[Mageia-dev] RFT: mysql-5.5.23 (was:Re: mysql CVE's in mga1 => have it update to mariadb)
13.04.2012 19:19, Thomas Backlund skrev: > 13.04.2012 19:11, Maarten Vanraes skrev: >> Op vrijdag 13 april 2012 13:12:08 schreef AL13N: >> [] >> >> i guess most packagers want option 2 here. >> >> i don't think this is a good idea in general and i was of the opinion that >> the >> diff between migrating mysql 5.5.22 and mariadb 5.5.23 were quite the same... >> >> nonetheless, the package naming difference could have effects on it on a >> stable >> version, so i concede to this solution. >> >> however, i'll note that mariadb likely contains extra bugfixes, which this >> mysql 5.5.22 will not have. >> >> i guess this is the step where this is more or less decided and some >> packager >> steps in and does the actual work. any volunteers? perhaps that person can >> also become maintainer of it? >> > > I've started working on mysql-5.5.23 (as it contains another security > fix), and will release it to updates_testing for Mageia 1 as soon as > possible. > So, there is now a mysql 5.5.23-1.mga1 in Mageia 1 core/updates_testing for all that want to help testing this ... Please report on https://bugs.mageia.org/show_bug.cgi?id=5260 if everything still works and also if something broke. I myself have updated 2 live LAMP servers, and so far no problems... -- Thomas
Re: [Mageia-dev] unable to mount encrypted partitions created with drakdisk
2012/3/30 David W. Hodgins : > On Wed, 28 Mar 2012 21:40:36 -0400, simple w8 wrote: > >> You have chosen thekeysize 512 thats the one is not supported under >> the FreeOTFE project... >> Isnt possible to change the keysize to a value that can be supported >> under Windows? > > > Yes. Test what works on your own system, then open a bug report asking > for the change. Just don't use cbc, as it's too insecure. > > Regards, Dave Hodgins > It would be better if you could do those tests since your far in a better position and have more knowledges in that area to safely say what is the best option to use thats also supported by FreeOTFE :)
Re: [Mageia-dev] freeze push request: scite
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/04/2012 22:10, Anne nicolas wrote: > 2012/3/25 Matteo : Hello, can somebody > push scite 3.0.4? It fixes a lot of bugs (since our last version > was 2.29, http://www.scintilla.org/ScintillaHistory.html). Now it > works fine even with gtk3 (version 3.0.3 fixed a gtk3 related bug > about printing). This package is owned by anaselli cause it was > built while he was mentoring me. Regards > >> submitted > I fixed the problem causing the last failure, thanks also to Jani advice. Can somebody try to push scite one more time, please? Regards - -- Matteo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPiHHWAAoJED3LowjDDWbNHi4IAJXdqW9r53OEQHEn7LwS20Zz 90HVTCS/+xtB6f+Xf1mnvr4HKViQtm3W6xe49jmZesWHugNL4V44YXO6cSS0BFiK ltBbQOWf68Jn2kNsDGf3wdwARpK8Sl28imIiQfyH/Flm+X7lurZ9ipk/UW0wGf90 NFPVMuAiXeTk0nJCKgS8pV7v5VyX2MII3u8FnK41mi6R5pJew5LIzIsle2O19mYy amZGOmP10PDAbCrqgKuaNlrmBFi73dPxvcoHHvQ+/HktT6roilw7CkaX856WiaCy KreMPe0OotRCnXb7hq8tPY2LIlUt1VY0PodlaylmsWbo8UoccZGhhq6HUcuR/1o= =Yip0 -END PGP SIGNATURE-
Re: [Mageia-dev] Change in libx11 broke xscreensaver
On 13.04.2012 20:30, David Walser wrote: David Walser writes: Can we patch our libx11 to go back to the old way, or is there a better way to fix this? I don't have a deep understanding of the meaning of this code. Turns out the broken line I pointed out was from our own patch. This has now been fixed by rtp. Thanks. Thank you very much! You have fixed also xosview.
Re: [Mageia-dev] Change in libx11 broke xscreensaver
David Walser writes: > Can we patch our libx11 to go back to the old way, or is there a better way to > fix this? I don't have a deep understanding of the meaning of this code. Turns out the broken line I pointed out was from our own patch. This has now been fixed by rtp. Thanks.
