[Mageia-dev] Freeze push: sessreg
This updates to 1.0.8 with only minor cosmetic changes. It fixes some compiler warnings and adds a -V option to print the version. I've confirmed it builds fine in Cauldron.
Re: [Mageia-dev] Freeze push: rcs 5.8.3
Kamil Rytarowski wrote: > Hello, > > Please push rcs-5.8.3. > It's a bugfix release [1]. > > Regards, > > [1] https://www.gnu.org/software/rcs/ Ping?
Re: [Mageia-dev] Freeze push: ipython
David Walser wrote: > This updates to bugfix release 0.13.2. I've confirmed it builds in Cauldron. > > Release 0.13.2 > == > > 0.13.2 is a bugfix release for 0.13, released on April 5, 2013. > > Most notable fixes are related to compatibility with Qt and Wx GUIs. Ping?
[Mageia-dev] Freeze push: ipython
This updates to bugfix release 0.13.2. I've confirmed it builds in Cauldron. Release 0.13.2 == 0.13.2 is a bugfix release for 0.13, released on April 5, 2013. Most notable fixes are related to compatibility with Qt and Wx GUIs.
Re: [Mageia-dev] Freeze push: rpm-mageia-setup 1.170
David Walser wrote: > David Walser writes: >> Indeed, please do not push this. This is still being worked on. > > I believe I've found the fix for this minor regression, which was fixed by > the fix I proposed previously, but the other problem Luc uncovered actually > was a pre-existing bug which has just been uncovered by this: > https://bugs.mageia.org/show_bug.cgi?id=3697#c21 > > This fixes the minor regression without reverting the fix for the major > problem Thierry's change was trying to fix in the first place, by fixing > the major problem in a more proper way. I've verified that my proposed fix does indeed fix 3697, as well as fix the regression and other issue found by Luc. I've built po4a and dkpg with it successfully and confirmed that their package file lists are correct. It's committed in SVN as rpm-mageia-setup 1.171 and may be pushed.
Re: [Mageia-dev] possible security issues affecting Cauldron (please help)
Thanks to Funda and Guillaume for fixing the 4 new ones from Thursday. There's one new one from Friday added to the bottom of the list. David Walser wrote: > > mediawiki needs updated: > https://bugs.mageia.org/show_bug.cgi?id=3448 > > v8 needs updated: > https://bugs.mageia.org/show_bug.cgi?id=8567 > > libvirt CVE-2013-1766 (see comment 11): > https://bugs.mageia.org/show_bug.cgi?id=6526 > > not sure if all issues in xen are fixed: > https://bugs.mageia.org/show_bug.cgi?id=6931 > > util-linux CVE-2013-0157: > https://bugs.mageia.org/show_bug.cgi?id=8615 > > nginx possible spec change needed: > https://bugs.mageia.org/show_bug.cgi?id=9268 > > openstack-keystone CVE-2013-1865: > https://bugs.mageia.org/show_bug.cgi?id=9473 Just added -- subversion needs updated to 1.7.9: https://bugs.mageia.org/show_bug.cgi?id=9624
Re: [Mageia-dev] possible security issues affecting Cauldron (please help)
Thanks to Guillaume and Funda for fixing some of these. Subversion has just been added today (at the bottom). mediawiki needs updated: https://bugs.mageia.org/show_bug.cgi?id=3448 v8 needs updated: https://bugs.mageia.org/show_bug.cgi?id=8567 libvirt CVE-2013-1766 (see comment 11): https://bugs.mageia.org/show_bug.cgi?id=6526 not sure if all issues in xen are fixed: https://bugs.mageia.org/show_bug.cgi?id=6931 util-linux CVE-2013-0157: https://bugs.mageia.org/show_bug.cgi?id=8615 nginx possible spec change needed: https://bugs.mageia.org/show_bug.cgi?id=9268 openstack-keystone CVE-2013-1865: https://bugs.mageia.org/show_bug.cgi?id=9473 puppet needs updated to 2.7.21 (conflicting subpackages w/puppet3): http://lwn.net/Vulnerabilities/542701/ subversion needs updated to 1.7.9: https://bugs.mageia.org/show_bug.cgi?id=9624
[Mageia-dev] KDE game packages still at 4.10.1
A handful of KDE packages (looks like games) weren't updated to 4.10.2, so I just wanted to make sure they weren't forgotten. They are: bomber bovo granatier kajongg kapman katomic killbots kiriki kjumpingcube klickety klines ktuberling kubrick lskat palapeli picmi Also tangentially related, neoclust already knows, but also wanted to make sure it wasn't forgotten, owncloud needs updated due to regressions: http://www.h-online.com/open/news/item/Security-updates-break-ownCloud-installations-1834507.html
[Mageia-dev] Freeze push: telepathy-glib
This updates to bugfix release 0.20.2. telepathy-glib 0.20.2 (2013-04-03) == Fixes: • In TpSimpleClientFactory, don't crash when ensuring a contact for an obsolete connection manager without "immortal handles" fails (Maksim Melnikau) • Add missing (element-type) introspection annotations to tp_capabilities_get_channel_classes, tp_asv_get_bytes and tp_client_channel_factory_dup_channel_features (fd.o #58851, Philip Withnall) • Fix builds with Automake 1.13 (fd.o #59604, Nuno Araujo) • Fix unit tests when running with glib >=2.36 (fd.o #63069, Xavier) I've verified that it builds fine in Cauldron.
Re: [Mageia-dev] possible security issues affecting Cauldron (please help)
And of course as soon as I send this a bunch of new ones show up today. See the bottom for the additional ones. mediawiki needs updated: https://bugs.mageia.org/show_bug.cgi?id=3448 v8 needs updated: https://bugs.mageia.org/show_bug.cgi?id=8567 libvirt CVE-2013-1766 (see comment 11): https://bugs.mageia.org/show_bug.cgi?id=6526 not sure if all issues in xen are fixed: https://bugs.mageia.org/show_bug.cgi?id=6931 util-linux CVE-2013-0157: https://bugs.mageia.org/show_bug.cgi?id=8615 nginx possible spec change needed: https://bugs.mageia.org/show_bug.cgi?id=9268 openstack-keystone CVE-2013-1865: https://bugs.mageia.org/show_bug.cgi?id=9473 Just added -- nrpe CVE-2013-1362: https://bugs.mageia.org/show_bug.cgi?id=9615 ffmpeg needs updated to 1.1.4: https://bugs.mageia.org/show_bug.cgi?id=9616 postgresql packages need updated: https://bugs.mageia.org/show_bug.cgi?id=9617 puppet needs updated to 2.7.21: http://lwn.net/Vulnerabilities/542701/
[Mageia-dev] possible security issues affecting Cauldron (please help)
Since we're getting close to the end, I just wanted to make sure everyone was aware of possible security issues affecting Cauldron, so we can try to get these fixed. mediawiki needs updated: https://bugs.mageia.org/show_bug.cgi?id=3448 v8 needs updated: https://bugs.mageia.org/show_bug.cgi?id=8567 libvirt CVE-2013-1766 (see comment 11): https://bugs.mageia.org/show_bug.cgi?id=6526 not sure if all issues in xen are fixed: https://bugs.mageia.org/show_bug.cgi?id=6931 util-linux CVE-2013-0157: https://bugs.mageia.org/show_bug.cgi?id=8615 nginx possible spec change needed: https://bugs.mageia.org/show_bug.cgi?id=9268 openstack-keystone CVE-2013-1865: https://bugs.mageia.org/show_bug.cgi?id=9473
Re: [Mageia-dev] Freeze push: rpm-mageia-setup 1.170
David Walser writes: > Indeed, please do not push this. This is still being worked on. I believe I've found the fix for this minor regression, which was fixed by the fix I proposed previously, but the other problem Luc uncovered actually was a pre-existing bug which has just been uncovered by this: https://bugs.mageia.org/show_bug.cgi?id=3697#c21 This fixes the minor regression without reverting the fix for the major problem Thierry's change was trying to fix in the first place, by fixing the major problem in a more proper way.
