages. The paths to the header files are: /usr/X11R6/include/Xm/ for openmotif-devel and /usr/X11R6/LessTif/Motif1.2/include/Xm/ for lesstif-devel so I'd suggest that something is wrong with your system somwhere. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From dcbw at redhat.com Sat May 14 14:09:41 2005 From: dcbw at redhat.com (Dan Williams) Date: Sat, 14 May 2005 10:09:41 -0400 (EDT) Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <428600E0.9000600@arssys.com> References: <428600E0.9000600@arssys.com> Message-ID: On Sat, 14 May 2005, Al Sera wrote: > Basically the update is showing conflicts for mostly header files from > the lesstif-devel-0.93.36-3 package. I wonder if anyone is having this > same problem. Following is a copy of the "yum update" attempt. > > I am hoping this is the correct method to report the issue. If not, I > apologize... and please advise with the correct method. Best regards. [ars]. Well, since OpenMotif and lesstif provide the same thing, a Motif-compatible toolkit. So I'd expect that their -devel packages would conflict. You'll probably have to remove either lesstif or openmotif. But, if both these packages are in the RH9 Legacy repository, this should get fixed in Legacy, since packages in the same repo should not conflict. Dan From beartooth at adelphia.net Sat May 14 16:20:46 2005 From: beartooth at adelphia.net (beartooth) Date: Sat, 14 May 2005 12:20:46 -0400 Subject: FC2 quit connecting Message-ID: Last night I upgraded my wife's 1998 pentium2 desktop from FC1 to FC2, using CDs which a helpful soul had downloaded and burned for me back in February; they had worked then, and FC2 ran fine on my testbed machine, a 1998 pentium2, until the other day when that antiques developed hardware trouble. (It's in the shop now.) The install seemed to go fine. When it was done and rebooted, it had saved all the obvious things I looked at, and it let me as root do "up2date yum" and "up2date kernel." Then I did "yum update." That also went fine, afaict; and since the main object of the upgrade was to get a better version of abiword for the book she's writing, I did "rpm -q abiword" both before and after the yum update; it did change. This morning it showed the usual signs of lacking connection: privoxy non-connects, a message from Pine saying "no such host as mail.adelphia.net," etc. But the upstairs machines, on the same router behind the same cable modem, were connecting. I tried checking the server settings off the main menu; eth0 was not listed. I tried rebooting, and watching the boot messages. After "enabling loopback interface" it didn't even try to bring up eth0! I tried hacking through the internet wizard. That got me to a configuration screen that was already set to use DHCP, but had an IP address in it which I didn't recognize -- it may be the one to my ISP directly. It certainly isn't one of the form 192.168.20.1xx which the DHCP in my router uses. What do I need to do, and how? Figure out (from ifconfig?) what the machine's MAC address is, and from that what IP it should use, then find the suspect one again and change it? Just do a "service start," where is something I disremember? Or .... -- Beartooth Neo-Redneck, Linux Evangelist FC 1&2, YDL 4; Pine 4.63, Pan 0.14.2; Privoxy 3.0.3; Dillo 0.8.4, Opera 8.0, Firefox 1.0.3, Epiphany 1.0.4 Remember that I have little idea what I am talking about. From alberto.sera at arssys.com Sat May 14 17:01:43 2005 From: alberto.sera at arssys.com (Al Sera) Date: Sat, 14 May 2005 13:01:43 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: References: <428600E0.9000600@arssys.com> Message-ID: <42862EF7.4020500@arssys.com> Dan Williams wrote: > On Sat, 14 May 2005, Al Sera wrote: > >>Basically the update is showing conflicts for mostly header files from >>the lesstif-devel-0.93.36-3 package. I wonder if anyone is having this >>same problem. Following is a copy of the "yum update" attempt. >> >>I am hoping this is the correct method to report the issue. If not, I >>apologize... and please advise with the correct method. Best regards. [ars]. > > > Well, since OpenMotif and lesstif provide the same thing, a Motif-compatible > toolkit. So I'd expect that their -devel packages would conflict. You'll > probably have to remove either lesstif or openmotif. > > But, if both these packages are in the RH9 Legacy repository, this should get > fixed in Legacy, since packages in the same repo should not conflict. > > Dan Looks to me like lesstif is not registered in the RH9 legacy repository. A "yum list lesstif" shows it in my RH9 box but not as an available package from the RH9 Legacy repository. So I guess I need to remove one and stick with the other. Since I am maintaining my box with Legacy updates, I'll stick with openmotif and will remove lesstif... unless anyone had any other suggestions. Thanks for the quick feedback. [ars]. From bdm at fenrir.org.uk Sat May 14 17:13:04 2005 From: bdm at fenrir.org.uk (Brian Morrison) Date: Sat, 14 May 2005 18:13:04 +0100 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <42862EF7.4020500@arssys.com> References: <428600E0.9000600@arssys.com> <42862EF7.4020500@arssys.com> Message-ID: <20050514181304.14f44bc6@ickx.fenrir.org.uk> On Sat, 14 May 2005 13:01:43 -0400 in 42862EF7.4020500 at arssys.com Al Sera wrote: > Dan Williams wrote: > > On Sat, 14 May 2005, Al Sera wrote: > > > >>Basically the update is showing conflicts for mostly header files > >from >the lesstif-devel-0.93.36-3 package. I wonder if anyone is > >having this >same problem. Following is a copy of the "yum update" > >attempt. > > >>I am hoping this is the correct method to report the issue. If not, > >I >apologize... and please advise with the correct method. Best > >regards. [ars]. > > > > > > Well, since OpenMotif and lesstif provide the same thing, a > > Motif-compatible toolkit. So I'd expect that their -devel packages > > would conflict. You'll probably have to remove either lesstif or > > openmotif. > > > > But, if both these packages are in the RH9 Legacy repository, this > > should get fixed in Legacy, since packages in the same repo should > > not conflict. > > > > Dan > > Looks to me like lesstif is not registered in the RH9 legacy > repository. A "yum list lesstif" shows it in my RH9 box but not as an > available package from the RH9 Legacy repository. So I guess I need > to remove one and stick with the other. Since I am maintaining my box > with Legacy updates, I'll stick with openmotif and will remove > lesstif... unless anyone had any other suggestions. Thanks for the > quick feedback. [ars]. No, lesstif is an RH9 package, not an RH9 legacy pacvkage. I have both installed on my system, the versions are the same as yours. rpm -ql for each package shows no clash of files as the headers are in different paths. I don't understand why you're having this problem unless you have rebuilt from source rpms with modified paths specified. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html From mattdm at mattdm.org Sat May 14 17:17:10 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sat, 14 May 2005 13:17:10 -0400 Subject: FC2 quit connecting In-Reply-To: References: Message-ID: <20050514171710.GA10605@jadzia.bu.edu> On Sat, May 14, 2005 at 12:20:46PM -0400, beartooth wrote: > Last night I upgraded my wife's 1998 pentium2 desktop from FC1 to FC2, > using CDs which a helpful soul had downloaded and burned for me back in > February; they had worked then, and FC2 ran fine on my testbed machine, a > 1998 pentium2, until the other day when that antiques developed hardware > trouble. (It's in the shop now.) Hi. We really don't have a lot of resources for technical support -- this list is mostly about producing updates for security issues. I'd highly recommend going to a newer version and asking questions on the main Fedora Core list. > I tried hacking through the internet wizard. That got me to a > configuration screen that was already set to use DHCP, but had an IP > address in it which I didn't recognize -- it may be the one to my ISP > directly. It certainly isn't one of the form 192.168.20.1xx which the DHCP > in my router uses. This is system-config-network? I'd suggest deleting all that and recreating. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 74 degrees Fahrenheit. From alberto.sera at arssys.com Sat May 14 17:27:22 2005 From: alberto.sera at arssys.com (Al Sera) Date: Sat, 14 May 2005 13:27:22 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <20050514181304.14f44bc6@ickx.fenrir.org.uk> References: <428600E0.9000600@arssys.com> <42862EF7.4020500@arssys.com> <20050514181304.14f44bc6@ickx.fenrir.org.uk> Message-ID: <428634FA.5030103@arssys.com> Brian Morrison wrote: > On Sat, 14 May 2005 13:01:43 -0400 in 42862EF7.4020500 at arssys.com Al > Sera wrote: > > >>Dan Williams wrote: >> >>>On Sat, 14 May 2005, Al Sera wrote: >>> >>> >>>>Basically the update is showing conflicts for mostly header files >> >>>from >the lesstif-devel-0.93.36-3 package. I wonder if anyone is >> >>>having this >same problem. Following is a copy of the "yum update" >>>attempt. > >>> >>>>I am hoping this is the correct method to report the issue. If not, >>> >>>I >apologize... and please advise with the correct method. Best >>>regards. [ars]. >>> >>> >>>Well, since OpenMotif and lesstif provide the same thing, a >>>Motif-compatible toolkit. So I'd expect that their -devel packages >>>would conflict. You'll probably have to remove either lesstif or >>>openmotif. >>> >>>But, if both these packages are in the RH9 Legacy repository, this >>>should get fixed in Legacy, since packages in the same repo should >>>not conflict. >>> >>>Dan >> >>Looks to me like lesstif is not registered in the RH9 legacy >>repository. A "yum list lesstif" shows it in my RH9 box but not as an >>available package from the RH9 Legacy repository. So I guess I need >>to remove one and stick with the other. Since I am maintaining my box >>with Legacy updates, I'll stick with openmotif and will remove >>lesstif... unless anyone had any other suggestions. Thanks for the >>quick feedback. [ars]. > > > No, lesstif is an RH9 package, not an RH9 legacy pacvkage. > > I have both installed on my system, the versions are the same as yours. > > rpm -ql for each package shows no clash of files as the headers are in > different paths. > > I don't understand why you're having this problem unless you have > rebuilt from source rpms with modified paths specified. > I have never rebuilt from source or explicitly installed either package myself. This is weird. Not that it might mean anything, but this box started a few years ago at RHL 7.2 and was upgraded single step incrementally all the way to RHL 9 through time. [ars]. From alberto.sera at arssys.com Sat May 14 17:43:02 2005 From: alberto.sera at arssys.com (Al Sera) Date: Sat, 14 May 2005 13:43:02 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <428634FA.5030103@arssys.com> References: <428600E0.9000600@arssys.com> <42862EF7.4020500@arssys.com> <20050514181304.14f44bc6@ickx.fenrir.org.uk> <428634FA.5030103@arssys.com> Message-ID: <428638A6.1070306@arssys.com> Al Sera wrote: > Brian Morrison wrote: > >> On Sat, 14 May 2005 13:01:43 -0400 in 42862EF7.4020500 at arssys.com Al >> Sera wrote: >> >> >>> Dan Williams wrote: >>> >>>> On Sat, 14 May 2005, Al Sera wrote: >>>> >>>> >>>>> Basically the update is showing conflicts for mostly header files >>> >>> >>>> from >the lesstif-devel-0.93.36-3 package. I wonder if anyone is >>> >>> >>>> having this >same problem. Following is a copy of the "yum update" >>>> attempt. > >>>> >>>>> I am hoping this is the correct method to report the issue. If not, >>>> >>>> >>>> I >apologize... and please advise with the correct method. Best >>>> regards. [ars]. >>>> >>>> >>>> Well, since OpenMotif and lesstif provide the same thing, a >>>> Motif-compatible toolkit. So I'd expect that their -devel packages >>>> would conflict. You'll probably have to remove either lesstif or >>>> openmotif. >>>> >>>> But, if both these packages are in the RH9 Legacy repository, this >>>> should get fixed in Legacy, since packages in the same repo should >>>> not conflict. >>>> >>>> Dan >>> >>> >>> Looks to me like lesstif is not registered in the RH9 legacy >>> repository. A "yum list lesstif" shows it in my RH9 box but not as an >>> available package from the RH9 Legacy repository. So I guess I need >>> to remove one and stick with the other. Since I am maintaining my box >>> with Legacy updates, I'll stick with openmotif and will remove >>> lesstif... unless anyone had any other suggestions. Thanks for the >>> quick feedback. [ars]. >> >> >> >> No, lesstif is an RH9 package, not an RH9 legacy pacvkage. >> >> I have both installed on my system, the versions are the same as yours. >> >> rpm -ql for each package shows no clash of files as the headers are in >> different paths. >> >> I don't understand why you're having this problem unless you have >> rebuilt from source rpms with modified paths specified. >> > > I have never rebuilt from source or explicitly installed either package > myself. This is weird. Not that it might mean anything, but this box > started a few years ago at RHL 7.2 and was upgraded single step > incrementally all the way to RHL 9 through time. [ars]. Now this one got more spooky... I just forced each install of the other packages (non-openmotif) manually, one at at a time using "yum -C update " and then just for grins did a "yum -C update" to force to look at cache with the last package left (openmotif). openmotif installed fine !!! [root]# yum -C update Gathering header information file(s) from server(s) Server: Red Hat Linux 9 - i386 - Base Server: Red Hat Linux 9 - i386 - Fedora Legacy utilities Server: Red Hat Linux 9 - i386 - Updates Finding updated packages Downloading needed headers Resolving dependencies Dependencies resolved I will do the following: [update: openmotif-devel 2.2.2-14.2.legacy.i386] [update: openmotif 2.2.2-14.2.legacy.i386] [update: openmotif21 2.1.30-8.0.9.2.legacy.i386] Is this ok [y/N]: y Running test transaction: Test transaction complete, Success! openmotif 100 % done 1/6 openmotif21 100 % done 2/6 openmotif-devel 100 % done 3/6 Completing update for openmotif-devel - 4/6 Completing update for openmotif - 5/6 Completing update for openmotif21 - 6/6 Updated: openmotif-devel 2.2.2-14.2.legacy.i386 openmotif 2.2.2-14.2.legacy.i386 openmotif21 2.1.30-8.0.9.2.legacy.i386 Transaction(s) Complete [root]# Go figure... [ars]. From beartooth at adelphia.net Sun May 15 21:10:35 2005 From: beartooth at adelphia.net (beartooth) Date: Sun, 15 May 2005 17:10:35 -0400 Subject: Getting help (was Re: FC2 quit connecting) References: <20050514171710.GA10605@jadzia.bu.edu> Message-ID: On Sat, 14 May 2005 13:17:10 -0400, Matthew Miller wrote: > Hi. We really don't have a lot of resources for technical support -- this > list is mostly about producing updates for security issues. I'd highly > recommend going to a newer version and asking questions on the main Fedora > Core list. All right; far be it from me to ask volunteers to do things they never meant to volunteer for. Otoh, neither does it make any sense for me just to switch to newer releases of FC; been there, done that, repeatedly. Whatever may be left of life is too short for the grief that route gives me; my .sig bottom line down there is no joke, alas! Anybody know where *is* a place to get help with FC versions in legacy status? By the time they're mature enough for me to cope with, they've usually *been* in that status a while. (And yes, I am indeed looking around for some other distro; it'll take a while.) I find fedoraforum.org, for instance, inordinately hard to use .... -- Beartooth Neo-Redneck, Linux Evangelist FC 1-3, YDL 4; Pine 4.63, Pan 0.14.2; Privoxy 3.0.3; Dillo 0.8.4, Opera 8.0, Firefox 1.0.3, Epiphany 1.0.4 Remember that I have little idea what I am talking about. From kwan at digitalhermit.com Sun May 15 21:26:09 2005 From: kwan at digitalhermit.com (Kwan Lowe) Date: Sun, 15 May 2005 17:26:09 -0400 Subject: Getting help (was Re: FC2 quit connecting) In-Reply-To: References: <20050514171710.GA10605@jadzia.bu.edu> Message-ID: <4287BE71.2050007@digitalhermit.com> beartooth wrote: > Anybody know where *is* a place to get help with FC versions in legacy > status? By the time they're mature enough for me to cope with, they've > usually *been* in that status a while. (And yes, I am indeed looking > around for some other distro; it'll take a while.) I find fedoraforum.org, > for instance, inordinately hard to use .... Sign up at one of the LUGs. There's likely a local one in your area; if not, find one not in your area. My local LUG (flux.org) is based in S. Florida but has members throughout the country and world. From alberto.sera at arssys.com Sun May 15 21:47:30 2005 From: alberto.sera at arssys.com (Al Sera) Date: Sun, 15 May 2005 17:47:30 -0400 Subject: Getting help (was Re: FC2 quit connecting) In-Reply-To: References: <20050514171710.GA10605@jadzia.bu.edu> Message-ID: <4287C372.7070002@arssys.com> beartooth wrote: > On Sat, 14 May 2005 13:17:10 -0400, Matthew Miller wrote: > Anybody know where *is* a place to get help with FC versions in legacy > status? By the time they're mature enough for me to cope with, they've > usually *been* in that status a while. (And yes, I am indeed looking > around for some other distro; it'll take a while.) I find fedoraforum.org, > for instance, inordinately hard to use .... Don't know how useful, and I have never used the Fedora Google News Files... but these are the results of searching for "fedora" in the newsfiles directory. Might be worth checking. http://groups-beta.google.com/groups/dir?hl=en&sel=0&q=fedora&prev=fedora&st=0 Regards. [ars]. From maillist at jasonlim.com Mon May 16 00:06:19 2005 From: maillist at jasonlim.com (Jason Lim) Date: Mon, 16 May 2005 08:06:19 +0800 Subject: Getting help (was Re: FC2 quit connecting) References: <20050514171710.GA10605@jadzia.bu.edu> Message-ID: <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> > Anybody know where *is* a place to get help with FC versions in legacy > status? By the time they're mature enough for me to cope with, they've > usually *been* in that status a while. (And yes, I am indeed looking > around for some other distro; it'll take a while.) I find fedoraforum.org, > for instance, inordinately hard to use .... I know I won't be popular for mentioning any other distro, but Debian and Debian based distros like Ubuntu, Knoppix, and so forth, tend to have long version times. For example, the current Debian version has been released for about 3 years if I am correct, and all that time, security updates, etc. are provided. And even now, although they are releasing a new version, the Debain Security Team is going to continue updates for the existing version for another 1 to 1.5 years. This makes it excellent for servers and where stability counts. It doesn't have the latest whiz-bang features of Fedora, but it sounds like that is not your main focus. I actually think providing legacy updates for the FC releases is going to implode sooner or later, since there are not enough people to keep supporting so many releases as they come out and the release maintainers and others are going to burn out.. I think focusing on legacy for Redhat 9 would make far more sense, and seems the main reason the majority are using FedoraLegacy.org anyway. From maillist at jasonlim.com Mon May 16 00:06:19 2005 From: maillist at jasonlim.com (Jason Lim) Date: Mon, 16 May 2005 08:06:19 +0800 Subject: Getting help (was Re: FC2 quit connecting) References: <20050514171710.GA10605@jadzia.bu.edu> Message-ID: <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> > Anybody know where *is* a place to get help with FC versions in legacy > status? By the time they're mature enough for me to cope with, they've > usually *been* in that status a while. (And yes, I am indeed looking > around for some other distro; it'll take a while.) I find fedoraforum.org, > for instance, inordinately hard to use .... I know I won't be popular for mentioning any other distro, but Debian and Debian based distros like Ubuntu, Knoppix, and so forth, tend to have long version times. For example, the current Debian version has been released for about 3 years if I am correct, and all that time, security updates, etc. are provided. And even now, although they are releasing a new version, the Debain Security Team is going to continue updates for the existing version for another 1 to 1.5 years. This makes it excellent for servers and where stability counts. It doesn't have the latest whiz-bang features of Fedora, but it sounds like that is not your main focus. I actually think providing legacy updates for the FC releases is going to implode sooner or later, since there are not enough people to keep supporting so many releases as they come out and the release maintainers and others are going to burn out.. I think focusing on legacy for Redhat 9 would make far more sense, and seems the main reason the majority are using FedoraLegacy.org anyway. From dsccable at comcast.net Mon May 16 02:56:58 2005 From: dsccable at comcast.net (David Curry) Date: Sun, 15 May 2005 22:56:58 -0400 Subject: Getting help (was Re: FC2 quit connecting) In-Reply-To: <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> References: <20050514171710.GA10605@jadzia.bu.edu> <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> Message-ID: <42880BFA.8000106@comcast.net> Jason Lim wrote: >>Anybody know where *is* a place to get help with FC versions in legacy >>status? By the time they're mature enough for me to cope with, they've >>usually *been* in that status a while. (And yes, I am indeed looking >>around for some other distro; it'll take a while.) I find >> >> >fedoraforum.org, > > >>for instance, inordinately hard to use .... >> >> > >I know I won't be popular for mentioning any other distro, but Debian and >Debian based distros like Ubuntu, Knoppix, and so forth, tend to have long >version times. > >For example, the current Debian version has been released for about 3 >years if I am correct, and all that time, security updates, etc. are >provided. And even now, although they are releasing a new version, the >Debain Security Team is going to continue updates for the existing version >for another 1 to 1.5 years. This makes it excellent for servers and where >stability counts. > >It doesn't have the latest whiz-bang features of Fedora, but it sounds >like that is not your main focus. > >I actually think providing legacy updates for the FC releases is going to >implode sooner or later, since there are not enough people to keep >supporting so many releases as they come out and the