Fedora 19 Beta for ARM Available Now!
by Paul Whalen
The Fedora ARM team is pleased to announce the Fedora 19 Beta for ARM is now
available for download from:
This marks the last significant milestone before reaching the final release of
Fedora 19 for ARM, with only critical bug fixes being added as updates to make this
our most solid release to date.
This marks the first time the Fedora ARM team will be releasing the F19 Beta
alongside Primary Architectures.
The Fedora 19 Beta for ARM includes two pre-built images - one for use with the
Pandaboard and Pandaboard ES which require special partitioning, the second will
support the Trimslice and Versatile Express(QEMU). The Beta for ARM also includes an
installation tree in the yum repository which may be used to PXE-boot a
kickstart-based installation on systems that support this option, such as the
Calxeda EnergyCore (HighBank).
For additional information including detailed installation instructions, please visit
the Fedora 19 Beta for ARM page:
Join us on the IRC in #fedora-arm on Freenode or send feedback and comments to the
ARM mailing list.
On behalf of the Fedora ARM team,
Announcing the release of Fedora 19 Beta.
by Dennis Gilmore
-----BEGIN PGP SIGNED MESSAGE-----
We've opened the box for the Fedora 19 "Schrödinger's Cat" beta release
and confirmed it's alive! Ready to purr at the latest free and open
source technology? Download it now:
**** What is the Beta release? ****
The Beta release is the last important milestone before the release of
Fedora 19. Only critical bug fixes will be pushed as updates, leading
up to the general release of Fedora 19. Join us in making Fedora 19 a
solid release by downloading, testing, and providing your valuable
Of course, this is a beta release, meaning that some problems may still
be lurking. A list of the problems we already know about is found at
the Common F19 bugs page, seen here:
Fedora 19 Beta's default configuration allows applications and users
with administrative privileges to install signed packages from the
official Fedora repositories (but no other packages) without
authentication or confirmation. This was inherited from PackageKit
upstream, is not Fedora's intended behavior, and will not be the case
for the Fedora 19 final release. More details on this issue and the
planned behavior for the final release can be found at
**** Features ****
Fedora 19 continues our long tradition of bringing the latest
technologies to open source software users. No matter what you do with
open source, Fedora 19 has the tools you need to help you get things
A complete list with details of each new feature is available here:
=== Make new things ===
Would you like to play? Whether you're a developer, maker, or just
starting to learn about open source development, we have what you need
to bring your ideas to reality. Here's a peek at some of our new tools:
* 3D modelling and printing are enabled through a variety of tools,
including OpenSCAD, Skeinforge, SFACT, Printrun, and RepetierHost. By
bringing 3D printing tools into Fedora, you can get started with
what's ready-to-go in the repositories without having to download
binary blobs or run Python code from git.
* OpenShift Origin makes it easy for you to build your own
Platform-as-a-Service (PaaS) infrastructure, allowing you to enable
others to easily develop and deploy software.
scalable network applications or real-time apps across distributed
devices. Also included is the npm package manager, providing access
to over 20,000 programs and libraries available under free and open
* Ruby 2.0.0, just released in February, comes to Fedora while
maintaining source-level backwards compatibility with your Ruby 1.9.3
software. Also included: a custom Ruby loader for easy switching of
* MariaDB, a community-developed fork of MySQL, is the default
implementation of MySQL in Fedora 19, offering users a truly open
=== Get things done ===
* Federated VOIP means Fedora users can make calls using a user@domain
address with the same convenience as email.
* CUPS has been updated to the latest upstream release, using PDF
rather than PostScript as the baseline document format.
=== Learn ===
* Developer's Assistant is great for those new to development or even
new to Linux, this tool helps you to get started on a code project
with templates, samples, and toolchains for the languages of your
choice. Bonus: It lets you publish directly to GitHub.
=== Deploy, Monitor, and Manage ===
Make your machines work for you--not the other way around. Whether you
have one or "one too many" machines, Fedora 19 helps you boot manage
your systems and enables you to be proactive with tools for diagnosis,
monitoring, and logging.
* Syslinux optional boot tool integration brings you optional,
simplified booting of Fedora. We have added support for using
syslinux instead of GRUB via kickstart and plan to add a hidden
option in Anaconda installer as well. syslinux is especially ideal
for images used in cloud environments and virt appliances where the
advanced features of GRUB are not needed.