Re: [Mageia-dev] Freeze push: rpm-mageia-setup 1.170
Thierry Vignaud writes: > On 4 April 2013 09:12, Luc Menut wrote: > > Please, can someone push rpm-mageia-setup 1.170 ? > > > > It fixes a regression introduced with 1.168: all the directories found by > > find-lang are not owned by packages when --with-man is used (mga 3697c10). > > err people disagree on this BR! Indeed, please do not push this. This is still being worked on.
Re: [Mageia-dev] freeze push 389-ds-base
Thomas Spuhler writes: > It also fixes security issue mga Bug # 9605 Ping? This fixes CVE-2013-1897. https://bugs.mageia.org/show_bug.cgi?id=9605
[Mageia-dev] Freeze push: samba
This updates to bugfix release 3.6.13. http://www.samba.org/samba/history/samba-3.6.13.html I've verified that it builds fine in Cauldron.
Re: [Mageia-dev] what's the purpose of this list ?
Oliver Burger writes: > And really I don't understand the fuss about this, if people don't want to > read > those mails, just configure your mailbox to filter them, or ignore them. We shouldn't have to configure anything when we didn't volunteer to receive these mails in the first place, as Guillaume stated! Personally for me, Yahoo! Mail limits you to only 15 filters in the free version, so it's not always that easy either. The contact@ e-mail alias is even worse. We've gotten just as much spam as "legitimate" e-mail at that address, and the rest of it doesn't concern me in the least. I don't want to receive any mail from that alias.
[Mageia-dev] Freeze push: gajim (security update)
This updates to bugfix release 0.15.3, which fixes CVE-2012-5524, among other things. https://bugs.mageia.org/show_bug.cgi?id=9593 I've confirmed that it builds fine in Cauldron.
Re: [Mageia-dev] [Mageia-sysadm] setup package not installed until quite late on...
Colin Guthrie writes: > Any other/better thoughts? Probably not directly relevant, but we haven't done anything with the setup package since importing IINM, but there have been some changes to it in mdv. We should check to see if we want those as well.
[Mageia-dev] Freeze push: asterisk (security update)
This updates to 11.2.2 (updated by Oden), which fixes: - CVE-2013-2264 - CVE-2013-2685 - CVE-2013-2686 https://bugs.mageia.org/show_bug.cgi?id=9583
[Mageia-dev] Freeze push: nspr
This updates to 4.9.6, which will be needed for the next round of Mozilla updates. It looks like the main change is fixing setting thread priorities. I've confirmed it builds and works fine in Cauldron.
[Mageia-dev] Freeze push: libuser (security update)
This updates to bugfix release 0.59, which primarily fixes some security issues (CVE-2012-5630 and CVE-2012-5644). https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.59 I've confirmed that it builds fine in Cauldron.
[Mageia-dev] Freeze push: hexedit
This updates to bugfix release 1.2.13 (from our old friend Pixel). - fix displaying sector number when above 2^31 - fix potential file descriptor leak (thanks to Rich Burridge) - add DESTDIR support to the makefiles - preprocessor flags should use CPPFLAGS, not CFLAGS - fix a small issue in mymemmem/mymemrmem when HAVE_MEMMEM/HAVE_MEMRMEM is not defined I also added a patch from Fedora to prevent it from stripping during %install which breaks -debuginfo. I've confirmed that it builds and works fine in Cauldron.
[Mageia-dev] Freeze push: cifs-utils
This updates to minor bugfix release 6.0. Probably the most notable change is a documentation update regarding a changed default in kernel 3.8. https://lists.samba.org/archive/samba-technical/2013-March/091169.html I've confirmed that it builds fine in Cauldron.
[Mageia-dev] Freeze push: audit
This updates to bugfix release 2.2.3, most notably fixing the syscall table for kernel 3.8. - Update man pages - Aureport no longer reads auditd.conf when stdin is used - Don't let systemd kill auditd if auditctl errors out - Update syscall table for 3.7 and 3.8 kernels - Add interpretation for setns and unshare syscalls - Code cleanup (Tyler Hicks) - Documentation cleanups (Laurent Bigonville) - Add dirfd interpretation to the *at functions - Add termination signal to clone flags interpretation - Update stig.rules - In auditctl, when listing rules don't print numeric value of dir fields - Add support for rng resource type in auvirt - Fix aulast bad login output (#922508) - In ausearch, allow negative numbers for session and auid searches - In audisp-remote, if disk_full_action is stop then stop sending (#908977) http://people.redhat.com/sgrubb/audit/ChangeLog I've confirmed it builds fine in Cauldron.
[Mageia-dev] Freeze push: bind (security update)
This updates to 9.9.2-P2, which fixes CVE-2013-2266. A patch from RedHat to fix CVE-2012-5689 has also been added. I've confirmed that it builds fine in Cauldron. https://bugs.mageia.org/show_bug.cgi?id=9163
Re: [Mageia-dev] Update to boost-1.53 ?
Barry Jackson wrote: > As mentioned in last week's packager's meeting, there is a problem with > our gnuradio package, because upstream have blacklisted boost-1.52. > https://bugs.mageia.org/show_bug.cgi?id=8789 > > I have spent considerable time test rebuilding all packages from current > svn that BuildRequire boost, against boost-1.53 to see if an update of > boost is viable. (x86_64 only so far) > > Fixes have been applied to some packages and now there are just two > remaining that fail to build:- Now that it's down to these two, I think this should be done. libyui is only here for the new MCC which won't be ready at least until mga4, and it seems this gnuradio is important to some people, while vegastrike is just a game I think.
