Fwd: [ANNOUNCE] NSS 3.22 Release
by eliom@gmail.com
FYI: Coming to Rawhide soon.
- Elio
---------- Forwarded message ----------
From: Kai Engert <kaie(a)kuix.de>
Date: Wed, Feb 3, 2016 at 1:01 AM
Subject: [ANNOUNCE] NSS 3.22 Release
To: mozilla-dev-tech-crypto <mozilla-dev-tech-crypto(a)lists.mozilla.org>
The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.
New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug 1009429)
New Functions:
* PK11_SignWithMechanism - an extended version PK11_Sign()
* PK11_VerifyWithMechanism - an extended version of PK11_Verify()
* SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
TLS extension data
* SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
TLS extension data
New Types:
* ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
* Constants for several object IDs are added to SECOidTag
New Macros:
* SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
* NSS_USE_ALG_IN_SSL
* NSS_USE_POLICY_IN_SSL
* NSS_RSA_MIN_KEY_SIZE
* NSS_DH_MIN_KEY_SIZE
* NSS_DSA_MIN_KEY_SIZE
* NSS_TLS_VERSION_MIN_POLICY
* NSS_TLS_VERSION_MAX_POLICY
* NSS_DTLS_VERSION_MIN_POLICY
* NSS_DTLS_VERSION_MAX_POLICY
* CKP_PKCS5_PBKD2_HMAC_SHA224
* CKP_PKCS5_PBKD2_HMAC_SHA256
* CKP_PKCS5_PBKD2_HMAC_SHA384
* CKP_PKCS5_PBKD2_HMAC_SHA512
* CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)
Notable Changes:
* NSS C++ tests are built by default, requiring a C++11 compiler.
Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22_re...
The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer.
NSS 3.22 source distributions are available for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_RT...
A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=...
--
dev-tech-crypto mailing list
dev-tech-crypto(a)lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
8 years, 2 months
Pidora
by Howard Howell
Hi, guys,
Don't know if this is the place to ask or not, but I wanted to
use Pidora to do some imaging stuff with OpenCV. Turns out many of the
requisite libraries are not in what I have as the latest image, based
on Fedora 20 from the looks of the version encoded in both the image
and the libraries I get to install.
What are the current plans for Pidora?
Regards,
Les H
8 years, 2 months
F24 Self Contained Change: Graphical System Upgrades
by Jan Kurik
= Proposed Self Contained Change: Graphical System Upgrades =
https://fedoraproject.org/wiki/Changes/GraphicalSystemUpgrades
Change owner(s):
* Kalev Lember < klember AT redhat DOT com >
Add support for performing system upgrades to a newer Fedora release
through GNOME Software.
== Detailed Description ==
We'll implement a graphical user interface for system upgrades. The
implementation will use PackageKit and the libhif stack as a backend
and GNOME Software as a frontend. First supported version is going to
be Fedora 23->24 upgrades.
