Asked Daniel Walsh what would be needed for a postfix2x policy. I am
wondering if we added the policy to the rpm with instructions on how
to install it would be ok?
---------- Forwarded message ----------
From: Daniel J Walsh <dwalsh(a)redhat.com>
Date: Thu, Apr 14, 2011 at 12:55
Subject: Re: newer postfix on RHEL5 (selinux policy)
To: Stephen John Smoogen <smooge(a)gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/14/2011 12:44 PM, Stephen John Smoogen wrote:
> So people in EPEL is looking at packaging a newer postfix for RHEL4/5
> as it has features they need. The problem though is with an selinux
> policy for it as we would like to have it sit in parallel directories
> and not conflict with the RHEL postfix. What would be the best ways to
> make a policy for the systems (if it can only be RHEL5 oh well).
>
Just copy he existing file context files and change the path.
In RHEL5 you could just add the labels using semanage or better would be
to install a pp file You need a one liner for postfix.te. Then just
include a postfixnew.fc file with new paths. The type definition should
remain the same. You would also need to run restorecon on the paths
after you install the policy module.
cat postfixnew.te
policy_module(postfixnew,1.0)
cat postfixnew.fc
# postfix
/etc/postfix(/.*)? gen_context(system_u:object_r:postfix_etc_t,s0)
ifdef(`distro_redhat', `
/usr/libexec/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0)
/usr/libexec/postfix/cleanup --
gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
/usr/libexec/postfix/lmtp --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/local --
gen_context(system_u:object_r:postfix_local_exec_t,s0)
/usr/libexec/postfix/master --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/libexec/postfix/pickup --
gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
/usr/libexec/postfix/(n)?qmgr --
gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/libexec/postfix/showq --
gen_context(system_u:object_r:postfix_showq_exec_t,s0)
/usr/libexec/postfix/smtp --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/scache --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/libexec/postfix/smtpd --
gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/libexec/postfix/bounce --
gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
/usr/libexec/postfix/pipe --
gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
/usr/libexec/postfix/virtual --
gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
', `
/usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0)
/usr/lib/postfix/cleanup --
gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
/usr/lib/postfix/local --
gen_context(system_u:object_r:postfix_local_exec_t,s0)
/usr/lib/postfix/master --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/lib/postfix/pickup --
gen_context(system_u:object_r:postfix_pickup_exec_t,s0)
/usr/lib/postfix/(n)?qmgr --
gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/lib/postfix/showq --
gen_context(system_u:object_r:postfix_showq_exec_t,s0)
/usr/lib/postfix/smtp --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/lmtp --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/scache --
gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/smtpd --
gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce --
gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
/usr/lib/postfix/pipe --
gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
')
/etc/postfix/postfix-script.* --
gen_context(system_u:object_r:postfix_exec_t,s0)
/etc/postfix/prng_exch -- gen_context(system_u:object_r:postfix_prng_t,s0)
/usr/sbin/postalias --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postdrop --
gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
/usr/sbin/postfix --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postlock --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postlog --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postmap --
gen_context(system_u:object_r:postfix_map_exec_t,s0)
/usr/sbin/postqueue --
gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
/usr/sbin/postsuper --
gen_context(system_u:object_r:postfix_master_exec_t,s0)
/var/lib/postfix(/.*)?
gen_context(system_u:object_r:postfix_var_lib_t,s0)
/var/run/postfix(/.*)?
gen_context(system_u:object_r:postfix_var_run_t,s0)
/var/spool/postfix(/.*)?
gen_context(system_u:object_r:postfix_spool_t,s0)
/var/spool/postfix/maildrop(/.*)?
gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
/var/spool/postfix/pid/.*
gen_context(system_u:object_r:postfix_var_run_t,s0)
/var/spool/postfix/private(/.*)?
gen_context(system_u:object_r:postfix_private_t,s0)
/var/spool/postfix/public(/.*)?
gen_context(system_u:object_r:postfix_public_t,s0)
/var/spool/postfix/bounce(/.*)?
gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
/var/spool/postfix/flush(/.*)?
gen_context(system_u:object_r:postfix_spool_flush_t,s0)
dwalsh@lo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2nQyEACgkQrlYvE4MpobOYOwCgwZslQGC0Xn/t3ql3TpoyWNKg
lYwAn34zsszGEnTQS2pFSzuvlQQNXe6Z
=CrdE
-----END PGP SIGNATURE-----
--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren
The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.el6https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6https://admin.fedoraproject.org/updates/libmodplug-0.8.8.2-1.el6https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el6https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el6https://admin.fedoraproject.org/updates/tmux-1.4-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
chm2pdf-0.9.1-8.el6
gdl-0.9.1-1.el6
maatkit-7332-1.el6
ntfs-3g-2011.4.12-1.el6
perl-IO-Multiplex-1.13-1.el6
python-rhev-0.9-1.20110316git.el6
rubygem-kwalify-0.7.2-3.el6
Details about builds:
================================================================================
chm2pdf-0.9.1-8.el6 (FEDORA-EPEL-2011-3071)
A tool to convert CHM files to PDF files
--------------------------------------------------------------------------------
Update Information:
This update fixes security bugs #474455 and #474457. The security issue is about unsafe use of fixed temporary directories by chm2pdf.