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
Op vrijdag 13 april 2012 19:35:15 schreef Thomas Backlund: > 13.04.2012 19:30, Maarten Vanraes skrev: [...] > > bye any chance do you have the CVE for the new one? i remember there was > > one in mariadb a few days ago, so i want to make sure this is the same > > one. > > Unfortunately no CVE yet... it only refers to a locked bug report: > > Security Fix: Bug #59533 was fixed. > > > > But as mariadb 5.5.23 is supposed to be based on mysql 5.5.23, it > should be fixed. I hate this... oracle is really fucking things up here...
[Mageia-dev] Freeze push: New version of weboob 0.b
The version of weboob in cauldron is the 0.9.1 Since, there are two updates 0.a https://symlink.me/news/43 and the latest 0.b https://symlink.me/news/44 I would like to ask to push the latest version 0.b, as there are many new features, crash fixes, and i think that in the new release Mageia 2 it is good to have the newest version. The version 0.a brings an important feature: "The main new feature is a repositories system, which is used to update modules without upgrading Weboob." which means that when a user have a problem with a module or a new module is added, he does nt have to wait the new version of weboob but he will have an update of the specific module from the repository system of the application. Thanks ps: (I've informed already the package's maintainer ofaurax) -- Dimitrios Glentadakis
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
13.04.2012 19:30, Maarten Vanraes skrev: > Op vrijdag 13 april 2012 18:19:14 schreef Thomas Backlund: > [...] >> I've started working on mysql-5.5.23 (as it contains another security >> fix), and will release it to updates_testing for Mageia 1 as soon as >> possible. > > bye any chance do you have the CVE for the new one? i remember there was one > in mariadb a few days ago, so i want to make sure this is the same one. > Unfortunately no CVE yet... it only refers to a locked bug report: Security Fix: Bug #59533 was fixed. But as mariadb 5.5.23 is supposed to be based on mysql 5.5.23, it should be fixed. -- Thomas
Re: [Mageia-dev] [changelog] [RPM] cauldron core/release udisks-glue-1.3.4-2.mga2
On 13 April 2012 17:53, dams wrote: > Description : > udisks-glue is a tool that can associate udisks events to user-defined > actions. In that sense, udisks-glue is almost "glue code"[1], hence the name. > > udisks (formely known as DeviceKit-disks) is an abstraction layer on top of > the Linux disks subsystems that, in conjunction with the other DeviceKit > subprojects, aims to be a replacement for the now almost defunct HAL project. > > Like most other recent Linux desktop frameworks, udisks exposes its API via > DBus to its clients (often desktop environments). Users wishing to have more > control about what happens when specific disk-related events often have to use > a tool like halevt[2] or ivmon[3], which work on top of HAL. Now that HAL is > no longer being actively developed and most distributions are considering > dropping support for it, those users will have to migrate to a new tool, and > udisks-glue might as well fill that gap. the following has nothing to do in descriptions (as well as [1] .. [3] above) > udisks-glue should eventually offer the most useful features found in the > aforementioned projects. As of now, however, only the most basic functionality > is available (mounting and unmounting removable media). Contributions are > welcome. > > Note that this project is not affiliated with or endorsed by the udisks > project. > > References: > > [1]: http://en.wikipedia.org/wiki/Glue_code > [2]: http://www.nongnu.org/halevt/ > [3]: http://ivman.sourceforge.net/
Re: [Mageia-dev] rtl8192ce missing firmware files in kernel-firmware-nonfree
2012/4/13 Pascal Terjan :
> On Thu, Apr 12, 2012 at 23:50, simple w8 wrote:
>> 2012/4/12 Pascal Terjan :
>>> On Thu, Apr 12, 2012 at 21:19, simple w8 wrote:
Hi,
I have a realtek wifi card:
~]# lspcidrake -vv|grep -i wifi
rtl8192ce : Realtek Semiconductor Co., Ltd.|RTL8188CE
802.11b/g/n WiFi Adapter [NETWORK_OTHER] (vendor:10ec device:8176
subv:10ec subd:9196) (rev: 01)
it uses kernel module rtl8192ce (still dont understand why Mageia is
calling as "RTL8188CE 802.11b/g/n WiFi Adapter" where is a 8192)
>>>
>>> rtl8192ce is the driver for RTL8192CE and RTL8188SE
>>>
>>> It seems pci.ids have same description for all of them:
>>>
>>> vendor: 10ec ("Realtek Semiconductor Co., Ltd."), device: 8176
>>> ("RTL8188CE 802.11b/g/n WiFi Adapter")
>>> vendor: 10ec ("Realtek Semiconductor Co., Ltd."), device: 8177
>>> ("RTL8188CE 802.11b/g/n WiFi Adapter")
>>> vendor: 10ec ("Realtek Semiconductor Co., Ltd."), device: 8178
>>> ("RTL8188CE 802.11b/g/n WiFi Adapter")
>>> vendor: 10ec ("Realtek Semiconductor Co., Ltd."), device: 8191
>>> ("RTL8188CE 802.11b/g/n WiFi Adapter")
>>>
>>> You can request it to be fixed on
>>> http://pci-ids.ucw.cz/read/PC/10ec/8176 if you know what should be the
>>> name
>>>
untill today it has happened that when writing, multiple times i get
characters repeated like the keyboard key was stuck.