release maintainers >and others are going to burn out.. I think focusing on legacy for Redhat 9 >would make far more sense, and seems the main reason the majority are >using FedoraLegacy.org anyway. > > > Beartooth, I hear you loud and clear and the message resonates here. I am looking at shifting from my FC2 installation to a Debian-based distribution for some of the reasons Jason identified. In addition to Ubuntu and Knoppix, there is Kbuntu and MEPIS. (MEPIS is a subscription distribution that is available as a LiveCD with an option to easily install on the hard disk.) However, there is also at least one Red Hat based alternative. Centos is a Red Hat Enterprise Linux clone that you might want to take a look at. As I understand it, Centos IS RHEL without the Red Hat trademarked items and the project's goal is to parallel support life of RHEL which is something like 3 - 5 years. File structures, system utility names, etc. should all be the same. I think Jason is pretty much on the mark about legacy support of Fedora releases if one thinks solely in terms of each and every release. OTOH, I can see people sticking with some versions of Fedora much longer than other versions. And, I can see more people gravitating to fedoralegacy as the upgrade cycle continues just as some now lending some supporting hands on older releases may bite the bullet, upgrade to the current Fedora release, and drop off the legacy list for the official support cycle for that release. BUT, those who are most interested in fedora releases mature enough for some production environments could well upgrade their systems to a fedora release that are already in legacy status and contribute to its continued maintenance. From mschout at gkg.net Mon May 16 05:54:31 2005 From: mschout at gkg.net (Michael Schout) Date: Mon, 16 May 2005 00:54:31 -0500 Subject: Getting help (was Re: FC2 quit connecting) In-Reply-To: <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> References: <20050514171710.GA10605@jadzia.bu.edu> <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> Message-ID: <42883597.8010400@gkg.net> Jason Lim wrote: > I actually think providing legacy updates for the FC releases is going to > implode sooner or later, since there are not enough people to keep > supporting so many releases as they come out and the release maintainers > and others are going to burn out.. In my opinion, doing the per-release bug split that has been discussed here before would help. That way releases that do not have sufficient interest or people working on them will not hold-up getting updates out for other releases. We could look at releases that do not show enough interest (e.g.: no activity for the release in bugzilla for a long time), and drop support for those releases if there is not sufficient resources to maintain them. > I think focusing on legacy for Redhat 9 > would make far more sense, and seems the main reason the majority are > using FedoraLegacy.org anyway. I don't know about that. There are plenty of folks working on RHL7.3 as well (myself included) :). I have QA'd a number of RH9 and FC1 packages over the past week *ONLY* becuase I needed to do it to get security fixes for 7.3 released :). Regards, Michael Schout From mschout at gkg.net Mon May 16 05:54:31 2005 From: mschout at gkg.net (Michael Schout) Date: Mon, 16 May 2005 00:54:31 -0500 Subject: Getting help (was Re: FC2 quit connecting) In-Reply-To: <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> References: <20050514171710.GA10605@jadzia.bu.edu> <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> Message-ID: <42883597.8010400@gkg.net> Jason Lim wrote: > I actually think providing legacy updates for the FC releases is going to > implode sooner or later, since there are not enough people to keep > supporting so many releases as they come out and the release maintainers > and others are going to burn out.. In my opinion, doing the per-release bug split that has been discussed here before would help. That way releases that do not have sufficient interest or people working on them will not hold-up getting updates out for other releases. We could look at releases that do not show enough interest (e.g.: no activity for the release in bugzilla for a long time), and drop support for those releases if there is not sufficient resources to maintain them. > I think focusing on legacy for Redhat 9 > would make far more sense, and seems the main reason the majority are > using FedoraLegacy.org anyway. I don't know about that. There are plenty of folks working on RHL7.3 as well (myself included) :). I have QA'd a number of RH9 and FC1 packages over the past week *ONLY* becuase I needed to do it to get security fixes for 7.3 released :). Regards, Michael Schout From pekkas at netcore.fi Mon May 16 12:18:45 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Mon, 16 May 2005 15:18:45 +0300 (EEST) Subject: New bugzilla status whiteboard / issues.txt In-Reply-To: References: <20050412173110.GJ24240@urchin.earth.li> <20050501125818.A23250@mail.harddata.com> <20050503120158.A14453@mail.harddata.com> <20050505160617.GA26975@jadzia.bu.edu> Message-ID: Hi, I further enchanced the script to also show the "other bugs" (those that don't have needs{work,release,build}, publish, verify or discuss tags; this showed a couple of dozen cases where the ball had dropped, and I cleaned up some of them. See the lists in the URLs below for the remaining cases. On Fri, 13 May 2005, Pekka Savola wrote: > I modified the script to exclude those packages which have NEEDSWORK from > PUBLISH list (i.e., which have packages for some arches, but not for others). > I think this is an improvement because a package can't be pushed to > updates-testing in any case before the packages exist and are published for > all the distro versions. > > I'm also updating the URLs below manually now and then (typically around once > a day) for my own bug browsing benefit, but the others are welcome to using > them until if you want until a more authoritative source appears. > > On Thu, 5 May 2005, Pekka Savola wrote: >> On Thu, 5 May 2005, Matthew Miller wrote: >>> On Thu, May 05, 2005 at 09:52:23AM +0300, Pekka Savola wrote: >>>> http://netcore.fi/pekkas/buglist.html >>>> http://netcore.fi/pekkas/buglist-rhl73.html >>>> http://netcore.fi/pekkas/buglist-rhl9.html >>>> http://netcore.fi/pekkas/buglist-core1.html >>>> http://netcore.fi/pekkas/buglist-fc2.html >>>> That should help a bit for folks just focusing on particular versions. >>> >>> Are you currently regenerating these from cron at all? >> >> Nope, just manual regeneration now and then.. > > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------- next part -------------- A non-text attachment was scrubbed... Name: create-buglist.sh Type: application/x-sh Size: 2465 bytes Desc: URL: From brian.t.brunner at gai-tronics.com Mon May 16 13:59:40 2005 From: brian.t.brunner at gai-tronics.com (Brian T. Brunner) Date: Mon, 16 May 2005 06:59:40 -0700 Subject: Getting help (was Re: FC2 quit connecting) Message-ID: Try the usenet newsgroups. There are quite a few with RedHat in the group name, I don't recall one with Fedora, but the users of those groups that I read talk about Fedora problems continually. If you don't have usenet access, groups.google.com might get you where you need to go to get the input/feedback you need. Brian Brunner brian.t.brunner at gai-tronics.com (610)796-5838 ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated From jessefrgsmith at yahoo.ca Mon May 16 14:32:12 2005 From: jessefrgsmith at yahoo.ca (Jesse Smith) Date: Mon, 16 May 2005 10:32:12 -0400 (EDT) Subject: FC2 Not connecting In-Reply-To: <20050515160012.F3F7773336@hormel.redhat.com> Message-ID: <20050516143212.8593.qmail@web21204.mail.yahoo.com> In reply to the issue with the old FC2 box no longer connecting to the 'Net, I have a few suggestions. 1. You said the network card eth0 isn't showing up under your hardware. Perhaps you could try running kudzu (as root) to try to re-detect the card. 2. Did you try doing back to the previous kernel? If your network card seemed to disappear maybe the kernel upgrade caused a problem. I could just be talking out my arse here....Anyway, try editing your grub.conf file to boot the old kernel, assuming you kept the old one. 3. You might try re-installing FC2. Yes, I know going back a step sucks. Then, rather than update the whole system, just update the word processor. 4. Try posting your problem on http://www.fedoraforum.org/ There aren't many problems with Fedora for which they can't find a solution. Jesse (Smith, not _the_ Jesse) ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca From adelste at yahoo.com Mon May 16 14:35:01 2005 From: adelste at yahoo.com (Tom Adelstein) Date: Mon, 16 May 2005 09:35:01 -0500 Subject: Getting help (was Re: FC2 quit connecting) In-Reply-To: <42880BFA.8000106@comcast.net> References: <20050514171710.GA10605@jadzia.bu.edu> <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> <42880BFA.8000106@comcast.net> Message-ID: <1116254101.2748.19.camel@localhost.localdomain> On Sun, 2005-05-15 at 22:56 -0400, David Curry wrote: > Jason Lim wrote: > > >>Anybody know where *is* a place to get help with FC versions in legacy > >>status? By the time they're mature enough for me to cope with, they've > >>usually *been* in that status a while. (And yes, I am indeed looking > >>around for some other distro; it'll take a while.) I find > >> > >> > >fedoraforum.org, > > > > > >>for instance, inordinately hard to use .... > >> > >> > > > >I know I won't be popular for mentioning any other distro, but Debian and > >Debian based distros like Ubuntu, Knoppix, and so forth, tend to have long > >version times. > > > >For example, the current Debian version has been released for about 3 > >years if I am correct, and all that time, security updates, etc. are > >provided. And even now, although they are releasing a new version, the > >Debain Security Team is going to continue updates for the existing version > >for another 1 to 1.5 years. This makes it excellent for servers and where > >stability counts. > > > >It doesn't have the latest whiz-bang features of Fedora, but it sounds > >like that is not your main focus. > > > >I actually think providing legacy updates for the FC releases is going to > >implode sooner or later, since there are not enough people to keep > >supporting so many releases as they come out and the release maintainers > >and others are going to burn out.. I think focusing on legacy for Redhat 9 > >would make far more sense, and seems the main reason the majority are > >using FedoraLegacy.org anyway. > > > > > > > Beartooth, I hear you loud and clear and the message resonates here. I > am looking at shifting from my FC2 installation to a Debian-based > distribution for some of the reasons Jason identified. In addition to > Ubuntu and Knoppix, there is Kbuntu and MEPIS. (MEPIS is a subscription > distribution that is available as a LiveCD with an option to easily > install on the hard disk.) However, there is also at least one Red Hat > based alternative. > > Centos is a Red Hat Enterprise Linux clone that you might want to take a > look at. As I understand it, Centos IS RHEL without the Red Hat > trademarked items and the project's goal is to parallel support life of > RHEL which is something like 3 - 5 years. File structures, system > utility names, etc. should all be the same. > > I think Jason is pretty much on the mark about legacy support of Fedora > releases if one thinks solely in terms of each and every release. OTOH, > I can see people sticking with some versions of Fedora much longer than > other versions. And, I can see more people gravitating to fedoralegacy > as the upgrade cycle continues just as some now lending some supporting > hands on older releases may bite the bullet, upgrade to the current > Fedora release, and drop off the legacy list for the official support > cycle for that release. BUT, those who are most interested in fedora > releases mature enough for some production environments could well > upgrade their systems to a fedora release that are already in legacy > status and contribute to its continued maintenance. > > I have studied Linux distros for a while. I even compared them all in some serious testing while writing a book for O'Reilly & Associates. With the proper tweaking, Fedora Core III stands heads above the others. You can read my evaluations on the Linux Journal web site and other places around the Internet. I started a series in Linux Journal this week which provides a bunch of performance optimization hacks to Fedora and Ubuntu. It's about a five part series and I'm going to do a summary. If you're looking for a serious web server to co-host at an ISP, I don't know that I would use an non-enterprise system. I went with Red Hat Enterprise Linux 4 for our business systems. But, I use Fedora Core 3 for our desktops and we're pleased with it. I get pretty much any distro I want for free for just doing an evaluation. So, maybe that says something. Tom From adelste at yahoo.com Mon May 16 14:38:30 2005 From: adelste at yahoo.com (Tom Adelstein) Date: Mon, 16 May 2005 09:38:30 -0500 Subject: Getting help (was Re: FC2 quit connecting) In-Reply-To: <42880BFA.8000106@comcast.net> References: <20050514171710.GA10605@jadzia.bu.edu> <0de801c559ab$169a7c70$0900a8c0@SYSTEM9> <42880BFA.8000106@comcast.net> Message-ID: <1116254310.2748.23.camel@localhost.localdomain> On Sun, 2005-05-15 at 22:56 -0400, David Curry wrote: > Jason Lim wrote: > > >>Anybody know where *is* a place to get help with FC versions in legacy > >>status? By the time they're mature enough for me to cope with, they've > >>usually *been* in that status a while. (And yes, I am indeed looking > >>around for some other distro; it'll take a while.) I find > >> > >> > >fedoraforum.org, > > > > > >>for instance, inordinately hard to use .... > >> > >> > > > >I know I won't be popular for mentioning any other distro, but Debian and > >Debian based distros like Ubuntu, Knoppix, and so forth, tend to have long > >version times. I forgot to mention that our http://jdshelp.org team is migrating our site to Fedora and we've setup Request Tracker to handle emails and will fill up a searchable knowledge base. Our site is community based and free. From mattdm at mattdm.org Mon May 16 23:31:05 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Mon, 16 May 2005 19:31:05 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <42862EF7.4020500@arssys.com> References: <428600E0.9000600@arssys.com> <42862EF7.4020500@arssys.com> Message-ID: <20050516233105.GA19943@jadzia.bu.edu> On Sat, May 14, 2005 at 01:01:43PM -0400, Al Sera wrote: > Looks to me like lesstif is not registered in the RH9 legacy repository. Odd -- it's in . -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 74 degrees Fahrenheit. From mattdm at mattdm.org Mon May 16 23:37:24 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Mon, 16 May 2005 19:37:24 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <20050514150840.73cdd7b9@ickx.fenrir.org.uk> References: <428600E0.9000600@arssys.com> <20050514150840.73cdd7b9@ickx.fenrir.org.uk> Message-ID: <20050516233724.GB19943@jadzia.bu.edu> On Sat, May 14, 2005 at 03:08:40PM +0100, Brian Morrison wrote: > > Basically the update is showing conflicts for mostly header files > > from the lesstif-devel-0.93.36-3 package. I wonder if anyone is > > having this same problem. Following is a copy of the "yum update" > This is strange, I have no conflicts with the same two packages. Weird; I don't have a conflict either, but one of my users reports that they do.... -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 74 degrees Fahrenheit. From res00vl8 at alltel.net Tue May 17 01:11:27 2005 From: res00vl8 at alltel.net (taharka) Date: Mon, 16 May 2005 21:11:27 -0400 Subject: Getting help (was Re: FC2 quit connecting) In-Reply-To: References: <20050514171710.GA10605@jadzia.bu.edu> Message-ID: <428944BF.8050609@alltel.net> beartooth wrote: >On Sat, 14 May 2005 13:17:10 -0400, Matthew Miller wrote: > > > >>Hi. We really don't have a lot of resources for technical support -- this >>list is mostly about producing updates for security issues. I'd highly >>recommend going to a newer version and asking questions on the main Fedora >>Core list. >> >> > >All right; far be it from me to ask volunteers to do things they never >meant to volunteer for. Otoh, neither does it make any sense for me just >to switch to newer releases of FC; been there, done that, repeatedly. >Whatever may be left of life is too short for the grief that route gives >me; my .sig bottom line down there is no joke, alas! > >Anybody know where *is* a place to get help with FC versions in legacy >status? By the time they're mature enough for me to cope with, they've >usually *been* in that status a while. (And yes, I am indeed looking >around for some other distro; it'll take a while.) I find fedoraforum.org, >for instance, inordinately hard to use .... > > > I suggest signing-up for the redhat-list at ittoolbox.com & posting your problem. There are RHCE & other professionals that will be able to help you. BTW, it's free. taharka Lexington Kentucky U.S.A. From alberto.sera at arssys.com Tue May 17 04:29:01 2005 From: alberto.sera at arssys.com (Al Sera) Date: Tue, 17 May 2005 00:29:01 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <20050516233724.GB19943@jadzia.bu.edu> References: <428600E0.9000600@arssys.com> <20050514150840.73cdd7b9@ickx.fenrir.org.uk> <20050516233724.GB19943@jadzia.bu.edu> Message-ID: <4289730D.1070705@arssys.com> Matthew Miller wrote: > On Sat, May 14, 2005 at 03:08:40PM +0100, Brian Morrison wrote: > >>> Basically the update is showing conflicts for mostly header files >>> from the lesstif-devel-0.93.36-3 package. I wonder if anyone is >>> having this same problem. Following is a copy of the "yum update" >> >>This is strange, I have no conflicts with the same two packages. > > > Weird; I don't have a conflict either, but one of my users reports that they > do.... > I'd like to know if your "conflict" user can get around the issue the same way I did. Seems to me like attempting the update in bulk mode with the rest of the updates might trigger some condition with the code that determines the dependencies for the package. The history of the user's OS' origin and update sequence might also be relevant. [ars]. From alberto.sera at arssys.com Tue May 17 04:45:20 2005 From: alberto.sera at arssys.com (Al Sera) Date: Tue, 17 May 2005 00:45:20 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <20050516233105.GA19943@jadzia.bu.edu> References: <428600E0.9000600@arssys.com> <42862EF7.4020500@arssys.com> <20050516233105.GA19943@jadzia.bu.edu> Message-ID: <428976E0.3090305@arssys.com> Matthew Miller wrote: > On Sat, May 14, 2005 at 01:01:43PM -0400, Al Sera wrote: > >>Looks to me like lesstif is not registered in the RH9 legacy repository. > > > Odd -- it's in > . > > I stand to be corrected... But I think that repository pointer is a "RHL 9" repository and not a "RHL 9 Legacy" repository. [ars]. From pekkas at netcore.fi Tue May 17 09:17:51 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Tue, 17 May 2005 12:17:51 +0300 (EEST) Subject: [FLSA-2005:152871] Updated nfs-utils package fixes security issue In-Reply-To: <4283F622.8070302@videotron.ca> References: <4283F622.8070302@videotron.ca> Message-ID: Hi, Would it make sense to 'touch' the updates while they move from updates-testing to updates? There are considerations either way, but doing so would make it easier to spot the new updates -- as in many times, an update has been sitting idle at updates-testing for even months, so doing a 'ls -lart' listing in the updates directory doesn't show the latest updates first.. On Thu, 12 May 2005, Marc Deslauriers wrote: > --------------------------------------------------------------------- > Fedora Legacy Update Advisory > > Synopsis: Updated nfs-utils package fixes security issue > Advisory ID: FLSA:152871 > Issue date: 2005-05-12 > Product: Red Hat Linux, Fedora Core > Keywords: Bugfix > CVE Names: CAN-2004-1014 > --------------------------------------------------------------------- > > > --------------------------------------------------------------------- > 1. Topic: > > An updated nfs-utils package that fixes a security issue is now > available. > > The nfs-utils package provides a daemon for the kernel NFS server and > related tools, providing a much higher level of performance than the > traditional Linux NFS server used by most users. > > 2. Relevant releases/architectures: > > Red Hat Linux 7.3 - i386 > Red Hat Linux 9 - i386 > Fedora Core 1 - i386 > > 3. Problem description: > > SGI reported that the statd daemon did not properly handle the SIGPIPE > signal. A misconfigured or malicious peer could cause statd to crash, > leading to a denial of service. The Common Vulnerabilities and Exposures > project (cve.mitre.org) has assigned the name CAN-2004-1014 to this > issue. > > All users of nfs-utils should upgrade to this updated package, which > resolves this issue. > > 4. Solution: > > Before applying this update, make sure all previously released errata > relevant to your system have been applied. > > To update all RPMs for your particular architecture, run: > > rpm -Fvh [filenames] > > where [filenames] is a list of the RPMs you wish to upgrade. Only those > RPMs which are currently installed will be updated. Those RPMs which > are not installed but included in the list will not be updated. Note > that you can also use wildcards (*.rpm) if your current directory *only* > contains the desired RPMs. > > Please note that this update is also available via yum and apt. Many > people find this an easier way to apply updates. To use yum issue: > > yum update > > or to use apt: > > apt-get update; apt-get upgrade > > This will start an interactive process that will result in the > appropriate RPMs being upgraded on your system. This assumes that you > have yum or apt-get configured for obtaining Fedora Legacy content. > Please visit http://www.fedoralegacy.org/docs for directions on how to > configure yum and apt-get. > > 5. Bug IDs fixed: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152871 > > 6. RPMs required: > > Red Hat Linux 7.3: > SRPM: > http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm > > i386: > http://download.fedoralegacy.org/redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm > > Red Hat Linux 9: > > SRPM: > http://download.fedoralegacy.org/redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm > > i386: > http://download.fedoralegacy.org/redhat/9/updates/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm > > Fedora Core 1: > > SRPM: > http://download.fedoralegacy.org/fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm > > i386: > http://download.fedoralegacy.org/fedora/1/updates/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm > > 7. Verification: > > SHA1 sum Package Name > --------------------------------------------------------------------- > > 8c5abe86dcf8c54d71fdb7431df159405fed830b > redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm > e6ed500f9a027f882410942eeba7807a02e7684a > redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm > 4b5a41715061a0d4e04d2b7310657ccf9cb1a3cb > redhat/9/updates/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm > 37e2bb721b47e569bd9e6ee922532f9d9e8dcde3 > redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm > 8720cd5101f6d989e2f0695a54049561644ccd93 > fedora/1/updates/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm > 7320e145578c605b50ab7dcfb46ff4c152b0487c > fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm > > These packages are GPG signed by Fedora Legacy for security. Our key is > available from http://www.fedoralegacy.org/about/security.php > > You can verify each package with the following command: > > rpm --checksig -v > > If you only wish to verify that each package has not been corrupted or > tampered with, examine only the sha1sum with the following command: > > sha1sum > > 8. References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014 > > 9. Contact: > > The Fedora Legacy security contact is . More > project details at http://www.fedoralegacy.org > > --------------------------------------------------------------------- > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From joey at clean.q7.com Tue May 17 21:46:50 2005 From: joey at clean.q7.com (Joe Pruett) Date: Tue, 17 May 2005 14:46:50 -0700 (PDT) Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <428976E0.3090305@arssys.com> Message-ID: i saw the conflict and thought maybe it was an old package laying around and switched from yum update to yum upgrade (on the same box) and the upgrade went fine. maybe it is just some small bug in yum? From skvidal at phy.duke.edu Tue May 17 21:48:35 2005 From: skvidal at phy.duke.edu (seth vidal) Date: Tue, 17 May 2005 17:48:35 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: References: Message-ID: <1116366515.20274.77.camel@cutter> On Tue, 2005-05-17 at 14:46 -0700, Joe Pruett wrote: > i saw the conflict and thought maybe it was an old package laying around > and switched from yum update to yum upgrade (on the same box) and the > upgrade went fine. maybe it is just some small bug in yum? > or maybe it's an obsolete. -sv From mattdm at mattdm.org Tue May 17 22:04:51 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Tue, 17 May 2005 18:04:51 -0400 Subject: Problem with openmotif-devel-2.2.2-14.2.legacy update In-Reply-To: <1116366515.20274.77.camel@cutter> References: <1116366515.20274.77.camel@cutter> Message-ID: <20050517220451.GA28057@jadzia.bu.edu> On Tue, May 17, 2005 at 05:48:35PM -0400, seth vidal wrote: > > i saw the conflict and thought maybe it was an old package laying around > > and switched from yum update to yum upgrade (on the same box) and the > > upgrade went fine. maybe it is just some small bug in yum? > or maybe it's an obsolete. I thought so to, but it's not. And also, the person with the problem here was using apt-get dist-upgrade. It's Weirdness. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 77 degrees Fahrenheit. From gerry at pathtech.org Tue May 17 22:40:52 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Tue, 17 May 2005 18:40:52 -0400 Subject: Problem updating gcc on 7.3 via yum Message-ID: <1116369652.8067.261.camel@www.pathtech.org> I keep getting errors such as the following: yum update gcc Gathering package information from servers Getting headers from: Red Hat Linux 7.3 base Getting headers from: Fedora Legacy utilities for Red Hat Linux 7.3 Getting headers from: Red Hat Linux 7.3 updates Finding updated packages Downloading needed headers Resolving dependencies .....identical dependency loop exceeded package gcc-c++ needs gcc = 2.96-110 (not provided) package gcc-c++ needs gcc = 2.96-110 (not provided) package gcc-g77 needs gcc = 2.96-110 (not provided) package gcc-objc needs gcc = 2.96-110 (not provided) package gcc-c++ needs gcc = 2.96-110 (not provided) package gcc-g77 needs gcc = 2.96-110 (not provided) package gcc-objc needs gcc = 2.96-110 (not provided) package gcc-c++ needs gcc = 2.96-110 (not provided) However I do see these packages in the repositories. Please tell me how to workaround the problem so I can update to legacy current. TIA ger -- G. Roderick Singleton PATH tech From mer2.andrew at gmail.com Wed May 18 00:19:09 2005 From: mer2.andrew at gmail.com (matt rosenthal2) Date: Tue, 17 May 2005 17:19:09 -0700 Subject: installing redhat 7.2 on a SATA drive Message-ID: Hi all, I recently purchased a powerful new dell with RH enterprise installed on a SATA drive. I need to use this computer to run some cadence programs and they will only run on RH 7.2(I've tried several other version of RH with no luck). Now here is the problem. I can not install and run RH 7.2 on the SATA drive because the kernel(2.4.?) that comes with my RH 7.2 disks does not support SATA. The dell does not have any legacy mode to support the SATA drives over PATA so I can not install and then upgrade the kernel. Is there a way to create RH 7.2 install disks with the 2.6 kernel or can anyone help me out otherwise? Thanks Matt From rbergero at gmail.com Wed May 18 00:29:38 2005 From: rbergero at gmail.com (RJ Bergeron) Date: Tue, 17 May 2005 20:29:38 -0400 Subject: installing redhat 7.2 on a SATA drive In-Reply-To: References: Message-ID: <1ba90be905051717294a629787@mail.gmail.com> On 5/17/05, matt rosenthal2 wrote: > Now here is the problem. I can not install and run RH 7.2 on the SATA > drive because the kernel(2.4.?) that comes with my RH 7.2 disks does > not support SATA. The dell does not have any legacy mode to support > the SATA drives over PATA so I can not install and then upgrade the > kernel. Is there a way to create RH 7.2 install disks with the 2.6 > kernel or can anyone help me out otherwise? Have you tried creating them with the fedora core 1 kernel? That's 2.4 and has some SATA support... That way anaconda has a chance of running.. This list is really only for dealing with security updates, BTW ;) (Though I'm not entirely sure where this discussion *could* go. Have you tried a local LUG?) rj From mattdm at mattdm.org Wed May 18 02:06:06 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Tue, 17 May 2005 22:06:06 -0400 Subject: installing redhat 7.2 on a SATA drive In-Reply-To: References: Message-ID: <20050518020605.GA3340@jadzia.bu.edu> On Tue, May 17, 2005 at 05:19:09PM -0700, matt rosenthal2 wrote: > I recently purchased a powerful new dell with RH enterprise installed > on a SATA drive. I need to use this computer to run some cadence > programs and they will only run on RH 7.2(I've tried several other > version of RH with no luck). Have you installed the various compat RPMs on a newer distro? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 76 degrees Fahrenheit. From rostetter at mail.utexas.edu Wed May 18 14:22:55 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Wed, 18 May 2005 09:22:55 -0500 Subject: Problem updating gcc on 7.3 via yum In-Reply-To: <1116369652.8067.261.camel@www.pathtech.org> References: <1116369652.8067.261.camel@www.pathtech.org> Message-ID: <1116426175.92c53633b7d18@mail.ph.utexas.edu> Quoting "G. Roderick Singleton" : > I keep getting errors such as the following: > > yum update gcc I don't know if either of these will work, but I'd try these commands: yum upgrade gcc yum update gcc gcc-c++ gcc-g77 gcc-objc Again not sure if either of those will solve it, but they are worth a try. > However I do see these packages in the repositories. Please tell me how > to workaround the problem so I can update to legacy current. Try the above commands (either or both) and report back. > TIA > ger > -- > G. Roderick Singleton > PATH tech > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > -- Eric Rostetter From gerry at pathtech.org Wed May 18 14:59:19 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Wed, 18 May 2005 10:59:19 -0400 Subject: Problem updating gcc on 7.3 via yum In-Reply-To: <1116426175.92c53633b7d18@mail.ph.utexas.edu> References: <1116369652.8067.261.camel@www.pathtech.org> <1116426175.92c53633b7d18@mail.ph.utexas.edu> Message-ID: <1116428359.8067.280.camel@www.pathtech.org> On Wed, 2005-05-18 at 09:22 -0500, Eric Rostetter wrote: > Quoting "G. Roderick Singleton" : > > > I keep getting errors such as the following: > > > > yum update gcc > > I don't know if either of these will work, but I'd try these commands: > > yum upgrade gcc > > yum update gcc gcc-c++ gcc-g77 gcc-objc > > Again not sure if either of those will solve it, but they are worth a try. Di try all of these. None worked, unfortunately. Solved my problem with apt-get. > > > However I do see these packages in the repositories. Please tell me how > > to workaround the problem so I can update to legacy current. > > Try the above commands (either or both) and report back. > As I said I found an apt-get that worked and used that to update. That worked. Installed the newest kernel manually. Am now trying to get a gcc installation that will support tbird and firefox. -- G. Roderick Singleton PATH tech From gerry at pathtech.org Wed May 18 18:21:07 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Wed, 18 May 2005 14:21:07 -0400 Subject: Hints and tips for building from srcrpms Message-ID: <1116440467.8067.297.camel@www.pathtech.org> I said in a earlier message that I was attempting to build gcc and family so that tbird and firefox will install under 7.3. In trying to build from source I noticed that my architecture is recognized as i686 which is okay for me but if this exercise works wouldn't it better to have the rpms as i386? I think so but haven't a clue how to do it. Any hints/tips will be appreciated. If this works perhaps the builds could be added to the repository. -- G. Roderick Singleton PATH tech From brian.t.brunner at gai-tronics.com Wed May 18 18:39:19 2005 From: brian.t.brunner at gai-tronics.com (Brian T. Brunner) Date: Wed, 18 May 2005 11:39:19 -0700 Subject: Hints and tips for building from srcrpms Message-ID: Source rpms are without architectural assumptions, they must look up the target arch and build for it. Binary rpms are built for 386, 586, 686, etc. You're building from source, are you building binary rpms for distribution? if so then you have the arch consideration. Brian Brunner brian.t.brunner at gai-tronics.com (610)796-5838 >>> gerry at pathtech.org 05/18/05 02:21PM >>> I said in a earlier message that I was attempting to build gcc and family so that tbird and firefox will install under 7.3. In trying to build from source I noticed that my architecture is recognized as i686 which is okay for me but if this exercise works wouldn't it better to have the rpms as i386? I think so but haven't a clue how to do it. Any hints/tips will be appreciated. If this works perhaps the builds could be added to the repository. -- G. Roderick Singleton PATH tech -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated From gerry at pathtech.org Wed May 18 19:10:46 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Wed, 18 May 2005 15:10:46 -0400 Subject: Hints and tips for building from srcrpms In-Reply-To: References: Message-ID: <1116443447.8067.299.camel@www.pathtech.org> On Wed, 2005-05-18 at 11:39 -0700, Brian T. Brunner wrote: > Source rpms are without architectural assumptions, they must look up the target arch and build for it. > > Binary rpms are built for 386, 586, 686, etc. > > You're building from source, are you building binary rpms for distribution? if so then you have the arch consideration. > > Brian Brunner > brian.t.brunner at gai-tronics.com > (610)796-5838 Thanks, Brian. I should have RTFM'd. Now trying with --target set. > > >>> gerry at pathtech.org 05/18/05 02:21PM >>> > I said in a earlier message that I was attempting to build gcc and > family so that tbird and firefox will install under 7.3. In trying to > build from source I noticed that my architecture is recognized as i686 > which is okay for me but if this exercise works wouldn't it better to > have the rpms as i386? I think so but haven't a clue how to do it. Any > hints/tips will be appreciated. If this works perhaps the builds could > be added to the repository. -- G. Roderick Singleton PATH tech From rdieter at math.unl.edu Wed May 18 19:39:54 2005 From: rdieter at math.unl.edu (Rex Dieter) Date: Wed, 18 May 2005 14:39:54 -0500 Subject: Hints and tips for building from srcrpms In-Reply-To: <1116440467.8067.297.camel@www.pathtech.org> References: <1116440467.8067.297.camel@www.pathtech.org> Message-ID: G. Roderick Singleton wrote: > I said in a earlier message that I was attempting to build gcc and > family so that tbird and firefox will install under 7.3. Here's something to start from, a (backport) of rh90's gcc-3.2.2 for rh73: http://apt.kde-redhat.org/apt/fedora/all/SRPMS/gcc-3.2.2-5.0.src.rpm You'll need to update/patch rh73's glibc pthread.h too (gcc-3.2.2 will complain otherwise): http://apt.kde-redhat.org/apt/fedora/SOURCES/glibc/glibc-2.2.5-__thread.patch -- Rex From rdieter at math.unl.edu Wed May 18 20:08:40 2005 From: rdieter at math.unl.edu (Rex Dieter) Date: Wed, 18 May 2005 15:08:40 -0500 Subject: Hints and tips for building from srcrpms In-Reply-To: References: <1116440467.8067.297.camel@www.pathtech.org> Message-ID: Rex Dieter wrote: > G. Roderick Singleton wrote: > >> I said in a earlier message that I was attempting to build gcc and >> family so that tbird and firefox will install under 7.3. > > > Here's something to start from, a (backport) of rh90's gcc-3.2.2 for rh73: > http://apt.kde-redhat.org/apt/fedora/all/SRPMS/gcc-3.2.2-5.0.src.rpm Make that: http://apt.kde-redhat.org/apt/fedora/all/SRPMS.stable/gcc-3.2.2-5.0.src.rpm (That's what I get for not testing the links...) -- Rex From gerry at pathtech.org Wed May 18 21:22:25 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Wed, 18 May 2005 17:22:25 -0400 Subject: Hints and tips for building from srcrpms In-Reply-To: References: <1116440467.8067.297.camel@www.pathtech.org> Message-ID: <1116451345.8067.309.camel@www.pathtech.org> On Wed, 2005-05-18 at 15:08 -0500, Rex Dieter wrote: > Rex Dieter wrote: > > G. Roderick Singleton wrote: > > > >> I said in a earlier message that I was attempting to build gcc and > >> family so that tbird and firefox will install under 7.3. > > > > > > Here's something to start from, a (backport) of rh90's gcc-3.2.2 for rh73: > > http://apt.kde-redhat.org/apt/fedora/all/SRPMS/gcc-3.2.2-5.0.src.rpm > > Make that: > http://apt.kde-redhat.org/apt/fedora/all/SRPMS.stable/gcc-3.2.2-5.0.src.rpm > (That's what I get for not testing the links...) > Figured that one out but am confused about the patch. Have picked up glibc-2.2.5-44.legacy.3.src.rpm and have tried rpmbuild --recompile !$ but got a dependency I was not expecting: # rpmbuild --recompile glibc-2.2.5-44.legacy.3.src.rpm Installing glibc-2.2.5-44.legacy.3.src.rpm error: failed build dependencies: libelf >= 0.7.0-2 is needed by glibc-2.2.5-44.legacy.3 Had to apt-get it. Re-compiling produced: In file included from ../math/math.h:350, from ../include/math.h:3, from ../sysdeps/ieee754/ldbl-96/strtold.c:19: ../sysdeps/i386/fpu/bits/mathinline.h: In function `__sgnl': ../sysdeps/i386/fpu/bits/mathinline.h:291: Internal error: Segmentation fault. Please submit a full bug report. See for instructions. make[2]: *** [/usr/src/redhat/BUILD/glibc-2.2.5/build-i386- linux/stdlib/strtold.op] Error 1 make[2]: Leaving directory `/usr/src/redhat/BUILD/glibc-2.2.5/stdlib' make[1]: *** [stdlib/subdir_lib] Error 2 make[1]: Leaving directory `/usr/src/redhat/BUILD/glibc-2.2.5' make: *** [all] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.52394 (%build) So I guess the next question is what next? -- G. Roderick Singleton PATH tech From marcdeslauriers at videotron.ca Wed May 18 20:48:04 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 18 May 2005 16:48:04 -0400 Subject: [FLSA-2005:152883] Updated mozilla packages fix security issues Message-ID: <428BAA04.80609@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated mozilla packages fix security issues Advisory ID: FLSA:152883 Issue date: 2005-05-18 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-0906 CAN-2004-1156 CAN-2004-1316 CAN-2004-1380 CAN-2004-1613 CAN-2005-0141 CAN-2005-0142 CAN-2005-0578 CAN-2005-0143 CAN-2005-0593 CAN-2005-0144 CAN-2005-0146 CAN-2005-0147 CAN-2005-0149 CAN-2005-0231 CAN-2005-0232 CAN-2005-0527 CAN-2005-0233 CAN-2005-0399 CAN-2005-0401 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0590 CAN-2005-0591 CAN-2005-0588 CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1159 CAN-2005-1160 CAN-2005-1156 CAN-2005-1157 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated mozilla packages that fix various bugs are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: A bug was found in the way Mozilla sets file permissions when installing XPI packages. It is possible for an XPI package to install some files world readable or writable, allowing a malicious local user to steal information or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0906 to this issue. A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156) iSEC Security Research has discovered a buffer overflow bug in the way Mozilla handles NNTP URLs. If a user visits a malicious web page or is convinced to click on a malicious link, it may be possible for an attacker to execute arbitrary code on the victim's machine. (CAN-2004-1316) A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CAN-2004-1380) A bug was found in the way Mozilla handles certain start tags followed by a NULL character. A malicious web page could cause Mozilla to crash when viewed by a victim. (CAN-2004-1613) A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CAN-2005-0141) Several bugs were found with the way Mozilla handles temporary files. A local user could view sensitive temporary information or delete arbitrary files. (CAN-2005-0142 CAN-2005-0578) Several bugs were found with the way Mozilla displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CAN-2005-0143 CAN-2005-0593) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CAN-2005-0144) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CAN-2005-0146) A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CAN-2005-0147) A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CAN-2005-0149) A bug was found in the Mozilla javascript security manager. If a user drags a malicious link to a tab, the javascript security manager is bypassed, which could result in remote code execution or information disclosure. (CAN-2005-0231) A bug was found in the way Mozilla allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CAN-2005-0233) A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. (CAN-2005-0399) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CAN-2005-0401) Several bugs were found in the way Mozilla displays alert dialogs. It is possible for a malicious webserver or website to trick a user into thinking the dialog window is being generated from a trusted site. (CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0590 CAN-2005-0591) A bug was found in the way Mozilla handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CAN-2005-0588) A bug was found in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. (CAN-2005-0989) A bug was found in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious javascript, the script will be executed with elevated privileges. (CAN-2005-1153) Several bugs were found in the Mozilla javascript engine. A malicious web page could leverage these issues to execute javascript with elevated privileges or steal sensitive information. (CAN-2005-1154 CAN-2005-1155 CAN-2005-1159 CAN-2005-1160) A bug was found in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CAN-2005-1156 CAN-2005-1157) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152883 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.7-0.73.2.legacy.src.rpm http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.7-0.73.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.14-0.73.2.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.7-0.90.1.legacy.src.rpm http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.14-0.90.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.7-0.90.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.14-0.90.2.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.7-1.1.2.legacy.src.rpm http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.7-1.1.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.8-1.fc1.2.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.7-1.2.2.legacy.src.rpm http://download.fedoralegacy.org/fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.3.legacy.src.rpm http://download.fedoralegacy.org/fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.6.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.7-1.2.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/epiphany-1.2.10-0.2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-0.9.1-0.2.6.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.6.