== Scope ==
Proposal owners:
* Implement this change
Other developers: N/A (not a System Wide Change)
Release engineering: N/A (not a System Wide Change)
List of deliverables: N/A (not a System Wide Change)
Policies and guidelines: N/A (not a System Wide Change)
Trademark approval: N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
8 years, 2 months
[POC-change] Fedora packages point of contact updates
by Nobody
Change in package status over the last 168 hours
================================================
3 packages were orphaned
------------------------
idjc [f23, f22] was orphaned by sergiomb
DJ application for streaming audio
https://admin.fedoraproject.org/pkgdb/package/idjc
lemonpos [epel7] was orphaned by germano
Point Of Sale Application For KDE4
https://admin.fedoraproject.org/pkgdb/package/lemonpos
tar-split [f23] was orphaned by runcom
tar archive assembly/disassembly
https://admin.fedoraproject.org/pkgdb/package/tar-split
25 packages were retired
-------------------------
d-feet [el6] was retired by till
A powerful D-Bus Debugger
https://admin.fedoraproject.org/pkgdb/package/d-feet
diorite [master] was retired by martinkg
Utility and widget library for Nuvola Player
https://admin.fedoraproject.org/pkgdb/package/diorite
electronics-menu [epel7] was retired by till
Electronics Menu for the Desktop
https://admin.fedoraproject.org/pkgdb/package/electronics-menu
emesene [master] was retired by itamarjp
Instant messaging client for Windows Live Messenger network
https://admin.fedoraproject.org/pkgdb/package/emesene
ganymed-ssh2 [el6] was retired by till
SSH-2 protocol implementation in pure Java
https://admin.fedoraproject.org/pkgdb/package/ganymed-ssh2
gdl [el5] was retired by till
GNU Data Language
https://admin.fedoraproject.org/pkgdb/package/gdl
gfal2-plugin-xrootd [el6, epel7, el5] was retired by till
Provide xrootd support for GFAL2
https://admin.fedoraproject.org/pkgdb/package/gfal2-plugin-xrootd
ipcalculator [master] was retired by till
A utility for computing broadcast, network, mask, and host ranges
https://admin.fedoraproject.org/pkgdb/package/ipcalculator
libskindesignerapi [master] was retired by martinkg
Library which provides the Skindesigner API to other VDR Plugins
https://admin.fedoraproject.org/pkgdb/package/libskindesignerapi
listen [master] was retired by hguemar
A music manager and player for GNOME
https://admin.fedoraproject.org/pkgdb/package/listen
mimepull [el6] was retired by till
Streaming API to access attachments from a MIME message
https://admin.fedoraproject.org/pkgdb/package/mimepull
monkeysphere [el6] was retired by till
Use the OpenPGP web of trust to verify SSH connections
https://admin.fedoraproject.org/pkgdb/package/monkeysphere
nuvolaplayer [master] was retired by martinkg
Cloud Music Integration for your Linux Desktop
https://admin.fedoraproject.org/pkgdb/package/nuvolaplayer
papyon [master] was retired by itamarjp
Python libraries for MSN Messenger network
https://admin.fedoraproject.org/pkgdb/package/papyon
passenger [epel7] was retired by till
Phusion Passenger application server
https://admin.fedoraproject.org/pkgdb/package/passenger
purple-msn-pecan [master] was retired by itamarjp
Alternative MSN protocol plug-in for lib-purple
https://admin.fedoraproject.org/pkgdb/package/purple-msn-pecan
python-pywt [el6] was retired by till
Python wavelet transforms module
https://admin.fedoraproject.org/pkgdb/package/python-pywt
python-suds [el6, el5] was retired by swt2c
A python SOAP client
https://admin.fedoraproject.org/pkgdb/package/python-suds
python3-nose [master] was retired by orion
Discovery-based unittest extension for Python 3
https://admin.fedoraproject.org/pkgdb/package/python3-nose
re2c [el5] was retired by till
Tool for generating C-based recognizers from regular expressions
https://admin.fedoraproject.org/pkgdb/package/re2c
scidavis [master] was retired by lupinix
Application for Scientific Data Analysis and Visualization
https://admin.fedoraproject.org/pkgdb/package/scidavis
shorewall [el6] was retired by till
An iptables front end for firewall configuration
https://admin.fedoraproject.org/pkgdb/package/shorewall
tailor [el6] was retired by till
A tool to migrate changesets between several version control systems
https://admin.fedoraproject.org/pkgdb/package/tailor
tar-split [master] was retired by runcom
tar archive assembly/disassembly
https://admin.fedoraproject.org/pkgdb/package/tar-split
yarock [master] was retired by till
A lightweight, beautiful music player