Re: [Mageia-dev] Packages not rebuilt since Mageia 1
eatdirt writes: > On 26/03/13 15:24, Pascal Terjan wrote: > > There are 26 packages. > > > > atlas > > I think, and unless someone complains, this one should be dropped. Atlas > is supposed to provice fast routines already provided by blas and lapack Interesting, thanks for this. libatlas3-sse3 had been pulled in on my system by python-numpy, but liblapack3 provides the same library and can be installed in place of libatlas3-sse3. I don't know why libatlas3-sse3 was chosen ahead of liblapack3 in the first place. What should we do about systems that already have libatlas3-sse3 installed?
Re: [Mageia-dev] Freeze push: chromium-browser-stable
D.Morgan writes: > > when built please push on nonfree too > > don't forget to push on core/release :) Nonfree? Are you sure that shouldn't be in tainted?
Re: [Mageia-dev] Packages not rebuilt since Mageia 2
Thomas Spuhler writes: > > php-pear-Mail_Mime > > Please Freeze push it. You should probably do a new thread for that.
Re: [Mageia-dev] Packagers meeting tonight (26/03/3013, 20h UTC)
Guillaume Rousse writes: > Also, recurrent argument as 'we should obsoletes X so as to remove it > from mirror' is still a non-sense. Removing content on the mirror is an > internal administrative issue. Yes, I still agree with you on this in general. > The whole issue should rather be documented in release notes, so as to > have admins handle the upgrade explicitely, rather than trying to > adresse it automagically. OK, that sounds reasonable then. Thanks.
Re: [Mageia-dev] Packagers meeting tonight (26/03/3013, 20h UTC)
Colin Guthrie writes: > Note, pam_ldap should be nuked AFIUI. Drak tools has been updated to > suggest pam_nss_ldap instead. > > - drakauth: > o install nss-pam-ldapd instead of nss_ldap (mga#9375) > > However it seems pam_ldap remains when it should actually be dropped also... > > AFAUI, the nss_ldap+pam_ldap should be replced by the nss-pam-ldapd+sssd > combo no? If so, then a further couple of tweaks are needed in drakauth > methinks. I thought you could use one or the other (nss-pam-ldapd/sssd)? Also, something should really obsolete the nss_ldap/pam_ldap packages so they get replaced with something else that works for people that already have them installed. If that's done, pam_ldap will be automatically removed from the mirrors anyway. Probably nss-pam-ldapd is the right place to do this.
Re: [Mageia-dev] Freeze Push: Virtualbox 4.2.10
Robert Fox writes: > Minor update: > > VirtualBox 4.2.10 (release 2013-03-15) Um, this isn't quite how freeze pushes work. It's not a request that someone update it. It's a packager saying that they've already updated it in SVN and they're asking one of the few who have privileges to submit packages with new version to the build system to submit it (as well as giving others a chance to discuss the proposed update). tmb is the virtualbox maintainer and I imagine he'll update it some time soon.
Re: [Mageia-dev] Freeze push: rekonq
Nicolas Lécureuil writes: > Hi, > > please push rekonq ( bug fix release ) Ping? The update is to 2.2.1. The only changes are translation updates, and one very minor bugfix to the bookmark bar. I've confirmed that it builds and works fine in Cauldron.
[Mageia-dev] poppler update?
A new bugfix release 0.22.2 is out (changes listed under Download): http://poppler.freedesktop.org/ But as usual, even a minor update changes the library major number. Should we update?
[Mageia-dev] Freeze push: chkconfig
This updates to 1.3.60, fixing some minor bugs, the most notable of which is listing xinetd services works again now that xinetd itself has been migrated to systemd. - make sure install_initd/remove_initd provides appropriate help output for those commands (#803818) - check for overridden services in /etc too (#850899) - chconfig should own /etc/rc.d (#894328) - isXinetdEnabled should also ask systemd (#820363) - alternatives: look for service file also in /etc - alternatives: add --list option (#622635) - chkconfig: add hint to call systemctl list-unit-files and list-dependencies (#800334) - chkconfig: correctly handle unreadable init.d (#913807) - alternatives: call systemctl enable with --force (#915667) I've confirmed that it builds and works fine in Cauldron.
Re: [Mageia-dev] Problem with console keymaps
JA Magallón wrote: > Hi... > > I finally have discovered why my kbd never worked as it should in console: > > werewolf:~# loadkeys -v -u es | grep Loading > Loading /usr/lib/kbd/keymaps/i386/olpc/es.map.gz > > It picks the keyboard layout from the OLCP ! > If I delete/move the /usr/lib/kbd/keymaps/i386/olpc directory, everything > works ok. But it should not be necessary. > > It also works if I do: > werewolf:~# loadkeys -v -u qwerty/es | grep Loading > Loading /usr/lib/kbd/keymaps/i386/qwerty/es.map.gz > > Solution ? What should I change in my /etc/sysconfig/keyboard: > > werewolf:/etc/sysconfig# cat keyboard > XkbModel=pc105 > XkbLayout=es > KEYBOARD=es > XkbOptions=compose:rwin > KEYTABLE=es-latin1 > > What could break with, for example, KEYBOARD=qwerty/es ? > > TIA I wonder if this is the same as the bug in Fedora 18. Most noticeable by quotation marks around filenames being screwed up in rm -i output.
[Mageia-dev] Freeze push: foomatic-db-engine
This updates to 4.0.9, with just a couple minor changes: * lib/Foomatic/DB.pm: Error out when initializing the DB object without any form of a Foomatic database being present, made the getpage() method a normal, object-independent function as it does not need a Foomatic database. * foomatic-configure.in, foomatic-printjob.in: Updated to use getpage() as a normal function, fixed CUPS check, made foomatic-printjob working without presence of a Foomatic database. http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-db-engine/annotate/head:/ChangeLog I confirmed it builds fine in Cauldron.
[Mageia-dev] Freeze push: proftpd
This updates to bugfix release 1.3.4c. http://www.proftpd.org/docs/NEWS-1.3.4c I confirmed it builds and works fine in Cauldron.
[Mageia-dev] Freeze push: timezone
This updates to 2013b, which provides updated timezone data for several locations. I've confirmed that it builds and installs fine in Cauldron.
[Mageia-dev] Freeze push: squid
This updates to bugfix 3.2.9. - Regression fix: Accept-Language header parse - Bug 3673: Silence 'Failed to select source' messages - Fix authentication headers sent on peer digest requests - Fix build error on Solaris, OpenIndiana, Omnios http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID_3_2_9.html I've confirmed that it builds and works fine in Cauldron.
