Re: [Mageia-dev] texi2html
If there is no maintainer I will rebuild it. Sent from my Motorola ATRIX™ 4G on AT&T -Original message- From: Philippe DIDIER To: mageia-dev@mageia.org Sent: Mon, Oct 3, 2011 18:30:41 GMT+00:00 Subject: Re: [Mageia-dev] texi2html Thomas Spuhler a écrit : > On Tuesday, September 27, 2011 03:49:56 pm Philippe DIDIER wrote: >> D.Morgan a écrit : >>> On Tue, Sep 27, 2011 at 8:54 AM, Jani Välimaa > wrote: 2011/9/27 Thomas Spuhler : > On Monday, September 26, 2011 07:33:20 pm Thomas Spuhler wrote: >> On Monday, September 26, 2011 08:34:30 am Anssi Hannula wrote: >>> On 26.09.2011 15:47, nicolas vigier wrote: On Sat, 24 Sep 2011, Thomas Spuhler wrote: > But are you sure about texlive providing it? I don't know. It looks like it's not in the texlive package. >>> >>> My impression (from a few years back I think) is that standalone >>> texi2html is the texlive-era replacement for tetex-texi2html. >> >> Since I need it for lilypond, I'll fix those requires that had a >> require for tetex-texi2html > > it's also needed for gcomprise. It doesn't build without. > But here comes an interesting twist. > BuildRequires: texi2html in gcomprise is just being ignored, on the BS > as well as on the local VM > Installing it let's me build the package, after uninstalling texi2html > it doesn't build, but the requires is ignored. > If I change it to something else such as BuildRequires: texi3html > Then it tells me rightfully texi2html is missing. Your BR isn't ignored, texi2html is also provided by texlive and it gets installed instead of texi2html. >>> >>> i am working on new texlive, i can take a look to this issue. >> >> Olav Vitters has rebuilt texlive (with new libpng15) after boklm had >> erased the wrong Provides : texi2html >> >> Now, if BR texi2html is in a spec, texi2html.rpm will be installed >> >> You may now push ffmpeg, gcompris, to be built... >> You may try lilypond >> >> Remind that lash, qemu, and xen need to have BR modified >> from BR: tetex-texi2html to BR: texi2html too >> >> Olav Vitters seems to have taken care of quagga > > Thanks a lot. One package remains with a wrong BR Xen spec file still haveBR: tetex-texi2html if it is rebuilt it needs to be now BR: texi2html need to provide a bug report ?
Re: [Mageia-dev] Updated package (gscan2pdf) and mentorship request
Le Mercredi 5 Octobre 2011 00:49:17 Yann a écrit : > Hi dev, > I'm beginning to really enjoy mageia, so I wish to be helpful to it. I begin > to check packages that I use and that need maintainers [01] > > I updated gscan2pdf as a new upstream release was published some days ago. > > I didn't see any recommended form for mentor/sponsor requests. There's an hidden link in the wiki for that http://www.mageia.org/wiki/doku.php?id=packages_mentoring&s[]=packaging In summary you need to 1) create an account on identity 2) find a mentor 3) once you get a mentor open a bug report on bugzilla to request an account with your ssh key & the name of your mentor I can help for 2) if needed :p [...] Regards, -- Balcaen John
Re: [Mageia-dev] Detailed version of the Mageia Unmaintained Packages
On Wednesday 05 October 2011 00:42, Kamil Rytarowski wrote: > Nearly 3000 Mageia packages are on the unmaintained list. I've prepared > more detailed version. I notice that, according to this list, rsh is still provided. Why? Isn't OpenSSH a complete, secure, replacement? Telnet I can understand, as it is also used to debug network problems. rsh should be dumped in order to urge the use of secure alternatives like OpenSSH, in my oppinion. -- Johnny A. Solbu PGP key ID: 0xFA687324 signature.asc Description: This is a digitally signed message part.
Re: [Mageia-dev] [changelog] [RPM] 1 core/updates_testing terminator-0.96-1.mga1
Received from Manuel Hiebel on Tue, Oct 04, 2011 at 06:39:58PM EDT: > Le mercredi 05 octobre 2011 à 00:35 +0200, Mageia Team a écrit : > > Name: terminator > > lebedov 0.96-1.mga1: > > + Revision: 151564 > > - Update to 0.96. > Why ? > > (And there are some python-* in updates_testing without bug report for > the QA.) Where should they go? L.G.
[Mageia-dev] Updated package (gscan2pdf) and mentorship request
Hi dev, I'm beginning to really enjoy mageia, so I wish to be helpful to it. I begin to check packages that I use and that need maintainers [01] I updated gscan2pdf as a new upstream release was published some days ago. I didn't see any recommended form for mentor/sponsor requests. The package is located here : http://www.netyl.org/mageia/gscan2pdf-1.0.0-1.mga2.src.rpm http://www.netyl.org/mageia/gscan2pdf-1.0.0-1.mga2.noarch.rpm http://www.netyl.org/mageia/gscan2pdf.spec As I want to help with packaging in a first time, I hope that a mentor will accept to help me in this way. Thanks to have a look on this package and for your comments. /Yann [01] http://pkgsubmit.mageia.org/data/unmaintained.txt
[Mageia-dev] Detailed version of the Mageia Unmaintained Packages
Hello! Nearly 3000 Mageia packages are on the unmaintained list. I've prepared more detailed version. Here is the list http://kamil.mageia.org.pl/ I hope it can help! You can also find on the website some related statistics. This page is under development. Kamil
Re: [Mageia-dev] [changelog] [RPM] 1 core/updates_testing terminator-0.96-1.mga1
Le mercredi 05 octobre 2011 à 00:35 +0200, Mageia Team a écrit : > Name: terminator > lebedov 0.96-1.mga1: > + Revision: 151564 > - Update to 0.96. Why ? (And there are some python-* in updates_testing without bug report for the QA.)