* Among other systemd enhancements in this release, systemd Resource
Control lets you modify your service settings without a reboot by
dynamically querying and modifying resource control parameters at
* Kerberos administrators will enjoy an easier experience, thanks to
Fedora 19 removing the need for Kerberos clients to sync their clocks
or to have reverse DNS records carefully setup for services. In
addition, it provies Kerberos-enabled, LDAP replicated, two-factor
authentication for FreeIPA.
* OpenLMI is a common infrastructure for the management of Linux
systems that makes remote management of machines much simpler.
**** Desktop Environments and Spins ****
=== GNOME 3.8 ===
GNOME 3.8 brings new applications such as clock and improvements to the
desktop including privacy and sharing settings, ordered search,
frequent applications overview, and additionally provides the ability
to enable a "classic mode" for a user experience similar to GNOME 2
built out of a collection of GNOME Shell extensions. Refer to
https://help.gnome.org/misc/release-notes/3.8/ for more details.
=== KDE Plasma Workspaces 4.10 ===
A modern, stable desktop environment, KDE Plasma Workspaces 4.10
includes new features for printing and screenlocking, better indexing
of files, and improved accessibility features. Refer to
http://www.kde.org/announcements/4.10/ for more details.
=== Spins ===
Spins are alternate versions of Fedora. In addition to various desktop
environments for Fedora, spins are also available as tailored
environments for various types of users via hand-picked application
sets or customizations. You can read more about Fedora's Spins here:
Interest-specific Spins include the Design Suite Spin, the Robotics
Spin, and the Security Spin, among others. Other available desktop
environments, in addition to the GNOME 3.8 desktop which is shipped in
the default version of Fedora 19, as well as those highlighted above,
include Xfce, Sugar on a Stick, and LXDE.
To see all of the Official Fedora 19 Release Spins, see the Fedora 19
Release Spins link: https://fedoraproject.org/wiki/Releases/19/Spins
Nightly composes of alternate Spins are available here:
**** Contributing ****
We can't build Fedora inside a box. We need your help! Bug reports are
especially helpful--if you encounter any issues, please report them!
Fedora is a fantastic, friendly community, and we have many ways in
which you can contribute, including documentation, marketing, design,
QA, and development.
To learn how to help us, visit:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-----END PGP SIGNATURE-----
Appointee to the Fedora Board; election nominations closing imminently.
by Robyn Bergeron
I'm happy to announce that John Rose, aka inode0, has been reappointed to the Fedora Board. His insight and knowledge about Fedora's culture and history, his ongoing participation in the Ambassadors' group, and his belief in preserving freedom within the project are, I believe, important facets to the Board's collective knowledge, and I'm pleased that he is willing to stay with us another year.
An additional appointee will be named after the elections have concluded.
A friendly reminder that the time period for nominations for the various Fedora Project committees, as well as the time period for adding questions to the candidate questionnaire (which is currently *empty!*), ends today, May 25th, at 23:59:59 UTC.
Additional information about Elections, including where and how to nominate, and where to add questions to the questionnaire, can be seen here:
A complete history of Board Members is available here:
Flock hotel reservations now open
by Ruth Suehle
We have a rate of $129 at the Francis Marion hotel. Reservations in the
room block must be made by July 9. It's a stellar rate at a really lovely
Rooms include wifi, since I know that's your first question. :-)
Direct URL for attendee registration:
If you call or try to book through the usual web link, the attendee code is
If you know you'll be attending, please book as soon as possible so that if
we run out of rooms, I can secure more. This is an amazing price for
downtown Charleston, so we'll want to move fast if we need more space.
Security issue in livecd-tools causes password issue in Fedora cloud images
by Robyn Bergeron
A flaw has been identified in the tool used by the Fedora Project to create cloud images. Images generated by this tool, including Fedora Project “official” AMIs (Amazon Machine Images), AMIs whose heritage can be traced to official Fedora AMIs, as well as some images using the AMI format in non-Amazon clouds, are affected, as described below.
** Issue **
The flaw identified by CVE-2013-2069  (Red Hat Bugzilla 964299 ) describes an issue where, in default circumstances, the virtual machine image creator tool gave the root user an empty password rather than leaving the password locked. When using Fedora 15, 16, 17, or 18 Amazon Machine Images (AMIs) on Amazon Web Services, a local, unprivileged user could use this issue to escalate their privileges.
This issue was caused by the way a tool was used to create images, and not due to a security vulnerability in Fedora images or AWS.