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 9acd3892e1ec3b272274ed250f630e316e72334c redhat/7.3/updates/i386/mozilla-1.7.7-0.73.2.legacy.i386.rpm bdf6c767bd8d8a1dc74138e8da7c1672b1934764 redhat/7.3/updates/i386/mozilla-chat-1.7.7-0.73.2.legacy.i386.rpm 7168b5bfcd5a090b62464f8b7d82d20bff365ba5 redhat/7.3/updates/i386/mozilla-devel-1.7.7-0.73.2.legacy.i386.rpm 6baa66d77ecbaf4aefcd99e42dbc81dee8b5533b redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.7-0.73.2.legacy.i386.rpm c8fd69f3e6e3a63554382ec412208f74a48ba8fe redhat/7.3/updates/i386/mozilla-js-debugger-1.7.7-0.73.2.legacy.i386.rpm 83a181ed9ecade3c9cb3cd3f64ac7cdd5add9057 redhat/7.3/updates/i386/mozilla-mail-1.7.7-0.73.2.legacy.i386.rpm 904dd59f1b4d5e4426232549848b83a9e407e2ba redhat/7.3/updates/i386/mozilla-nspr-1.7.7-0.73.2.legacy.i386.rpm 3513150062f0d54dfa14f3d4fc320114b72a95ad redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.7-0.73.2.legacy.i386.rpm f56ac87aae05c1530cfc49844f59410ac3db82d9 redhat/7.3/updates/i386/mozilla-nss-1.7.7-0.73.2.legacy.i386.rpm d4a42d185260a6778133dc51beb0098b637306c5 redhat/7.3/updates/i386/mozilla-nss-devel-1.7.7-0.73.2.legacy.i386.rpm 8f731240e4c04d12861836a20ebd51faac33db54 redhat/7.3/updates/SRPMS/mozilla-1.7.7-0.73.2.legacy.src.rpm 265ca0a31dd9a66b3de6364b1a8e0bab108ebedc redhat/7.3/updates/i386/galeon-1.2.14-0.73.2.legacy.i386.rpm 591f6a2ab89ae9b5995cc172017bc8d5b39f0236 redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.2.legacy.src.rpm 3d70328b95b7af8ebb4a808ed2c6d58f8d8d3f32 redhat/9/updates/i386/mozilla-1.7.7-0.90.1.legacy.i386.rpm f0602f47ebb9e66a600749832bf68b63787bde35 redhat/9/updates/i386/mozilla-chat-1.7.7-0.90.1.legacy.i386.rpm 005590efef49bb5d39f665d61b335496ca18798d redhat/9/updates/i386/mozilla-devel-1.7.7-0.90.1.legacy.i386.rpm 5a54884ce7108215746ac96668018bdbe2e70494 redhat/9/updates/i386/mozilla-dom-inspector-1.7.7-0.90.1.legacy.i386.rpm 5fd7e6f7145787da6926807ad22a8cddaa14b927 redhat/9/updates/i386/mozilla-js-debugger-1.7.7-0.90.1.legacy.i386.rpm 0ea4683b6d02b6605e7c515ee6c4717ee443eee3 redhat/9/updates/i386/mozilla-mail-1.7.7-0.90.1.legacy.i386.rpm cd8c01029571274c79dc3b0b083a68f61f8276b4 redhat/9/updates/i386/mozilla-nspr-1.7.7-0.90.1.legacy.i386.rpm c043f95965b668bc18adb9a58b8e0f332f295285 redhat/9/updates/i386/mozilla-nspr-devel-1.7.7-0.90.1.legacy.i386.rpm 1b9952e1ae88be813398d47c56ccdb1c6297defb redhat/9/updates/i386/mozilla-nss-1.7.7-0.90.1.legacy.i386.rpm 0048ddbfbccca48c2e3a20d436a8eeaeaa5e7d27 redhat/9/updates/i386/mozilla-nss-devel-1.7.7-0.90.1.legacy.i386.rpm 3ef84161c6d31a0a022e30dccfa38c3e48bfc826 redhat/9/updates/SRPMS/mozilla-1.7.7-0.90.1.legacy.src.rpm f34febaaa2e03ffc62097a8abf977cfa98bce03a redhat/9/updates/i386/galeon-1.2.14-0.90.2.legacy.i386.rpm 72ddc204978e74630ef9cab1e17a80a6a2e06658 redhat/9/updates/SRPMS/galeon-1.2.14-0.90.2.legacy.src.rpm 57100cb971334d7af508b63786aa08605515ca1c fedora/1/updates/i386/mozilla-1.7.7-1.1.2.legacy.i386.rpm d46f3963c22c7dd5460e5dcb54fe48001b9f2bf0 fedora/1/updates/i386/mozilla-chat-1.7.7-1.1.2.legacy.i386.rpm c1fb6304d59a2b40afb0f897068d4790f7188d58 fedora/1/updates/i386/mozilla-devel-1.7.7-1.1.2.legacy.i386.rpm 2e6e6c51cc5f2ec33ed9da3f3cba5b8894cc41c6 fedora/1/updates/i386/mozilla-dom-inspector-1.7.7-1.1.2.legacy.i386.rpm c341b4c436e57743b14fb535117fd22b0cbec5d9 fedora/1/updates/i386/mozilla-js-debugger-1.7.7-1.1.2.legacy.i386.rpm 7132f5a85829789980a6d3e99dcb8b693c2ca2f5 fedora/1/updates/i386/mozilla-mail-1.7.7-1.1.2.legacy.i386.rpm 97fc2ebf5fac4a9db7515d6ce040f69800d4b76f fedora/1/updates/i386/mozilla-nspr-1.7.7-1.1.2.legacy.i386.rpm 4fc55c563a2dab1acea189205a74a55a3193fd90 fedora/1/updates/i386/mozilla-nspr-devel-1.7.7-1.1.2.legacy.i386.rpm 013b70581b5719c09d31a3cd642c9508326ee785 fedora/1/updates/i386/mozilla-nss-1.7.7-1.1.2.legacy.i386.rpm 0b166a9b048615bed8963512f3c14d0fe2b55df3 fedora/1/updates/i386/mozilla-nss-devel-1.7.7-1.1.2.legacy.i386.rpm 78028c39bd74519585f30c5e9fb1811c17174ae6 fedora/1/updates/SRPMS/mozilla-1.7.7-1.1.2.legacy.src.rpm 288dc1525d58a9bfb547dae233217f8560f793da fedora/1/updates/i386/epiphany-1.0.8-1.fc1.2.legacy.i386.rpm 6d7fc5695a4dc5dfda8061d6f15f5f49d9e0ca25 fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.2.legacy.src.rpm e30cf25bc4833e0b19464b80edc6a40a022d84ec fedora/2/updates/i386/mozilla-1.7.7-1.2.2.legacy.i386.rpm f6272d64f623060b3e3c312a51d9c4cf79517dbf fedora/2/updates/i386/mozilla-chat-1.7.7-1.2.2.legacy.i386.rpm 3de604792b03c9be05094f93dfab05dc4025bf28 fedora/2/updates/i386/mozilla-devel-1.7.7-1.2.2.legacy.i386.rpm be68ea6a7694e26583788619fd2983d79e7de2a0 fedora/2/updates/i386/mozilla-dom-inspector-1.7.7-1.2.2.legacy.i386.rpm 5fb0ec03a8477716720fa5717096f51b947b3fc7 fedora/2/updates/i386/mozilla-js-debugger-1.7.7-1.2.2.legacy.i386.rpm eaad0dd9b651f50a95645a483874e388c8e8d6ff fedora/2/updates/i386/mozilla-mail-1.7.7-1.2.2.legacy.i386.rpm eab0bd24445c45116bb438c3ab039549aeaf9fff fedora/2/updates/i386/mozilla-nspr-1.7.7-1.2.2.legacy.i386.rpm 230443db97ade4cd419149aac9be2647b9d8e1a9 fedora/2/updates/i386/mozilla-nspr-devel-1.7.7-1.2.2.legacy.i386.rpm 93d1521088d28943d1bb8a3f95b9fe33afbb6cce fedora/2/updates/i386/mozilla-nss-1.7.7-1.2.2.legacy.i386.rpm 69f0872295fcc76410236cbdcfa68ad714fd1019 fedora/2/updates/i386/mozilla-nss-devel-1.7.7-1.2.2.legacy.i386.rpm 9ee87c561862efad6914604117ca1b77347ddce2 fedora/2/updates/SRPMS/mozilla-1.7.7-1.2.2.legacy.src.rpm 2a2d210670d354d8640266735d2ce15ca3a6c637 fedora/2/updates/i386/epiphany-1.2.10-0.2.3.legacy.i386.rpm 0b8dcb95ee3ac871fac5adda63cbe1ec62340540 fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.3.legacy.src.rpm 50bab23717bd9e8f80c1f037d89fea75c240404a fedora/2/updates/i386/devhelp-0.9.1-0.2.6.legacy.i386.rpm 19dd014eda39deb1bafdfa34c47a4e81bf9cf880 fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.6.legacy.i386.rpm 1fa21cf570fa5a210594820c17eacfe764df8a52 fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.6.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Wed May 18 20:48:46 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 18 May 2005 16:48:46 -0400 Subject: [FLSA-2005:152815] Updated libtiff packages fix security issues Message-ID: <428BAA2E.8010904@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated libtiff packages fix security issues Advisory ID: FLSA:152815 Issue date: 2005-05-18 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 CAN-2004-1308 CAN-2004-1183 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated libtiff packages that fix various buffer and integer overflows are now available. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to this issue. iDEFENSE has reported an integer overflow bug that affects libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1308 to this issue. Dmitry V. Levin reported another integer overflow in the tiffdump utility. An atacker who has the ability to trick a user into opening a malicious TIFF file with tiffdump could possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1183 to this issue. All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152815 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/libtiff-3.5.7-2.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/libtiff-3.5.7-2.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/libtiff-devel-3.5.7-2.2.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/libtiff-3.5.7-11.2.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/libtiff-3.5.7-11.2.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/libtiff-devel-3.5.7-11.2.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/libtiff-3.5.7-14.2.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/libtiff-3.5.7-14.2.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/libtiff-devel-3.5.7-14.2.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 524fd6c80901dbd665cfbf0b4ba1eea276a95cca redhat/7.3/updates/i386/libtiff-3.5.7-2.2.legacy.i386.rpm 3ced2ba5eac07c60515a41d73dbfb0df36cfc962 redhat/7.3/updates/i386/libtiff-devel-3.5.7-2.2.legacy.i386.rpm 864581d2f1d76fcc5d0540173338a84a7a3ffe80 redhat/7.3/updates/SRPMS/libtiff-3.5.7-2.2.legacy.src.rpm a17298a3be3e3d6f7fce2108ac226ff8ef26ee39 redhat/9/updates/i386/libtiff-3.5.7-11.2.legacy.i386.rpm b35700b8e8ee819565998a033f484ebd7e837646 redhat/9/updates/i386/libtiff-devel-3.5.7-11.2.legacy.i386.rpm 2024a97a377a37851d3a4be92403eaad0a7b1be2 redhat/9/updates/SRPMS/libtiff-3.5.7-11.2.legacy.src.rpm 8dd2d8035eaf4b0e41cc7ac68536b752387a1cc8 fedora/1/updates/i386/libtiff-3.5.7-14.2.legacy.i386.rpm 4475fb4f26ab358d1c9bf8b6e8da060eace1a8dd fedora/1/updates/i386/libtiff-devel-3.5.7-14.2.legacy.i386.rpm f854a97125ca806b9a1c04c985f9939c6b6f7611 fedora/1/updates/SRPMS/libtiff-3.5.7-14.2.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From marcdeslauriers at videotron.ca Wed May 18 20:49:20 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Wed, 18 May 2005 16:49:20 -0400 Subject: [FLSA-2005:152771] Updated pam packages fix security issue Message-ID: <428BAA50.8000400@videotron.ca> --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated pam packages fix security issue Advisory ID: FLSA:152771 Issue date: 2005-05-18 Product: Red Hat Linux Keywords: Bugfix CVE Names: CAN-2003-0388 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated pam packages that fix a security vulnerability are now available. PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set an authentication policy without having to recompile programs that handle authentication. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 3. Problem description: These updates fix a potential security problem present in the pam_wheel module. These updates correct a bug in the pam_lastlog module which prevented it from properly manipulating the /var/log/lastlog entry for users with very high user IDs. The pam_wheel module is used to restrict access to a particular service based on group membership. If the pam_wheel module was used with the "trust" option enabled, but without the "use_uid" option, any local user would be able to spoof the username returned by getlogin(). The user could therefore gain access to a superuser account without supplying a password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0388 to this issue. When manipulating the entry in /var/log/lastlog, which corresponds to a given user, the pam_lastlog module calculates the location of the entry by multiplying the UID and the length of an entry in the file. On some systems, the result of this calculation would mistakenly be truncated to 32 bits for users with sufficiently high UIDs. All users of pam should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152771 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/pam-0.75-46.10.legacy.7x.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/pam-0.75-46.10.legacy.7x.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/pam-devel-0.75-46.10.legacy.7x.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/pam-0.75-62.10.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/pam-0.75-62.10.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/pam-devel-0.75-62.10.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- bb7b9e1c63be2eb2064b46eacaf8d0ce68594d11 redhat/7.3/updates/i386/pam-0.75-46.10.legacy.7x.i386.rpm 9af62c26654ba14bde7bf6e3b59b9b4f62fd5d35 redhat/7.3/updates/i386/pam-devel-0.75-46.10.legacy.7x.i386.rpm 8f06c0d3a0cb5938206c4d2d20484f325ebcca42 redhat/7.3/updates/SRPMS/pam-0.75-46.10.legacy.7x.src.rpm 622eac1455b5ccb0cf75705cc0f42b3226f9cc31 redhat/9/updates/i386/pam-0.75-62.10.legacy.i386.rpm 18c330ff1ef063f21a3b3c8eb297d09bb004ee67 redhat/9/updates/i386/pam-devel-0.75-62.10.legacy.i386.rpm 8c10c919199f35e5ef785b57f35a8d300d3ea01e redhat/9/updates/SRPMS/pam-0.75-62.10.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0388 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From ssharma at revsharecorp.com Thu May 19 17:52:08 2005 From: ssharma at revsharecorp.com (Ajay Sharma) Date: Thu, 19 May 2005 10:52:08 -0700 Subject: latest pam and "$ISA" in system-auth? Message-ID: <428CD248.3050303@revsharecorp.com> Hi, I just upgraded to pam-0.75-46.10.legacy.7x on a RH73 box and there's a /etc/pam.d/system-auth.rpmnew file that I need to merge in. Since I never really messed with that file in the past, my initial assumption would be to move system-auth.rpmnew to system-auth to finish the install. But the diff looked a little wierd and I've included a diff below. Is it okay to `mv system-auth.rpmnew system-auth`? The "$ISA" thing looks a little off to me, but then again, I don't know too much about pam. Thanks for any help. --Ajay diff -u system-auth system-auth.rpmnew --- system-auth Thu Mar 10 09:06:23 2005 +++ system-auth.rpmnew Fri Mar 4 21:26:39 2005 @@ -1,15 +1,15 @@ #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. -auth required /lib/security/pam_env.so -auth sufficient /lib/security/pam_unix.so likeauth nullok -auth required /lib/security/pam_deny.so +auth required /lib/security/$ISA/pam_env.so +auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok +auth required /lib/security/$ISA/pam_deny.so -account required /lib/security/pam_unix.so +account required /lib/security/$ISA/pam_unix.so -password required /lib/security/pam_cracklib.so retry=3 type= -password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow -password required /lib/security/pam_deny.so +password required /lib/security/$ISA/pam_cracklib.so retry=3 +password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow +password required /lib/security/$ISA/pam_deny.so -session required /lib/security/pam_limits.so -session required /lib/security/pam_unix.so +session required /lib/security/$ISA/pam_limits.so +session required /lib/security/$ISA/pam_unix.so From notting at redhat.com Thu May 19 19:16:56 2005 From: notting at redhat.com (Bill Nottingham) Date: Thu, 19 May 2005 15:16:56 -0400 Subject: latest pam and "$ISA" in system-auth? In-Reply-To: <428CD248.3050303@revsharecorp.com> References: <428CD248.3050303@revsharecorp.com> Message-ID: <20050519191656.GB6672@nostromo.devel.redhat.com> Ajay Sharma (ssharma at revsharecorp.com) said: > Hi, > > I just upgraded to pam-0.75-46.10.legacy.7x on a RH73 box and there's a > /etc/pam.d/system-auth.rpmnew file that I need to merge in. Since I > never really messed with that file in the past, my initial assumption > would be to move system-auth.rpmnew to system-auth to finish the install. > > But the diff looked a little wierd and I've included a diff below. Is > it okay to `mv system-auth.rpmnew system-auth`? The "$ISA" thing looks > a little off to me, but then again, I don't know too much about pam. > Thanks for any help. It expands to ../../lib/security in the 32-bit PAM, and ../../lib64/security in the 64-bit PAM, so you can have one pam config file for both 32 and 64-bit PAM modules. Bill From dqarras at yahoo.com Fri May 20 08:10:15 2005 From: dqarras at yahoo.com (Daniel Qarras) Date: Fri, 20 May 2005 01:10:15 -0700 (PDT) Subject: Fedora Legacy / FC2 / apt problem Message-ID: <20050520081015.27529.qmail@web30813.mail.mud.yahoo.com> Hi, I'm having the same problem that was reported last week: https://www.redhat.com/archives/fedora-legacy-list/2005-May/msg00094.html where apt-get complains: ... Get:1 http://download.fedoralegacy.org apt/fedora/2/i386/updates pkglist [883kB] Get:2 http://download.fedoralegacy.org apt/fedora/2/i386/updates release [126B] Fetched 883kB in 5s (158kB/s) Reading Package Lists... Done Building Dependency Tree... Done W: Release file did not contain checksum information for http://download.fedoralegacy.org/apt/fedora/2/i386/base/pkglist.updates W: Release file did not contain checksum information for http://download.fedoralegacy.org/apt/fedora/2/i386/base/release.updates W: You may want to run apt-get update to correct these problems I have Fedora Legacy GPG key imported, apt is working with all other repos perfectly, so it seems that this is not a local problem. Does anyone known whether I should switch to yum or are there efforts going on for fixing this? Thanks a lot, Dan. Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html From igor.mozetic at gmail.com Fri May 20 08:32:58 2005 From: igor.mozetic at gmail.com (Igor Mozetic) Date: Fri, 20 May 2005 10:32:58 +0200 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <20050520081015.27529.qmail@web30813.mail.mud.yahoo.com> References: <20050520081015.27529.qmail@web30813.mail.mud.yahoo.com> Message-ID: <342deca505052001327f0b9b4f@mail.gmail.com> > W: Release file did not contain checksum information > for > http://download.fedoralegacy.org/apt/fedora/2/i386/base/pkglist.updates > W: Release file did not contain checksum information > for > http://download.fedoralegacy.org/apt/fedora/2/i386/base/release.updates > W: You may want to run apt-get update to correct these > problems > > I have Fedora Legacy GPG key imported, apt is working > with all other repos perfectly, so it seems that this > is not a local problem. Interesting is that the .../base/release file DOES contain the md5sums and that they DO match both *.updates files. Regards, Igor From igor.mozetic at gmail.com Fri May 20 12:11:00 2005 From: igor.mozetic at gmail.com (Igor Mozetic) Date: Fri, 20 May 2005 14:11:00 +0200 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <342deca505052001327f0b9b4f@mail.gmail.com> References: <20050520081015.27529.qmail@web30813.mail.mud.yahoo.com> <342deca505052001327f0b9b4f@mail.gmail.com> Message-ID: <342deca5050520051153fdc13a@mail.gmail.com> Somebody on the freshrpms list spotted that the MD5Sum: line is missing in http://download.fedoralegacy.org/apt/fedora/2/i386/base/release in contrast to e.g.: http://download.fedoralegacy.org/apt/fedora/1/i386/base/release This does help indeed (checked on the local mirror). Could this be added, please, by the admin? Regards and thanks, Igor From jkeating at j2solutions.net Fri May 20 15:17:23 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 20 May 2005 08:17:23 -0700 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <342deca5050520051153fdc13a@mail.gmail.com> References: <20050520081015.27529.qmail@web30813.mail.mud.yahoo.com> <342deca505052001327f0b9b4f@mail.gmail.com> <342deca5050520051153fdc13a@mail.gmail.com> Message-ID: <1116602243.3052.6.camel@yoda.loki.me> On Fri, 2005-05-20 at 14:11 +0200, Igor Mozetic wrote: > > Somebody on the freshrpms list spotted that the MD5Sum: > line is missing in > > http://download.fedoralegacy.org/apt/fedora/2/i386/base/release > > in contrast to e.g.: > > http://download.fedoralegacy.org/apt/fedora/1/i386/base/release > > This does help indeed (checked on the local mirror). > Could this be added, please, by the admin? > > Regards and thanks, Igor Hrm, strange. I had thought that the content below the text was autogenerated, included the MD5SUM: line. Guess I was wrong. Fixed and uploading to the master mirror. Sorry for the problems. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From jkosin at beta.intcomgrp.com Fri May 20 16:33:35 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Fri, 20 May 2005 12:33:35 -0400 Subject: [OT FC1]: Updates Message-ID: <428E115F.1020002@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Everyone, I've been very busy with updates... - ------------------------------------------------------ (1) INN update to version 2.4.1 ~ I've updated the inn server to the 2.4.1 for FC1. Changes are vast in the source. The configuration parser has also changed (the biggest change). ~ Users using the version for FC1 will need to edit the inn.conf file to not have any blank configuration lines. They want to see every line filled in with true / false, strings need to be in quotes "", and need to add the line 'hismethod: hisv6' to the inn.conf file. New users need to use the .rpmnew files, that would be the best place to start. ~ I'll probably have more changes as I find the issues. Right now the server works with the mirror changes above and reconfiguring the files. I did have the expire script crash the first day of expiring messages. Not sure if this was related to the upgrade. INN stopped running because of this; but, a restart and a re-run of the news.daily script showed no problems and it has been running for days. ~ Remember, the utilities in /usr/lib/news/bin are your friends... use them. Packages: http://support.intcomgrp.com/mirror/fedora-core/beta/i386/inews-2.4.1-1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/inn-2.4.1-1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/inn-devel-2.4.1-1.i386.rpm Sources: http://support.intcomgrp.com/mirror/fedora-core/beta/src/inn-2.4.1-1.src.rpm - ------------------------------------------------------ (2) Kernel version 2.4.30-1.2 ~ This is version 2.4.31-pre2-bk2 patched version. I'll have to figure out how to make ia64 work. These versions already have support for the processor; because I tried the ia64 patch which stated they had already been applied. ~ Remember! Keep the release kernel for Fedora Core 1 handy. I don't guarantee my version will work for everyone. Packages: http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-2.4.30-1.2.fc1.vanilla.i686.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-doc-2.4.30-1.2.fc1.vanilla.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-smp-2.4.30-1.2.fc1.vanilla.i686.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/kernel-source-2.4.30-1.2.fc1.vanilla.i386.rpm Sources: http://support.intcomgrp.com/mirror/fedora-core/beta/src/kernel-2.4.30-1.2.fc1.vanilla.src.rpm - ------------------------------------------------------ (3) ClamAV version 0.85.1 ~ Yes, clamav had another update. Packages: http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-0.85.1-1.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-devel-0.85.1-1.fc1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/clamav-milter-0.85.1-1.fc1.i386.rpm Sources: http://support.intcomgrp.com/mirror/fedora-core/beta/src/clamav-0.85.1-1.fc1.src.rpm - ------------------------------------------------------ (4) BIND version 9.2.5 ~ I've got the 9.2.5 from ISC compiled for FC1. Checkout their homepage http://www.isc.org/index.pl?/sw/bind/ ... Packages: http://support.intcomgrp.com/mirror/fedora-core/beta/i386/bind-9.2.5-1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/bind-chroot-9.2.5-1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/bind-devel-9.2.5-1.i386.rpm http://support.intcomgrp.com/mirror/fedora-core/beta/i386/bind-utils-9.2.5-1.i386.rpm Sources: http://support.intcomgrp.com/mirror/fedora-core/beta/src/bind-9.2.5-1.src.rpm - ------------------------------------------------------ I was going to update NTP but; read the notes for the FC1 rpm saying that version 4.2.0 was BUGGY!!! So I stayed away from that version. In fact FC1 was back-ported to the earlier version because of the bugs was interesting; since, I've been reading a lot on various lists about NTP not working in FC3. Version 4.2.0 has been released by ISC since 2003?? So, I'm not sure why the problems or bugs; but, I'm holding off. Thanks, James Kosin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjhFfkNLDmnu1kSkRAi+EAJ9NuuXNF4+Pm+skQxmmWDyRxZ2i4ACdHqNE EuN4ZNZxSaD26I5hM2D7wss= =87+D -----END PGP SIGNATURE----- From gerry at pathtech.org Fri May 20 16:44:07 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Fri, 20 May 2005 12:44:07 -0400 Subject: Hints and tips for building from srcrpms In-Reply-To: <1116451345.8067.309.camel@www.pathtech.org> References: <1116440467.8067.297.camel@www.pathtech.org> <1116451345.8067.309.camel@www.pathtech.org> Message-ID: <1116607447.8067.407.camel@www.pathtech.org> On Wed, 2005-05-18 at 17:22 -0400, G. Roderick Singleton wrote: > On Wed, 2005-05-18 at 15:08 -0500, Rex Dieter wrote: > > Rex Dieter wrote: > > > G. Roderick Singleton wrote: > > > > > >> I said in a earlier message that I was attempting to build gcc and > > >> family so that tbird and firefox will install under 7.3. > > > > > > > > > [snipped] I had to give up. There were a number of problems that I couldn't overcome. One was with MD5SUMS in the RH7.3 repository and time. I used RH9 instead. -- G. Roderick Singleton PATH tech From gerry at pathtech.org Fri May 20 22:14:30 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Fri, 20 May 2005 18:14:30 -0400 Subject: Have RPMS of firefox and thunderbird for RH9 Message-ID: <1116627270.8067.428.camel@www.pathtech.org> I have built RPMs of firefox-1.0.4 and thunderbird-1.0.2 for RH9. How does one contribute these? -- G. Roderick Singleton PATH tech From jkeating at j2solutions.net Sat May 21 06:27:12 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 20 May 2005 23:27:12 -0700 Subject: Have RPMS of firefox and thunderbird for RH9 In-Reply-To: <1116627270.8067.428.camel@www.pathtech.org> References: <1116627270.8067.428.camel@www.pathtech.org> Message-ID: <1116656832.3532.0.camel@yoda.loki.me> On Fri, 2005-05-20 at 18:14 -0400, G. Roderick Singleton wrote: > I have built RPMs of firefox-1.0.4 and thunderbird-1.0.2 for RH9. How > does one contribute these? This project is about the backports of security fixes only. Anything else cannot be contributed. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From mattdm at mattdm.org Sat May 21 15:43:44 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sat, 21 May 2005 11:43:44 -0400 Subject: Have RPMS of firefox and thunderbird for RH9 In-Reply-To: <1116627270.8067.428.camel@www.pathtech.org> References: <1116627270.8067.428.camel@www.pathtech.org> Message-ID: <20050521154344.GA3600@jadzia.bu.edu> On Fri, May 20, 2005 at 06:14:30PM -0400, G. Roderick Singleton wrote: > I have built RPMs of firefox-1.0.4 and thunderbird-1.0.2 for RH9. How > does one contribute these? Providing new functionality is outside of the scope of the project. I think the best thing to do is put them up on a web site for people who might be interested. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 71 degrees Fahrenheit. From gerry at pathtech.org Sat May 21 15:51:19 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Sat, 21 May 2005 11:51:19 -0400 Subject: Have RPMS of firefox and thunderbird for RH9 In-Reply-To: <20050521154344.GA3600@jadzia.bu.edu> References: <1116627270.8067.428.camel@www.pathtech.org> <20050521154344.GA3600@jadzia.bu.edu> Message-ID: <1116690679.8067.491.camel@www.pathtech.org> On Sat, 2005-05-21 at 11:43 -0400, Matthew Miller wrote: > On Fri, May 20, 2005 at 06:14:30PM -0400, G. Roderick Singleton wrote: > > I have built RPMs of firefox-1.0.4 and thunderbird-1.0.2 for RH9. How > > does one contribute these? > > Providing new functionality is outside of the scope of the project. I think > the best thing to do is put them up on a web site for people who might be > interested. > Wish I had the bandwidth to do so. ANyway you can roll your own as I did. -- G. Roderick Singleton PATH tech From joey at clean.q7.com Sat May 21 18:17:05 2005 From: joey at clean.q7.com (Joe Pruett) Date: Sat, 21 May 2005 11:17:05 -0700 (PDT) Subject: Have RPMS of firefox and thunderbird for RH9 In-Reply-To: <1116690679.8067.491.camel@www.pathtech.org> Message-ID: if you can just provide spec files and any patches, that is the biggest hurdle to making an rpm. you might also contact dag wieers (dag at wieers.com) to see about putting the rpms on his repository. From dqarras at yahoo.com Sun May 22 09:52:19 2005 From: dqarras at yahoo.com (Daniel Qarras) Date: Sun, 22 May 2005 02:52:19 -0700 (PDT) Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: 6667 Message-ID: <20050522095219.85612.qmail@web30813.mail.mud.yahoo.com> > Hrm, strange. I had thought that the content below > the text was > autogenerated, included the MD5SUM: line. Guess I > was wrong. Fixed and > uploading to the master mirror. Sorry for the > problems. Thanks a lot, I can now confirm that apt-get works all ok with Legacy / FC2. One thing that might be updated is the "Origin: Fedora" string; I think Fedora Legacy would be better description. Does not matter really, but in apt's preferences file the entry Fedora looks a bit strange alongside with Fedora Core and Fedora Extras. Cheers, Dan. __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail From t.springer at gmx.net Sun May 22 17:17:30 2005 From: t.springer at gmx.net (Thomas Springer) Date: Sun, 22 May 2005 19:17:30 +0200 Subject: fc1 - segmentation fault in openoffice.org Message-ID: <20050522191730.46de3d39@oqp.wrx.int> I've a problen after the update of oo.o-1.1.0-16.2. '$oowriter' '/usr/bin/oowriter: line 164 segmentation fault' I can reproduce the failure with a new user account. '$strace oowriter' ...doesn't tell me anything alse. Now the same happens when i use the old version and with the package from Oo.o-project. I can remember that i used the app not long ago. Although it is not a good idea: i can start 'oowriter' with -privilegs.But i don't want to do that everyday. What goes wrong? Greetings. - Fedora Core 1 kernel-2.4.22-1.2199.4.legacy.nptl/kernel-2.4.22-1.2199.nptl - From jkeating at j2solutions.net Sun May 22 20:03:57 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Sun, 22 May 2005 13:03:57 -0700 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <20050522095219.85612.qmail@web30813.mail.mud.yahoo.com> References: <20050522095219.85612.qmail@web30813.mail.mud.yahoo.com> Message-ID: <1116792237.3532.11.camel@yoda.loki.me> On Sun, 2005-05-22 at 02:52 -0700, Daniel Qarras wrote: > > One thing that might be updated is the "Origin: > Fedora" string; I think Fedora Legacy would be better > description. Does not matter really, but in apt's > preferences file the entry Fedora looks a bit strange > alongside with Fedora Core and Fedora Extras. If I make this change, how would it effect other people's existing setup? -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From mattdm at mattdm.org Sun May 22 23:22:26 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Sun, 22 May 2005 19:22:26 -0400 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <1116792237.3532.11.camel@yoda.loki.me> References: <20050522095219.85612.qmail@web30813.mail.mud.yahoo.com> <1116792237.3532.11.camel@yoda.loki.me> Message-ID: <20050522232226.GA1883@jadzia.bu.edu> On Sun, May 22, 2005 at 01:03:57PM -0700, Jesse Keating wrote: > > One thing that might be updated is the "Origin: > > Fedora" string; I think Fedora Legacy would be better > > description. Does not matter really, but in apt's > > preferences file the entry Fedora looks a bit strange > > alongside with Fedora Core and Fedora Extras. > If I make this change, how would it effect other people's existing > setup? Doesn't affect me, but yeah, good to check. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 72 degrees Fahrenheit. From tedkaz at optonline.net Mon May 23 11:04:56 2005 From: tedkaz at optonline.net (Ted Kaczmarek) Date: Mon, 23 May 2005 07:04:56 -0400 Subject: Updated Bash Message-ID: <1116846296.3270.48.camel@inyoureyes.linsolutions.com> The bash for RH9, bash-2.05b-20.1 spews erroneous broken pipes. Any chance of getting the updated version in the repo? Here a reference bug, my test case is actually log watch failing, but it appears to be same issue. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128274 Regards, Ted From rob.myers at gtri.gatech.edu Mon May 23 11:19:08 2005 From: rob.myers at gtri.gatech.edu (Rob Myers) Date: Mon, 23 May 2005 07:19:08 -0400 Subject: fc1 - segmentation fault in openoffice.org In-Reply-To: <20050522191730.46de3d39@oqp.wrx.int> References: <20050522191730.46de3d39@oqp.wrx.int> Message-ID: <1116847148.24197.152.camel@rXm-581b.stl.gtri.gatech.edu> On Sun, 2005-05-22 at 19:17 +0200, Thomas Springer wrote: > > I've a problen after the update of oo.o-1.1.0-16.2. > > '$oowriter' > '/usr/bin/oowriter: line 164 segmentation fault' > > I can reproduce the failure with a new user account. > > '$strace oowriter' > ...doesn't tell me anything alse. > > Now the same happens when i use the old version and with the package > from Oo.o-project. > > I can remember that i used the app not long ago. > > Although it is not a good idea: i can start 'oowriter' with -privilegs.But i don't want to do that everyday. > > What goes wrong? my memory is fuzzy, but you may try removing your ~/.openoffice directory. rob. From mattdm at mattdm.org Mon May 23 12:46:16 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Mon, 23 May 2005 08:46:16 -0400 Subject: Updated Bash In-Reply-To: <1116846296.3270.48.camel@inyoureyes.linsolutions.com> References: <1116846296.3270.48.camel@inyoureyes.linsolutions.com> Message-ID: <20050523124615.GA21493@jadzia.bu.edu> On Mon, May 23, 2005 at 07:04:56AM -0400, Ted Kaczmarek wrote: > The bash for RH9, bash-2.05b-20.1 spews erroneous broken pipes. > Any chance of getting the updated version in the repo? Can you demonstrate a way in which this is a security problem? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 72 degrees Fahrenheit. From dqarras at yahoo.com Mon May 23 13:47:05 2005 From: dqarras at yahoo.com (Daniel Qarras) Date: Mon, 23 May 2005 06:47:05 -0700 (PDT) Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: 6667 Message-ID: <20050523134705.70057.qmail@web30807.mail.mud.yahoo.com> Hi, > > One thing that might be updated is the "Origin: > > Fedora" string; I think Fedora Legacy would be > better > > description. Does not matter really, but in apt's > > preferences file the entry Fedora looks a bit > strange > > alongside with Fedora Core and Fedora Extras. > > If I make this change, how would it effect other > people's existing setup? Well, those setups would be broken, that's all :) But given that apt just started working for FC2 on Saturday, I presume there's not a lot of them who would suffer. If this is not acceptable, then perhaps this change could be done when FC3 is coming to Legacy. I'm of course fully ok if this is left unchanged but the proposed new form is a bit more self-explanatory.. Thanks, Dan. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From jkeating at j2solutions.net Mon May 23 14:44:27 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Mon, 23 May 2005 07:44:27 -0700 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <20050523134705.70057.qmail@web30807.mail.mud.yahoo.com> References: <20050523134705.70057.qmail@web30807.mail.mud.yahoo.com> Message-ID: <1116859467.2962.1.camel@yoda.loki.me> On Mon, 2005-05-23 at 06:47 -0700, Daniel Qarras wrote: > Well, those setups would be broken, that's all :) But > given that apt just started working for FC2 on > Saturday, I presume there's not a lot of them who > would suffer. If this is not acceptable, then perhaps > this change could be done when FC3 is coming to > Legacy. I'm of course fully ok if this is left > unchanged but the proposed new form is a bit more > self-explanatory. Ok, I think I'll wait for FC3 to make that change. We should do something like RH does w/ Fedora releases, and have a tracker bug that lists all the other bugs that are required to be fixed before a release can be released. So for us there would be bugs like 'no repo dir created' or 'website has no info' or things like this. Notes such as 'use fedora Legacy in apt' would be handy there. Can somebody look into the way RH does the tracker bugs and figure out a way for us to do the same? -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From mattdm at mattdm.org Mon May 23 15:21:51 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Mon, 23 May 2005 11:21:51 -0400 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <1116859467.2962.1.camel@yoda.loki.me> References: <20050523134705.70057.qmail@web30807.mail.mud.yahoo.com> <1116859467.2962.1.camel@yoda.loki.me> Message-ID: <20050523152151.GA26658@jadzia.bu.edu> On Mon, May 23, 2005 at 07:44:27AM -0700, Jesse Keating wrote: > We should do something like RH does w/ Fedora releases, and have a > tracker bug that lists all the other bugs that are required to be fixed > before a release can be released. So for us there would be bugs like > 'no repo dir created' or 'website has no info' or things like this. > Notes such as 'use fedora Legacy in apt' would be handy there. > Can somebody look into the way RH does the tracker bugs and figure out a > way for us to do the same? It's simple -- file a new bug with a subject like "Fedora Legacy 3 Tracker", and mark the other bugs as blocking that one. It's handy if you give the bug an alias like "FL3Tracker", as well -- that way it's obvious when looking at the other bugs. And you are supposed to give it the "Tracking" keyword, but RH doesn't always do that. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 72 degrees Fahrenheit. From jkeating at j2solutions.net Mon May 23 15:29:39 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Mon, 23 May 2005 08:29:39 -0700 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <20050523152151.GA26658@jadzia.bu.edu> References: <20050523134705.70057.qmail@web30807.mail.mud.yahoo.com> <1116859467.2962.1.camel@yoda.loki.me> <20050523152151.GA26658@jadzia.bu.edu> Message-ID: <1116862179.2962.5.camel@yoda.loki.me> On Mon, 2005-05-23 at 11:21 -0400, Matthew Miller wrote: > It's simple -- file a new bug with a subject like "Fedora Legacy 3 > Tracker", > and mark the other bugs as blocking that one. > > It's handy if you give the bug an alias like "FL3Tracker", as well -- > that > way it's obvious when looking at the other bugs. > > And you are supposed to give it the "Tracking" keyword, but RH doesn't > always do that. I suppose it is never to early to start... would somebody like to file such a bug so that all parties involved can add a bug for their part of an OS release? I'd rather not have the delay w/ FC3 that we did w/ FC2. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From mattdm at mattdm.org Mon May 23 15:32:49 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Mon, 23 May 2005 11:32:49 -0400 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <1116862179.2962.5.camel@yoda.loki.me> References: <20050523134705.70057.qmail@web30807.mail.mud.yahoo.com> <1116859467.2962.1.camel@yoda.loki.me> <20050523152151.GA26658@jadzia.bu.edu> <1116862179.2962.5.camel@yoda.loki.me> Message-ID: <20050523153249.GA27437@jadzia.bu.edu> On Mon, May 23, 2005 at 08:29:39AM -0700, Jesse Keating wrote: > I suppose it is never to early to start... would somebody like to file > such a bug so that all parties involved can add a bug for their part of > an OS release? I'd rather not have the delay w/ FC3 that we did w/ FC2. Sure; I'll do it. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 72 degrees Fahrenheit. From mattdm at mattdm.org Mon May 23 15:37:36 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Mon, 23 May 2005 11:37:36 -0400 Subject: Fedora Legacy / FC2 / apt problem In-Reply-To: <20050523153249.GA27437@jadzia.bu.edu> References: <20050523134705.70057.qmail@web30807.mail.mud.yahoo.com> <1116859467.2962.1.camel@yoda.loki.me> <20050523152151.GA26658@jadzia.bu.edu> <1116862179.2962.5.camel@yoda.loki.me> <20050523153249.GA27437@jadzia.bu.edu> Message-ID: <20050523153736.GB27437@jadzia.bu.edu> On Mon, May 23, 2005 at 11:32:49AM -0400, Matthew Miller wrote: > On Mon, May 23, 2005 at 08:29:39AM -0700, Jesse Keating wrote: > > I suppose it is never to early to start... would somebody like to file > > such a bug so that all parties involved can add a bug for their part of > > an OS release? I'd rather not have the delay w/ FC3 that we did w/ FC2. > Sure; I'll do it. Okay; done. Bug #158557, which you can reference as: -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 72 degrees Fahrenheit. From adelste at yahoo.com Mon May 23 22:35:36 2005 From: adelste at yahoo.com (Tom Adelstein) Date: Mon, 23 May 2005 17:35:36 -0500 Subject: Linux in Government: Optimizing Desktop Performance, Part II | Linux Journal Message-ID: <1116887736.3243.5.camel@localhost.localdomain> This article discusses additional performance optimizations for the Linux desktop. We cover a number of tweaks to enhance disk access, CPU performance, Firefox and Openoffice.org speed ups. http://www.linuxjournal.com/article/8317 From jung at one.ekof.bg.ac.yu Tue May 24 21:11:02 2005 From: jung at one.ekof.bg.ac.yu (Igor =?iso-8859-2?Q?Nestorovi=E6?=) Date: Tue, 24 May 2005 23:11:02 +0200 Subject: Updates Politics Proposal Message-ID: <1116969062.12813.24.camel@lara> The things are going so long, and with the new releases to be handed over to the Legacy as imminent, maybe we should try to simplify the updates releasing procedure. What I have in mind is, for those packages that would be possible to do such a thing, to stick with the one version and build RPMS for a specific release. For instance, GAIM can be kept the same version for all Legacy releases. Or Openoffice.org. Or most of the packages. OK, kernel and others alike packages would make an exception. The version to be maintained can be the one from the newest relase in the bunch. I think that this way would greatly ease a burden that you guys take on doing such an outstanding work. What say you? A well-known friend is a treasure. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: ??? ?? ??? ?????? ?? ?????????? ???????? URL: From jkeating at j2solutions.net Tue May 24 21:57:59 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Tue, 24 May 2005 14:57:59 -0700 Subject: Updates Politics Proposal In-Reply-To: <1116969062.12813.24.camel@lara> References: <1116969062.12813.24.camel@lara> Message-ID: <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> On Tue, 2005-05-24 at 23:11 +0200, Igor Nestorovi? wrote: > > What say you? That leads to releases being upgraded on previous OS releases. This is against the policy of Fedora Legacy, as it is no longer a backport. We need to avoid this as much as possible. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From mattdm at mattdm.org Tue May 24 22:10:36 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Tue, 24 May 2005 18:10:36 -0400 Subject: Updates Politics Proposal In-Reply-To: <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> Message-ID: <20050524221036.GA22637@jadzia.bu.edu> On Tue, May 24, 2005 at 02:57:59PM -0700, Jesse Keating wrote: > > What say you? > That leads to releases being upgraded on previous OS releases. This is > against the policy of Fedora Legacy, as it is no longer a backport. We > need to avoid this as much as possible. To elaborate -- the concern is that this actually causes *more* work, because upgrading packages can have all sorts of interactions and consequences. Keeping the package versions the same means that less extensive testing is required, and rarely if ever does changing one package mean that some other package needs to be updated too. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From irvine at sanbi.ac.za Wed May 25 08:55:27 2005 From: irvine at sanbi.ac.za (Irvine Short) Date: Wed, 25 May 2005 10:55:27 +0200 Subject: Last updates fromj Red Hat Message-ID: <42943D7F.9000302@sanbi.ac.za> Hey All The fedora legacy project looks great for helping me to support legacy apps that need RH 7.3 A question I've not yet seen the answer to, is where to get the latest errata that Red Hat released? I know Fedora legacy sorts out security problems, but I need some of the bugfixes Red Hat released. In this case for the kernel, to fix some broken nfs client stuff in the kernel that came on the CD. Cheers, -- Irvine From t.springer at gmx.net Wed May 25 10:35:23 2005 From: t.springer at gmx.net (Thomas Springer) Date: Wed, 25 May 2005 12:35:23 +0200 Subject: Last updates fromj Red Hat In-Reply-To: <42943D7F.9000302@sanbi.ac.za> References: <42943D7F.9000302@sanbi.ac.za> Message-ID: <20050525123523.2ef5ef67@oqp.wrx.int> On Wed, 25 May 2005 10:55:27 +0200 Irvine Short wrote: > Hey All > > The fedora legacy project looks great for helping me to support legacy > apps that need RH 7.3 > > A question I've not yet seen the answer to, is where to get the latest > errata that Red Hat released? Red Hat Linux 7.3 has reached the eol for errata support by redhat.com. The last errata advisory was released on 05-01-2004,ou can find all at: https://rhn.redhat.com/errata/rh73-errata.html > > I know Fedora legacy sorts out security problems, but I need some of the > bugfixes Red Hat released. In this case for the kernel, to fix some > broken nfs client stuff in the kernel that came on the CD. > Maybe this can be interesting for you: http://linux.web.cern.ch/linux/redhat7/ > Cheers. Greetings. From guallar at easternrad.com Wed May 25 11:05:45 2005 From: guallar at easternrad.com (Josep L. Guallar-Esteve) Date: Wed, 25 May 2005 07:05:45 -0400 Subject: Updates Politics Proposal In-Reply-To: <20050524221036.GA22637@jadzia.bu.edu> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <20050524221036.GA22637@jadzia.bu.edu> Message-ID: <200505250705.50415.guallar@easternrad.com> On Tuesday 24 May 2005 18:10, Matthew Miller wrote: > On Tue, May 24, 2005 at 02:57:59PM -0700, Jesse Keating wrote: > > > What say you? > > > > That leads to releases being upgraded on previous OS releases. This is > > against the policy of Fedora Legacy, as it is no longer a backport. We > > need to avoid this as much as possible. > > To elaborate -- the concern is that this actually causes *more* work, > because upgrading packages can have all sorts of interactions and > consequences. Keeping the package versions the same means that less > extensive testing is required, and rarely if ever does changing one package > mean that some other package needs to be updated too. Also, changing package versions might cause that some applications certified for, say, RHL 7.3 will not work because of a library added/upgraded when, say, Gaim was changed to a new version. If you have a bunch of servers with an older RHL version, most probably is because you have applications that only run in such RHL version. Regards, Josep -- Josep L. Guallar-Esteve Eastern Radiologists, Inc. Systems and PACS Administration http://www.easternrad.