Security Question
by Scott Becker
Does anybody know which mailing list addresses security issues?
Logwatch on my server reported this:
apache logged in from dsl-82-199-133-138.dutchdsl.nl (82.199.133.138) using password: 1 Time(s)
My apache account is active so I can su to it to administer postgresql databases accessable via php scripts. No password is set. It was my understanding that it would be impossible to log in except via su from root. Either I'm dead wrong or there's a security hole which needs fixed.
thanks
Scott Becker
19 years, 4 months
mod_bt package
by Kenneth Porter
Has anyone attempted to capture mod_bt in an RPM?
<http://www.crackerjack.net/mod_bt/>
>From the web page:
> mod_bt is a BitTorrent tracker for the Apache webserver. It is written in
> C and runs as an Apache 2.x module. It is possible for mod_perl or PHP
> to directly access the tracker's information; no need to download and
> bdecode scrape URLs. The tracker is fully configured from within Apache's
> own configuration file.
I tried simply building it from the tarball tonight but it fails trying to
build the Apache part, and I think its assumptions about APR are wrong, as
it can't find apr.h. (apr-devel is installed, and the file is in
/usr/include/apr-0/.)
I'm no expert on building Apache modules and certainly not on how RH has
packaged the associated development system, so I'm not sure how to proceed.
Is there a "canonical Apache module RPM" that can be used as an example of
how modules should be organized in the RPM environment?
19 years, 4 months
Courier Package
by Daniel Kaliel
What list should I submit a courier rpm to?
=====================================
Daniel Kaliel
Network Administrator
--------------------------------------------------------------------------
J.J. Barnicke Edmonton Ltd.
#2300, 10123 99 Street
Edmonton, AB
T5J3H1
19 years, 4 months
Perl, xchat, foomatic updates
by Si Jones
Hi,
I don't know if it's a bug but ever time I try to yum up to dev i have
to exclude perl, xchat and foomatic.
I think it's perl that has conflicting files but thought you should all
know just in case.
I am running an amd64.
Regards,
Si Jones
19 years, 4 months
rawhide report: 20050215 changes
by Build System
Updated Packages:
NetworkManager-0.3.3-2.cvs20050214.3.1
--------------------------------------
* Mon Feb 14 2005 Dan Williams <dcbw(a)redhat.com> 0.3.3-2.cvs20050214.x.1
- Fix free of invalid pointer for multiple search domains
* Mon Feb 14 2005 Dan Williams <dcbw(a)redhat.com> 0.3.3-2.cvs20050214
- Never automatically choose a device that doesn't support carrier detection
- Add right-click menu to applet, can now "Pause/Resume" scanning through it
- Fix DHCP Renew/Rebind timeouts
- Fix frequency cycling problem on some cards, even when scanning was off
- Play better with IPv6
- Don't send kernel version in DHCP packets, and ensure DHCP packets are at
least 300 bytes in length to work around broken router
- New DHCP options D-BUS API by Dan Reed
- Handle multiple domain search options in DHCP responses
autofs-1:4.1.3-99
-----------------
* Mon Feb 14 2005 Jeff Moyer <jmoyer(a)redhat.com> - 1:4.1.3-99
- Change Copyright to License in the spec file so it will build.
* Fri Feb 11 2005 Jeff Moyer <jmoyer(a)redhat.com> - 1:4.1.3-98
- Program maps can repeat the last character of output. Fix this.
Addresses bz #138606
- Return first entry when there are duplicate keys in a map. Addresses
bz #140108.
- Propagate custom map variables to submounts. Fixes bz #143074.
- Create a sysconfig variable to control whether we source only one master
map (the way sun does), or source all maps found (which is the default for
backwards compatibility). Addresses bz #143126.
- Revised version of the get_best_mount patch. (#146887) cfeist(a)redhat.com
The previous patch introduced a regression. Non-replicated mounts would
not have the white space stripped from the entry and the mount would fail.
- Handle comment characters in the middle of the automount line in
/etc/nsswitch.conf. Addresses bz #127457.