Fedora-based images for cloud or virtualization usage that were not provided by the Fedora Project, but were created with the same tool, may be affected. This includes AMIs created by individuals for their own self-use, as well as AMI-format images provided by individuals or specific open source projects for use in non-Amazon cloud environments. Please check with the upstream project or contributor that referenced those images to find out if those images were affected by the image creation tool used in the respective project.
** Resolution **
The Fedora Project provides Amazon Machine Images (AMIs) for Fedora through Amazon Web Services. These AMIs are provided as minimally configured system images which are available for use as-is or for configuration and customization as required by end users. Fedora 15, 16, 17 and 18 AMIs for Amazon Web Services had an empty root password by default. To address this, the Fedora Release Engineering team has created new AMIs that lock the root password by default. These AMIs are now available on AWS.
To correct existing Fedora 17 and 18 AMIs, any AMIs built using Fedora AMIs, or any currently running Fedora instances instantiated from those AMIs, users can lock the root password by issuing, as root, the command:
passwd -l root
Since Fedora 14, Fedora has used the default user account “ec2-user”. Locking the root password will still allow “ec2-user” to use the “sudo” command to gain root without requiring a password.
Note: The default OpenSSH configuration disallows password logins when the password is empty, preventing a remote attacker from logging in without a password.
IDs for new AMIs are posted here:
Please note that new AMIs are available only for current releases of Fedora, which are Fedora 17 and Fedora 18. If you are utilizing a Fedora 16 or earlier AMI, you should be aware that your release has reached its end of life, and thus security updates, as well as new AMIs, for that particular release are not available.
** Root Cause **
Kickstart can be used to automate operating system installations. A Kickstart file specifies settings for an installation. Once the installation system boots, it can read a Kickstart file and carry out the installation process without any further input from a user. Kickstart is used as part of the process of creating images of Fedora for cloud providers.
It was discovered that when no 'rootpw' command was specified in a Kickstart file, the image creator tools gave the root user an empty password rather than leaving the password locked, which could allow a local user to gain access to the root account (CVE-2013-2069). We have corrected this issue by updating the Kickstart file used to build affected images to lock the password file.
The affected tool used by the Fedora Project to generate AMIs is appliance-creator, which is part of the appliance-tools package. Appliance-creator depends on another tool, livecd-creator (part of the livecd-tools package) in building AMIs; this tool contained the aforementioned password flaw. Please note that livecd-creator is a dependency for other various image-building tools, and AMIs generated with these tools may have the same issue, if the tool does not enforce locking of the password by default.
The Fedora Project thanks Amazon Web Services and Red Hat for notifying us of this issue. Amazon Web Services acknowledges Sylvain Beucler as the original reporter.
Pidora 18 (Raspberry Pi Fedora Remix) Release
by Jon Chiappetta
Pidora 18 (Raspberry Pi Fedora Remix) Release
We're excited to announce the release of Pidora 18 --
an optimized Fedora Remix for the Raspberry Pi.
It is based on a brand new build of Fedora for the ARMv6
architecture with greater speed and includes packages
from the Fedora 18 package set.
* * *
There are some interesting new features we'd like to highlight:
* Almost all of the Fedora 18 package set available via yum
(thousands of packages were built from the official Fedora
repository and made available online)
* Compiled specifically to take advantage of the hardware already
built into the Raspberry Pi
* Graphical firstboot configuration (with additional modules
specifically made for the Raspberry Pi)
* Compact initial image size (for fast downloads) and auto-resize
(for maximum storage afterwards)
* Auto swap creation available to allow for larger memory usage
* C, Python, & Perl programming languages available & included
in the SD card image
* Initial release of headless mode can be used with setups
lacking a monitor or display
* IP address information can be read over the speakers and
flashed with the LED light
* For graphical operation, Gedit text editor can be used with
plugins (python console, file manager, syntax highlighting)
to serve as a mini-graphical IDE
* For console operation, easy-to-use text editors are included
(nled, nano, vi) plus Midnight Commander for file management
* Includes libraries capable of supporting external hardware
such as motors and robotics (via GPIO, I2C, SPI)
* * *
For further documentation, downloads, faq's, read-me's,
how-to's, tutorials, or videos:
* * *
Pidora 18 is a Fedora Remix -- a combination of software packages
from the Fedora Project with other software.