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From irvine at sanbi.ac.za Wed May 25 11:41:17 2005 From: irvine at sanbi.ac.za (Irvine Short) Date: Wed, 25 May 2005 13:41:17 +0200 Subject: Last updates fromj Red Hat In-Reply-To: <20050525123523.2ef5ef67@oqp.wrx.int> References: <42943D7F.9000302@sanbi.ac.za> <20050525123523.2ef5ef67@oqp.wrx.int> Message-ID: <4294645D.30400@sanbi.ac.za> Thomas Springer wrote: >Red Hat Linux 7.3 has reached the eol for errata support by redhat.com. >The last errata advisory was released on 05-01-2004,ou can find all at: > >https://rhn.redhat.com/errata/rh73-errata.html > > Thanks, I should have just said "RPMs with bugfixes." >maybe this can be interesting for you: > >http://linux.web.cern.ch/linux/redhat7/ > > Yes! Thanks, I feel like a bit of an archeologist doing this, but that site above helped me find a couple of RPMs I need. Cheers, -- Irvine From brian.t.brunner at gai-tronics.com Wed May 25 13:26:32 2005 From: brian.t.brunner at gai-tronics.com (Brian T. Brunner) Date: Wed, 25 May 2005 06:26:32 -0700 Subject: Last updates fromj Red Hat Message-ID: Also look at http://ftp.redhat.com/pub/redhat/linux/updates/7.3/en/os/ There are SRPM and binary trees below showing the 7.3 state at EOL. incl kernel 2.4.20.28.7 Brian Brunner brian.t.brunner at gai-tronics.com (610)796-5838 >>> irvine at sanbi.ac.za 05/25/05 07:41AM >>> Thomas Springer wrote: >Red Hat Linux 7.3 has reached the eol for errata support by redhat.com. >The last errata advisory was released on 05-01-2004,ou can find all at: > >https://rhn.redhat.com/errata/rh73-errata.html > > Thanks, I should have just said "RPMs with bugfixes." >maybe this can be interesting for you: > >http://linux.web.cern.ch/linux/redhat7/ > > Yes! Thanks, I feel like a bit of an archeologist doing this, but that site above helped me find a couple of RPMs I need. Cheers, -- Irvine -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated From colman at ppllc.com Wed May 25 14:48:02 2005 From: colman at ppllc.com (Jake Colman) Date: Wed, 25 May 2005 10:48:02 -0400 Subject: Crons Not Running? Message-ID: <76br6zicpp.fsf@newjersey.ppllc.com> I just completed a very tedious set of server upgrades, using yum, from RH 7.2 to FC1. Having arrived at my (current) destination, I have most of my server running but my nightly crons don't seem to be running and I have no idea why. As a RH 7.2 server, I use /etc/crontab and run-parts to execute my hourly, daily, etc crons. Somewhere along the upgrade process this seems to have broken. Either the crons are not running at all or I am not getting an email that indicates it. How do I track down the problem and fix it? Thanks! ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com From rdieter at math.unl.edu Wed May 25 15:34:42 2005 From: rdieter at math.unl.edu (Rex Dieter) Date: Wed, 25 May 2005 10:34:42 -0500 Subject: Updates Politics Proposal In-Reply-To: <1116969062.12813.24.camel@lara> References: <1116969062.12813.24.camel@lara> Message-ID: Igor Nestorovic' wrote: > What I have in mind is, for those packages that would be possible to do > such a thing, to stick with the one version and build RPMS for a > specific release. While that may work for Fedora Extras, it doesn't coincide with Fedora Legacy goals. -- Rex From philip at datafoundry.com Wed May 25 15:55:13 2005 From: philip at datafoundry.com (Philip Molter) Date: Wed, 25 May 2005 10:55:13 -0500 Subject: Updates Politics Proposal In-Reply-To: <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> Message-ID: <42949FE1.3040907@datafoundry.com> Jesse Keating wrote: > On Tue, 2005-05-24 at 23:11 +0200, Igor Nestorovi? wrote: > >>What say you? > > > That leads to releases being upgraded on previous OS releases. This is > against the policy of Fedora Legacy, as it is no longer a backport. We > need to avoid this as much as possible. I agree with this statement, but as a FL user, I can say that one of the problems with FL is that outstanding bugs never get fixed. The policy of only applying security patches means that outstanding issues for which there were open FC bug reports (and even bug reports with trivial patches) never get fixed. To cite a specific example, there is a bug in the e100 driver that causes sporadic timeouts. This bug has been patched with a trivial (2 or 3 line change) patch in the latest kernel rev. This patch doesn't change functionality or APIs. It just fixes a thinko. The patch has already made its way into FC3 through the latest kernel release, but FC2 users are out of luck because of the security-only policy. This patch is no more burdensome than a security patch, yet it's not accepted because it's not a security problem. I'm personally in favor of expanding the patch policy to fix trivial bugs in addition to security bugs. Trivial bug patches can be open to discussion, of course ("I'm sorry, but this patch changes too much behavior to be accepted"), but they shouldn't be outright denied simply because the issue they fix isn't solely security-related. I think that's where some of Igor's frustration stems from. I know it's a frustration of mine. Philip From jkeating at j2solutions.net Wed May 25 16:17:28 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 25 May 2005 09:17:28 -0700 Subject: Updates Politics Proposal In-Reply-To: <42949FE1.3040907@datafoundry.com> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> Message-ID: <1117037848.5703.10.camel@jkeating2.hq.pogolinux.com> On Wed, 2005-05-25 at 10:55 -0500, Philip Molter wrote: > I agree with this statement, but as a FL user, I can say that one of > the > problems with FL is that outstanding bugs never get fixed. The > policy > of only applying security patches means that outstanding issues for > which there were open FC bug reports (and even bug reports with > trivial > patches) never get fixed. > > To cite a specific example, there is a bug in the e100 driver that > causes sporadic timeouts. This bug has been patched with a trivial > (2 > or 3 line change) patch in the latest kernel rev. This patch doesn't > change functionality or APIs. It just fixes a thinko. The patch has > already made its way into FC3 through the latest kernel release, but > FC2 > users are out of luck because of the security-only policy. This > patch > is no more burdensome than a security patch, yet it's not accepted > because it's not a security problem. > > I'm personally in favor of expanding the patch policy to fix trivial > bugs in addition to security bugs. Trivial bug patches can be open > to > discussion, of course ("I'm sorry, but this patch changes too much > behavior to be accepted"), but they shouldn't be outright denied > simply > because the issue they fix isn't solely security-related. > > I think that's where some of Igor's frustration stems from. I know > it's > a frustration of mine. > I believe we've included patches like these, when there is a pending security update for a given package. So this bug can get tagged to the next kernel security bug, and we can fix them both at the same time. That is open to discussion. Since this issue concerns you, will you own it and track the next kernel security bug to see that it gets implemented? -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From jkeating at j2solutions.net Wed May 25 16:19:28 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 25 May 2005 09:19:28 -0700 Subject: Last updates fromj Red Hat In-Reply-To: <42943D7F.9000302@sanbi.ac.za> References: <42943D7F.9000302@sanbi.ac.za> Message-ID: <1117037968.5703.12.camel@jkeating2.hq.pogolinux.com> On Wed, 2005-05-25 at 10:55 +0200, Irvine Short wrote: > The fedora legacy project looks great for helping me to support > legacy > apps that need RH 7.3 > > A question I've not yet seen the answer to, is where to get the > latest > errata that Red Hat released? Our servers and mirrors hold all the latest updates that Red Hat released for a given platform we support. If it isn't in our updates/ tree, than Red Hat or Legacy didn't release it. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From pyz at brama.com Wed May 25 17:18:51 2005 From: pyz at brama.com (Max Pyziur) Date: Wed, 25 May 2005 13:18:51 -0400 (EDT) Subject: Crons Not Running? In-Reply-To: <76br6zicpp.fsf@newjersey.ppllc.com> References: <76br6zicpp.fsf@newjersey.ppllc.com> Message-ID: <54880.156.77.108.72.1117041531.squirrel@webmail.brama.com> > > I just completed a very tedious set of server upgrades, using yum, from RH > 7.2 to > FC1. Having arrived at my (current) destination, I have most of my server > running but my nightly crons don't seem to be running and I have no idea > why. > > As a RH 7.2 server, I use /etc/crontab and run-parts to execute my hourly, > daily, etc crons. Somewhere along the upgrade process this seems to have > broken. Either the crons are not running at all or I am not getting an > email > that indicates it. > > How do I track down the problem and fix it? W/o getting too obvious about it, is your crond daemon running? Can be checked with command: service crond status Use chkconfig --list crond to check which runlevels are set; 2, 3, 4, 5 should be set to "on". chkconfig --level 2345 crond takes care of the setting. If hourly jobs are running in /var/log/cron you should see: "(root) CMD (run-parts /etc/cron.hourly)" Is whatever you park in /etc/cron.[hourly|daily|weekly|monthly] executable? I realize that after an upgrade where you drill down to the details to make sure that all rpm dependencies are resolved the above mundane stuff may be overlooked. You're looking for "... x, y, z" when it's "a, b, c ..." > Thanks! > > ...Jake Max From jung at one.ekof.bg.ac.yu Wed May 25 17:20:56 2005 From: jung at one.ekof.bg.ac.yu (Igor =?iso-8859-2?Q?Nestorovi=E6?=) Date: Wed, 25 May 2005 19:20:56 +0200 Subject: Updates Politics Proposal In-Reply-To: <42949FE1.3040907@datafoundry.com> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> Message-ID: <1117041656.5746.18.camel@lara> ? sre, 25. 05. 2005. ? 10:55 -0500, Philip Molter ??????: > I'm personally in favor of expanding the patch policy to fix trivial > bugs in addition to security bugs. Trivial bug patches can be open to > discussion, of course ("I'm sorry, but this patch changes too much > behavior to be accepted"), but they shouldn't be outright denied simply > because the issue they fix isn't solely security-related. Spot on, Philip. But, here we heard arguments from actual package maintainers that the existing policy is sufficient. OK, so if they are fine, who are we to complain? :) So you say nay. One thing though. As I understand it, the release cappability dealing with the hardware and software is "locked" to EOL for that release. Only security releases may step forward. But what about a new hardware that emerged since the EOL? Say, I get a faulty piece of HW on my server, but must I be very cautious with the replacement, because I may end with no support for it. I can always build the custom package, but then I have to say farewell to the legacy thingy. Or should I trash the whole system altogether with the malfunctioned object and go fot the latest HW/SW wizz? As I recall, even Red Hat has occasionally granted "leaps" in versions for even critical packages, like kernel, in their errata. What a joy that has been for people struggling with the problems I mentioned above. -- Igor Nestorovi? Home Page: http://jung.ekof.bg.ac.yu ICQ UIN: 31079000 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: ??? ?? ??? ?????? ?? ?????????? ???????? URL: From colman at ppllc.com Wed May 25 18:30:45 2005 From: colman at ppllc.com (Jake Colman) Date: Wed, 25 May 2005 14:30:45 -0400 Subject: Sendmail Connection Refused Message-ID: <763bsbi2ei.fsf@newjersey.ppllc.com> I just completed an upgrade from RH 7.2 to FC1. In the process sendmail is refusing connections from localhost and I don't know why. My sendmail is set to listen on port 2525 since my ISP has blocked port 25. My email is relayed to me on port 2525 from a backup email server that gets it for me in the normal fashion. External email is coming through ok; internal email is not being delivered. Something about sendmail.mc/cf changed during the upgrade and its broken me. Any ideas where I should look? This is the (seemingly) relevant section of my sendmail.mc: define(`SMART_HOST', `mail.optonline.net')dnl DAEMON_OPTIONS(`Port=2525, Name=MTA')dnl define(`confDOMAIN_NAME', `jnc.com')dnl MASQUERADE_AS(`jnc.com')dnl TIA! ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com From colman at ppllc.com Wed May 25 18:32:37 2005 From: colman at ppllc.com (Jake Colman) Date: Wed, 25 May 2005 14:32:37 -0400 Subject: Crons Not Running? In-Reply-To: <54880.156.77.108.72.1117041531.squirrel@webmail.brama.com> (Max Pyziur's message of "Wed, 25 May 2005 13:18:51 -0400 (EDT)") References: <76br6zicpp.fsf@newjersey.ppllc.com> <54880.156.77.108.72.1117041531.squirrel@webmail.brama.com> Message-ID: <76y8a3gnqy.fsf@newjersey.ppllc.com> >>>>> "MP" == Max Pyziur writes: >> >> I just completed a very tedious set of server upgrades, using yum, from >> RH 7.2 to FC1. Having arrived at my (current) destination, I have most >> of my server running but my nightly crons don't seem to be running and >> I have no idea why. >> >> As a RH 7.2 server, I use /etc/crontab and run-parts to execute my >> hourly, daily, etc crons. Somewhere along the upgrade process this >> seems to have broken. Either the crons are not running at all or I am >> not getting an email that indicates it. >> >> How do I track down the problem and fix it? MP> W/o getting too obvious about it, is your crond daemon running? MP> Can be checked with command: MP> service crond status MP> Use MP> chkconfig --list crond MP> to check which runlevels are set; 2, 3, 4, 5 should be set to "on". MP> chkconfig --level 2345 crond MP> takes care of the setting. MP> If hourly jobs are running in /var/log/cron you should see: MP> "(root) CMD (run-parts /etc/cron.hourly)" MP> Is whatever you park in /etc/cron.[hourly|daily|weekly|monthly] executable? MP> I realize that after an upgrade where you drill down to the details to MP> make sure that all rpm dependencies are resolved the above mundane stuff MP> may be overlooked. You're looking for "... x, y, z" when it's "a, b, c MP> ..." I'm an idiot! The crons are (probably) running fine. Its my sendmail that's the problem. All internal emails are being rejected by sendmail while mails coming from the outside are being handled fine. Now I have to figure out what's wrong my sendmail config (see new posting on that topic). Thanks for the help anyway! ...Jake -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com From michal at harddata.com Wed May 25 19:18:02 2005 From: michal at harddata.com (Michal Jaegermann) Date: Wed, 25 May 2005 13:18:02 -0600 Subject: Sendmail Connection Refused In-Reply-To: <763bsbi2ei.fsf@newjersey.ppllc.com>; from colman@ppllc.com on Wed, May 25, 2005 at 02:30:45PM -0400 References: <763bsbi2ei.fsf@newjersey.ppllc.com> Message-ID: <20050525131802.A26612@mail.harddata.com> On Wed, May 25, 2005 at 02:30:45PM -0400, Jake Colman wrote: > > My sendmail is set to listen on port 2525 since my ISP has blocked port 25. Your sendmail daemon can listen on multiple ports. > Something about sendmail.mc/cf changed > during the upgrade and its broken me. Any ideas where I should look? Do you have backups to compare? > This is the (seemingly) relevant section of my sendmail.mc: > > define(`SMART_HOST', `mail.optonline.net')dnl Your internal mail, sent to user@"myFQDN" and not just to 'user', is not going through SMART_HOST > DAEMON_OPTIONS(`Port=2525, Name=MTA')dnl Try to add DAEMON_OPTIONS(`Port=25, Name=MTAI')dnl to your sendmail.mc. For "Name" above you can use really whatever you wnat to. This is where you will listen to various programs trying to talk to your port 25. Make sure that you do not block yourself on a firewall. > MASQUERADE_AS(`jnc.com')dnl By default 'root' is not masqueraded. Michal From rostetter at mail.utexas.edu Wed May 25 21:01:00 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Wed, 25 May 2005 16:01:00 -0500 Subject: Updates Politics Proposal In-Reply-To: <42949FE1.3040907@datafoundry.com> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> Message-ID: <1117054860.7864af65b0858@mail.ph.utexas.edu> Quoting Philip Molter : > I agree with this statement, but as a FL user, I can say that one of the > problems with FL is that outstanding bugs never get fixed. Security bugs, and major/critical bugs, get fixed. Minor bugs do not. > The policy > of only applying security patches means that outstanding issues for > which there were open FC bug reports (and even bug reports with trivial > patches) never get fixed. That isn't the policy. Policy is "we will provide security updates and critical bug fixes". The question is whether the bug you want fixed can be considered either security or critical. > To cite a specific example, there is a bug in the e100 driver that > causes sporadic timeouts. This bug has been patched with a trivial (2 > or 3 line change) patch in the latest kernel rev. This patch doesn't > change functionality or APIs. It just fixes a thinko. The patch has > already made its way into FC3 through the latest kernel release, but FC2 > users are out of luck because of the security-only policy. This patch > is no more burdensome than a security patch, yet it's not accepted > because it's not a security problem. You simply need to convince us of the trivial nature of the change, and that it is a "critical" issue. If the bug can result in corrupted data, lost data, or broken network connections, then you could reasonably call it critical, and FL would be expected to apply the existing patches. > I'm personally in favor of expanding the patch policy to fix trivial > bugs in addition to security bugs. Your understanding of the policy is wrong, so please understand the policy first before you decide to change it. I'm not sure we should apply a patch just because it is trivial. For example, a cosmetic change wouldn't be appropriate in most cases. But if the patch is for a critical issue (lost data/connections, program crashes, etc) then it would be up for consideration, whether or not it is trivial. > Trivial bug patches can be open to > discussion, of course ("I'm sorry, but this patch changes too much > behavior to be accepted"), but they shouldn't be outright denied simply > because the issue they fix isn't solely security-related. Nor should a patch be applied simply because it is trivial (e.g. cosmetic changes, etc). > I think that's where some of Igor's frustration stems from. I know it's > a frustration of mine. > > Philip But it is an unfounded frustration, as your understanding of the policy is incorrect. -- Eric Rostetter From mattdm at mattdm.org Wed May 25 21:12:53 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Wed, 25 May 2005 17:12:53 -0400 Subject: Updates Politics Proposal In-Reply-To: <1117054860.7864af65b0858@mail.ph.utexas.edu> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> Message-ID: <20050525211253.GA4680@jadzia.bu.edu> On Wed, May 25, 2005 at 04:01:00PM -0500, Eric Rostetter wrote: > But it is an unfounded frustration, as your understanding of the policy is > incorrect. To be fair, it's basically what I've been pretty regularly saying the policy is. So some of the blame there rests with me. As I see it, open the door to "critical" non-security bugs is a problem, because it puts us in the situation of having to decide what's critical and what's not -- a more subjective determination than "is this a security flaw". -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From mattdm at mattdm.org Wed May 25 21:13:21 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Wed, 25 May 2005 17:13:21 -0400 Subject: Updates Politics Proposal In-Reply-To: <20050525211253.GA4680@jadzia.bu.edu> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> Message-ID: <20050525211321.GA4882@jadzia.bu.edu> On Wed, May 25, 2005 at 05:12:53PM -0400, Matthew Miller wrote: > To be fair, it's basically what I've been pretty regularly saying the policy > is. So some of the blame there rests with me. As I see it, open the door to (Not that I'm saying I represent the official policy in any way.) -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From dsccable at comcast.net Wed May 25 22:57:46 2005 From: dsccable at comcast.net (David Curry) Date: Wed, 25 May 2005 18:57:46 -0400 Subject: Updates Politics Proposal In-Reply-To: <20050525211253.GA4680@jadzia.bu.edu> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> Message-ID: <429502EA.4030403@comcast.net> Matthew Miller wrote: >On Wed, May 25, 2005 at 04:01:00PM -0500, Eric Rostetter wrote: > > >>But it is an unfounded frustration, as your understanding of the policy is >>incorrect. >> >> > >To be fair, it's basically what I've been pretty regularly saying the policy >is. So some of the blame there rests with me. As I see it, open the door to >"critical" non-security bugs is a problem, because it puts us in the >situation of having to decide what's critical and what's not -- a more >subjective determination than "is this a security flaw". > > > Thanks to all who have contributed to this thread. As a result, Fedora Legacy policy is increasingly clear. (It is also clear that my use of fedora core 2 and participation in Fedora Legacy will likely be relatively short lived. ) Before gravitating elsewhere, though, I will offer an opinion. Unless there is a restrictive covenent in Red Hat's support of Fedora Legacy that limits updates to "security" and "trivial" patches, there is reason to consider broadening "updates policy" somewhat beyond security only. Fedora Legacy updates policy and willingness of the community to support Fedora Legacy are not independent of one another. However the issue is resolved I wish the group well. From jkeating at j2solutions.net Wed May 25 23:01:41 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 25 May 2005 16:01:41 -0700 Subject: Updates Politics Proposal In-Reply-To: <429502EA.4030403@comcast.net> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> Message-ID: <1117062101.5703.21.camel@jkeating2.hq.pogolinux.com> On Wed, 2005-05-25 at 18:57 -0400, David Curry wrote: > Before gravitating elsewhere, though, I will offer an opinion. > Unless > there is a restrictive covenent in Red Hat's support of Fedora Legacy > that limits updates to "security" and "trivial" patches, there is > reason > to consider broadening "updates policy" somewhat beyond security > only. > Fedora Legacy updates policy and willingness of the community to > support > Fedora Legacy are not independent of one another. However the issue > is > resolved I wish the group well. A) more man power is needed B) more things can break, and thats not acceptable to the people who are using Fedora / Red Hat in a longer term than what Red Hat itself supports. If you need an OS that has a long life span and gets some feature and non-security bugfixing over time, please look at Red Hat Enterprise Linux or the plethora of free rebuilds of it. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From gerry at pathtech.org Wed May 25 23:47:23 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Wed, 25 May 2005 19:47:23 -0400 Subject: Updates Politics Proposal In-Reply-To: <1117062101.5703.21.camel@jkeating2.hq.pogolinux.com> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> <1117062101.5703.21.camel@jkeating2.hq.pogolinux.com> Message-ID: <1117064843.13140.181.camel@www.pathtech.org> On Wed, 2005-05-25 at 16:01 -0700, Jesse Keating wrote: > On Wed, 2005-05-25 at 18:57 -0400, David Curry wrote: > > Before gravitating elsewhere, though, I will offer an opinion. > > Unless > > there is a restrictive covenent in Red Hat's support of Fedora Legacy > > that limits updates to "security" and "trivial" patches, there is > > reason > > to consider broadening "updates policy" somewhat beyond security > > only. > > Fedora Legacy updates policy and willingness of the community to > > support > > Fedora Legacy are not independent of one another. However the issue > > is > > resolved I wish the group well. > > A) more man power is needed > > B) more things can break, and thats not acceptable to the people who are > using Fedora / Red Hat in a longer term than what Red Hat itself > supports. > > If you need an OS that has a long life span and gets some feature and > non-security bugfixing over time, please look at Red Hat Enterprise > Linux or the plethora of free rebuilds of it. That would be nice except for one thing, these distributions check the bios for newness and when it is not sufficiently new installation of these becomes a big problem. On the other hand, RH7.3 is stable but does need to support more modern apps. I would encourage the powers that be at Fedora Legacy to consider keeping this one release as current as possible as it is one of the few that can work on old hardware which is likely found in basements and the third world. > -- G. Roderick Singleton PATH tech From jkeating at j2solutions.net Thu May 26 00:00:02 2005 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 25 May 2005 17:00:02 -0700 Subject: Updates Politics Proposal In-Reply-To: <1117064843.13140.181.camel@www.pathtech.org> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> <1117062101.5703.21.camel@jkeating2.hq.pogolinux.com> <1117064843.13140.181.camel@www.pathtech.org> Message-ID: <1117065602.5703.42.camel@jkeating2.hq.pogolinux.com> On Wed, 2005-05-25 at 19:47 -0400, G. Roderick Singleton wrote: > That would be nice except for one thing, these distributions check the > bios for newness and when it is not sufficiently new installation of > these becomes a big problem. Care to elaborate on this? I haven't seen any anaconda code that looks for bios dates or anything like that. I've put CentOS4 on some pretty old hardware, and when you're just running servers you can run a pretty light CentOS4 (RHEL4). > On the other hand, RH7.3 is stable but does > need to support more modern apps. I would encourage the powers that be > at Fedora Legacy to consider keeping this one release as current as > possible as it is one of the few that can work on old hardware which > is > likely found in basements and the third world. This is WAY beyond the scope of Fedora Legacy. What you also fail to realize is that by keeping applications current, you basically get to the point that CentOS4 or FC3/4 is, and need the same system requirements to run it. RHL7.3 runs on old hardware because it is old software. If we make it new software, guess what happens.... -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating From gerry at pathtech.org Thu May 26 00:54:43 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Wed, 25 May 2005 20:54:43 -0400 Subject: Updates Politics Proposal In-Reply-To: <1117065602.5703.42.camel@jkeating2.hq.pogolinux.com> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> <1117062101.5703.21.camel@jkeating2.hq.pogolinux.com> <1117064843.13140.181.camel@www.pathtech.org> <1117065602.5703.42.camel@jkeating2.hq.pogolinux.com> Message-ID: <1117068883.13140.199.camel@www.pathtech.org> On Wed, 2005-05-25 at 17:00 -0700, Jesse Keating wrote: > On Wed, 2005-05-25 at 19:47 -0400, G. Roderick Singleton wrote: > > That would be nice except for one thing, these distributions check the > > bios for newness and when it is not sufficiently new installation of > > these becomes a big problem. > > Care to elaborate on this? I haven't seen any anaconda code that looks > for bios dates or anything like that. I've put CentOS4 on some pretty > old hardware, and when you're just running servers you can run a pretty > light CentOS4 (RHEL4). Centos would not install. Rh9 even threw an error during install although it does have a module that compensates. > > > On the other hand, RH7.3 is stable but does > > need to support more modern apps. I would encourage the powers that be > > at Fedora Legacy to consider keeping this one release as current as > > possible as it is one of the few that can work on old hardware which > > is > > likely found in basements and the third world. > > This is WAY beyond the scope of Fedora Legacy. What you also fail to > realize is that by keeping applications current, you basically get to > the point that CentOS4 or FC3/4 is, and need the same system > requirements to run it. RHL7.3 runs on old hardware because it is old > software. If we make it new software, guess what happens.... > I was not complaining. What I am doing is asking if the the project could expand a little for at least the 7.3 release. Like adding a community contribution repository so those of us who want to take the time to prepare packages that are outside the main scope so 7.3 can have a much longer lifetime. For example, host the isos for 7.3 and make a contrib directory as well. For those who can run RH9 and FC the current situation is ideal. Is this a possibility? -- G. Roderick Singleton PATH tech From rostetter at mail.utexas.edu Thu May 26 02:08:33 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Wed, 25 May 2005 21:08:33 -0500 Subject: Updates Politics Proposal In-Reply-To: <429502EA.4030403@comcast.net> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> Message-ID: <1117073313.93ede284bfd6a@mail.ph.utexas.edu> Quoting David Curry : > Matthew Miller wrote: > > >On Wed, May 25, 2005 at 04:01:00PM -0500, Eric Rostetter wrote: > > > > > >>But it is an unfounded frustration, as your understanding of the policy is > >>incorrect. > >> > >> > > > >To be fair, it's basically what I've been pretty regularly saying the policy > >is. So some of the blame there rests with me. As I see it, open the door to > >"critical" non-security bugs is a problem, because it puts us in the > >situation of having to decide what's critical and what's not -- a more > >subjective determination than "is this a security flaw". See the FAQ. The very first FAQ entry ever created addresses the issue of what we support. > Thanks to all who have contributed to this thread. As a result, Fedora > Legacy policy is increasingly clear. Doesn't seem to be from what you say below. > Before gravitating elsewhere, though, I will offer an opinion. Unless > there is a restrictive covenent in Red Hat's support of Fedora Legacy There is no link between Red Hat and FL, and we have no convenent with them. This policy is purely a FL policy. > that limits updates to "security" and "trivial" patches, there is reason We have no policy on "trivial" patches. The policy is "security and critical bug fixes." I'm not sure why you have a problem with that. > to consider broadening "updates policy" somewhat beyond security only. It already covers critical bug fixes. > Fedora Legacy updates policy and willingness of the community to support > Fedora Legacy are not independent of one another. However the issue is > resolved I wish the group well. The Fedora Legacy updates policy was set by the Fedora Legacy community, so I'm not sure what you are trying to imply. -- Eric Rostetter From rostetter at mail.utexas.edu Thu May 26 02:49:55 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Wed, 25 May 2005 21:49:55 -0500 Subject: Updates Politics Proposal In-Reply-To: <1117068883.13140.199.camel@www.pathtech.org> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> <1117062101.5703.21.camel@jkeating2.hq.pogolinux.com> <1117064843.13140.181.camel@www.pathtech.org> <1117065602.5703.42.camel@jkeating2.hq.pogolinux.com> <1117068883.13140.199.camel@www.pathtech.org> Message-ID: <1117075795.d4aef669ad170@mail.ph.utexas.edu> Quoting "G. Roderick Singleton" : > > This is WAY beyond the scope of Fedora Legacy. What you also fail to > > realize is that by keeping applications current, you basically get to > > the point that CentOS4 or FC3/4 is, and need the same system > > requirements to run it. RHL7.3 runs on old hardware because it is old > > software. If we make it new software, guess what happens.... > > > > I was not complaining. What I am doing is asking if the the project > could expand a little for at least the 7.3 release. I don't think it will expand officially, but... > Like adding a > community contribution repository so those of us who want to take the > time to prepare packages that are outside the main scope so 7.3 can have > a much longer lifetime. I've always wanted a wiki page that points to contributed, non-FL packages others create and want to share. But I think that is all FL could do -- link to packages stored elsewhere -- due to disk space issues for FL and its mirrors, as well as support issues (if we host them, people will try to make us support them). I'd still love to see something like this happen. > For example, host the isos for 7.3 and make a I don't have any trouble hosting the iso images on FL, though others may not agree due to disk space issues. > contrib directory as well. For those who can run RH9 and FC the current > situation is ideal. Again, I don't personally want to see us host a contrib. section, but I'd love to see a wiki page which points to somewhere where people can put contrib. packages. That could be links to people's own sites, or it could be a repository someone sets up for crontib packages, or a combination of those. > Is this a possibility? Not sure, but it is certainly something we can discuss. -- Eric Rostetter From jimpop at yahoo.com Thu May 26 03:18:55 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Wed, 25 May 2005 23:18:55 -0400 Subject: Updates Politics Proposal In-Reply-To: <1117064843.13140.181.camel@www.pathtech.org> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> <1117062101.5703.21.camel@jkeating2.hq.pogolinux.com> <1117064843.13140.181.camel@www.pathtech.org> Message-ID: <1117077535.6822.14.camel@localhost> On Wed, 2005-05-25 at 19:47 -0400, G. Roderick Singleton wrote: > That would be nice except for one thing, these distributions check the > bios for newness and when it is not sufficiently new installation of > these becomes a big problem. On the other hand, RH7.3 is stable but does > need to support more modern apps. I would encourage the powers that be > at Fedora Legacy to consider keeping this one release as current as > possible as it is one of the few that can work on old hardware which is > likely found in basements and the third world. For that you don't need Fedora Legacy (FL). FL only exists to support security updates for End-of-Life'd Redhat releases. FL support for RH73 will currently remain as long as there is a need, which is a very good thing. However, if you want cool and neat-o apps for RH73, then FL is NOT the place for them. There are other sides fully capable of giving you "flash" and "wow" sort of stuff, but this is NOT in FL's charter and clearly should not be. You can get those types of packages from Dag Wieers (and presumably others) at: http://dag.wieers.com/home-made/apt/packages.php To give you an example of the differences, FL currently releases a updated version of SSH (openssh-3.1p1-14) where as Dag gives you something close to the "latest" and "greatest" version (currently it is openssh-3.5p1-11 for RH73). What's the difference you ask? The FL version is the original RH73 release of SSH with only current security patches/fixes applied. Dag gives you all the latest wiz-n-bang in an rpm that works on RH73. To me, as a service provider, I could care less about wiz-n-bang (although I do see the value it might provide to others). All I want is something that works securely and consistently over time, so I am very happy to use the SSH that FL releases (among all the other great stuff FL releases). Make sense? -Jim P. From mattdm at mattdm.org Thu May 26 03:21:22 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Wed, 25 May 2005 23:21:22 -0400 Subject: Updates Politics Proposal In-Reply-To: <1117073313.93ede284bfd6a@mail.ph.utexas.edu> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> <1117073313.93ede284bfd6a@mail.ph.utexas.edu> Message-ID: <20050526032122.GA15399@jadzia.bu.edu> On Wed, May 25, 2005 at 09:08:33PM -0500, Eric Rostetter wrote: > > >To be fair, it's basically what I've been pretty regularly saying the > > >policy is. So some of the blame there rests with me. As I see it, open > > >the door to "critical" non-security bugs is a problem, because it puts > > >us in the situation of having to decide what's critical and what's not > > >-- a more subjective determination than "is this a security flaw". > See the FAQ. The very first FAQ entry ever created addresses the issue > of what we support. Yeah. I guess specifically, given the limited resources we have (for example, I have 0 spare time -- *sigh*), I've been reading "In order to publish security updates in a timely manner, security updates have a higher priority than any other updates" extremely strictly. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From colman at ppllc.com Thu May 26 03:23:03 2005 From: colman at ppllc.com (Jake Colman) Date: Wed, 25 May 2005 23:23:03 -0400 Subject: Sendmail Connection Refused In-Reply-To: <20050525131802.A26612@mail.harddata.com> (Michal Jaegermann's message of "Wed, 25 May 2005 13:18:02 -0600") References: <763bsbi2ei.fsf@newjersey.ppllc.com> <20050525131802.A26612@mail.harddata.com> Message-ID: <76k6lmfz6w.fsf@newjersey.ppllc.com> >>>>> "MJ" == Michal Jaegermann writes: >> DAEMON_OPTIONS(`Port=2525, Name=MTA')dnl MJ> Try to add MJ> DAEMON_OPTIONS(`Port=25, Name=MTAI')dnl That was the problem. Apparently, in RH 7.2 you could specify port 2525 and it would still continue to listen on port 25 as well. With the newer version you must specify both ports. -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com From wdsjack at pchome.com.tw Thu May 26 03:41:13 2005 From: wdsjack at pchome.com.tw (Jack of PC Home) Date: Thu, 26 May 2005 11:41:13 +0800 Subject: May I ask for your helps? References: <76br6zicpp.fsf@newjersey.ppllc.com> Message-ID: <027501c561a4$cc27d320$0b01a8c0@jack> Hi guys May I ask for your helps? I am trying to setup a DNS server. My system information are listed below. REDHAT: 9.0 LINUX KERNAL VERSION: 2.4.20-42.9.legacy BIND VERSION: bind-utils-9.2.1-16 bind-9.2.1-16 bind-devel-9.2.1-16 After installing BIND, I tried to check if everything is running ok. So, I use "named -g" to check the system. Followings are the information I got Starting BIND 9.2.1 -g Using 1 CPU loading configuration from '/etc/named.conf' no IPv6 interface found listening on IPv4 interface lo, 127.0.0.1#53 listening on IPv4 interface eth0, 192.168.1.40#53 command channel listening on 127.0.0.1#953 ignoring config file logging statement due to -g option Zone xxx.xxx.xxx/IN: loaded serial 2005052301 running Everything seemed to be running good. But, when I tried to start up named by using "service named start". I got problem. The system did not listen port #53. But, it showed "OK" after I ran "service named start". I tried to restart the system but it did not solve this problem. Have you ever experienced this kind of problem? May I have your recommendations? Jack -------------- next part -------------- An HTML attachment was scrubbed... URL: From mattdm at mattdm.org Thu May 26 03:49:20 2005 From: mattdm at mattdm.org (Matthew Miller) Date: Wed, 25 May 2005 23:49:20 -0400 Subject: May I ask for your helps? In-Reply-To: <027501c561a4$cc27d320$0b01a8c0@jack> References: <76br6zicpp.fsf@newjersey.ppllc.com> <027501c561a4$cc27d320$0b01a8c0@jack> Message-ID: <20050526034920.GA16368@jadzia.bu.edu> On Thu, May 26, 2005 at 11:41:13AM +0800, Jack of PC Home wrote: > Everything seemed to be running good. But, when I tried to start up > named by using "service named start". I got problem. The system did > not listen port #53. But, it showed "OK" after I ran "service named start". > I tried to restart the system but it did not solve this problem. > > Have you ever experienced this kind of problem? May I have your > recommendations? Restarting the system rarely solves problems like this. Do you have a firewall enabled? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. From wdsjack at pchome.com.tw Thu May 26 03:58:52 2005 From: wdsjack at pchome.com.tw (Jack of PC Home) Date: Thu, 26 May 2005 11:58:52 +0800 Subject: May I ask for your helps? References: <76br6zicpp.fsf@newjersey.ppllc.com><027501c561a4$cc27d320$0b01a8c0@jack> <20050526034920.GA16368@jadzia.bu.edu> Message-ID: <02ff01c561a7$4234dac0$0b01a8c0@jack> Hi Matthew, Yes, I use a firewall and I had enabled the port #53. Do you have any other suggestions? tks. Jack ----- Original Message ----- From: Matthew Miller To: Discussion of the Fedora Legacy Project Sent: Thursday, May 26, 2005 11:49 AM Subject: Re: May I ask for your helps? On Thu, May 26, 2005 at 11:41:13AM +0800, Jack of PC Home wrote: > Everything seemed to be running good. But, when I tried to start up > named by using "service named start". I got problem. The system did > not listen port #53. But, it showed "OK" after I ran "service named start". > I tried to restart the system but it did not solve this problem. > > Have you ever experienced this kind of problem? May I have your > recommendations? Restarting the system rarely solves problems like this. Do you have a firewall enabled? -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> Current office temperature: 73 degrees Fahrenheit. -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list ========================================================== 94?~???K?O???????V?}?l?????? http://edm-prg.epaper.com.tw/click.php?ad_code=506976 ========================================================== SkypeOut ?????[0.7??/?? ???j??0.9??/?? ???Y???R>> http://skype.pchome.com.tw/skypeout.htm ========================================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From jimpop at yahoo.com Thu May 26 04:13:59 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Thu, 26 May 2005 00:13:59 -0400 Subject: May I ask for your helps? In-Reply-To: <02ff01c561a7$4234dac0$0b01a8c0@jack> References: <76br6zicpp.fsf@newjersey.ppllc.com> <027501c561a4$cc27d320$0b01a8c0@jack> <20050526034920.GA16368@jadzia.bu.edu> <02ff01c561a7$4234dac0$0b01a8c0@jack> Message-ID: <1117080839.7397.12.camel@localhost> On Thu, 2005-05-26 at 11:58 +0800, Jack of PC Home wrote: > Hi Matthew, > > Yes, I use a firewall and I had enabled the port #53. > Do you have any other suggestions? tks. What about iptables/ipchains? Are they possibly blocking connections to 192.168.1.40:53. Also, does "host www.test.com 127.0.0.1" work? This really isn't the place for RH9 support, so you may want to also get in touch with another Linux group. If you don't know of one in your area, the Atlanta Linux Enthusiasts group (www.ale.org) is a great group with plenty of national and international participants. -Jim P. > > Jack > > ----- Original Message ----- > From: Matthew Miller > To: Discussion of the Fedora Legacy Project > Sent: Thursday, May 26, 2005 11:49 AM > Subject: Re: May I ask for your helps? > > > On Thu, May 26, 2005 at 11:41:13AM +0800, Jack of PC Home > wrote: > > Everything seemed to be running good. But, when I tried to > start up > > named by using "service named start". I got problem. The > system did > > not listen port #53. But, it showed "OK" after I ran > "service named start". > > I tried to restart the system but it did not solve this > problem. > > > > Have you ever experienced this kind of problem? May I have > your > > recommendations? > > Restarting the system rarely solves problems like this. > > Do you have a firewall enabled? > > -- > Matthew Miller mattdm at mattdm.org > > Boston University Linux ------> > > Current office temperature: 73 degrees Fahrenheit. > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > > > ========================================================== > 94?~???K?O???????V?}?l?????? > http://edm-prg.epaper.com.tw/click.php?ad_code=506976 > ========================================================== > SkypeOut ?????[0.7??/?? ???j??0.9??/?? ???Y???R>> > http://skype.pchome.com.tw/skypeout.htm > ========================================================== > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list From wdsjack at pchome.com.tw Thu May 26 04:20:10 2005 From: wdsjack at pchome.com.tw (Jack of PC Home) Date: Thu, 26 May 2005 12:20:10 +0800 Subject: May I ask for your helps? References: <76br6zicpp.fsf@newjersey.ppllc.com><027501c561a4$cc27d320$0b01a8c0@jack><20050526034920.GA16368@jadzia.bu.edu><02ff01c561a7$4234dac0$0b01a8c0@jack> <1117080839.7397.12.camel@localhost> Message-ID: <035e01c561aa$384b22f0$0b01a8c0@jack> Hi Jim, Thanks for your information. I will try to get in touch with another linux group Jack ----- Original Message ----- From: Jim Popovitch To: Discussion of the Fedora Legacy Project Sent: Thursday, May 26, 2005 12:13 PM Subject: Re: May I ask for your helps? On Thu, 2005-05-26 at 11:58 +0800, Jack of PC Home wrote: > Hi Matthew, > > Yes, I use a firewall and I had enabled the port #53. > Do you have any other suggestions? tks. What about iptables/ipchains? Are they possibly blocking connections to 192.168.1.40:53. Also, does "host www.test.com 127.0.0.1" work? This really isn't the place for RH9 support, so you may want to also get in touch with another Linux group. If you don't know of one in your area, the Atlanta Linux Enthusiasts group (www.ale.org) is a great group with plenty of national and international participants. -Jim P. > > Jack > > ----- Original Message ----- > From: Matthew Miller > To: Discussion of the Fedora Legacy Project > Sent: Thursday, May 26, 2005 11:49 AM > Subject: Re: May I ask for your helps? > > > On Thu, May 26, 2005 at 11:41:13AM +0800, Jack of PC Home > wrote: > > Everything seemed to be running good. But, when I tried to > start up > > named by using "service named start". I got problem. The > system did > > not listen port #53. But, it showed "OK" after I ran > "service named start". > > I tried to restart the system but it did not solve this > problem. > > > > Have you ever experienced this kind of problem? May I have > your > > recommendations? > > Restarting the system rarely solves problems like this. > > Do you have a firewall enabled? > > -- > Matthew Miller mattdm at mattdm.org > > Boston University Linux ------> > > Current office temperature: 73 degrees Fahrenheit. > > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > > > ========================================================== > 94?