When i runned Mandriva cooker 2 months ago i didnt had this problem so
i went to see the differences between both packages
kernel-firmware-nonfree (from Mageia) and kernel-firmware-extra (from
Mandriva) and i saw that there are missing firmware files in the
Mageia package, these files exist upstream, so i dont understand why
werent them all put available in Mageia...
>>>
>>> I presume you the files are:
>>>
>>> rtlwifi/rtl8192cfwU_B.bin
>>> rtlwifi/rtl8192cfwU.bin
>>> rtlwifi/rtl8192cfw.bin
>>
>> These are not the only differences, check the output:
>>
>> ~]$ LC_ALL=C diff -U 3
>> /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi
>> /mageia/kernel-firmware-nonfree/SOURCES/linux-firmware-nonfree-20120219/rtlwifi
>> Only in /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi:
>> rtl8192cfwU.bin
>> Only in /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi:
>> rtl8192cfwU_B.bin
>> Binary files
>> /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi/rtl8192defw.bin
>> and
>> /mageia/kernel-firmware-nonfree/SOURCES/linux-firmware-nonfree-20120219/rtlwifi/rtl8192defw.bin
>> differ
>> Only in /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi:
>> rtl8192defw_12.bin
>> Binary files
>> /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi/rtl8192sefw.bin
>> and
>> /mageia/kernel-firmware-nonfree/SOURCES/linux-firmware-nonfree-20120219/rtlwifi/rtl8192sefw.bin
>> differ
>> Only in /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi:
>> rtl8192sefw.old.bin
>
> Well I don't know where they are coming from, not from upstream.
> Maybe from the driver provided on realtek site?
When i said upstream i was refering to realtek, that whats mandriva
has in kernel-firmware-extra and thats with those firmware files that
i can get things working properly.
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
Op vrijdag 13 april 2012 18:19:14 schreef Thomas Backlund: [...] > I've started working on mysql-5.5.23 (as it contains another security > fix), and will release it to updates_testing for Mageia 1 as soon as > possible. bye any chance do you have the CVE for the new one? i remember there was one in mariadb a few days ago, so i want to make sure this is the same one.
Re: [Mageia-dev] Freeze push: egroupware
On Fri, 13 Apr 2012, David Walser wrote: > Fixes XSS security flaw. See https://bugs.mageia.org/show_bug.cgi?id=5384 Submitted.
