php update for RHL73

Hi, If someone is still stuck with RHL73 and wondering what to do with the latest PHP vulnerabilities, feel free to use my very straightforward RHEL21 backports at: http://staff.csc.fi/psavola/fl/ -- Pekka Savola "You each name yourselves king, yet the Netco

Re: Fedora Legacy Test Update Notification: gzip

06-4335, CVE-2006-4336, CVE-2006-4337) Those interested in RHL73 may take a look at http://staff.csc.fi/psavola/fl/. It includes RPMs which fix this for RHL73, as well as a a couple of other RPMs fixing the most significant latest issues (e.g., the recently published PHP issue). -- Pekka Savol

Re: lwn article on the death of Fedora Legacy

t seen one for a while... Me not having sent the reminder doesn't mean that the bug list hasn't been updated. It has -- at least semi-regularly (once 1-2 days). I didn't bother because clearly the project failed to function some time ago and there didn't s

Re: lwn article on the death of Fedora Legacy

as a result even if extras were used. Some administrative overhead would be reduced but you'd someone would still be needed to do the work. [1] http://netcore.fi/pekkas/buglist.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195418 -- Pekka Savola "You each name yoursel

Re: openssl updates

f25ad php-snmp-4.1.2-7.3.21.legacy.i386.rpm -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-leg

Re: Friday Flames - What to do with RHL7.3/9 and FC1/2

RHL9. I don't think I'd be able to use time to help FL if FL was focusing on only FC. But given the tradeoffs and that support needs to get dropped in any case sooner or later, doing so might be a good idea if RHL versions cause too much fuss, e.g., with new CVS infrastructures or s

Re: Fedora products, to upgrade rather than backport?

es required etc. could be significant work. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-legacy-lis

Re: FC3 (j)whois on .eu fails

to spend their time on this. We have far too many, much more important packages still sitting on the "needs packages" pile. [1] http://netcore.fi/pekkas/buglist.html [2] http://fedoraproject.org/wiki/Legacy/QASubmit Pekka Savola "You each name

Re: download.fedoralegacy.org not reachable

lists. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/m

Re: Sendmail Patch Breaks Virtusertable Settings

rated from Fedora Legacy or by you? What were the .mc file differences? -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mail

sendmail remote vulnerability

Hi, I hope FL core has had preliminary warning of the just-released sendmail remote vulnerability and if something has already been done about it, even better.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds.&quo

Re: Updated tzdata packages?

been released a couple of weeks ago, but you can get them from updates-testing. RHL73/RHL9 (glibc) packages are based on tzdata 2006a; FC (tzdata) packages are based on 2005r. -- Pekka Savola "You each name yourselves king, yet the Netcore Oyking

Re: 1-2-3 out, time for FC2?

On Mon, 20 Mar 2006, Gene Heskett wrote: I believe FC1 still has the following to warrant continued work, what about FC2? We're still out here, so count me in. Do you have a bugzilla account? Just wondering. -- Pekka Savola "You each name yourselves king, yet the

Re: upgrade from RHL 7.2 to 7.3

g "autoupdate". It went smoothly for servers. Additionally, I converted ext2 partitions to ext3 if they weren't already, and went through the rpmnew/rpmsave files that resulted from the update. -- Pekka Savola "You each name yourselves king, yet the Netc

Re: Bugzilla status whiteboard explanation needed

on FL ;-/ Should it? -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.red

issues list(s)

ood progress with updates. In particular, I'd like to thank Marc who has (IMHO) done most of the "heavy lifting" in.. well, almost every step in the process. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds

Re: FC3 yum instructions

On Wed, 22 Feb 2006, Eric Rostetter wrote: Quoting Pekka Savola <[EMAIL PROTECTED]>: I'm all for getting FL closer to common Fedora infrastructure, especially as the focus on Fedora Core support is increasing. Hence, Fedora CVS, buildsystem, etc. is the direction we should go. But

Re: FC3 yum instructions

buildsystem, etc. is the direction we should go. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list