Re: [Mageia-dev] Freeze push: squid
--- On Wed, 3/13/13, Luis Daniel Lucio Quiroz wrote: > From: Luis Daniel Lucio Quiroz > Subject: Re: [Mageia-dev] Freeze push: squid > To: mageia-dev@mageia.org > Cc: "David Walser" > Date: Wednesday, March 13, 2013, 6:46 PM > > Le samedi 09 mars 2013 18:26:16 David Walser a écrit : > > Luis Daniel Lucio Quiroz wrote: > > > Le mardi 05 mars 2013 14:50:15 Guillaume Rousse a > écrit : > > >> Le 05/03/2013 14:42, David Walser a écrit : > > >> > This updates to bugfix release 3.2.8, > which also fixes a minor security > > >> > issue with tmpfile creation. > > >> > > >> Done. > > > > > > Is it a problem if i push 3.3.1? > > > > Yes. We're in a freeze period and shouldn't > generally be switching to newer > > stable branches without a really good reason to do so. > > > > Squid 3.2.x is still supported upstream, and isn't > terribly old, so should > > be supported for a while I'd expect. > > > > 3.3.x is brand new. It can wait for after Mageia 3. > > I dont think this argument is valid > since we are still updating kde related > software No, KDE is staying with the 4.10.x branch. Updating it from 4.10.0 to 4.10.1 is the same as upgrading Squid from 3.2.7 to 3.2.8, which we have done. If KDE 4.11 were to come out before Mageia 3, it would not be included. Neither should Squid 3.3.x, same deal.
Re: [Mageia-dev] urpmi always use rsync
zezinho writes: > in my two cauldron systems, urpmi is now always using rsync, even if > another downloader is setup in urpmi.cfg or asked in CLI. > > I am using default mirrorlist created by edit-urpm-sources.pl. Indeed it does, and even worse, if your network requires a proxy, this totally does not work. Even if you have a proxy configured through drakconf, it still won't use it for rsync. This technically is correct, as that proxy setting is supposed to be just for http/https/ftp, and globally setting the RSYNC_PROXY variable along with those may be undesirable and cause problems with using rsync across your local network. Still, it'd be nice if this could be handled better somehow. I'm just not sure what the right solution is.
Re: [Mageia-dev] freeze push: libreoffice
Thierry Vignaud writes: > Hi > > Please let in libreoffice: > - updated from 4.0.0 to -> 4.0.1 Should we also update some of the libraries it uses? graphite2, libcmis, libvisio, and maybe raptor2 and rasqal are the ones I see.
Re: [Mageia-dev] forkbomb protection
David Walser wrote: > I saw an article this morning on LinuxToday that reminded me of the famous > shell forkbomb that most of you are probably aware of (I became aware of it several years ago from someone's e-mail signature on a mailing list): > http://cyberarms.wordpress.com/2012/11/26/an-eleven-character-linux-denial-of-service-attack-how-to-defend-against-it/ > > This also reminded me that we don't have protection against this out of the > box in Mageia. > > I checked on Fedora, and it turns out they do, as described here: > https://bugzilla.redhat.com/show_bug.cgi?id=432903 > > Their pam package has a /etc/security/limits.d/90-nproc.conf file that has: > # Default limit for number of user's processes to prevent > # accidental fork bombs. > # See rhbz #432903 for reasoning. > > *softnproc1024 > > As the last comment on the bug says, it's a bit confusing that it's in > limits.d/ and not the limits.conf file itself, and in fact I'm not sure what is responsible for processing limits.d/* as limits.conf says nothing about it (Fedora's is the exact same as ours). Anyway, one way or another it would be nice to have this limit set by default on Mageia, IMHO. WDYT? I added this exactly as Fedora has in pam-1.1.6-4.mga3. Let me know if it causes problems or doesn't work.
[Mageia-dev] Freeze push: telepathy-gabble (security update)
This updates to 0.17.3, which fixes CVE-2013-1769: http://lists.freedesktop.org/archives/telepathy/2013-March/006378.html http://lists.freedesktop.org/archives/telepathy/2013-March/006379.html I've confirmed that it builds fine in Cauldron. *** Also a question about this... *** I updated telepathy-gabble to 0.17.2 from 0.16.4 right before the freeze. I didn't realize at the time that 0.17.x is the development branch for the eventually 0.18.x stable series. Should we stick with this branch, or revert to 0.16.5, which also fixes this security bug? http://lists.freedesktop.org/archives/telepathy/2013-March/006377.html I can confirm that it also builds fine in Cauldron. The apparent advantages of the 0.17.x branch, from the 0.17.0 announcement: • Implement WLM jidlookup. This makes possible to add MSN contacts using XMPP. • Fix google caps parsing. http://lists.freedesktop.org/archives/telepathy/2012-August/006225.html
Re: [Mageia-dev] Freeze push: squid
Luis Daniel Lucio Quiroz wrote: > Le mardi 05 mars 2013 14:50:15 Guillaume Rousse a écrit : >> Le 05/03/2013 14:42, David Walser a écrit : >> > This updates to bugfix release 3.2.8, which also fixes a minor security >> > issue with tmpfile creation. >> Done. > > Is it a problem if i push 3.3.1? Yes. We're in a freeze period and shouldn't generally be switching to newer stable branches without a really good reason to do so. Squid 3.2.x is still supported upstream, and isn't terribly old, so should be supported for a while I'd expect. 3.3.x is brand new. It can wait for after Mageia 3.
[Mageia-dev] Freeze push: desktop-common-data
This restores the proper editor script and fixes the quoting of command-line arguments.
[Mageia-dev] Freeze push: wireshark
This updates to 1.8.6, fixing several security issues. http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html I've confirmed that it builds and works fine in Cauldron.
Re: [Mageia-dev] Freeze push: desktop-common-data
Thomas Backlund writes: > Guillaume Rousse skrev 4.3.2013 13:52: > > Le 03/03/2013 00:57, nicolas vigier a écrit : > >> Ok your buggy script has been restored. Now someone need to submit > >> desktop-common-data again. > > A different conclusion could have been than two different usages > > requires two different scripts, and than they could perfectly coexist > > with two different names... > > > > Yep, that would be the best way forward. That's fine, but for now, let's please get the proper script back in the package ASAP. Also, I looked more closely at this, and the "bugs" that were claimed in the original script are just not there, save for one. Please re-add this one change: http://svnweb.mageia.org/soft/desktop-common-data/trunk/bin/editor?r1=4446&r2=7450 And push it to the package in SVN and then to the build system. Thanks!
[Mageia-dev] Freeze push: libgusb
This updates to 0.1.6, with some minor bugfixes: - Do not use deprecated GLib functionality - Remove duplicate gtk-doc check in configure - Unref the GMainloop after it has been run, not when just quit I confirmed it builds and installs fine in Cauldron.
[Mageia-dev] Freeze push: byacc
This updates to bugfix release 20130304, which fixes one bug, and has some minor compile/build fixes. "This release fixes the special case in which the "-i" option is given without "-d", adds other minor fixes, and improves the regression testcases." http://freecode.com/projects/byacc/releases/352798 I've confirmed it builds fine (and passes make check) in Cauldron.