The Fedora Project is a global community of contributors working
to advance open source software. For more information or to join
the Fedora Project, see http://fedoraproject.org
Pidora is a project of the Seneca Centre for Development of Open
Technology (CDOT). To connect with CDOT, please visit
The Raspberry Pi is a small, inexpensive computer board designed
to provoke curiosity and experimentation in programming and
computer electronics. For more information, see the Raspberry
Pi Foundation website at http://raspberrypi.org
* * *
- - -
The CDOT team at Seneca College
Election Season Begins: Fedora Board, FESCo, FAmSCo, and Fedora 20 naming election process
by Robyn Bergeron
It is time again to begin Fedora's election season. This announcement contains information regarding the Fedora 20 Naming Election, as well as the Fedora Board, Fedora Engineering Steering Committee (FESCo), and Fedora Ambassadors Steering Committee (FAmSCo) elections.
** Fedora 20 Naming Election **
The suggestion period for names for Fedora 20 is now open (May 15, 2013), and will end promptly at the end of the day on May 22, 2013 (23:59:59 UTC). So run - don't "paws" - and get your suggestion in for the next Fedora release name.
You *must* follow the instructions and guidelines at the page listed above if you want your name to be considered. For instance, there must be an "is-a" link between the name "Schrödinger's Cat" (from Fedora 19) and the name you suggest. That link must be different than previous links for Fedora release names. Names of living people and well-known trademarks will likely be rejected as well.
You can also find full schedule details for the release naming process on the above page. For those of you interested in reviewing the history of Fedora release names, there exists an appropriately named wiki page for doing so: http://fedoraproject.org/wiki/History_of_Fedora_release_names
** Fedora Board, FESCo, and FAmSCo Elections **
The nomination period for elections for the Fedora Board, FAmSCo (Fedora Ambassador Steering Committee), and FESCo (Fedora Engineering Steering Committee) is now open, and will conclude at the end of day, May 25, 2013 (23:59:59 UTC).
This election cycle will fill the following seats for a one-year period:
* Fedora Board: 3 elected seats (2 additional seats will be appointed according to schedule)
* FESCo (Fedora Engineering Steering Committee): 5 elected seats
* FAmSCo (Fedora Ambassadors Steering Committee): 4 elected seats
Full information about the committee elections, including the elections schedule, and links to where one may nominate, can be seen here:
Additionally, the elections questionnaire is NOW OPEN for adding questions which will be posed to candidates for the listed groups. Following the closing of the questionnaire, candidates will be asked to answer questions relevant to the position for which they are seeking election. Questions may be added until May 23, 2013 (you guessed it - 23:59:59 UTC). Questions should be added here: https://fedoraproject.org/wiki/Elections/Questionnaire
Further information regarding each body's election follows below. As always, I encourage everyone to consider serving in an elected seat, or to encourage others that they feel would represent Fedora well to run for election.
Finally: I'd like to send a special thank-you to Ankur Sinha for once again helping to coordinate elections and the elections schedule. Your work here is greatly appreciated!
== Fedora Board ==
This election cycle will fill three elected seats for the Board (seats E3, E4, and E5). Two appointed seats (A3 and A4) will also be filled this cycle.
== FESCo ==
This cycle will see candidates elected to five open seats in the Fedora Engineering Steering Committee. For information on the nominations and elections, see:
== FAmSCo ==
This election cycle will see candidates elected to fill four open seats on the Fedora Ambassadors Steering Committee. For more information, refer to:
fedoraproject.org Account System (FAS) security issue.
by Robyn Bergeron
A bug has been discovered in the Fedora Account system that could have
exposed some sensitive information to logged in users.
The bug is around the group view function of the account system.
The bug has been present since 2008.
In order to view the private data, a attacker would have to:
* login to the account system with a valid FAS account.
* Go to a group with unapproved members
* manipulate the URL to get a json version of the unapproved members
The information exposed could include the following from unapproved
members of a group:
* salted sha512 encrypted password
* security questions (plaintext)
* security answers, however they would be gpg encrypted.
* Possibly other account data that was marked 'private' if the user had
A hotfix for this bug has been made in our infrastructure,
and a upstream release with the fix is expected later today.
Review of logs has shown no cases where this bug was used in our
production account system, however our staging version was also
vulnerable and we are unable to confirm the information was not
accessed there. Moving forward, additional logging will be added to our
We recommend (but do not require) that all users take this time to
change their passwords, update their security questions/answers and
review their other account information.