* Wed Feb 02 2005 Chris Feist <cfeist(a)redhat.com> - 1:4.1.3-94
- Stop automount from pinging hosts if there is only one host (#146887)
basesystem-8.0-5
----------------
cvs-1.11.17-6
-------------
* Mon Feb 14 2005 Adrian Havill <havill(a)redhat.com>
- rebuilt
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Thu Jun 10 2004 Nalin Dahyabhai <nalin(a)redhat.com> 1.11.17-2
- rebuild
dev86-0.16.16-3
---------------
* Mon Feb 14 2005 Florian La Roche <laroche(a)redhat.com>
- Copyright: -> License:
dhcp-8:3.0.2rc3-4
-----------------
* Mon Feb 14 2005 Jason Vas Dias <jvdias(a)redhat.com> 3.0.2rc3-4
- make dhclient-script TIMEOUT mode do exactly the same configuration
- as BOUND / RENEW / REBIND / REBOOT if router ping succeeds
* Mon Feb 14 2005 Jason Vas Dias <jvdias(a)redhat.com> 3.0.2rc3-4
- fix bug 147926: dhclient-script should do restorecon for modified conf files
- optimize execshield protection
docbook-style-xsl-1.68.1-1
--------------------------
* Mon Feb 14 2005 Tim Waugh <twaugh(a)redhat.com> 1.68.1-1
- 1.68.1.
dovecot-0.99.14-1.fc4
---------------------
* Mon Feb 14 2005 John Dennis <jdennis(a)redhat.com> - 0.99.14-1.fc4
- fix bug #147874, update to 0.99.14 release
v0.99.14 2005-02-11 Timo Sirainen <tss at iki.fi>
- Message address fields are now parsed differently, fixing some
issues with spaces. Affects only clients which use FETCH ENVELOPE
command.
- Message MIME parser was somewhat broken with missing MIME boundaries
- mbox: Don't allow X-UID headers in mails to override the UIDs we
would otherwise set. Too large values can break some clients and
cause other trouble.
- passwd-file userdb wasn't working
- PAM crashed with 64bit systems
- non-SSL inetd startup wasn't working
- If UID FETCH notices and skips an expunged message, don't return
a NO reply. It's not needed and only makes clients give error
messages.
* Wed Feb 02 2005 John Dennis <jdennis(a)redhat.com> - 0.99.13-4.devel
- fix bug #146198, clean up temp kerberos tickets
* Mon Jan 17 2005 John Dennis <jdennis(a)redhat.com> 0.99.13-3.devel
- fix bug #145214, force mbox_locks to fcntl only
- fix bug #145241, remove prereq on postgres and mysql, allow rpm auto
dependency generator to pick up client lib dependency if needed.
file-4.13-1
-----------
* Tue Feb 15 2005 Radek Vokal <rvokal(a)redhat.com> - 4.13-1
- new version, fixing few bugs, patch clean-up
- consistent output for bzip files (#147440)
* Mon Jan 24 2005 Radek Vokal <rvokal(a)redhat.com> - 4.12-3
- core64 patch fixing output on core files (#145354) <kzak(a)redhat.com>
- minor change in magic patch
* Mon Jan 03 2005 Radek Vokal <rvokal(a)redhat.com> - 4.12-2
- fixed crashes in threaded environment (#143871) <arjanv(a)redhat.com>
findutils-1:4.2.15-2
--------------------
* Mon Feb 14 2005 Tim Waugh <twaugh(a)redhat.com> 1:4.2.15-2
- Added nofollow patch from upstream.
* Mon Jan 31 2005 Tim Waugh <twaugh(a)redhat.com> 1:4.2.15-1
- 4.2.15. Lots of patches removed due to upstream merge.
gdb-6.3.0.0-0.25
----------------
* Mon Feb 14 2005 Jeff Johnston <jjohnstn(a)redhat.com> 6.3.0.0-0.25
- Bump up release number.
* Mon Feb 14 2005 Jeff Johnston <jjohnstn(a)redhat.com> 6.3.0.0-0.24
- Fix gdb to always grab the terminal before a readline call.