Re: [Mageia-dev] Regular users installing updates through packagekit or rpmdrake
David Walser writes: > OpenSuSE issued an advisory for PackageKit, because when systems were configured to allow regular users > to install security updates, they also had the ability to install *older* updates than the newest, > reintroducing security issues into the system. > > Does PackageKit in Mageia, or even our own rpmdrake tool which can be configured to allow users to install > updates, have an issue with this? > > References: > http://lists.opensuse.org/opensuse-updates/2013-03/msg6.html > https://bugzilla.novell.com/show_bug.cgi?id=804983 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1764 It doesn't appear to me that our tools will let regular users install older package versions. As for PackageKit, I have no idea. Could someone lend some insight on this?
[Mageia-dev] Freeze push: squid
This updates to bugfix release 3.2.8, which also fixes a minor security issue with tmpfile creation. Changes to squid-3.2.8 (02 Mar 2013): - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client - Bug 3763: diskd Error: no filename in shm buffer - Bug 3752: objects that cannot be cached in memory are not cached on disk - Bug 3753: Removes the domain from the cache_peer server pconn key - Bug 3749: IDENT lookup using wrong ports to identify the user - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests - Bug 3686: cache_dir max-size default fails - Bug 3515: crash in FtpStateData::ftpTimeout - Bug 3329: Quieten orphan Comm::Connection messages - Make squid -z for cache_dir rock preserve the rock DB - Fixed several server connect problems - ... and some build issues on Solaris, OpenIndiana, MacOS X - ... and some documentation and debugs polishing http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID_3_2_8.html I've confirmed that it builds and works fine in Cauldron.
[Mageia-dev] Regular users installing updates through packagekit or rpmdrake
OpenSuSE issued an advisory for PackageKit, because when systems were configured to allow regular users to install security updates, they also had the ability to install *older* updates than the newest, reintroducing security issues into the system. Does PackageKit in Mageia, or even our own rpmdrake tool which can be configured to allow users to install updates, have an issue with this? References: http://lists.opensuse.org/opensuse-updates/2013-03/msg6.html https://bugzilla.novell.com/show_bug.cgi?id=804983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1764
Re: [Mageia-dev] Freeze push: desktop-common-data
nicolas vigier wrote: > On Sat, 02 Mar 2013, David Walser wrote: > >> nicolas vigier wrote: >> > On Sat, 02 Mar 2013, David Walser wrote: >> > >> >> nicolas vigier wrote: >> >> > Please push desktop-common-data. >> >> > >> >> > In this new version /usr/bin/editor has been changed to try to use >> >> > $VISUAL and $EDITOR instead of only $TEXTEDITOR : >> >> > http://svnweb.mageia.org/soft/desktop-common-data/trunk/bin/editor?view=log >> >> >> >> This was a bad change. It was working fine :o( >> >> >> >> http://svnweb.mageia.org/soft/desktop-common-data/trunk/bin/editor?r1=7450&r2=7451 >> > >> > It was not working. You can try with a script like this to check that it >> > doesn't work : >> > #!/bin/sh >> > TEXTEDITOR="xvt -e vim" >> > $TEXTEDITOR $@ >> > >> > It opens a new terminal with vim inside, but does not open the file. >> > >> > Also opening a new terminal when you are already in a terminal is not >> > very nice. >> >> It was working fine, I tested it when I wrote it. Do you even know what >> this script is for? > > It doesn't work, and it's easy to see why it cannot work. > > A lot of script coming from Debian use /usr/bin/editor and expect it to > open an editor in the same terminal. If you need a script that always > open a graphical editor and does not open the file that is given on > command line you should probably give it an other name. This thing wasn't created for use with Debian scripts, it was created for the Text Editor toolbar button in IceWM. It was originally called xte, but that conflicted with some other package, so dams renamed it to editor. If that name is causing problems, feel free to rename it again (we'll have to update IceWM for the new name). But the old script as it was worked fine. Please restore it.
[Mageia-dev] Freeze push: dbus-glib
This updates to 0.100.2, which has no code changes. They just regenerated their autofoo and had some documentation changes. I've confirmed that it builds fine.
Re: [Mageia-dev] Freeze push: desktop-common-data
nicolas vigier wrote: > On Sat, 02 Mar 2013, David Walser wrote: > >> nicolas vigier wrote: >> > Please push desktop-common-data. >> > >> > In this new version /usr/bin/editor has been changed to try to use >> > $VISUAL and $EDITOR instead of only $TEXTEDITOR : >> > http://svnweb.mageia.org/soft/desktop-common-data/trunk/bin/editor?view=log >> >> This was a bad change. It was working fine :o( >> >> http://svnweb.mageia.org/soft/desktop-common-data/trunk/bin/editor?r1=7450&r2=7451 > > It was not working. You can try with a script like this to check that it > doesn't work : > #!/bin/sh > TEXTEDITOR="xvt -e vim" > $TEXTEDITOR $@ > > It opens a new terminal with vim inside, but does not open the file. > > Also opening a new terminal when you are already in a terminal is not > very nice. It was working fine, I tested it when I wrote it. Do you even know what this script is for? It's for launcher buttons in desktop environments (and other things that needs launch an editor in a DE), for example one of the default toolbar buttons in IceWM. Those normally wouldn't be passing a filename to it, but even if you want to use it that way (which is totally reasonable), you can just add the "$@" to it, rather than wholesale ripping out its support of emacs-nox and vim! Also, it needs to open a new terminal most of the time, since it's not actually meant to be called from one. Again though, that's not an unreasonable usage, but you could just add code to detect that case, rather than again ripping out the main functionality that it's designed for.
Re: [Mageia-dev] Freeze push: desktop-common-data
nicolas vigier wrote: > Please push desktop-common-data. > > In this new version /usr/bin/editor has been changed to try to use > $VISUAL and $EDITOR instead of only $TEXTEDITOR : > http://svnweb.mageia.org/soft/desktop-common-data/trunk/bin/editor?view=log This was a bad change. It was working fine :o( http://svnweb.mageia.org/soft/desktop-common-data/trunk/bin/editor?r1=7450&r2=7451
[Mageia-dev] Freeze push: dosfstools
This updates to 3.0.16, with just this change: "Bugfixes in dosfslabel." http://www.daniel-baumann.ch/software/dosfstools/ http://freecode.com/projects/dosfstools/releases/352684 I've verified that it builds fine in Cauldron.
Re: [Mageia-dev] freeze push: krb5
David Walser writes: > Guillaume Rousse writes: > > 1.11.1 fixes a null pointer dereference problem (security issue). > > Also known as CVE-2013-1415: > https://bugzilla.redhat.com/show_bug.cgi?id=914749 > > Ping? :o) What is the hold-up with this? Why hasn't this been pushed yet?