Re: Comments on first verification QA

. I guess this won't get done, unless someone gets this done. Anyone willing to do the work? -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings --

Re: no mandatory QA testing at all [Re: crazy thought about how to ease QA testing]

QA for moving updates-testing packages to updates. So, I'm not sure why we're having this conversation.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Cl

Re: no mandatory QA testing at all [Re: crazy thought about how to ease QA testing]

moving the legacy repository from my yum configuration. I can send such an email, but I'll have to charge 100 USD for the trouble. Credit cards accepted. Perhaps you forgot that Fedora Legacy is a community project? -- Pekka Savola "You each name yourselves king

Re: no mandatory QA testing at all [Re: crazy thought about how to ease QA testing]

the system, (s)he would test it before two weeks are over. Publishing positive reports can be made simpler but that probably isn't on the critical path here. I agree to this. Marc -- Pekka Savola "You each name yourselves king, yet the Netcore Oy

Re: no mandatory QA testing at all [Re: crazy thought about how to ease QA testing]

s currently (unfortunately) happens almost solely by a very small set of people (say, about 5), as you say, this isn't a problem now. Even if new people came up to join the PUBLISH crowd, I'm confident that they'd blend in because there's pretty good guidance in Wiki on how to

no mandatory QA testing at all [Re: crazy thought about how to ease QA testing]

ive reports can be made simpler but that probably isn't on the critical path here. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy

Re: crazy thought about how to ease QA testing

On Fri, 10 Feb 2006, Mike McCarty wrote: Jesse Keating wrote: On Fri, 2006-02-10 at 17:54 +0200, Pekka Savola wrote: So, instead of adding more hoops ("please, install a virtual image of all the other distros and do verify testing etc. there"), most focus should be put

Re: crazy thought about how to ease QA testing

ro versions that the people are actually running. So, instead of adding more hoops ("please, install a virtual image of all the other distros and do verify testing etc. there"), most focus should be put on making participation easier. -- Pekka Savola

x86_64 support

), we'd need to go back and check every package to make sure we didn't miss any 64-bit specific update. I'd like to pose the question as follows: is there anyone out there who would want FL to support either past, present or future non-x86 arches who is willing to commit to

Re: issues list(s)

we're installed the package since XXX, gpg signature is OK, and it's in active use." That would go a long way in checking that updates-testing packages have been used and found working, instead of just having been installed. -- Pekka Savola "You each

issues list(s)

/www.netcore.fi/pekkas/buglist-rhl73.html http://www.netcore.fi/pekkas/buglist-rhl9.html http://www.netcore.fi/pekkas/buglist-core1.html http://www.netcore.fi/pekkas/buglist-fc2.html http://www.netcore.fi/pekkas/buglist-fc3.html -- Pekka Savola "You each name

Re: Auto-reporting of successful testing packages

roposed 2) packages approved for testing 3) packages which have been out for testing put to official updates This would address the third problem. Other suggestions earlier this week would help with 1) and hopefully also with 2). -- Pekka Savola "You each name yourselve

Re: Proposed changes to Fedora Legacy Project

change of all. If we get away from the symptom where package updaters have to propose .src.rpm's for approval (but instead need no approval, or approval of just CVS diffs), we've made contribution much easier to those who don't want to run their own mach/mock systems.

Re: EOL planning

on the master server about which distribution is still in use? So, what's our approach here? Do we drop support for FC1 in all the subsequent updates (those where packages haven't been proposed yet)? Do we drop FC2 at the same time as we pick up FC3? -- Pekka Savola

issues list(s)

.netcore.fi/pekkas/buglist-fc2.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com h

RE: EOL planning

of time to help in the Fedora Legacy project ? :) -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-le

active contributors and supporting distro foo

e contributors have a say in making a decision whether to support "foo" or not. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedo

Re: What do users need to do to prepare?