https://admin.fedoraproject.org/pkgdb/package/yarock
4 packages unorphaned
---------------------
gtkparasite [f23, f22, master] was unorphaned by amigadave
A GUI debugging tool for GTK+ applications
https://admin.fedoraproject.org/pkgdb/package/gtkparasite
monkeysphere [f23, f22, master, epel7] was unorphaned by barracks510
Use the OpenPGP web of trust to verify SSH connections
https://admin.fedoraproject.org/pkgdb/package/monkeysphere
rubygem-rest-client [el6] was unorphaned by limb
Simple REST client for Ruby
https://admin.fedoraproject.org/pkgdb/package/rubygem-rest-client
scratch [f23, f22, master] was unorphaned by msuchy
Programming language learning environment for stories, games, music and art
https://admin.fedoraproject.org/pkgdb/package/scratch
0 packages were unretired
------------------------
2 packages were given
------------------------
python-django-horizon [f23, f22, master] was given by mrunge to apevec
Django application for talking to Openstack
https://admin.fedoraproject.org/pkgdb/package/python-django-horizon
zanata-python-client [f23, f22, master, el6, epel7, el5] was given by dchen to suanand
Python Client for Zanata Server
https://admin.fedoraproject.org/pkgdb/package/zanata-python-client
0 packages had new branches
------------------------
Sources: https://github.com/pypingou/fedora-owner-change
8 years, 2 months
Re: Pidora
by Jonathan Lebon
> I'm surprised to hear about Fedora working on the Pi Zero, since
> that's an ARMv6 computer. Are we bringing ARMv6 into the fold along
> with our ARMv7 and AArch64 support? It'd be pretty cool if we did,
> since that would enable support for a very wide range of ARM
> computers...
During his DevConf presentation, Ian mentioned that he had to recompile a lot of the base packages to get it working, so I'm guessing not. His presentation should be on YouTube by now if you're interested.
8 years, 2 months
nss_myhostname as default in Fedora
by Orion Poplawski
See https://bugzilla.redhat.com/show_bug.cgi?id=1284323 as well
For a while (from 197-1 until 228-5), systemd added "myhostname" to the end of
the hosts line in /etc/nsswitch.conf in %post via sed. This has been removed
as it is error prone, and the above request filed to add it by default to
/etc/nsswitch.conf in glibc. The glibc maintainer would like to see
discussion of this on the devel list, hence this email.
My interest in this stems from build issues with mpich using programs. This
may have been triggered by a combination of the above change as well as
changes in mpich, I'm not sure. In any case, mpich uses gethostbyname() on
the hostname of the machine it is running on in order to configure itself
properly, and fails if it cannot do this. So the mpich tests run by netcdf
are currently failing on the builders, and has since Nov 27 when systemd
dropped adding myhostname took place.
So:
- Is the change to nsswitch.conf in glibc (back to behavior that was the
default for quite a while) desired?
- If not, is there some other way we can get the koji builders' mock
configuration to be setup so they can at least resolve their own hostname?
Thanks.
PS - There is some other discussion around "mymachines" which seems much more
problematic. I'd like to just focus on myhostname for now. The glibc
maintainer has indicated that he wants to wait for mymachines to be resolved,
but it's almost two months now and I don't see that being resolved soon.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301 http://www.nwra.com
8 years, 2 months
In A World Where...TCs don't exist?
by Adam Williamson
Hi, folks! I thought this might be about the appropriate time to throw
this out there.
There hasn't been a big news press on this, but some of you may know
that releng is fairly close to switching over to Pungi 4 for composes.
For those of you who don't know:
releng is fairly close to switching over to Pungi 4 for composes.
This will have various interesting effects on QA and the whole process
of building Fedora releases.
With the current releng process, TC / RC composes are one beast, and
nightly composes are another, very different beast. In fact nightly
composes barely really 'exist' at all - when we say 'nightly compose'
we really mean 'pungify the rawhide/branched repo, and fire off a bunch
of koji tasks'. After the fact, there is no real relationship between
any of those bits, which is why I had to write fedfind to go out and
synthesize the concept of a 'nightly compose' by finding all the Koji
tasks and treating them plus the repository boot.iso's as a single
'compose'.