[Mageia-dev] Freeze push: sudo
This updates to 1.8.6p7 which fixes a security issue only. Ubuntu has rated this as a high-severity security issue. http://www.sudo.ws/sudo/alerts/epoch_ticket.html http://www.sudo.ws/sudo/stable.html http://www.ubuntu.com/usn/usn-1754-1/ I've verified that it builds and works fine in Cauldron.
[Mageia-dev] Freeze push: xterm
This updates to 291, which fixes one bug: "This release fixes the special case of the #282 change for "alternateScroll" to allow the wheel-mouse to work properly in the scrollbar area." http://freecode.com/projects/xterm/releases/352610 I can't reproduce the bug, but I can verify that 291 builds and works fine in Cauldron.
Re: [Mageia-dev] freeze push: krb5
Guillaume Rousse writes: > 1.11.1 fixes a null pointer dereference problem (security issue). Also known as CVE-2013-1415: https://bugzilla.redhat.com/show_bug.cgi?id=914749 Ping? :o)
Re: [Mageia-dev] Freeze push: ruby 1.9.3-p392
FundaWang writes: > Hello, > > Could somebody push ruby 1.9.3-p392 into cauldron? It fixed CVE-2013-0269 and another security problem. > > Thanks. +1 See https://bugs.mageia.org/show_bug.cgi?id=9160 for some references.
[Mageia-dev] Freeze push: poppler
This updates to bugfix release 0.22.1, mostly fixing crasher bugs. core: * Fix crash in some pdf files when extracting text (Bug #59561) * Fix crashes in wrongly formed files * Fix wrong warning when opening some files (Bug #58966) build system: * Improve autoconf jpeglib.h detection (Bug #59186) http://poppler.freedesktop.org/ I've confirmed that it builds fine in Cauldron.
[Mageia-dev] Freeze push: git
This updates to 1.8.1.4, which only fixes one bug: * "git imap-send" talking over imaps:// did make sure it received a valid certificate from the other end, but did not check if the certificate matched the host it thought it was talking to. https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt
[Mageia-dev] Freeze push: dosfstools
This updates to 3.0.15, which fixes some bugs and upstreams the two patches we had. ChangeLog: - Using wcstombs() to convert LFN unicode characters to printable text. This closes Debian bug #596336. - Recode short filenames from DOS codepage (default 437) to the current character encoding. This makes messages of dosfsck more readable. Partially closes Debian bug #596336. - Fixing root directory allocation. (RedHat bug 674095) - Fixing device detection. (RedHat bug 710480) I've confirmed that it builds fine.
[Mageia-dev] Freeze push: iso-codes
This updates to 3.41 which is almost all translation updates. Upstream ChangeLog: http://anonscm.debian.org/gitweb/?p=iso-codes/iso-codes.git;a=blob;f=ChangeLog;h=bbca59a1b1e726cffaf48208dfecb9f21779ac95;hb=refs/heads/master I confirmed that it builds fine.
[Mageia-dev] Freeze push: gdisk
This updates to 0.8.6 which fixes a critical bug in hybrid MBR creation. http://www.rodsbooks.com/gdisk/revisions.html I've confirmed that it builds fine in Cauldron.
Re: [Mageia-dev] Gnome mess in Mageia SVN...
Olav Vitters writes: > when I ask for help (M2 GNOME update) I get silence. For the most part, it's true that you don't seem to get much help from others, but in that particular case, I'm not sure I understand. I remember asking you what help you needed and you said for one thing you didn't know what all packages got pushed since QA needed a list, so I went and made the list for you. What other help did you need to get that update done?
Re: [Mageia-dev] Freeze push: thunderbird, thunderbird-l10n
FundaWang writes: > Hello, > Could thunderbird and thunderbird-l10n 17.0.3 esr be pushed into cauldron? > > Regards. Ping? We just found out today that these are actually security updates.
[Mageia-dev] Freeze push: nss
This updates to 3.14.3 which fixes CVE-2013-1620 (lucky thirteen). It builds and works fine in Cauldron.
Re: [Mageia-dev] nss-ldap missing ?
David Walser writes: > Thierry Vignaud writes: > > good luck with nslcd (if you use TLS you'll have to tell SELinux about it), > > Even if you don't use SELinux? > > > I advise you sssd, it just work directly, one single config file to write > > for > > both PAM & NSS... > > Is that not the case for nss-pam-ldapd? I haven't investigated them yet. > > I did find out that there's some security bugs in sssd though (fixed > upstream): > https://bugs.mageia.org/show_bug.cgi?id=9027 Incidentally there's a security bug in nss-pam-ldapd too: https://bugs.mageia.org/show_bug.cgi?id=9113 I'm not sure which of the three patches (two linked by upstream advisory, one used by Debian in their update) is the right one to fix it.
Re: [Mageia-dev] Mageia 1 EOL.
David Walser writes: > David Walser writes: > > > > > > If anyone is interested, there are updates checked into Mageia 1 SVN > > > > > > for perl, bind, libtiff, tor, and gimp. > > > > > > > > > > Since updated in Mageia 1 SVN are: > > > > > cups, webmin, freetype2, squid, elinks, bogofilter, > > > > > flash-player-plugin, php-ZendFramework, python-django, fail2ban > > > > > > > > Also added are claws-mail-plugins, jetty, squashfs-tools, gnupg, gnupg2. > > > > > > Since added are snack, proftpd, qemu, vino, and tomcat6. > > > > > > Updated a second time are flash-player-plugin and squid. > > > > > > Also, for 10.0.12ESR updates, there are: > > > rootcerts, nspr, nss, firefox, firefox-l10n, mozilla-thunderbird, and > > > mozilla-thunderbird-l10n. > > > > Updated in the last two weeks are the following: > > > > mysql, libssh, perl (again), perl-Locale-Maketext, dnsmasq, nagios, samba, > > libupnp, webmin (again), flash-player-plugin (again). > > Added this week were kdelibs4, openssh, pidgin, and openconnect. dbus-glib was added this weekend. openconnect should be good to go, as it was validated on Mageia 2. Note that Marja has created a page on the forums that list these packages, as well as instructions on building them, which should be available soon. Hopefully notice of any future updates can be done there instead of updating this thread.
Re: [Mageia-dev] nss-ldap missing ?