.fi/pekkas/buglist.html I hope someone is working on the "needsrelease" and "needsbuild" piles above.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin:

Re: 8 more days 'til we inherit FC3; are we ready??; FWD: Fedora Core 3 Status Update

ushing out packages (package proposal, verify QA, publish QA, etc.) ? The question is: If dropping FC1 wouldn't reduce the number of QA folks and the work they do [for other distros], we should drop it. -- Pekka Savola "You each name yourselves king

issues list(s)

p://www.netcore.fi/pekkas/buglist.html (all) http://www.netcore.fi/pekkas/buglist-rhl73.html http://www.netcore.fi/pekkas/buglist-rhl9.html http://www.netcore.fi/pekkas/buglist-core1.html http://www.netcore.fi/pekkas/buglist-fc2.html -- Pekka Savola "You each name yours

Re: FWD: Author of rp-pppoe responds

PROTECTED]> Regards, David. -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Syste

Re: Buglist: a new 'DEFER' keyword?

is that such bugs can be sorted in a different category in the buglist, and it might be easier to spot more important work items. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- G

Buglist: a new 'DEFER' keyword?

module crashes on a squid proxy 155246 2005-10-31 nor nor NEW nautilus Error When Viewing Documentation with Nautilus Thoughts? -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom b

Re: Fedora Legacy Test Update Notification: httpd and mod_ssl

Instead, I'd suggest folks who prefer to use a more specific buglist take a look at the "full" buglist now and then. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- Geor

Re: FLSA:2404 (Redhat 9) question

anged anything in this regard). IMHO, the problem was/is likely with the build system. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fed

Re: Build team?

ok at the first two categories of: http://netcore.fi/pekkas/buglist.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list m

Re: Fwd: Re: releasing updates-testing packages without VERIFY votes

but I haven't seen many of those around.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedor

Mock [Re: issues list(s)]

access to all the RPMs in all the OS versions so building can be done quickly. Maybe the Fedora Legacy should provide 'Mock' as a service for creating packages for PUBLISH QA? That way all folks wouldn't need to set up their own Mock systems. -- Pekka Savola

Re: issues list(s)

ed the packages in the first place, but I think verifying the patches is essential. Even thorough testing of the packages may not show problems if the patch is not (quite) right. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom

Re: Fwd: Re: releasing updates-testing packages without VERIFY votes

manner. Maybe folks writing on the list should consider how they could contribute to Fedora Legacy process so that we wouldn't NEED to have this discussion in the first place. -- Pekka Savola "You each name yourselves king, yet the Netcore Oyking

Re: issues list(s)

On Fri, 23 Sep 2005, Eric Rostetter wrote: Quoting Pekka Savola <[EMAIL PROTECTED]>: Remember, there's always a need for folks to do some QA testing. See the I've done PUBLISH QA for enscript and a2ps, but I can't update the whiteboard, so someone else will have to do t

Re: Fwd: Re: releasing updates-testing packages without VERIFY votes

o any updates which don't fix security issues. (There are very, very few exceptions -- e.g., a proposal to update 'rpm' to fix the lockup issues, etc.) -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds.&quo

Re: Fwd: Re: releasing updates-testing packages without VERIFY votes

this package". -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://ww

Re: Fwd: Re: releasing updates-testing packages without VERIFY votes

On Fri, 23 Sep 2005, Eric Rostetter wrote: I guess there is still a question: If I QA a package on RL 7.3 and RHL 9 is that one vote (since one person did the QA) or two votes (since I did two OS versions)? That's two votes, by current counting. -- Pekka Savola "You

issues list(s)

i/pekkas/buglist-fc2.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www

releasing updates-testing packages without VERIFY votes

is policy.) On Sat, 27 Aug 2005, Marc Deslauriers wrote: On Sat, 2005-08-27 at 08:49 +0300, Pekka Savola wrote: 1) officially forgetting the update, removing it from updates-testing, and from the issue lists 2) specially marking "QA still needed but these are very low priori