[Mageia-dev] Freeze push: egroupware
Fixes XSS security flaw. See https://bugs.mageia.org/show_bug.cgi?id=5384
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
13.04.2012 19:11, Maarten Vanraes skrev: > Op vrijdag 13 april 2012 13:12:08 schreef AL13N: > [] > > i guess most packagers want option 2 here. > > i don't think this is a good idea in general and i was of the opinion that > the > diff between migrating mysql 5.5.22 and mariadb 5.5.23 were quite the same... > > nonetheless, the package naming difference could have effects on it on a > stable > version, so i concede to this solution. > > however, i'll note that mariadb likely contains extra bugfixes, which this > mysql 5.5.22 will not have. > > i guess this is the step where this is more or less decided and some packager > steps in and does the actual work. any volunteers? perhaps that person can > also become maintainer of it? > I've started working on mysql-5.5.23 (as it contains another security fix), and will release it to updates_testing for Mageia 1 as soon as possible. -- Thomas
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
Op vrijdag 13 april 2012 13:12:08 schreef AL13N: [] i guess most packagers want option 2 here. i don't think this is a good idea in general and i was of the opinion that the diff between migrating mysql 5.5.22 and mariadb 5.5.23 were quite the same... nonetheless, the package naming difference could have effects on it on a stable version, so i concede to this solution. however, i'll note that mariadb likely contains extra bugfixes, which this mysql 5.5.22 will not have. i guess this is the step where this is more or less decided and some packager steps in and does the actual work. any volunteers? perhaps that person can also become maintainer of it?
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
On Fri, 13 Apr 2012, David Walser wrote: > AL13N writes: > > 5. someone has a better idea? > > > > considering the response i got, now i'll default to letting someone else > > handle it, which might mean it never gets fixed. that would also mean for > > me that mageia1 would be a bad version to get LTS on. > > The objections to this have been quite unwarranted. It sounds like some > people > want to institute a new policy that MySQL security bugs won't be fixed. That was objections against migrating from mysql to mariadb in a stable release updates. Stable updates are supposed to include minimal changes in packages in order to fix the issues. This means using patches to fix the issues and nothing else, if possible, or update to the version that fix the issues with the least unrelated changes when it's too difficult to have individual patchs for each issue. MySQL 5.5.22 is the last version available in 5.5.x branch, including various bugfix and other changes. And if I understand correctly, MariaDB 5.5.x is the same thing as MySQL 5.5.x, but with several new features, optimizations and other changes : http://kb.askmonty.org/en/what-is-mariadb-55 http://kb.askmonty.org/en/what-is-mariadb-53 I don't see any reason why we should update to mariadb instead of MySQL 5.5.22. It includes the same changes as mysql 5.5.10 -> 5.5.22, and adds several other changes that we don't want in a stable update.
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
'Twas brillig, and David Walser at 13/04/12 15:31 did gyre and gimble: > The objections to this have been quite unwarranted. It sounds like some > people > want to institute a new policy that MySQL security bugs won't be fixed. > Upgrading to newer versions of things isn't ideal, but sometimes it's what has > to be done, because there's no other way, and we already do it sometimes in > other cases. There's no reason this should be any more controversial. The proposal here was not just to ship a new version, but to ship a totally different fork -> mysql -> maridadb (it's even in the subject!). This is why there have been objections. It's not (primarily at least) to do with shipping a newer version. > For us, upgrading to MariaDB instead of MySQL 5.5.22 isn't any different than > what those other distros have done. MariaDB is as much a newer version of > what > we have now as MySQL 5.5.22 is. They are both derived from the same code > base. > Furthermore, the other distros have been able to upgrade it apparently without > even having to rebuild anything else, so the potential for damage seems to not > be so great after all. I disagree. It's a totally different package. There are also bugs relating to how a service package is enabled/disabled on upgrade which might lead to people having the service enabled when they have previously specifically disabled it. Should we then patch and upgrade rpm-helper too to deal with this issue? We've not even addressed it in Cauldron yet, but then I think it may be something that users could live with in a distro upgrade, but they certainly would not expect it from a security update. This idea just seems wrong for a stable update. Would we have shipped LO rather than OOo as an update? I don't think so. Would we have shipped Xorg rather than the old X as an update? I don't think so either. Why make a special exception for MariaDB? I would far rather ship a newer MySQL package than (to use a cliche) change horses in midstream[1] Col 1. http://www.phrases.org.uk/meanings/115400.html -- Colin Guthrie colin(at)mageia.org http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