Guillaume Rousse writes: > Le 07/02/2013 09:59, JA Magallón a écrit : > > Is nss_ldap in the non-building package list, or is it deprecated and > > there is now another method to use ldap for authentication ? > I can't say anything about the lack of nss_ldap now, but they are two > alternatives methods to replace the usual pam_ldap/nss_ldap duos, that > ought to be investigated: > - nss-pam-ldapd > - sssd > > The first one is more inline with previous usages, the second one seems > far more invasive at first sight. If anyone is familiar with how to configure sssd, advice would be appreciated for testing the pending security update. https://bugs.mageia.org/show_bug.cgi?id=9027
Re: [Mageia-dev] Freeze push: dhcpcd
David Walser wrote: > This updates to bugfix release 5.6.7. > > The diff is very small, just some minor bugfixes. Here's the changelog: > - Preserve the space in static routes on the command line. Fixes #260. > - Check the correct interface the RAP came from before overwriting it. > - Ensure that nooption correctly woks for routes. Fixes #254. > - Fix potential issue if we don't want routes and we fail a decode. > > I've confirmed it builds and works fine in Cauldron. Ping?
Re: [Mageia-dev] Freeze push: hwinfo
Guillaume Rousse wrote: > Le 17/02/2013 22:48, Guillaume Rousse a écrit : >> Le 17/02/2013 18:36, David Walser a écrit : >>> This was attempted to push previously by Damien, but didn't build >>> because a corrupt tarball was uploaded to the binrepo. >>> >>> This updates to 20.1. The only change from 20.0 that we have is: >>> - add missing man pages >>> >>> I've uploaded the correct tarball and verified that it builds in >>> Cauldron. >> Done. > Build error: > http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20130217214812.guillomovitch.valstar.7325/log OK, I figured it out. It needs BuildRequires git. Fixed. Please repush.
[Mageia-dev] Freeze push: acpid
This updates to minor bugfix 2.0.18. Mostly documentation fixes and one small code change. Here's the changelog: - 2.0.18 release (configure.ac) (Ted Felix) - README improvements (README) (Ted Felix) - Fix format of video/tabletmode event string. CRITICAL. (input_layer.c) (Ted Felix) - Add how to kill acpid to kacpimon man page. (kacpimon.8) (Ted Felix) - Add info on logind.conf's HandlePowerKey to man page. (acpid.8) (Ted Felix) I've verified that it builds fine in Cauldron.
[Mageia-dev] Freeze push: hwinfo
This was attempted to push previously by Damien, but didn't build because a corrupt tarball was uploaded to the binrepo. This updates to 20.1. The only change from 20.0 that we have is: - add missing man pages I've uploaded the correct tarball and verified that it builds in Cauldron.
[Mageia-dev] Freeze push: dhcpcd
This updates to bugfix release 5.6.7. The diff is very small, just some minor bugfixes. Here's the changelog: - Preserve the space in static routes on the command line. Fixes #260. - Check the correct interface the RAP came from before overwriting it. - Ensure that nooption correctly woks for routes. Fixes #254. - Fix potential issue if we don't want routes and we fail a decode. I've confirmed it builds and works fine in Cauldron.
[Mageia-dev] Freeze push: dbus-glib (security update)
This updates to 0.100.1, which literally contains just one change, a fix for security issue CVE-2013-0292: http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca I've confirmed that it builds and installs fine in Cauldron.
[Mageia-dev] Security updates - help needed!
Some old ones have finally left the list, some are still there, some new ones are here. Help is still needed. Also, Manuel pointed out a bugzilla search that will typically contain most of these. https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b . updated initial message below There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers. Please help out with these where you can. I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help. Web apps wordpress [mga2] - issues fixed in 3.5.1 https://bugs.mageia.org/show_bug.cgi?id=9030 mediawiki [mga2] - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this. https://bugs.mageia.org/show_bug.cgi?id=3448 glpi [mga2] - issue fixed in 0.83.3, no backported patch is available that I'm aware of https://bugs.mageia.org/show_bug.cgi?id=6762 Games - openarena, alienarena [mga2] - affected by DoS bug in quake3 engine. https://bugs.mageia.org/show_bug.cgi?id=5496 Java-related jruby [mga2+cauldron] - one issue fixed upstream in 1.6.5.1, the other in 1.7.1 https://bugs.mageia.org/show_bug.cgi?id=6742 tomcat5 [mga2] - permissions problem found by QA needs to be fixed https://bugs.mageia.org/show_bug.cgi?id=8307 apache-commons-compress [mga2] - apache-commons-compress10 possibly needs patched https://bugs.mageia.org/show_bug.cgi?id=6331 jakarta-commons-httpclient [mga2] - patch available from Fedora https://bugs.mageia.org/show_bug.cgi?id=8933 axis [mga2] - patch available from Fedora https://bugs.mageia.org/show_bug.cgi?id=8936 No response has been received from packagers yet chromium/v8 [mga2+cauldron] - need upgraded to newest versions https://bugs.mageia.org/show_bug.cgi?id=6927 https://bugs.mageia.org/show_bug.cgi?id=8567 corosync [mga2] - denial of service issued fixed in 2.3.0 https://bugs.mageia.org/show_bug.cgi?id=8905 ffmpeg [mga2] - issues fixed in upstream git, not clear if they plan to cut another release https://bugs.mageia.org/show_bug.cgi?id=8881 In progress (help needed to finish) --- libvirt [mga2] - patches available from RedHat, need re-diffed https://bugs.mageia.org/show_bug.cgi?id=6526 zabbix [mga2] - issues raised by QA need to be addressed https://bugs.mageia.org/show_bug.cgi?id=8801 xen [mga2+cauldron] - several outstanding security issues need additional patches applied https://bugs.mageia.org/show_bug.cgi?id=6931 openafs [mga2] - pam_afs is missing from the current build in updates_testing https://bugs.mageia.org/show_bug.cgi?id=7085
Re: [Mageia-dev] Mageia 1 EOL.
David Walser writes: > > > > > If anyone is interested, there are updates checked into Mageia 1 SVN > > > > > for perl, bind, libtiff, tor, and gimp. > > > > > > > > Since updated in Mageia 1 SVN are: > > > > cups, webmin, freetype2, squid, elinks, bogofilter, flash-player-plugin, > > > > php-ZendFramework, python-django, fail2ban > > > > > > Also added are claws-mail-plugins, jetty, squashfs-tools, gnupg, gnupg2. > > > > Since added are snack, proftpd, qemu, vino, and tomcat6. > > > > Updated a second time are flash-player-plugin and squid. > > > > Also, for 10.0.12ESR updates, there are: > > rootcerts, nspr, nss, firefox, firefox-l10n, mozilla-thunderbird, and > > mozilla-thunderbird-l10n. > > Updated in the last two weeks are the following: > > mysql, libssh, perl (again), perl-Locale-Maketext, dnsmasq, nagios, samba, > libupnp, webmin (again), flash-player-plugin (again). Added this week were kdelibs4, openssh, and pidgin. Also added is openconnect, although it may not be finalized yet if any issues are found with the Mageia 2 update, as it's a pretty significant patch rediff. Note that flash-player-plugin also has a newer version available, but since the Mageia 2 flash-player-plugin package works just fine on Mageia 1, I won't be updating that one in SVN anymore.