With Pungi 4, all composes will look a lot more similar. 'nightly'
composes (which, in point of fact, will probably happen more than once
per day - I'm not sure if we came up with a new name yet) look a lot
more like current TC/RC composes than current nightly composes. You can
see approximately what a Pungi 4 compose currently looks like here:
https://kojipkgs.fedoraproject.org/compose/rawhide/
as of right now, the Koji built bits - lives, cloud and ARM disk
images, etc - aren't integrated with the installer images, but they
*will* be, and they'll all show up in the same location. As you can see
it has all the different variants, and a Server DVD image. (A Pungi 4
compose also has a bunch of metadata, which means we can more or less
kill off fedfind, thank God).
The implication of this I wanted to talk about in this thread is: what
does this mean for the release validation process, in terms of what
composes we cut and what release validation events we have?
So as you probably know, right now, the validation process is built
around the milestone 'TC' and 'RC' images. We build a series of Alpha
TCs and run a bunch of tests for each of these composes, reporting the
results to wiki pages named for the composes. Then we do Alpha RCs,
then Beta TCs, and so on through Final RCs.
For the last few releases we've added on some 'nightly' validation
events, where we create wiki pages named for nightly composes and run
the same set of tests on the nightly boot.iso's and Koji images, but
these have been framed as kind of an 'early warning system' for use
before Alpha TC1 arrives, and once Alpha TC1 arrives we stop doing the
nightly validation events.
With Pungi 4, I don't think this makes a lot of sense any more. Dennis
and I have been talking about this and I think we broadly agree on it.
TCs and RCs used to be kinda the only way we *could* do validation
testing. For long periods we didn't have reliable nightly builds of
Rawhide or Branched at all, certainly not all the Koji-produced images.
The process for doing 'real' composes was quite long and painful and
required squishy human intervention.
If we have automated, more-than-nightly composes that look much like a
regular release compose would, there's no clear case for having TCs at
all. We could simply stop building them and extend the "nightly"
validation process. I think the way to do that would be to keep
'nominating' nightly composes for validation testing all the time,
*except* when we're doing RCs. So instead of going something like:
24 Rawhide 20160120
24 Rawhide 20160215
== BRANCH POINT ==
24 Branched 20160301
24 Branched 20160315
24 Alpha TC1
24 Alpha TC2
== ALPHA FREEZE ==
24 Alpha RC1
24 Alpha RC2
== ALPHA RELEASE ==
24 Beta TC1
....
we'd go something like:
24 Rawhide 20160120
24 Rawhide 20160215
== BRANCH POINT ==
24
Branched 20160301
24 Branched 20160315
24 Branched 20160401
24 Alpha RC1
24
Alpha RC2
== ALPHA RELEASE ==
24 Branched 20160501
24 Branched
20160515
24 Beta RC1
....
note: all dates completely made up, this is just for illustration.
I think it would be plausible to do this for Fedora 24, if the Pungi 4 switchover happens soon and goes well. There would be some details to pin down in relval and wikitcms and stuff (we might need to tweak the validation event naming approach a bit so that it's possible to identify the sequence of events from the names - i.e. so you know where the RCs fit in), but nothing unsolvable.
We'll be talking about a lot of this stuff at DevConf, if anyone's going to be there, pin down me or Dennis or someone else involved in release-y stuff and we'd be happy to discuss it. But I wanted to throw something up on the lists for discussion as well. What do you think? Thanks!
One point that's come up already is the way that we manually pull newer packages to fix blocker/FE bugs into TC and RC composes via the 'bleed' repo. We're currently envisaging something like the 'buildroot override' mechanism for the compose process - some kind of system which would tag packages to be pulled into the composes somehow. It would still be gated through the blocker/FE review process at least during freezes, and probably all the time (it wouldn't be open season for any packager to request a 'compose override' at any time). This would also allow us to do stuff like 'tag new anaconda builds into the composes as soon as they land in updates-testing, so we can actually test them and provide karma'.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
8 years, 2 months
Orphaned Packages in rawhide (2016-02-07)
by Till Maas
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will be retired when the affected package gets retired.