13.04.2012 14:12, AL13N kirjoitti: > 2. do like other distros and fix to higher mysql 5.5.22 which fixes this > issue > ==> this is totally not preferred for me; > A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge > QA load > B) this also means that the mga1 -> mga2 upgrade will have to be > extensively retested This would be my preferred option. -- Anssi Hannula
Re: [Mageia-dev] Push: Libreoffice
Le 13/04/2012 16:32, D.Morgan a écrit : > Please push LO, new stable release we had a rc before. submitted -- http://mageia.org
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
AL13N writes: > 5. someone has a better idea? > > considering the response i got, now i'll default to letting someone else > handle it, which might mean it never gets fixed. that would also mean for > me that mageia1 would be a bad version to get LTS on. The objections to this have been quite unwarranted. It sounds like some people want to institute a new policy that MySQL security bugs won't be fixed. Upgrading to newer versions of things isn't ideal, but sometimes it's what has to be done, because there's no other way, and we already do it sometimes in other cases. There's no reason this should be any more controversial. In researching this, it appears that for the security bugs in MySQL (and there are many, at least one of which is remotely exploitable without authentication), only the Oracle MySQL developers really know what the vulnerabilities are and how they were fixed, and they're not telling. The most recent MySQL changelog that referenced security vulnerabilities had no details, and just mentioned two bug numbers. One of those bug numbers doesn't exist. The other is not publicly viewable. At this point, upgrading is the only solution to these security problems, and other distros have already realized this and updated to one of the newest releases. Here are some examples. RHEL6: https://rhn.redhat.com/errata/RHSA-2012-0105.html https://rhn.redhat.com/errata/RHSA-2011-0164.html Fedora 15: https://admin.fedoraproject.org/updates/FEDORA-2012-0987/mysql-5.5.20-1.fc15 Fedora 16: https://admin.fedoraproject.org/updates/FEDORA-2012-0972/mysql-5.5.20-1.fc16 Mandriva Enterprise Server 5, Mandriva 2011, Mandriva 2010.2: http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2012:031 Mandriva 2010.0, Mandriva 2010.1: http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2011:012 For us, upgrading to MariaDB instead of MySQL 5.5.22 isn't any different than what those other distros have done. MariaDB is as much a newer version of what we have now as MySQL 5.5.22 is. They are both derived from the same code base. Furthermore, the other distros have been able to upgrade it apparently without even having to rebuild anything else, so the potential for damage seems to not be so great after all. Finally, someone made a comment about our reputation in this thread. If we just ignore this and don't issue any security updates because it's "too hard" or "too scary," that will hurt our reputation more than anything else.
Re: [Mageia-dev] Problems with flash 11.2
On 03/31/2012 02:12 AM, JA Magallón wrote: Hi... Is anybody else seeing strange things with flash 11.2 ? In my nvidia boxes it looks like I'm always seeing avatars in pandora... Looks like red and blue channels are switched. Try this: http://www.youtube.com/results?search_query=ntsc+color+bars look at the thumbnail, and then to the video (lookin close to the two rightmost bars...). It doesn't happen on intel graphics. My system is 64bit and nvidia. Still have to try on 32bit with older nvidia card (7600GT). Somebody else ? There is a new version of flash player: 11.2.202.233 (vs 202.228 current in cauldron). I have been using it and: - the color problems are the same with HW-render + SW decode - the crashes seem to be gone with HW-Render + HW-Decode The HW accel really works in nVidia, I have been trying with http://www.youtube.com/watch?v=rE09rUdpB94 and at 1080p, full software puts plugin-container at 100-120 % CPU time, and full hardware leaves it under 10% most of time. So perhaps it is safe to ship an mms.cfg that disables all HW acceleration and put a README for nVidia users on how to do the trick in /etc/adobe/mms.cfg. Or maybe unconditionally enable HW decoding as it does nothing on intel graphics, I think... -- J.A. Magallon \ Winter is coming...
Re: [Mageia-dev] freeze push f2c
On Wed, 11 Apr 2012, Matteo wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello, > can someone push f2c? Submitted.
Re: [Mageia-dev] Freeze push: openjpeg 1.5.0
On Thu, 12 Apr 2012, Funda Wang wrote: > Hello, > > Could somebody push openjpeg 1.5.0 into cauldron? It fixed > CVE-2012-1499: The JPEG 2000 codec in OpenJPEG before 1.5 does not > properly allocate memory during file parsing, which allows remote > attackers to execute arbitrary code via a crafted file. Submitted by ennael.