Re: [Mageia-dev] Freeze push: sssd (security update)
Anne nicolas writes: > 2013/2/15 Anne Nicolas > Le 15/02/2013 02:22, David Walser a écrit : > > This updates to 1.9.4, which fixes CVE-2013-0219 and CVE-2013-0220. > I've confirmed it builds in Cauldron. > > done > > > http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20130215075530.ennael.valstar.10934/log I added gettext-devel to the BuildRequires. Please try again.
[Mageia-dev] Freeze push: sssd (security update)
This updates to 1.9.4, which fixes CVE-2013-0219 and CVE-2013-0220. I've confirmed it builds in Cauldron.
[Mageia-dev] Freeze push: xterm
This updates to bugfix release 290, fixing a regression in 289: - Fixes an incomplete revert of a change in the previous patch, which caused incorrect display in the scrollback area. http://freecode.com/projects/xterm/releases/352218 I tested it and confirmed that it builds and works fine in Cauldron.
[Mageia-dev] Freeze push: pidgin (security update)
This updates to 2.10.7, which fixes: CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274 Already built in mga2 updates_testing by Oden, awaiting push in Cauldron before going to QA. I've confirmed that it also builds fine in Cauldron.
Re: [Mageia-dev] Freeze push: sox
David Walser writes: > This updates to bugfix release 14.4.1. > > Full list of bugfixes is here: > http://sox.git.sourceforge.net/git/gitweb.cgi?p=sox/sox;a=blob;hb=sox-14.4.1;f=ChangeLog > > I've confirmed that it builds fine in Cauldron. Ping?
[Mageia-dev] Freeze push: sox
This updates to bugfix release 14.4.1. Full list of bugfixes is here: http://sox.git.sourceforge.net/git/gitweb.cgi?p=sox/sox;a=blob;hb=sox-14.4.1;f=ChangeLog I've confirmed that it builds fine in Cauldron.
Re: [Mageia-dev] GNOME apps
Olav Vitters writes: > On Sun, Feb 10, 2013 at 12:11:23PM +, Colin Guthrie wrote: > > Will be interesting to see if this situation has changed (in general I > > like the idea of 3.8 being pushed, but perhaps this should be done later > > as an update should there be a general consensus on that). > > There was some investigation towards going for 3.8. But think it is > better to stick with 3.6 due to various reasons (mostly need more people > focussed on GNOME). I agree. So again, what is the plan for getting things that got pushed to 3.7 rolled back to 3.6?
Re: [Mageia-dev] Freeze push: xscreensaver
David Walser writes: > This updates to 5.21. Just minor changes in this version, probably the most > important of which is the first: > > - Changed default text source from Twitter to Wikipedia, since Twitter now > requires a login to get any feeds. > - New version of fireworkx. > - Minor fixes to distort, fontglide, xmatrix. > - New MacOS crash in bsod. > - New mode in lcdscrub. > > I tested it in Cauldron and verified that it works fine, including all of the > screensavers mentioned above (except xmatrix which we have disabled). Ping? Mostly bugfixes, no obvious regressions in changed screensavers. I forgot the URL earlier: http://www.jwz.org/xscreensaver/changelog.html
[Mageia-dev] Freeze push: php modules (libvirt, mongo, xcache, yaz, gmagick)
This is from Oden. I've confirmed they all build fine in Cauldron. - php-libvirt-0.4.7: fixes for PHP 5.4, newer libvirt, and a few other things http://libvirt.org/git/?p=libvirt-php.git;a=log - php-mongo-1.3.4: several bugfixes http://pecl.php.net/package-changelog.php?package=mongo&release=1.3.4 - php-xcache-3.0.1: bugfixes only http://xcache.lighttpd.net/browser/tags/3.0.1/NEWS - php-yaz-1.1.5: bugfix only http://pecl.php.net/package-changelog.php?package=yaz&release=1.1.5 - php-gmagick-1.1.2RC1: No "final releases" in quite some time, so just upgrading the devel version. This is a leaf package (only used by PHP developers). http://pecl.php.net/package-changelog.php?package=gmagick&release=1.1.2RC1
[Mageia-dev] Freeze push: apache-mod_security
This is from Oden. This upgrades to bugfix only release 2.7.2, containing several bugfixes, the most important of which (according to Oden) are: * Fixed mod_security displaying wrong ip address in error.log using apache 2.4 and mod_remoteip. * Fixed mod_security was not compiling when use lua 5.2. https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES I've confirmed that it builds fine in Cauldron.
[Mageia-dev] Freeze push: xscreensaver
This updates to 5.21. Just minor changes in this version, probably the most important of which is the first: - Changed default text source from Twitter to Wikipedia, since Twitter now requires a login to get any feeds. - New version of fireworkx. - Minor fixes to distort, fontglide, xmatrix. - New MacOS crash in bsod. - New mode in lcdscrub. I tested it in Cauldron and verified that it works fine, including all of the screensavers mentioned above (except xmatrix which we have disabled).
[Mageia-dev] Freeze push: liblastfm
This updates to 1.0.6. I tested it extensively with Amarok on Saturday and confirmed that it works fine. Given that this is for interaction with an online service, it's important to keep it up to date, hence the push. On a side note: if anyone has a subscription for last.fm now, it would be nice if you could build the lastfm-player that Götz updated in SVN and test that, so it could be pushed too.
[Mageia-dev] Freeze push: xterm
This updates to bugfix release 289. - This fixes several minor bugs, and also updates the wide-character width tables for Unicode 6.2. http://freecode.com/projects/xterm/releases/352064 I've confirmed that it builds and works fine in Cauldron.
[Mageia-dev] Freeze push: git
This updates to bugfix release 1.8.1.3. https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.3.txt
[Mageia-dev] Freeze push: libgusb
This updates to bugfix release 0.1.5. The changes are trivial: - Don't use the deprecated INCLUDES in Makefile.am - Fix obvious typo in README - Fix documentation build https://gitorious.org/gusb/gusb/commits/master I've confirmed that it builds and installs fine in Cauldron.
[Mageia-dev] openssl
This updates to bugfix release 1.0.1e. The NEWS file only says: - Corrected fix for CVE-2013-0169 Looking at the code there appear to be some other minor changes, like fixes for when SRTP support isn't compiled in, removing unused files from the source tree, and some other minor changes. I've confirmed that it builds fine in Cauldron.
[Mageia-dev] Freeze push: sudo
This updates to bugfix release 1.8.6p6. - On systems where the controlling tty can be determined via /proc or sysctl(), sudo will no longer fall back to using ttyname() if the process has no controlling tty. This prevents sudo from using a non-controlling tty for logging and time stamp purposes. http://www.sudo.ws/sudo/stable.html I've confirmed that it builds and works fine in Cauldron.