- Bugzilla 147880
* Fri Feb 11 2005 Jeff Johnston <jjohnstn(a)redhat.com> 6.3.0.0-0.23
- Bump up release number.
hfsutils-3.2.6-5
----------------
* Mon Feb 14 2005 David Woodhouse <dwmw2(a)redhat.com> 3.2.6-5
- s/Copyright:/License:/ (sic)
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com> 3.2.6-4
- rebuilt
* Mon Apr 19 2004 David Woodhouse <dwmw2(a)redhat.com> 3.2.6-3
- BuildRequires tk-devel
irda-utils-0.9.16-5
-------------------
* Tue Feb 15 2005 Karsten Hopp <karsten(a)redhat.de> 0.9.16-5
- load irtty-sir module (#148750)
kbd-1.12-3
----------
* Mon Feb 14 2005 Adrian Havill <havill(a)redhat.com>
- rebuilt
kdepim-6:3.3.2-0.3
------------------
* Mon Feb 14 2005 Than Ngo <than(a)redhat.com> 6:3.3.2-0.3
- apply Steve patch to fix buffer problem
kernel-2.6.10-1.1142_FC4
------------------------
* Mon Feb 14 2005 Dave Jones <davej(a)redhat.com>
- 2.6.11-rc4-bk2
libaio-0.3.103-4
----------------
* Mon Feb 14 2005 Jeff Moyer <jmoyer(a)redhat.com> - 0.3.103-4
- Build the library twice. Once with the old SONAME and once with the new
one. This fixes the wrong SONAME problem by keeping a library around with
the wrong name (libaio.so.1.0.0) and generating a new one (libaio.so.1.0.1).
nfs-utils-1.0.6-53
------------------
* Mon Feb 14 2005 Steve Dickson <SteveD(a)RedHat.com>
- Added support to rpcgssd.init and rpcsvcgssd.init scripts
to insmod security modules.
- Changed the nfs.init script to bring rpc.svcgssd up and down,
since rpc.svcgssd is only needed with the NFS server is running.
* Tue Dec 14 2004 Steve Dickson <SteveD(a)RedHat.com>
- Fix problem in idmapd that was causing "xdr error 10008"
errors (bz 142813)
- make sure the correct hostname is used in the SM_NOTIFY
message that is sent from a rebooted server which has
multiple network interfaces. (bz 139101)
- Changed nfslock to send lockd a -KILL signal
when coming down. (bz 125257)
openhpi-1.9.2-3
---------------
* Mon Feb 14 2005 Phil Knirsch <pknirsch(a)redhat.com> 1.9.2-3
- Rebuilt for new rpm-4.4
pam_ccreds-1-4
--------------
* Mon Feb 14 2005 Nalin Dahyabhai <nalin(a)redhat.com> pam_ccreds-1-4
- change install dir from /lib/security to /%{_lib}/security
pcmcia-cs-3.2.8-4.9
-------------------
* Mon Feb 14 2005 Dave Jones <davej(a)redhat.com>
- Fix thinko in RadeonIGP exclusion.
* Sun Feb 13 2005 Pete Zaitcev <zaitcev(a)redhat.com>
- Add bison to BuildRequires and set YACC variable, because we patch a .y file
- Change rc.pcmcia to exit with a correct code (#142451)
psacct-6.3.2-35
---------------
* Tue Feb 15 2005 Ivana Varekova <varekova(a)redhat.com> 6.3.2-35
- fix #147782 logrotate script error
pump-0.8.21-2
-------------
* Mon Feb 14 2005 Adrian Havill <havill(a)redhat.com>
- rebuilt
rpmdb-fedora-1:4-0.20050215
---------------------------
selinux-policy-strict-1.21.12-3
-------------------------------
* Mon Feb 14 2005 Dan Walsh <dwalsh(a)redhat.com> 1.21.12-3
- Cleanup x_client_domain
- Add dontaudit net_admin for cups
selinux-policy-targeted-1.21.12-3
---------------------------------
* Mon Feb 14 2005 Dan Walsh <dwalsh(a)redhat.com> 1.21.12-3
- Cleanup x_client_domain
- Add dontaudit net_admin for cups
shadow-utils-2:4.0.3-57
-----------------------
* Mon Feb 14 2005 Adrian Havill <havill(a)redhat.com>
- rebuilt
* Wed Feb 09 2005 Dan Walsh <dwalsh(a)redhat.com> 2:4.0.3-39
- Change useradd to use matchpathcon
* Thu Oct 21 2004 Dan Walsh <dwalsh(a)redhat.com> 2:4.0.3-37
- Add matchpathcon to create the files correctly when they do not exist.