Re: [Mageia-dev] Freeze push: taskcoach
On Tue, 10 Apr 2012, Damien Lallement wrote: > Please push taskcoach (I'm using it on my laptop so it works). Submitted.
Re: [Mageia-dev] Freeze push: transmission
On Fri, 13 Apr 2012, Damien Lallement wrote: > Please push transmission 2.51. > It fixes GTK crash and GNOME Shell improvement. Submitted.
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
On Fri, Apr 13, 2012 at 12:12, AL13N wrote: > 1. find all the responsible patches and add them manually > ==> this is my preferred option, but seems not doable, and apparently > no-one steps in and mysql isn't maintained (officially) Not possible as most of the unfixed CVE on MySQL only say things like: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. So there is no way to know what was fixed and when. > 2. do like other distros and fix to higher mysql 5.5.22 which fixes this > issue > ==> this is totally not preferred for me; > A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge QA > load This will happen anyway. Testing will be the same whatever the amount of changes is. > B) this also means that the mga1 -> mga2 upgrade will have to be > extensively retested At least there will be no package name change etc, so nothing really new regarding upgrade > 3. go to the cauldron version that fixes these issues which is mariadb-5.5.23 > ==> this is less preferred for me: > A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge > QA load And even more, as it implies testing that all packages from mga1 using mysql need to be tested (as more recent ones were tested in cauldron) > B) however the mga1 -> mga2 upgrade has been tested already, so the > chance of serious issues arising for this is alot less than normallY. But it will need to be tested completely again as now mga1 state would be very different from what it was > C) since mariadb-5.5.23 is based on mysql-5.5.23, the changes are quite > less than would normally be. > > 4. don't fix this security issue > ==> this is also less preferred for me, for obvious reasons. > > 5. someone has a better idea?
Re: [Mageia-dev] GNOME 3.4.1 tarballs
On Fri, Apr 13, 2012 at 01:01:18PM +0200, Anne Nicolas wrote: > Please wait for Mageia 2 beta 3 to be released before Ok! -- Regards, Olav
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
> Le 13/04/2012 12:45, Colin Guthrie a écrit : >> 'Twas brillig, and Maarten Vanraes at 13/04/12 07:28 did gyre and >> gimble: >>> after talking with mariadb people and some others, i'm proposing to >>> update >>> mysql 5.5.10 to mariadb-5.5.23 in mga1. >> >> I would be pretty strongly against this. >> >> I think it's fine we're using mariadb in mga2, but I really don't fancy >> making this switch on a stable distro. >> >> It just seems like a really, really bad idea. Not necessarily >> technically, but in pretty much all other aspects - you have to consider >> how this would be viewed as well - changing something like this for a >> stable distro puts a big question mark over future stability and updates >> etc. too. > Same for me. > > Basically, you're proposing to break the assumption than current policy > ensures end user than a package update from 'updates' repository for > package 'foo' is just a bugfix for 'foo' package. You may have perfectly > valid technical reasons, but you're *silently* changing the rule upon > which people may have established their own policies, which is a very, > very bad idea. tbh, iinm the rule is that we like to provide only bugfix/security fix patches, but there are exceptions when that isn't possible to update to the full versions fixing this issue. Well, initially i was against this, but the options to actually fix this security bug are quite limited: 1. find all the responsible patches and add them manually ==> this is my preferred option, but seems not doable, and apparently no-one steps in and mysql isn't maintained (officially) 2. do like other distros and fix to higher mysql 5.5.22 which fixes this issue ==> this is totally not preferred for me; A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge QA load B) this also means that the mga1 -> mga2 upgrade will have to be extensively retested 3. go to the cauldron version that fixes these issues which is mariadb-5.5.23 ==> this is less preferred for me: A) a big change between mysql 5.5.10 and mysql 5.5.22, which means huge QA load B) however the mga1 -> mga2 upgrade has been tested already, so the chance of serious issues arising for this is alot less than normallY. C) since mariadb-5.5.23 is based on mysql-5.5.23, the changes are quite less than would normally be. 4. don't fix this security issue ==> this is also less preferred for me, for obvious reasons. 5. someone has a better idea? considering the response i got, now i'll default to letting someone else handle it, which might mean it never gets fixed. that would also mean for me that mageia1 would be a bad version to get LTS on. I'm open to suggestions... PS: as some people might think it's just a stupid political reason, but it's not. my reasons are detailed above.