Package (co)maintainers Status Change
=====================================================================
edsadmin orphan, ivazquez 1 weeks ago
flasm orphan 14 weeks ago
ghost-diagrams orphan, ivazquez 1 weeks ago
goldendict orphan, helloworld1, moceap 1 weeks ago
ipcalculator orphan, jhrozek 13 weeks ago
lexertl orphan, jjames 2 weeks ago
libpuma orphan, jjames 2 weeks ago
monkeysphere orphan, stardust85 0 weeks ago
oflb-riordonfancy-fonts orphan, ivazquez 1 weeks ago
python-hcs_utils orphan, helloworld1 1 weeks ago
shorewall orphan, digimer, jgu 4 weeks ago
tailor orphan, sharkcz 6 weeks ago
tex-zfuzz orphan, jjames 2 weeks ago
tmw orphan, mgieseki 4 weeks ago
tmw-music orphan, mgieseki 4 weeks ago
undertaker orphan, jjames 2 weeks ago
xmlcopyeditor orphan, ivazquez 1 weeks ago
yarock orphan, jam3s 9 weeks ago
The following packages require above mentioned packages:
Depending on: shorewall (1), status change: 2016-01-06 (4 weeks ago)
fail2ban (maintained by: orion, athimm, athmane, atkac, jgu)
fail2ban-shorewall-0.9.3-1.fc24.noarch requires shorewall = 4.6.13.1-1.fc24
Affected (co)maintainers
athimm: shorewall
athmane: shorewall
atkac: shorewall
digimer: shorewall
helloworld1: goldendict, python-hcs_utils
ivazquez: ghost-diagrams, oflb-riordonfancy-fonts, xmlcopyeditor, edsadmin
jam3s: yarock
jgu: shorewall
jhrozek: ipcalculator
jjames: tex-zfuzz, lexertl, undertaker, libpuma
mgieseki: tmw-music, tmw
moceap: goldendict
orion: shorewall
sharkcz: tailor
stardust85: monkeysphere
Orphans (18): edsadmin flasm ghost-diagrams goldendict ipcalculator
lexertl libpuma monkeysphere oflb-riordonfancy-fonts
python-hcs_utils shorewall tailor tex-zfuzz tmw tmw-music
undertaker xmlcopyeditor yarock
Orphans (dependend on) (1): shorewall
Orphans (rawhide) for at least 6 weeks (dependend on) (0):
Orphans (rawhide)(not depended on) (17): edsadmin flasm
ghost-diagrams goldendict ipcalculator lexertl libpuma
monkeysphere oflb-riordonfancy-fonts python-hcs_utils tailor
tex-zfuzz tmw tmw-music undertaker xmlcopyeditor yarock
Orphans (rawhide) for at least 6 weeks (not dependend on) (4): flasm
ipcalculator tailor yarock
Depending packages (rawhide) (1): fail2ban
Packages depending on packages orphaned (rawhide) for more than 6
weeks (0):
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its trac instance:
https://fedorahosted.org/rel-eng/
The sources of this script can be found at:
https://pagure.io/releng/blob/master/f/scripts/find_unblocked_orphans.py
8 years, 2 months
python-pika license change (MPLv1.1 or GPLv2 -> BSD)
by Neal Gompa
To whom it may concern,
The license of python-pika has changed in 0.10.0 from MPLv1.1 or GPLv2
to 3 clause BSD. As this is a more permissive licensing structure,
there is no expectation of any new licensing conflicts arising from
this change.
--
真実はいつも一つ!/ Always, there's only one truth!
8 years, 2 months