Re: Fedora Legacy Test Update Notification: rp-pppoe

e current procedure under "Publish Criteria for updates (VERIFY)": http://www.fedoraproject.org/wiki/Legacy/QATesting In short, currently if we get just a single VERIFY vote, the update will be released after 4 weeks of timeout. This proposal was addressing the case where we don

Re: List of bugs to investigate/open

iming out is because I made a "discuss" on it, saying that we should just publish the later release instead as it fixes over a dozen other vulnerabilities. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Sy

Re: Fedora Legacy Test Update Notification: rp-pppoe

s not bulletproof but might be "good enough". -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings nag-testing.sh Description: Bourne shell scri

Re: Fedora Legacy Test Update Notification: rp-pppoe

as I can tell, folks are using updates-testing already this way -- many update from there directly. We just don't (yet) move stuff from updates-testing to updates; personally, I think we should. -- Pekka Savola "You each name yourselves king, yet

Re: Fedora Legacy Test Update Notification: rp-pppoe

aid earlier, I find 2) better.. but I'm open to hearing concrete suggestions. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora

Re: Fedora Legacy Test Update Notification: rp-pppoe

e best. If no-one wants to do (official) QA, we could just release the update if it looks trivial, and fix it later if something is reported to break. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Netw

issues list(s)

A on the existing ones. http://www.netcore.fi/pekkas/buglist.html (all) http://www.netcore.fi/pekkas/buglist-rhl73.html http://www.netcore.fi/pekkas/buglist-rhl9.html http://www.netcore.fi/pekkas/buglist-core1.html http://www.netcore.fi/pekkas/buglist-fc2.html -- Pekka Savola "You

Re: support of Fedora Core 2 for x86_64

#x27;t do any QA on them or at least their lack of QA must not hold up the other packages. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- f

issues list(s)

ml (all) http://www.netcore.fi/pekkas/buglist-rhl73.html http://www.netcore.fi/pekkas/buglist-rhl9.html http://www.netcore.fi/pekkas/buglist-core1.html http://www.netcore.fi/pekkas/buglist-fc2.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oy

Re: Updated httpd packages

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157701 -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fed

issues list(s)

ml (all) http://www.netcore.fi/pekkas/buglist-rhl73.html http://www.netcore.fi/pekkas/buglist-rhl9.html http://www.netcore.fi/pekkas/buglist-core1.html http://www.netcore.fi/pekkas/buglist-fc2.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oy

Re: New bugzilla feature

atus=NEEDINFO&bug_status=MODIFIED&status_whiteboard_type=allwordssubstr&columnlist=changeddate,bug_severity,priority,bug_status,bug_resolution,component,status_whiteboard,short_desc&&order=bugs.bug_id&status_whiteboard=NEEDSWORK' Other bug reports '

Re: Mozilla update: jvm plugin broke?

On Mon, 25 Jul 2005, Marc Deslauriers wrote: On Mon, 2005-07-25 at 23:05 +0300, Pekka Savola wrote: On Mon, 25 Jul 2005, Marc Deslauriers wrote: On Mon, 2005-07-25 at 10:37 +0300, Pekka Savola wrote: .. It started working again when I replaced the symlink to the non-gcc32 version of the

Re: Mozilla update: jvm plugin broke?

On Mon, 25 Jul 2005, Marc Deslauriers wrote: On Mon, 2005-07-25 at 10:37 +0300, Pekka Savola wrote: .. It started working again when I replaced the symlink to the non-gcc32 version of the plugin. Did anyone else notice something like this? On what OS? Sorry, I said have said this before

Mozilla update: jvm plugin broke?

c32/libjavaplugin_oji.so .. It started working again when I replaced the symlink to the non-gcc32 version of the plugin. Did anyone else notice something like this? -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." S

Re: Some Suggestions (Mirror Space, gaim, ethereal, etc)

upgrade, the considerations you posted are likely useful to consider. IMHO, it's also useful to consider what other distros (RHEL in particular) have done. If they have upgraded, I don't see why we shouldn't either. -- Pekka Savola "Y