tcpdump-14:3.8.2-10
-------------------
* Mon Feb 14 2005 Martin Stransky <stransky(a)redhat.com> - 14:3.8.2-10
- remove explicit kernel dependecy (#146165)
- support for files larger than 2GB (#147840)
udev-050-5
----------
* Thu Feb 10 2005 Harald Hoyer <harald(a)redhat.com> - 050-5
- doh, reverted the start_udev devel version, which slipped in
19 years, 4 months
Adaptec ASR-2010S, supported by i2o_block on FC3
by stephan.helas@e-7.com
Hello,
i got problems to install FC3 on server FSC RX300 SN because of the scsi
raid controler. this raid controler can managed by i2o_block. but the
modul don't get loaded automaticly on boot cd (boot.iso). FC1 with modul
dpt_i2o works. if i load modul manualy (anaconda ask for it) the
controller gets loaded and i can install.
after extracting initrd.img on boot.iso i realized that i2o_block and
i2o_core are included in kernel. so i don't understand why this
controler isn't loaded automaticly.
i use kickstart for installation and so i need an option to load this
modul during installation. is there an grub option to load this modul on
boot time? or how can i make my own boot.iso or boot floppy with
customized kernel (compiled in Modul i2o_block)?
raid controler on fedora core1:
lspci got:
03:08.0 RAID bus controller: Distributed Processing Technology
SmartRAID V Controller (rev 01)
lsmod got:
dpt_i2o 29568 7
sd_mod 13388 14
scsi_mod 116136 2 [dpt_i2o sd_mod]
dmesg |grep scsi got:
scsi0 : Vendor: Adaptec Model: 2010S FW:FS13
seems to be an:
Adaptec ASR-2010S, supported by i2o_block
(http://i2o.shadowconnect.com/index.php).
Best Regards
Stephan Helas
19 years, 4 months
binary rpm package checking
by Florian La Roche
This is a start to check binary rpm packages for consistency.
Right now mostly the rpm header is checked to get a feeling
how much "strange" binary rpm packages might be out there.
It has two modes of checking, one for the current Fedora Development
tree with more strict checks and a more relaxed one that should
work for all existing rpm packages, also other distributions.
I'd be interested to get feedback on what output is generated
for rpm addon expositories and non - Red Hat distributions
if the script generates warning messages.
At least for Fedora Core only very few rpm tags are actually
used in the rpm header.
