New infinote / gobby collaborative document server available
by Kevin Fenzi
Greetings.
For many years Fedora Infrastructure has hosted a collaborative editor
server based on the 'sobby' server/protocol. We have finally finished
upgrading this service to use the new 'infinote' server/protocol, and
it's ready for community use.
Please See:
https://fedoraproject.org/wiki/Gobby
for more information and access details.
We hope this will be a valuable service to the
Fedora Development Community.
kevin
8 years, 6 months
Freeze Break Request: Proxy RequestTimeout
by Patrick Uiterwijk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi all,
Could I get +1s for the following patch?
This patch is to prevent broken (or malicious) clients from
taking up connection resources on the reverse proxies if they
don't finish sending their request within a reasonable period
of time (10 seconds for headers should be more than enough).
This has been live on proxy02 for about 8 hours now, and resulted
it a lot lower CPU usage.
commit 4f96c69a2a0777cd1a474ac23bb5b37fe05ddfde
Author: Patrick Uiterwijk <puiterwijk(a)redhat.com>
Date: Wed Oct 14 16:35:26 2015 +0000
Set requesttimeout on headers
Signed-off-by: Patrick Uiterwijk <puiterwijk(a)redhat.com>
diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml
index 45140d9..b909de9 100644
- --- a/roles/httpd/proxy/tasks/main.yml
+++ b/roles/httpd/proxy/tasks/main.yml
@@ -25,6 +25,7 @@
- 00-namevirtualhost.conf
- 01-keepalives.conf
- 02-ticketkey.conf
+ - 03-reqtimeout.conf
notify:
- restart httpd
tags:
diff --git a/roles/httpd/proxy/templates/03-reqtimeout.conf b/roles/httpd/proxy/templates/03-reqtimeout.conf
new file mode 100644
index 0000000..595595c
- --- /dev/null
+++ b/roles/httpd/proxy/templates/03-reqtimeout.conf
@@ -0,0 +1 @@
+RequestReadTimeout header=10
- --
With kind regards,
Patrick Uiterwijk
Fedora Infra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWHoS3AAoJEIZXmA2atR5QvLEP/jTyJ+Y2GMg1kWcSAXQKtwdo
NPBGILqYhpsP5rWEVyx/7R+MRd0mlY7ECPFX9Vlkga39Q2isr3N5HUUmSWfAviDU
yaIo9/OAXepcmMguz9nese2mxlMKNtHY1RWiblpDlG39OFtgmhJcG5biN1xBvExO
xUJ221u45VWtV8QUMvL5DXpfPZ+ULXKI3ZysSX3k5eTozcmIFgA0XusJwE9/Wx+q
pW03fsU20LtPnLOT1+ZWAQ01StgCKzOU0kddKYG4LFVQHJnWu65tplqozOoyyqaN
enKlGuFeB4cdfg6f5bmO1FAx65RJeT47dLQ2zSozM30/f23bTm1sqLyLLNeIApa5
G25TlyjGe0DQ/H32YiTH0GXW/TFl8RSScPhyS8uraS4EVWcETRcBqcT4YKqEjL9V
6QgYHh3eWK8mvTgZC30lF/sr0wV4Jjd4DTJ7piQdlwyt21jviBDvS8KAiMqt7fdN
y0mi3jyls/DsOT7GEfguNY8Z0Qg8i4rrlOxz4+k6cInmMioc0c+TkhYTxvSbAmzd
h848Ah7uyoNoBgrZpCz9LMLmTSmV1h4YP2zmUkqteIqHVCeY7ko8TikD9Ry/w72K
ZmnenXu8rTwHhfyw7x5R3oIsa+V91Y3ilKi4uYftuw2ybTlEpndeDDTEqVjn8AnA
VBxy1T3ar9B9LAFR/2/w
=KuEj
-----END PGP SIGNATURE-----
8 years, 6 months
(no subject)
by Pierre-Yves Chibon
Hi all,
I would like to turn off the google login in anitya. Google has stopped
supporting regular openid in favor of openid connect which we currently do not
support.
So basically, the google login is currently broken, this patch will remove the
option from the UI.
+1s/-1s?
Thanks,
Pierre
8 years, 6 months
Freeze Break Request: Ipsilon CVE update
by Patrick Uiterwijk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
Can I get +1s to apply the fix for CVE-2015-5301 in production?
