kde3.5?
by Neal Becker
kde3.5 is released. Will this be an update for FC4, or do I have to wait
for FC5? I'm running on x86_64, so Rex's kde-redhat won't help.
15 years, 3 months
Re: Summary of FC5test1 vulnerabilities
by chasd
> With the release of FC5test1 we've done an audit of possible (known,
> public) vulnerabilities from 20030101 to date that are in packages part
> of FC5test1.
May I assume this has not been done for packages in Extras ?
A quick scan of
<http://cvs.fedora.redhat.com/viewcvs/*checkout*/fedora-security/audit/
fc5?root=fedora>
produced no packages in Extras.
I could not find a reference to a security/patch/errata policy relating
to Extras at
<http://fedoraproject.org/wiki/Extras>
Errata for Extras packages is driven by the ( non-RH ) community and
the package owner, not by the RH security team?
This is OK, but it means that I ( as a community member ) will need
make more of an effort to stay on top of security issues in an Extras
package on my systems. I can rely on established infrastructure to stay
on top of those issues for packages in Core. Extras packages will seem
a bit more like applications installed via tarball, or self-packaged.
Charles Dostale
System Admin - Silver Oaks Communications
http://www.silveroaks.com/
824 17th Street, Moline IL 61265
15 years, 3 months
Re: udev alpha testing
by Jason Dravet
>I would be glad, if the really brave could compile, install and test:
>ftp://people.redhat.com/harald/udev/076-1/
>
>Beware this could end in a non-bootable system.
>
>This version removes the hardware initializing/module loading phase from
>rc.sysinit. Udev should do most, if not all job. I am interested in any
>missing modules, that were loaded before.
>
>Thx for testing.
I will test these for you. I have downloaded both src.rpm files and I will
be doing a rpmbuild --rebuild on them shortly. I have a few other things I
have to get done today so it might later today or tomorrow before I post any
results. Is this alright with you?
If something does go wrong, is there an easy way to get back running without
a full restore? Will booting in single user mode and reinstalling
udev-075-4 get the system running again?
Thanks,
Jason
15 years, 3 months
Re: Summary of FC5test1 vulnerabilities
by chasd
> Package maintainers in both Fedora Core and Extras repository are
> responsible for the security of packages they develop/maintain. However
> Red Hat security response team does not keep track of all security
> issues in Fedora Extras repository unlike Fedora Core to my
> understanding.
Thanks for clarifying that.
> There was a discussion here
> https://www.redhat.com/archives/fedora-extras-list/2005-September/
> msg00393.html.
Thanks for the link, it looks like the issues involved are being
discussed.
> The package maintainers keep track of the security issues. There is no
> reason not to trust the community packagers to do a less than excellent
> job with it.
I did not mean to imply that any of the maintainers are not doing a
good job. As was pointed out in the linked Extras discussion, mistakes
can be made, or time constraints on a maintainer can effect the the
release of an update to rectify security issues. Most of us are humans
;)
> All of Fedora Extras packages
> takes advantage of various features in Fedora Core including
> Exec-shield, FORTIFY_SOURCE fstack-protector etc in addition to SELinux
> capabilities.
I did not mean to imply that using packages in Extras was a security
risk.
> Even setting aside all the security features, there are several
> advantages to using Fedora Extras in favor of tarballs or self packaged
> RPMS.
My reference to using packages via tarballs or self-packaged software
was related to how I internally treat that software. I am personally
more vigilant of security issues with software that is not installed
via Fedora because I know I must shoulder that responsibility for that
software. I don't have a security team to make sure any issues are
dealt with, I'm the security team for the software I install on a
system that is not part of the distribution.
From the above Extras list discussion:
> I believe many such installations and sysadmins do exist, and part of
> the natural responsibility for such people would be to help the Extras
> in fixing the packets at source.
That's me. From the above clarification I know I need to take a bit of
extra ( pun intended ) personal responsibility with packages from
Extras. Packages from Extras are there because of the community, and
the community ( me ) needs to put forth the effort to keep those
packages maintained.
> Fedora Extras undergoes a package review process to ensure
> consistency and better integration with Fedora according to the
> specified guidelines
I in no way intended to bash Extras. However I do think some type of
written security/errata policy for Extras should appear on the Fedora
Project Wiki.
Charles Dostale
System Admin - Silver Oaks Communications
http://www.silveroaks.com/
824 17th Street, Moline IL 61265
15 years, 3 months
SELinux problems
by Dennis Jacobfeuerborn
I noticed that on bootup the Fedora now shows a ton of messages like these
on the screen:
inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22 for
dev=hda2 ino=20447255
Does anybody know how to fix this? (I'm running selinux set to
targeted/permissive)
Regards,
Dennis
15 years, 3 months
Re: udev alpha testing
by Jason Dravet
>The udev srpm doesn't seem to compile on the lastest rawhide. I get this
>output when I do $ rpmbuild --rebuild udev-076-1.src.rpm
>
>[root laptop-bart tmp]# rpmbuild --rebuild udev-076-1.src.rpm
>Installing udev-076-1.src.rpm
>warning: user harald does not exist - using root
>warning: group harald does not exist - using root
I did a rpmbuild --rebuild udev-076-1.src.rpm and it worked for me. I did
get the warnings about user harald and group harald not existing. I have
installed todays rawhide, but I have not booting into the new kernel yet. I
am running kernel 1709 for now. I will be rebooting shortly. My system is
a P3 if that helps.
