Re: Remaining 6.1 bugs
Ken Moffat wrote: Bruce, I take it you're going to ignore 1485 that I raised yesterday ? And still on the subject of security, it appears that fetchmail is now being maintained from http://fetchmail.berlios.de who have a 6.2.5.2 release to address CAN-2005-2335. See e.g. http://www.securityfocus.com/archive/1/406497/30/60/threaded No doubt there are other known vulnerabilities in the book, but in the absence of a list of packages/status I'm *slowly* trying to review them. I'm sorry this doesn't fit nicely with preparation for a release, but that is the nature of vulnerabilities. When I wrote the parent, I was only looking at the 6.1 targeted bugs. 1485 still is marked future. It is also marked P2 but should be P1 due the security issues. This is currently a CMMI package. Does the new version change this? If not, there is no reason why it can't be put into 6.1. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: Remaining 6.1 bugs
On Sat, 30 Jul 2005, Bruce Dubbs wrote: Ken Moffat wrote: Bruce, I take it you're going to ignore 1485 that I raised yesterday ? And still on the subject of security, it appears that fetchmail is now being maintained from http://fetchmail.berlios.de who have a 6.2.5.2 release to address CAN-2005-2335. See e.g. http://www.securityfocus.com/archive/1/406497/30/60/threaded No doubt there are other known vulnerabilities in the book, but in the absence of a list of packages/status I'm *slowly* trying to review them. I'm sorry this doesn't fit nicely with preparation for a release, but that is the nature of vulnerabilities. When I wrote the parent, I was only looking at the 6.1 targeted bugs. 1485 still is marked future. It is also marked P2 but should be P1 due the security issues. I'm not an editor, as far as I know I can't set either of those fields in bugzilla (and you really don't want joe random.user playing with targets and priorities). Maybe my fault for filing it against 6.1 ? This is currently a CMMI package. Does the new version change this? If not, there is no reason why it can't be put into 6.1. -- Bruce AFAIK, it's still CMMI. I can give it a go later tonight. As to fetchmail, I'll definitely be building that when I get back to my main box (but on a base LFS so old you really don't want to know). But it rather looks as if it may have been forked (esr's site still shows 6.2.0 as latest, but the URI in my previous post talks of development versions as well as the stable, and mentions a mailing list), which raises the question of whether the editors want to follow it. Do you want me to BZ it ? Ken -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: Remaining 6.1 bugs
Ken Moffat wrote these words on 07/30/05 16:17 CST: But it rather looks as if it may have been forked (esr's site still shows 6.2.0 as latest, but the URI in my previous post talks of development versions as well as the stable, and mentions a mailing list), which raises the question of whether the editors want to follow it. Do you want me to BZ it ? It's not a fork. Just new maintainership. Fetchmail was taken over in 1996 by Eric Raymond. Last year however, a new group of guys took over. It appears that the Berlios site is now the official site for Fetchmail. -- Randy rmlscsi: [GNU ld version 2.15.94.0.2 20041220] [gcc (GCC) 3.4.3] [GNU C Library stable release version 2.3.4] [Linux 2.6.10 i686] 16:21:00 up 119 days, 15:54, 2 users, load average: 0.18, 0.66, 0.63 -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: Remaining 6.1 bugs
On Sat, 30 Jul 2005, Randy McMurchy wrote: It's not a fork. Just new maintainership. Fetchmail was taken over in 1996 by Eric Raymond. Last year however, a new group of guys took over. It appears that the Berlios site is now the official site for Fetchmail. Thanks, Randy. I'd assumed esr's site would reflect that, guess he's too busy with other things. Ken -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: Remaining 6.1 bugs
On Sat, 30 Jul 2005, Bruce Dubbs wrote: Ken Moffat wrote: fetchmail-6.2.5.2 also works unchanged with the book's instructions. Guidance on whether to BZ it, and use of BZ if I'm doing it wrong (for 6.1) will still be appreciated. Go ahead adn BZ it. The priority for a simple version increment is P3. If I knew how to set that as the default, I'd do it. The version should be SVN or 6.0 depending on your reference. The target will automatically be future. Add any comments you think are pertinent. -- Bruce Thanks. Bug 1488. As a dumb user I've set it to 'normal' which I guessed might be P3, and filed it against svn. But, based on Randy's comments about a change of maintainership, this should be a straightforward security fix, whatever the priority label for that is supposed to be. Did you guess that I get easily baffled by BZ ? :) Ken -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