Re: [Mageia-dev] GNOME 3.4.1 tarballs
Le 13/04/2012 12:48, Olav Vitters a écrit : > GNOME 3.4.1 tarballs will be uploaded between now and Wednesday. The > deadline for the tarballs is Mon 23:59 UTC, though with so many modules, > always a few are late. > > If I should *not* upload the tarballs as they are released, please tell > me asap. > Please wait for Mageia 2 beta 3 to be released before -- http://mageia.org
[Mageia-dev] GNOME 3.4.1 tarballs
GNOME 3.4.1 tarballs will be uploaded between now and Wednesday. The deadline for the tarballs is Mon 23:59 UTC, though with so many modules, always a few are late. If I should *not* upload the tarballs as they are released, please tell me asap. -- Regards, Olav
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
Le 13/04/2012 12:45, Colin Guthrie a écrit : 'Twas brillig, and Maarten Vanraes at 13/04/12 07:28 did gyre and gimble: after talking with mariadb people and some others, i'm proposing to update mysql 5.5.10 to mariadb-5.5.23 in mga1. I would be pretty strongly against this. I think it's fine we're using mariadb in mga2, but I really don't fancy making this switch on a stable distro. It just seems like a really, really bad idea. Not necessarily technically, but in pretty much all other aspects - you have to consider how this would be viewed as well - changing something like this for a stable distro puts a big question mark over future stability and updates etc. too. Same for me. Basically, you're proposing to break the assumption than current policy ensures end user than a package update from 'updates' repository for package 'foo' is just a bugfix for 'foo' package. You may have perfectly valid technical reasons, but you're *silently* changing the rule upon which people may have established their own policies, which is a very, very bad idea. -- BOFH excuse #274: It was OK before you touched it.
[Mageia-dev] Freeze push: transmission
Please push transmission 2.51. It fixes GTK crash and GNOME Shell improvement. Thanks, -- Damien Lallement twitter: damsweb - IRC: damsweb/coincoin
Re: [Mageia-dev] Freeze push: emesene
Le 13/04/2012 12:32, Damien Lallement a écrit : > Please push emesene 2.12.3 (mga #5359). > It's a bug fix version: > - better plugin handling and fixes > - typing notifications fixed > - bugfixes to the msn backend > - bugfixes/improvements to the facebook backend > - bugfixes/improvements to adium output > - prevent hanging/crashes with newer versions of openssl > - updated translations > - ... > > Thanks. http://pkgsubmit.mageia.org/uploads/rejected/cauldron/core/release/20120413104942.ennael.valstar.15116.youri -- http://mageia.org
Re: [Mageia-dev] mysql CVE's in mga1 => have it update to mariadb
'Twas brillig, and Maarten Vanraes at 13/04/12 07:28 did gyre and gimble: > after talking with mariadb people and some others, i'm proposing to update > mysql 5.5.10 to mariadb-5.5.23 in mga1. I would be pretty strongly against this. I think it's fine we're using mariadb in mga2, but I really don't fancy making this switch on a stable distro. It just seems like a really, really bad idea. Not necessarily technically, but in pretty much all other aspects - you have to consider how this would be viewed as well - changing something like this for a stable distro puts a big question mark over future stability and updates etc. too. If you are not able to work on the CVE issue for mga1 because you're unable to test properly a mysql fix, then please let someone else do it. I'm sure we all understand why you'd rather push mariadb and why you maybe wouldn't want to work on mysql. That's fine, we won't hold it against you :D Col -- Colin Guthrie colin(at)mageia.org http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/
[Mageia-dev] Freeze push: emesene