Thanks,
15 years, 3 months
Slightly OT: Updated RPM building howto?
by Arthur Pemberton
Are there any recent HOWTOs around on RPM building? I would really like to
contribute to Fedora, at least by maintaing packages to software that I use
regularly on my own FC4 install. However the HOWTOs I've found seem busy and
complicated. I consider myself to be fairly Linux competent, and so I
believe that I have the capabilties to help.
Please advise, thank you.
--
As a boy I jumped through Windows, as a man I play with Penguins.
15 years, 3 months
lm_sensors in FC4-updates for x86_64 twice?
by Stefan Neufeind
Hi,
I just saw that a simple "yum install lm_sensors" tried to install the
same versions of lm_sensors for i386 _and_ x86_64 at the same time, when
installing on arch=x86_64. Is there a hidden sense behind that, or does
the i386-package maybe need to be removed?
Kind regards,
Stefan
15 years, 3 months
rawhide report: 20051128 changes
by Build System
Updated Packages:
(none)
Broken deps for i386
----------------------------------------------------------
GFS-kernel - 2.6.14.0-20051108.134753.FC5.10.i686 requires /lib/modules/2.6.14-1.1696_FC5
GFS-kernel - 2.6.14.0-20051108.134753.FC5.10.i686 requires kernel = 0:2.6.14-1.1696_FC5
GFS-kernel-smp - 2.6.14.0-20051108.134753.FC5.10.i686 requires /lib/modules/2.6.14-1.1696_FC5smp
GFS-kernel-smp - 2.6.14.0-20051108.134753.FC5.10.i686 requires kernel-smp = 0:2.6.14-1.1696_FC5
cman-kernel - 2.6.14.0-20051108.134753.FC5.8.i686 requires /lib/modules/2.6.14-1.1696_FC5
cman-kernel - 2.6.14.0-20051108.134753.FC5.8.i686 requires kernel = 0:2.6.14-1.1696_FC5
cman-kernel-smp - 2.6.14.0-20051108.134753.FC5.8.i686 requires /lib/modules/2.6.14-1.1696_FC5smp
cman-kernel-smp - 2.6.14.0-20051108.134753.FC5.8.i686 requires kernel-smp = 0:2.6.14-1.1696_FC5
dlm-kernel - 2.6.14.0-20051108.134753.FC5.10.i686 requires /lib/modules/2.6.14-1.1696_FC5
dlm-kernel - 2.6.14.0-20051108.134753.FC5.10.i686 requires kernel = 0:2.6.14-1.1696_FC5
dlm-kernel-smp - 2.6.14.0-20051108.134753.FC5.10.i686 requires /lib/modules/2.6.14-1.1696_FC5smp
dlm-kernel-smp - 2.6.14.0-20051108.134753.FC5.10.i686 requires kernel-smp = 0:2.6.14-1.1696_FC5
gnbd-kernel - 2.6.14.0-20051108.134753.FC5.12.i686 requires /lib/modules/2.6.14-1.1696_FC5
gnbd-kernel - 2.6.14.0-20051108.134753.FC5.12.i686 requires kernel = 0:2.6.14-1.1696_FC5
gnbd-kernel-smp - 2.6.14.0-20051108.134753.FC5.12.i686 requires /lib/modules/2.6.14-1.1696_FC5smp
gnbd-kernel-smp - 2.6.14.0-20051108.134753.FC5.12.i686 requires kernel-smp = 0:2.6.14-1.1696_FC5
Broken deps for ia64
----------------------------------------------------------
rgmanager - 1.9.31-3.ia64 requires ccs
Broken deps for ppc
----------------------------------------------------------
cman - 1.0.3-5.FC5.ppc requires cman-kernel-modules >= 0:2.6.11
dlm - 1.0.0-7.FC5.ppc requires dlm-kernel-modules >= 0:2.6.11
gnbd - 1.0.1-2.ppc requires gnbd-kernel-modules >= 0:2.6.11
Broken deps for ppc64
----------------------------------------------------------
cman - 1.0.3-5.FC5.ppc64 requires cman-kernel-modules >= 0:2.6.11
dlm - 1.0.0-7.FC5.ppc64 requires dlm-kernel-modules >= 0:2.6.11
emacs - 21.4-5.ppc64 requires fonts-xorg-75dpi
gnbd - 1.0.1-2.ppc64 requires gnbd-kernel-modules >= 0:2.6.11
Broken deps for x86_64
----------------------------------------------------------
GFS-kernel - 2.6.14.0-20051108.134753.FC5.10.x86_64 requires /lib/modules/2.6.14-1.1696_FC5
GFS-kernel - 2.6.14.0-20051108.134753.FC5.10.x86_64 requires kernel = 0:2.6.14-1.1696_FC5
cman-kernel - 2.6.14.0-20051108.134753.FC5.8.x86_64 requires /lib/modules/2.6.14-1.1696_FC5
cman-kernel - 2.6.14.0-20051108.134753.FC5.8.x86_64 requires kernel = 0:2.6.14-1.1696_FC5
dlm-kernel - 2.6.14.0-20051108.134753.FC5.10.x86_64 requires /lib/modules/2.6.14-1.1696_FC5
dlm-kernel - 2.6.14.0-20051108.134753.FC5.10.x86_64 requires kernel = 0:2.6.14-1.1696_FC5
gnbd-kernel - 2.6.14.0-20051108.134753.FC5.12.x86_64 requires /lib/modules/2.6.14-1.1696_FC5
gnbd-kernel - 2.6.14.0-20051108.134753.FC5.12.x86_64 requires kernel = 0:2.6.14-1.1696_FC5
15 years, 3 months