~???K?O???????V?}?l?????? > http://edm-prg.epaper.com.tw/click.php?ad_code=506976 > ========================================================== > SkypeOut ?????[0.7??/?? ???j??0.9??/?? ???Y???R>> > http://skype.pchome.com.tw/skypeout.htm > ========================================================== > -- > fedora-legacy-list mailing list > fedora-legacy-list at redhat.com > http://www.redhat.com/mailman/listinfo/fedora-legacy-list -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list ========================================================== 94?~???K?O???????V?}?l?????? http://edm-prg.epaper.com.tw/click.php?ad_code=506976 ========================================================== SkypeOut ?????[0.7??/?? ???j??0.9??/?? ???Y???R>> http://skype.pchome.com.tw/skypeout.htm ========================================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From gerry at pathtech.org Thu May 26 13:02:47 2005 From: gerry at pathtech.org (G. Roderick Singleton) Date: Thu, 26 May 2005 09:02:47 -0400 Subject: May I ask for your helps? In-Reply-To: <027501c561a4$cc27d320$0b01a8c0@jack> References: <76br6zicpp.fsf@newjersey.ppllc.com> <027501c561a4$cc27d320$0b01a8c0@jack> Message-ID: <1117112567.13140.222.camel@www.pathtech.org> On Thu, 2005-05-26 at 11:41 +0800, Jack of PC Home wrote: > Hi guys > > May I ask for your helps? > I would suggest asking on the bind list or the comp.protocols.dns.bind newsgroup. [snipped] -- G. Roderick Singleton PATH tech From rostetter at mail.utexas.edu Thu May 26 15:02:40 2005 From: rostetter at mail.utexas.edu (Eric Rostetter) Date: Thu, 26 May 2005 10:02:40 -0500 Subject: Updates Politics Proposal In-Reply-To: <20050526032122.GA15399@jadzia.bu.edu> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> <1117073313.93ede284bfd6a@mail.ph.utexas.edu> <20050526032122.GA15399@jadzia.bu.edu> Message-ID: <1117119760.7655e6e63e24a@mail.ph.utexas.edu> Quoting Matthew Miller : > > See the FAQ. The very first FAQ entry ever created addresses the issue > > of what we support. > > Yeah. I guess specifically, given the limited resources we have (for > example, I have 0 spare time -- *sigh*), I've been reading "In order to > publish security updates in a timely manner, security updates have a higher > priority than any other updates" extremely strictly. Yes, that is true. That is why Jesse suggested putting the e100 fix into the next kernel security update, rather than making it an update on its own, basically. So, yes, we want to fix non-security bugs, but our first duty is to security bugs. We can't delay an important security fix for a non-security fix. But we can't just say "we won't fix anything but security fixes", time allowing. I think it is the "time allowing" part that is throwing people off track. But I think all bugs need to be prioritized by how much impact they have (their severity, implications, how many people they affect, etc). There isn't a simple formula for such things though. -- Eric Rostetter From jimpop at yahoo.com Fri May 27 03:36:44 2005 From: jimpop at yahoo.com (Jim Popovitch) Date: Thu, 26 May 2005 23:36:44 -0400 Subject: Issues list Message-ID: <1117165004.13891.3.camel@localhost> Is there an up-to-date RH73 issues list? I've got spare cycles this coming weekend and can devote some time to research, Q&A, etc. thx, -Jim P. From wdsjack at pchome.com.tw Fri May 27 04:04:09 2005 From: wdsjack at pchome.com.tw (Jack of PC Home) Date: Fri, 27 May 2005 12:04:09 +0800 Subject: May I ask for your helps? References: <76br6zicpp.fsf@newjersey.ppllc.com><027501c561a4$cc27d320$0b01a8c0@jack> <1117112567.13140.222.camel@www.pathtech.org> Message-ID: <03df01c56271$250b4810$0b01a8c0@jack> Thanks, Jack ----- Original Message ----- From: G. Roderick Singleton To: Discussion of the Fedora Legacy Project Sent: Thursday, May 26, 2005 9:02 PM Subject: Re: May I ask for your helps? On Thu, 2005-05-26 at 11:41 +0800, Jack of PC Home wrote: > Hi guys > > May I ask for your helps? > I would suggest asking on the bind list or the comp.protocols.dns.bind newsgroup. [snipped] -- G. Roderick Singleton PATH tech -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com http://www.redhat.com/mailman/listinfo/fedora-legacy-list ========================================================== 94????????????? http://edm-prg.epaper.com.tw/click.php?ad_code=506976 ========================================================== SkypeOut ???0.7?/? ???0.9?/? ????>> http://skype.pchome.com.tw/skypeout.htm ========================================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: From pekkas at netcore.fi Fri May 27 07:22:59 2005 From: pekkas at netcore.fi (Pekka Savola) Date: Fri, 27 May 2005 10:22:59 +0300 (EEST) Subject: Issues list In-Reply-To: <1117165004.13891.3.camel@localhost> References: <1117165004.13891.3.camel@localhost> Message-ID: On Thu, 26 May 2005, Jim Popovitch wrote: > Is there an up-to-date RH73 issues list? I've got spare cycles this > coming weekend and can devote some time to research, Q&A, etc. http://www.netcore.fi/pekkas/buglist-rhl73.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jkosin at beta.intcomgrp.com Fri May 27 13:54:18 2005 From: jkosin at beta.intcomgrp.com (James Kosin) Date: Fri, 27 May 2005 09:54:18 -0400 Subject: [FC1] kernel-2.4.22-1.2199.ntpl to kernel-2.4.22-1.2199.4.legacy.ntpl Problems. Message-ID: <4297268A.2070108@beta.intcomgrp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Everyone, There is a problem with the kernel for FC1 that breaks the IDE-TAPE support and the IDE-SCSI support for some tape drives. I have traced the problem to be not in the drivers/ide section; because there are NO changes in any of the modules for these directories. The latest 2.4 kernels also do not fix the problem. Anyone have any ideas? Thanks, James Kosin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFClyaKkNLDmnu1kSkRAlkaAJ47wFYP2b1LduP22yeRfzFNnczckACdEF5r 6jTIvLt/RI1+4lknG8mgdno= =nLCr -----END PGP SIGNATURE----- From mschout at gkg.net Fri May 27 19:53:37 2005 From: mschout at gkg.net (Michael Schout) Date: Fri, 27 May 2005 14:53:37 -0500 Subject: Updates Politics Proposal In-Reply-To: <1117064843.13140.181.camel@www.pathtech.org> References: <1116969062.12813.24.camel@lara> <1116971879.5520.18.camel@jkeating2.hq.pogolinux.com> <42949FE1.3040907@datafoundry.com> <1117054860.7864af65b0858@mail.ph.utexas.edu> <20050525211253.GA4680@jadzia.bu.edu> <429502EA.4030403@comcast.net> <1117062101.5703.21.camel@jkeating2.hq.pogolinux.com> <1117064843.13140.181.camel@www.pathtech.org> Message-ID: <42977AC1.7070209@gkg.net> G. Roderick Singleton wrote: > That would be nice except for one thing, these distributions check the > bios for newness and when it is not sufficiently new installation of > these becomes a big problem. On the other hand, RH7.3 is stable but does > need to support more modern apps. I have upgraded a number of RH7.3 machines straight to CentOS-3 using "yum" without a reinstall. There were a few conflicts that had to be deinstalled before the upgrade, but it was not a big deal. 7.3 binaries seem to be compatible (some of our custom in-house applications were installed on 7.3 and they still run under CentOS-3 without a recompile. So it is not difficult to migrate to a supported operation system in my opinion. The biggest hurdle is if you are running a web server, you are going from apache 1.3 to apache 2.0. You can just exclude those from the upgrade though using yum.conf. Due the the fact that we used "yum" to upgrade, no bios check was involved. Some of the machines I've upgraded this way are over 7 years old. My feeling and understanding is that RH7.3 support should continue to be for "security fixes" only. Legacy 7.3 support is meant to plug the security holes until you can migrate to an officially supported distribution. There simply is not enough manpower to do any more than that. One thing that *could* help for legacy, is if we allowed security fixes to be released for a specific release as they are ready. E.g.: if we have enough PUBLISH and VERIFY votes for 7.3, we could release the 7.3 update. This would help avoid the current situation where packages have been QA'd for 7.3, but are held up waiting on FC1, FC2, or RH9 for example. I'd really like to see that happen personally, but it is not up to me :). Regards, Michael Schout From jpdalbec at ysu.edu Fri May 27 20:15:29 2005 From: jpdalbec at ysu.edu (John Dalbec) Date: Fri, 27 May 2005 16:15:29 -0400 Subject: Multiple Vendor TCP Timestamp Vulnerability Message-ID: <42977FE1.1060501@ysu.edu> Does this affect us? The CERT Advisory has "unknown" for all the Linux vendors. (2) MODERATE: Multiple Vendor TCP Timestamp Vulnerability Affected: A number of vendors including Cisco and Microsoft. For a list of all the vendors, please refer to the CERT Advisory. Description: This vulnerability in certain TCP implementations can be exploited to cause a denial of service by forcing either ends involved in a TCP connection to drop TCP segments. That will eventually reset the connection. The problem arises due to the way some TCP stacks implement the TCP timestamp option. In order to preserve the TCP performance over high bandwidth, the PAWS and the Timestamp Option were introduced via RFC 1323. PAWS uses the TCP timestamp option to track new TCP segments. The vulnerability arises because some TCP stacks use the TCP timestamp to process further TCP segments without validating the TCP sequence numbers. Hence, an attacker who can guess the IP addresses and port numbers of the ends involved in a TCP connection, can inject TCP packets into the connection with crafted timestamp values. This can lead to resetting the connection or corrupting the data transfer between the two ends. The higher-level protocols that use long-lasting TCP sessions such as the Border Gateway Protocol (BGP) are most affected by this vulnerability. Exploit code has been publicly posted. Status: Cisco has released an advisory and posted updates. Microsoft patch MS05-019 also fixes this vulnerability. For a detailed status on other vendors, please refer to the CERT advisory below. Council Site Actions: All council sites have either deployed patches or plan to deploy them once they are available from the vendor. One site is still verifying that PAWS and Timestamps are not in use on any of their servers that are vulnerable to this attack. If any are found, the Timestamp/PAWS feature will be disabled. Another site is actively engaging with vendors that have not released patches but are known to use vulnerable platforms. A final site does plan to install the patches but is treating this as a low urgency event since very few of their machines maintain long-duration TCP sessions and thus very few are likely victims of an attack. References: CERT Advisory http://www.kb.cert.org/vuls/id/637934 Cisco Advisory http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml Microsoft Announcement http://www.microsoft.com/technet/security/advisory/899480.mspx Exploit Code http://www.frsirt.com/exploits/20050521.tcptimestamps.c.php RFC 1323 (PAWS and TCP Timestamp Option) http://www.ietf.org/rfc/rfc1323.txt SecurityFocus BID http://www.securityfocus.com/bid/13676 From marcdeslauriers at videotron.ca Sat May 28 16:00:51 2005 From: marcdeslauriers at videotron.ca (Marc Deslauriers) Date: Sat, 28 May 2005 12:00:51 -0400 Subject: Updated: Fedora Legacy Test Update Notification: php Message-ID: <429895B3.70304@videotron.ca> fc2 rpms were updated to fix a missing mail() function. --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-155505 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155505 2005-05-28 --------------------------------------------------------------------- Name : php Versions : rh7.3: php-4.1.2-7.3.17.legacy Versions : rh9: php-4.2.2-17.14.legacy Versions : fc1: php-4.3.11-1.fc1.1.legacy Versions : fc2: php-4.3.11-1.fc2.2.legacy Summary : The PHP HTML-embedded scripting language. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: Updated PHP packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue. A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue. The security fixes to the "unserializer" code in the previous release introduced some performance issues. A bug fix for that issue is also included in this update. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues. --------------------------------------------------------------------- 7.3 changelog: * Sun Apr 24 2005 Marc Deslauriers 4.1.2-7.3.17.legacy - Added security patch for CAN-2005-0524 and CAN-2005-0525 9 changelog: * Sat Apr 23 2005 Marc Deslauriers 4.2.2-17.14.legacy - Updated CAN-2004-1019 security patch to backported unserializer from 4.3.11 to fix performance regressions * Sat Apr 23 2005 Marc Deslauriers 4.2.2-17.13.legacy - Added security patches for CAN-2005-0524, CAN-2005-0525, CAN-2005-1042 and CAN-2005-1043 fc1 changelog: * Fri Apr 22 2005 Marc Deslauriers 4.3.11-1.fc1.1.legacy - update to 4.3.11 to fix security issues and extreme unserializer slowdown caused by update to 4.3.10 (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043) - snmp: disable MSHUTDOWN function to prevent error_log noise - revert default php.ini changes since 4.3.10 - restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP - remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect - don't configure with --enable-safe-mode (RH #148969) - install gd headers (RH #145891) - bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball) - Removed LDAP patch which is now included in 4.3.11 fc2 changelog: * Sat May 28 2005 Marc Deslauriers 4.3.11-1.fc2.2.legacy - Added missing sendmail, w3c-libwww-devel, flex and gnupg BuildRequires * Fri Apr 22 2005 Marc Deslauriers 4.3.11-1.fc2.1.legacy - update to 4.3.11 to fix security issues and extreme unserializer slowdown caused by update to 4.3.10 (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043) - snmp: disable MSHUTDOWN function to prevent error_log noise - revert default php.ini changes since 4.3.10 - restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP - remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect - don't configure with --enable-safe-mode (RH #148969) - install gd headers (RH #145891) - bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 422f8a972c62b1aa1d79e9f96cc39446852eb589 redhat/7.3/updates-testing/i386/php-4.1.2-7.3.17.legacy.i386.rpm 7c6d48ebbfb96004baee8515ae9517dcf500f43c redhat/7.3/updates-testing/i386/php-devel-4.1.2-7.3.17.legacy.i386.rpm 8f1837ee66212ede899189e09edf25d903a7e133 redhat/7.3/updates-testing/i386/php-imap-4.1.2-7.3.17.legacy.i386.rpm 79d4f45a887ce9df8232911f5aab6bf5bd77369d redhat/7.3/updates-testing/i386/php-ldap-4.1.2-7.3.17.legacy.i386.rpm 63edb9b27730ad5c782484cf4757905140ece1c2 redhat/7.3/updates-testing/i386/php-manual-4.1.2-7.3.17.legacy.i386.rpm 39b40cb4bae1374335cf7f82fbfa02501a4ed630 redhat/7.3/updates-testing/i386/php-mysql-4.1.2-7.3.17.legacy.i386.rpm 51d4baf10b3bc132ba9205aa6cd35615041c33bd redhat/7.3/updates-testing/i386/php-odbc-4.1.2-7.3.17.legacy.i386.rpm 42a557e7f68f290a6cf21de4c2ad1f7fe97cf763 redhat/7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.17.legacy.i386.rpm 5753d915ad5d32c14cbbaea33a7f35a3b5b908d3 redhat/7.3/updates-testing/i386/php-snmp-4.1.2-7.3.17.legacy.i386.rpm 576f29104b946e3773d4c7b77de5b80a942a0678 redhat/7.3/updates-testing/SRPMS/php-4.1.2-7.3.17.legacy.src.rpm bd793f717cca20745ab9c67cb6a7b4bcebe46d93 redhat/9/updates-testing/i386/php-4.2.2-17.14.legacy.i386.rpm 8df50f63c5d3525a4359a72587c6b902d8a3325f redhat/9/updates-testing/i386/php-devel-4.2.2-17.14.legacy.i386.rpm 665060794635ded7a76eaccb46cd09ffd04900ea redhat/9/updates-testing/i386/php-imap-4.2.2-17.14.legacy.i386.rpm 8b34f184aba7260a8eac2708e12e906c877c10cd redhat/9/updates-testing/i386/php-ldap-4.2.2-17.14.legacy.i386.rpm 1450f499aeac4db7d0d8c258b72d2f4c31747012 redhat/9/updates-testing/i386/php-manual-4.2.2-17.14.legacy.i386.rpm 37cb28e9531af331954903f6b8df8509aa962a5c redhat/9/updates-testing/i386/php-mysql-4.2.2-17.14.legacy.i386.rpm aa0378307ef06cd7f3464e59f4153d11d1d372f5 redhat/9/updates-testing/i386/php-odbc-4.2.2-17.14.legacy.i386.rpm 00b4e55c27460abaa6d02019d7b40a73d5bdd913 redhat/9/updates-testing/i386/php-pgsql-4.2.2-17.14.legacy.i386.rpm 8b9cf1cdafdf8f1afa9587c1f180d685632c1c65 redhat/9/updates-testing/i386/php-snmp-4.2.2-17.14.legacy.i386.rpm 7bf7cf164de61276adf952694ee7c7d2fb86ea2e redhat/9/updates-testing/SRPMS/php-4.2.2-17.14.legacy.src.rpm ca0fa574e713f27e91548a2e3e4dc2e8b087ff47 fedora/1/updates-testing/i386/php-4.3.11-1.fc1.1.legacy.i386.rpm 53c419397f8f3f7625503afd8ab1a8ca0d65a197 fedora/1/updates-testing/i386/php-devel-4.3.11-1.fc1.1.legacy.i386.rpm 72d65111cbaf7fb56ed879ee4278602e84868540 fedora/1/updates-testing/i386/php-domxml-4.3.11-1.fc1.1.legacy.i386.rpm fe8216746096b3a6070d43659944c158df23d1a9 fedora/1/updates-testing/i386/php-imap-4.3.11-1.fc1.1.legacy.i386.rpm fb6f8fb5dd77f0dc5f58b85f26e25b5520366ca6 fedora/1/updates-testing/i386/php-ldap-4.3.11-1.fc1.1.legacy.i386.rpm d36a8ac545d151a20817a95d441d221c36edcb74 fedora/1/updates-testing/i386/php-mbstring-4.3.11-1.fc1.1.legacy.i386.rpm f4d95a5cdb7fcbcdb1391a089a1ca65edf8e0e03 fedora/1/updates-testing/i386/php-mysql-4.3.11-1.fc1.1.legacy.i386.rpm a2a0944dfd1362ad186ab8b345d7e7ab32911a7a fedora/1/updates-testing/i386/php-odbc-4.3.11-1.fc1.1.legacy.i386.rpm 4d4546fecefc879004ebbfc596cd109f4d144ba7 fedora/1/updates-testing/i386/php-pgsql-4.3.11-1.fc1.1.legacy.i386.rpm 5d968e87611c5dce727a492f149b3583e1588e30 fedora/1/updates-testing/i386/php-snmp-4.3.11-1.fc1.1.legacy.i386.rpm 22a069541240a9ab4f9fe62887cd7ea45d961238 fedora/1/updates-testing/i386/php-xmlrpc-4.3.11-1.fc1.1.legacy.i386.rpm 08203f404d05ab58128b8b12c8b5a8e5ac53b34e fedora/1/updates-testing/SRPMS/php-4.3.11-1.fc1.1.legacy.src.rpm b9f6accb0cdf84270147e80ec27e262936f5d125 fedora/2/updates-testing/i386/php-4.3.11-1.fc2.2.legacy.i386.rpm e4cedd230b3727daaa064222e5402a18a89b4aca fedora/2/updates-testing/i386/php-devel-4.3.11-1.fc2.2.legacy.i386.rpm fdab268ba8d6eb59309f324a929fae08e1bb12b1 fedora/2/updates-testing/i386/php-domxml-4.3.11-1.fc2.2.legacy.i386.rpm 960e1a97b673978778415aa2f2fcbf9a700b83da fedora/2/updates-testing/i386/php-imap-4.3.11-1.fc2.2.legacy.i386.rpm e6a04924bbd016fdb470a8448beda47ee2b75e77 fedora/2/updates-testing/i386/php-ldap-4.3.11-1.fc2.2.legacy.i386.rpm 019161cfaaa180f0fcb98a4d48a296d99ecca5b3 fedora/2/updates-testing/i386/php-mbstring-4.3.11-1.fc2.2.legacy.i386.rpm 9252cfa6c6485a0b803e9483e1f43eb2624b1826 fedora/2/updates-testing/i386/php-mysql-4.3.11-1.fc2.2.legacy.i386.rpm 48c8743b590cc176cc3497f2c9225e402ec03b67 fedora/2/updates-testing/i386/php-odbc-4.3.11-1.fc2.2.legacy.i386.rpm 814fcfe1d33f6eea65b5bcd88ba6e54e2da3062a fedora/2/updates-testing/i386/php-pear-4.3.11-1.fc2.2.legacy.i386.rpm d20c34df03bf67028f9ded420310b75a66c1db1d fedora/2/updates-testing/i386/php-pgsql-4.3.11-1.fc2.2.legacy.i386.rpm d84ff3766026e802f9a815b8c599c19bfbeaaefa fedora/2/updates-testing/i386/php-snmp-4.3.11-1.fc2.2.legacy.i386.rpm 7792c85444679beab3a0bdc56e2d4666dcb9c963 fedora/2/updates-testing/i386/php-xmlrpc-4.3.11-1.fc2.2.legacy.i386.rpm 0772ba5bc711edf55fcfe34b368881cc5ec09ed0 fedora/2/updates-testing/SRPMS/php-4.3.11-1.fc2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: From Axel.Thimm at atrpms.net Sun May 29 09:31:00 2005 From: Axel.Thimm at atrpms.net (Axel Thimm) Date: Sun, 29 May 2005 11:31:00 +0200 Subject: [security] 2.4.x kernels for RHL 7.3-9 and FC1 synced with Fedora Legacy security updates. Message-ID: <20050529093100.GA16958@neu.nirvana> Hi, the ATrpms kernels for RHL 7.3-9 and FC1 have been rebased on the kernels provided by Fedora Legacy. kmdls for the new kernels have been rebuilt. The Fedora Legacy Project (FL) is a community project that provides security and critical bug fix errata packages for some Red Hat Linux and Fedora Core distributions. FL is not a supported project of Red Hat, Inc., and the ATrpms' kernel enhancements [*] are not supported by FL (FL is not related with ATrpms in any official manner, don't blame them for any ATrpms issues). Please note that it is currently undecided when ATrpms will drop support for these distributions. These may be the last kernel updates for these distributions). You are encouraged to upgrade your systems if you depend on ATrpms' extra kernel features [*]. Most of them made it into 2.6 kernels, and the rest are available as external kernel module rpms. Many thaks to the FL team for providing the security patches for the kernels! [*] Depending on RHL or FC1 these include: xfs, v4l2, 3ware, i2c/lm_sensors, ea+acl+nfsacl, linux-ntfs, openswan w/ natt, libata, autofs4, CAP_SETPCAP, drm low latency patches, acpi updates, usb memory stick fixes, Variable Hz, alsa rtc patch, lvm-1.0.7 fixes, ip_conntrack fixes. -- Axel.Thimm at ATrpms.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From peak at argo.troja.mff.cuni.cz Mon May 30 21:50:48 2005 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Date: Mon, 30 May 2005 23:50:48 +0200 (CEST) Subject: Multiple Vendor TCP Timestamp Vulnerability In-Reply-To: <42977FE1.1060501@ysu.edu> Message-ID: <20050530215048.9854.qmail@paddy.troja.mff.cuni.cz> On Fri, 27 May 2005, John Dalbec wrote: > Does this affect us? The CERT Advisory has "unknown" for all the Linux > vendors. It has "Not Vulnerable" for Netfilter. Netfilter's "Vendor Statement" (see http://www.kb.cert.org/vuls/id/JGEI-6ABPN4) says "The Linux Kernel implements a check "(B')" as specified in the document. Therefore, the Linux Kernel TCP implementation is not vulnerable." I looked at the code myself and as far as I can say, Linux does not store TS values from out-of-window TCP packets. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." From adelste at yahoo.com Tue May 31 14:51:00 2005 From: adelste at yahoo.com (Tom Adelstein) Date: Tue, 31 May 2005 09:51:00 -0500 Subject: Linux in Government: Optimizing Desktop Performance, Part III | Linux Journal Message-ID: <1117551060.10455.25.camel@localhost.localdomain> If you received this, the explanation didn't make it into the body of the message. This is the third installment of the series. In this particular article, we discuss Boot-Up Management and a graphical manager for Ubuntu and Fedora Core 3. By adding the Boot-Up Manager to Ubuntu, you'll have extensive control over the performance of your OS. You'll also know which services to disable. With Fedora, you'll have an idea which services to disable and you'll see the boot up manager which Fedora calls their services manager. In my estimation, this article could provide you with information to create serious performance gains. http://www.linuxjournal.com/article/8322