Re: [Mageia-dev] Disabling hybernation
On Sat, 01 Oct 2011 01:08:14 +0200 Olivier Blin wrote: > Olivier Blin writes: > > > Actually, that was gnome-settings-daemon, and it was affecting both > > login screen and user sessions... > > > > I've just submitted a fix (from upstream git). > > My package could not be submitted because of the > module-init-tools/ldetect issues... > Have you been able to submit it yet ? TIA
Re: [Mageia-dev] About syslinux & libpng
Le 04/10/2011 16:50, Michael scherer a écrit : On Tue, Oct 04, 2011 at 11:30:29AM +0200, Buchan Milne wrote: On Monday, 3 October 2011 15:58:36 Michael Scherer wrote: Except if I start to replace this by "here is a nice syslinux boot image with a duck". And then my code is run by syslinux, just because someone took my png picture. And the same person could say, "Here is my cool plymouth splash screen, use my initrd", and there are 1000 easier ways to exploit this (than trying to generate a PNG image with exploit code that someone would like enough to use syslinux). Sure, but we can also upload the pics on some gnome-art or something like that. Now, if we consider every possible exploit requires opening a document as a non problem, I guess it would surely reduce our workload on security issue, and for sure enhance the confidence. Those situations are not really comparable. Opening a document with the corresponding application is a normal usage scenario, whereas configuring the boot process is a system administration scenario, requiring explicit context change. And while I was not aware of it when I wrote my mail, it already happened : MDKSA-2006:210 Nobody said it didn't happened, just than forcing build against system version of the library would requires more effort right now, without avoiding the need to also rebuild syslinux in case of vulnerability in libpng, as it is statically linked. It would just make easier to track vulnerability by having a single version, and avoid to patch twice. -- Guillaume
Re: [Mageia-dev] About syslinux & libpng
On Tue, Oct 04, 2011 at 11:30:29AM +0200, Buchan Milne wrote: > On Monday, 3 October 2011 15:58:36 Michael Scherer wrote: > > > Except if I start to replace this by "here is a nice syslinux boot image > > with a duck". And then my code is run by syslinux, just because someone > > took my png picture. > > And the same person could say, "Here is my cool plymouth splash screen, use > my > initrd", and there are 1000 easier ways to exploit this (than trying to > generate a PNG image with exploit code that someone would like enough to use > syslinux). Sure, but we can also upload the pics on some gnome-art or something like that. Now, if we consider every possible exploit requires opening a document as a non problem, I guess it would surely reduce our workload on security issue, and for sure enhance the confidence. And while I was not aware of it when I wrote my mail, it already happened : MDKSA-2006:210 -- Michael Scherer
Re: [Mageia-dev] About syslinux & libpng
On Monday, 3 October 2011 15:58:36 Michael Scherer wrote: > Except if I start to replace this by "here is a nice syslinux boot image > with a duck". And then my code is run by syslinux, just because someone > took my png picture. And the same person could say, "Here is my cool plymouth splash screen, use my initrd", and there are 1000 easier ways to exploit this (than trying to generate a PNG image with exploit code that someone would like enough to use syslinux). Maybe we need to adopt secure UEFI, and sign our kernels and initial ram disks ... > So no, bundling is not without causing trouble. > > > So if we take this road of removing bootloader's libs, shall we also > > remove the jpeg/gz/gcc/... libs too, and maybe for other bootloaders too > > ? > > > > I do understand the need for the application that runs under linux... > > but about the bootloaders... > > Unless I am wrong, a bootloader run on ring 0 or can even ( like xen ) > be used to run the kernel in a specific separate memory space ( ie, > virtualisation ). This could open a whole new range of problem ( like > the Blue Pill concept code published 5 years ago by Joanna Rutkowska ) > > So I think that bootloader requires more consideration than regular > application. > > > What's your thoughts about it ? > > Would you agree on keep syslinux untouched regarding the png lib ? > > For reasons explained before, I would rather disagree. But, users foolish enough to be tricked into booting malicious code can't really be helped. I think it would be better if syslinux was compatible with current upstream libpng, so, if: 1)There is an upstream bug filed regarding support for current libpng 2)We have a registry of software building statically or with internal copies of libraries, and syslinux is added with a reference to the upstream bug then I think it is reasonable to build syslinux with internal libpng. Unless you are going to mitigate *all* other attack vectors based on 'here, boot my random binaries on your system'. Regards, Buchan
Re: [Mageia-dev] freeglut vs. mesa (devel requires problem)
'Twas brillig, and Philippe DIDIER at 03/10/11 18:52 did gyre and gimble: > Colin Guthrie a écrit : >> Can whoever uploaded freeglut please fix the mesa require tags. >> >> i.e. the fact that mesa-common-devel requires the mesa >> lib[64]mesaglut3-devel = 7.11 >> >> Cheers >> >> Col >> > Bug 2891 > > it seems there is only one line to modify in mesa spec file : > line 18 > 17# freeglut should replace mesaglut soon > 18%define with_mesaglut 1 > > It may be enough to write > 18%define with_mesaglut 0 > > And that's all folks (Thanks to Thierry who prepared this some months ago) Ahh fair point, an easy change indeed. OK, bumped it and submitted. Col -- Colin Guthrie colin(at)mageia.org http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/