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1271530
While this bug has less impact for us as SP's cannot be deleted
permanently (because we use file-based configuration), the SP will
be removed from the in-memory config state, meaning that until
httpd is restarted it will be gone.
- --
With kind regards,
Patrick Uiterwijk
Fedora Infra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWHlt9AAoJEIZXmA2atR5QuF0P/11iKPQpPHc1NcUcJxmRzPv2
7E/uXSqiQqWlaSV3N4k40Eemj2K8e2gSNhH+jbGWGfMbVGh4bV+me9blWlTY/RJI
S1vdKmwnRSf3EkJ0g2LqfbFShX+CZgwUWAL8G2JIgBogVHZP105kjDqUd1GWlelw
0160eDxFPZ4XYPS9ylhbV/Mod9pCKKyynXbnH8P8wCvhG+l7vj2wzYVjCW8Gk1P9
H8MTDlCgY+HLOXtFGhMotn7DzsF5PyHEMfk418y9DVGiD6mdbeLppkdKFrc3GwZP
W6ZV0HSKxldGQ8OtWMB36FngGTfWanHr2wabgMVAzA4+b+p1nPiPaKzuak2TatqU
mQIBBx9TMM+9cnv4W8/hgnjF1lV+9fiGofdIUJj0WbECtwntRz75WWCn65Dg6UlC
tJHM3V2GfABkiUA76J7l5AU9G0AcA47gF2rRAdzDb/VcPmPZZcZ6vmpJtkvScwOw
NiKf/iEKYUOZcU3Xx97FtqITQ0CTfyHN+3ECMYtYPWD1ZBq6DzxQhrxLlU51nons
0D1GGVyC6Ij+Su/CF5Ugb9SRDfKyfUcMRYih/WYk/LFdU0z5V48uQiFB/LfHIPAu
dZAKrsozDA46nsO6o3ghPcBTJARR7ycknEyOIuaDOr5hvJKe2ZNv1QIyaG9ha/K0
Afur0fVHvWElEQYhkPIW
=fnR8
-----END PGP SIGNATURE-----
8 years, 6 months
[release] pagure: 0.1.31
by Pierre-Yves Chibon
Good morning everyone,
Never two with three, but at least this time the bug is fixed.
New pagure release: 0.1.31
Changelog:
* Tue Oct 13 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.1.31-1
- Forward the bail_on_tree boolean when iterating so that we know how to behave
when we run into a git tree (where we expected a git blob)
-> fixes error received by email
Happy hacking!
Pierre
8 years, 6 months
[release] pagure: 0.1.30
by Pierre-Yves Chibon
Good morning everyone,
There was a couple of last minutes bugs on pagure that I didn't want to carry
all the way through freeze, so here is another (bugfix) release: 0.1.30
The changelog:
* Tue Oct 13 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.1.30-1
- Fix error received by email by checking the right variable if it is a git tree
or a git blob
- Unless we explicitly accept all images tag, always filter them (fixes
attaching images to a ticket)
Happy hacking,
Pierre
8 years, 6 months
[release] pagure: 0.1.29
by Pierre-Yves Chibon
Good morning everyone,
I just cut a new (bugfix) pagure release: 0.1.29
Here is the corresponding changelog:
* Tue Oct 13 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.1.29-1
- Use monospace fonts for online editing as well as comment on tickets and
pull-requests
- Fix online editing of symlinked files (such as the README)
- Handle potential error when converting from rst to html
It seems to be working fine in stg, so will push to prod before it gets cold :)
Pierre
8 years, 6 months
[release] pkgdb2: 1.31
by Pierre-Yves Chibon
Good morning everyone,
I just cut a new pkgdb2 release: 1.31
Here is the changelog:
* Tue Oct 13 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 1.31-1
- Update to 1.31
- Prevent the PoC of a package to be removed of his/her watch* ACLs
- Add a button to request approveacls per branch
- Add a whitelist of packager for whom we do not check their group membership
- Adding more information about PostgreSQL in the README (farhaanbukhsh)
- Add tooltip for non-admins on clicking monitoring buttons (Devyani Kota)
- Give ACLs to the new POC of a package
- Ensure the actionid is an integer and report an error otherwise (in the API)
- Improve/fix the runserver script
Currently in stg, soon to be in prod.
Happy packaging,
Pierre
8 years, 6 months