Please push emesene 2.12.3 (mga #5359). It's a bug fix version: - better plugin handling and fixes - typing notifications fixed - bugfixes to the msn backend - bugfixes/improvements to the facebook backend - bugfixes/improvements to adium output - prevent hanging/crashes with newer versions of openssl - updated translations - ... Thanks. -- Damien Lallement twitter: damsweb - IRC: damsweb/coincoin
Re: [Mageia-dev] /usr/share/texmf/ls-R
Le 13/04/2012 10:47, Florent Monnier a écrit : Hi, I have a package that installs a file /usr/share/texmf/ls-R This file exists yet, so what should I do with this file ? You should not replace it, but update it, using texhash command. -- BOFH excuse #420: Feature was not beta tested
[Mageia-dev] /usr/share/texmf/ls-R
Hi, I have a package that installs a file /usr/share/texmf/ls-R This file exists yet, so what should I do with this file ? -- Thanks
Re: [Mageia-dev] rtl8192ce missing firmware files in kernel-firmware-nonfree
On Thu, Apr 12, 2012 at 23:50, simple w8 wrote:
> 2012/4/12 Pascal Terjan :
>> On Thu, Apr 12, 2012 at 21:19, simple w8 wrote:
>>> Hi,
>>>
>>> I have a realtek wifi card:
>>>
>>> ~]# lspcidrake -vv|grep -i wifi
>>> rtl8192ce : Realtek Semiconductor Co., Ltd.|RTL8188CE
>>> 802.11b/g/n WiFi Adapter [NETWORK_OTHER] (vendor:10ec device:8176
>>> subv:10ec subd:9196) (rev: 01)
>>>
>>> it uses kernel module rtl8192ce (still dont understand why Mageia is
>>> calling as "RTL8188CE 802.11b/g/n WiFi Adapter" where is a 8192)
>>
>> rtl8192ce is the driver for RTL8192CE and RTL8188SE
>>
>> It seems pci.ids have same description for all of them:
>>
>> vendor: 10ec ("Realtek Semiconductor Co., Ltd."), device: 8176
>> ("RTL8188CE 802.11b/g/n WiFi Adapter")
>> vendor: 10ec ("Realtek Semiconductor Co., Ltd."), device: 8177
>> ("RTL8188CE 802.11b/g/n WiFi Adapter")
>> vendor: 10ec ("Realtek Semiconductor Co., Ltd."), device: 8178
>> ("RTL8188CE 802.11b/g/n WiFi Adapter")
>> vendor: 10ec ("Realtek Semiconductor Co., Ltd."), device: 8191
>> ("RTL8188CE 802.11b/g/n WiFi Adapter")
>>
>> You can request it to be fixed on
>> http://pci-ids.ucw.cz/read/PC/10ec/8176 if you know what should be the
>> name
>>
>>> untill today it has happened that when writing, multiple times i get
>>> characters repeated like the keyboard key was stuck.
>>>
>>> When i runned Mandriva cooker 2 months ago i didnt had this problem so
>>> i went to see the differences between both packages
>>> kernel-firmware-nonfree (from Mageia) and kernel-firmware-extra (from
>>> Mandriva) and i saw that there are missing firmware files in the
>>> Mageia package, these files exist upstream, so i dont understand why
>>> werent them all put available in Mageia...
>>
>> I presume you the files are:
>>
>> rtlwifi/rtl8192cfwU_B.bin
>> rtlwifi/rtl8192cfwU.bin
>> rtlwifi/rtl8192cfw.bin
>
> These are not the only differences, check the output:
>
> ~]$ LC_ALL=C diff -U 3
> /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi
> /mageia/kernel-firmware-nonfree/SOURCES/linux-firmware-nonfree-20120219/rtlwifi
> Only in /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi:
> rtl8192cfwU.bin
> Only in /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi:
> rtl8192cfwU_B.bin
> Binary files
> /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi/rtl8192defw.bin
> and
> /mageia/kernel-firmware-nonfree/SOURCES/linux-firmware-nonfree-20120219/rtlwifi/rtl8192defw.bin
> differ
> Only in /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi:
> rtl8192defw_12.bin
> Binary files
> /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi/rtl8192sefw.bin
> and
> /mageia/kernel-firmware-nonfree/SOURCES/linux-firmware-nonfree-20120219/rtlwifi/rtl8192sefw.bin
> differ
> Only in /mandriva/kernel-firmware-extra/SOURCES/linux-firmware/rtlwifi:
> rtl8192sefw.old.bin
Well I don't know where they are coming from, not from upstream.
Maybe from the driver provided on realtek site?