Examples usage:
./pyrpm.py --strict /mirror/fedora/development/i386/Fedora/RPMS/*.rpm
Checking all rpms:
locate .rpm | xargs ./pyrpm.py
find /mirror/linux -name "*.rpm" -type f -print0 2>/dev/null |
xargs -0 ./pyrpm.py
greetings,
Florian La Roche
19 years, 4 months
rawhide report: 20050214 changes
by Build System
Updated Packages:
anaconda-10.2.0.19-1
--------------------
* Sat Feb 12 2005 Jeremy Katz <katzj(a)redhat.com> - 10.2.0.19-1
- fix x86_64 installs for bad urlgrabber import
- Fix traceback with no %post (clumens)
- Put hostname in the text entry (clumens, #132826)
automake-1.9.5-1
----------------
* Sun Feb 13 2005 Florian La Roche <laroche(a)redhat.com>
- 1.9.5 bug-fix release
curl-7.13.0-1
-------------
* Sun Feb 13 2005 Florian La Roche <laroche(a)redhat.com>
- 7.13.0
emacs-21.3-22
-------------
* Mon Feb 14 2005 Jens Petersen <petersen(a)redhat.com> - 21.3-22
- use prereq instead of contexts for common script requirements
(Axel Thimm, 147791)
- move emacs.png from common to main package
* Fri Feb 04 2005 Jens Petersen <petersen(a)redhat.com> - 21.3-21
- fix CAN-2005-0100 movemail vulnerability with movemail-CAN-2005-0100.patch
(Max Vozeler, 146701)
gcc-3.4.3-19
------------
* Thu Feb 10 2005 Jakub Jelinek <jakub(a)redhat.com> 3.4.3-19
- use crtendS.o instead of crtend.o on ppc -pie
- use execv instead of execl in libgcc_post_upgrade to avoid bringing
in malloc and friends into the statically linked binary (which increases
its size ~ 10 times)
* Thu Feb 10 2005 Jakub Jelinek <jakub(a)redhat.com> 3.4.3-18
- update from gcc-3_4-branch
- PRs c++/18370, c++/19366, c++/19499, c++/19733, libstdc++/19642,
middle-end/19775, target/15384, target/16201, target/17771,
target/19293, target/19329, target/19393, target/19803
- fix c++filt/__cxa_demangle segfault on invalidly mangled names
generated by G++ 3.4 (#145781, PR c++/16240)
- make sure libgcj.so is not PT_GNU_STACK RWE
- disallow dlopening libgnat-3*.so, as it must be PT_GNU_STACK RWE
due to its extensive use of trampolines
- fix PRs c++/18838 and c++/19367 (Mark Mitchell, backported by
Alexandro Oliva)
- fix ICE in fold_convert (Andrew Pinski, #146385, PR c++/19666)
* Tue Jan 25 2005 Jakub Jelinek <jakub(a)redhat.com> 3.4.3-17
- update from gcc-3_4-branch
- PRs c++/19258, c++/19375, libstdc++/19510, other/16403,
rtl-optimization/19296, target/16304, target/19548
- fix PR rtl-optimization/19579
- remove Java *.a libraries, issue error for gcj -static (#145829)
glibc-2.3.4-10
--------------
* Sat Feb 12 2005 Jakub Jelinek <jakub(a)redhat.com> 2.3.4-10
- hopefully fix interaction with prelink (#147655)
* Fri Feb 11 2005 Jakub Jelinek <jakub(a)redhat.com> 2.3.4-9
- update from CVS
- bi-arch <gnu/stubs.h> (BZ#715)
* Fri Feb 11 2005 Jakub Jelinek <jakub(a)redhat.com> 2.3.4-8
- update from CVS
- bi-arch <gnu/lib-names.h> (BZ#632)
- fix libdl on s390 and maybe other platforms
- fix initstate{,_r} (BZ#710)
- fix <gnu/stubs.h> generation (BZ#157)
- define CMSPAR in bits/termios.h (#147533)
kde-i18n-1:3.3.2-1
------------------
* Sat Feb 12 2005 Than Ngo <than(a)redhat.com> 1:3.3.2-1
- add Hindi, Tamil, Punjabi, Bengali translation
kdegraphics-7:3.3.2-0.4
-----------------------
* Sat Feb 12 2005 Than Ngo <than(a)redhat.com> 7:3.3.2-0.4
- backport from CVS for working with qt-immodule
kdelibs-6:3.3.2-0.7
-------------------
* Sat Feb 12 2005 Than Ngo <than(a)redhat.com> 6:3.3.2-0.7
- backport CVS patch, cleanup InputMethod
kernel-2.6.10-1.1141_FC4
------------------------
* Sun Feb 13 2005 Dave Jones <davej(a)redhat.com>
- 2.6.11-rc4-bk1
* Sat Feb 12 2005 Dave Jones <davej(a)redhat.com>
- 2.6.11-rc4
* Fri Feb 11 2005 Dave Jones <davej(a)redhat.com>
- 2.6.11-rc3-bk8
koffice-4:1.3.5-3
-----------------
* Sat Feb 12 2005 Than Ngo <than(a)redhat.com> 4:1.3.5-3
- backport from CVS for working with qt-immodule
libgconf-java-2.9.91.1-1
------------------------
* Sat Feb 12 2005 Thomas Fitzsimmons <fitzsim(a)redhat.com> - 2.9.91.1-1
- Import libgconf-java 2.9.91.1.
libglade-java-2.9.91.1-1
------------------------
* Sat Feb 12 2005 Thomas Fitzsimmons <fitzsim(a)redhat.com> - 2.9.91.1-1
- Import libglade-java 2.9.91.1.
libgnome-java-2.9.91.1-1
------------------------
* Sat Feb 12 2005 Thomas Fitzsimmons <fitzsim(a)redhat.com> - 2.9.91.1-1
- Import libgnome-java 2.9.91.1.
libgtk-java-2.5.91.1-1
----------------------
* Sat Feb 12 2005 Thomas Fitzsimmons <fitzsim(a)redhat.com> - 2.5.91.1-1
- Import libgtk-java 2.5.91.1.
libtool-1.5.14.multilib2-3.4.3
------------------------------
* Sun Feb 13 2005 Florian La Roche <laroche(a)redhat.com>
- 1.5.14 bugfix release
openoffice.org-1.1.3-6.7.0
--------------------------
* Sat Feb 12 2005 Dan Williams <dcbw(a)redhat.com> - 1.1.3-6
- Revert _another_ Novell patch that caused individual programs not to launch
pcmcia-cs-3.2.8-4.7
-------------------
* Sun Feb 13 2005 Dave Jones <davej(a)redhat.com>
- Fix up ranges on RadeonIGP workaround. (Maybe fixes #80584)
perl-RPM2-0.66-8
----------------
* Sun Feb 13 2005 Florian La Roche <laroche(a)redhat.com>
- rebuild
rcs-5.7-27
----------
* Sun Feb 13 2005 Florian La Roche <laroche(a)redhat.com>
- add spec change from #144485
rpm-4.4.1-2
-----------
* Sun Feb 13 2005 Jeff Johnson <jbj(a)jbj.org> 4.4.1-1
- don't classify files in /dev (#146623).
- don't build with sqlite3 if <sqlite3.h> is missing.
* Sat Feb 12 2005 Jeff Johnson <jbj(a)jbj.org> 4.4.1-0.24
- zlib: uniqify certain symbols to prevent name space pollution.
- macosx: include <sys/types.h> so that python sees the u_char typedef.
- macosx: change to --prefix=/usr rather than /opt/local.
- use waitpid rather than SIGCHLD reaper.
- rip out DB_PRIVATE revert if not NPTL, it's not the right thing to do.
rpmdb-fedora-1:4-0.20050214
---------------------------
slang-1.4.9-15
--------------
* Mon Feb 14 2005 Adrian Havill <havill(a)redhat.com>
- rebuilt
* Sun Aug 01 2004 Alan Cox <alan(a)redhat.com>
- fixed requires so slang-devel pulls in libtermcap-devel (#125299)
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
tclx-8.3.5-5
------------
* Sun Feb 13 2005 Jens Petersen <petersen(a)redhat.com> - 8.3.5-5
- rebuild
tix-1:8.1.4-99
--------------
* Sun Feb 13 2005 Jens Petersen <petersen(a)redhat.com> - 1:8.1.4-99
- rebuilt
ttcp-1.12-11
------------
* Sun Feb 13 2005 Florian La Roche <laroche(a)redhat.com>
- add patch from #146012
vconfig-1.8-5
-------------
* Sun Feb 13 2005 Florian La Roche <laroche(a)redhat.com>
- remove kernel dep, kernel runtime deps should go into apps, #146151
vlock-1.3-17
------------
* Mon Feb 14 2005 Adrian Havill <havill(a)redhat.com>
- rebuilt
19 years, 4 months