This update will break --dontextract option. The option will not be shown in the list of available options.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #474455 - CVE-2008-5298 chm2pdf insecure temporary file use
https://bugzilla.redhat.com/show_bug.cgi?id=474455
[ 2 ] Bug #474457 - CVE-2008-5299 chm2pdf insecure temporary file symlink flaw
https://bugzilla.redhat.com/show_bug.cgi?id=474457
--------------------------------------------------------------------------------
================================================================================
gdl-0.9.1-1.el6 (FEDORA-EPEL-2011-3080)
GNU Data Language
--------------------------------------------------------------------------------
================================================================================
maatkit-7332-1.el6 (FEDORA-EPEL-2011-3070)
Essential command-line utilities for MySQL
--------------------------------------------------------------------------------
Update Information:
Update to latest feature and bugfix release.
OBS: There are two non-backwards compatible changes since the previous el6 build (6457). Releasenotes for v6652 says:
Two non-backwards compatible changes in mk-table-checksum: --no-use-index is now --nouse-index, and --chunk-index is only used if a chunkable column uses it.
http://code.google.com/p/maatkit/wiki/ReleaseNotesJuly2010
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 13 2011 Sven Lankes <sven(a)lank.es> - 7332-1
- new upstream release
- remove buildroot tags from spec
- Filter out requires brought in by new rpm dependency generator
* Sun Feb 13 2011 Sven Lankes <sven(a)lank.es> - 7284-1
- new upstream release
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 6839-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Aug 29 2010 Sven Lankes <sven(a)lank.es> - 6839-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
ntfs-3g-2011.4.12-1.el6 (FEDORA-EPEL-2011-3081)
Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:
Update to ntfs-3g 2011.4.12. This release also merged with ntfsprogs, which is now a subpackage of ntfs-3g.
STABLE Version 2011.4.12 (April 10, 2011)
ntfs-3g: fixed possible wrong hole size when overwriting compressed data.
ntfs-3g: fixed listxattr() to environments with extended attributes.
ntfs-3g: fixed ENOSPC when making an index non-resident.
ntfs-3g: fixed partial mapping ahead of mapped runlist.
ntfs-3g: enabled forensic mounting (currently same as read-only).
ntfs-3g: expand an attribute without creating a hole.
ntfs-3g: improved appending data to a long hole.
ntfs-3g: deny direct modifications to metadata files.
ntfs-3g: option ‘acl’ to request the use of Posix ACLs.
ntfsclone: fixed reading old big-endian ntfsclone images.
ntfsclone: avoided writing beyond allocated variable.
ntfsclone: close volume and cleanup when exiting.
ntfsclone: new option not to clear the timestamps.
ntfsclone: sync created image before remounting.
ntfsclone: use a stream to produce aligned writes during image creation.
ntfsinfo: display times in UTC.
mkntfs: don’t store full bitmap and logfile in memory.
mkntfs: set a volume UUID if option -U.
mkntfs: fixed $MFT allocated size.
mkntfs: fixed allocated size of resident unnamed data.
ntfsfix: new option -n for no action.
ntfsfix: try alternate boot sector if cannot start up.
ntfsfix: check and fix the upcase table.
ntfsfix: try to fix file systems with incorrect size.
ntfsundelete: fixed a segfault.
ntfsresize: new option –info-mb-only.
ntfsresize: new option –check.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Tom Callaway <spot(a)fedoraproject.org> - 2:2011.4.12-1
- update to 2011.4.12
- pickup ntfsprogs and obsolete the old separate packages
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2:2011.1.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #696577 - ntfs-3g-2011.4.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=696577
[ 2 ] Bug #695531 - ntfsprogs is deprecated
https://bugzilla.redhat.com/show_bug.cgi?id=695531
--------------------------------------------------------------------------------
================================================================================
perl-IO-Multiplex-1.13-1.el6 (FEDORA-EPEL-2011-3077)
Manage IO on many file handles
--------------------------------------------------------------------------------
Update Information:
This update, to the current upstream release, fixes handling of outbuffer that contains '0' (see https://rt.cpan.org/Public/Bug/Display.html?id=67458)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 15 2011 Paul Howarth <paul(a)city-fan.org> - 1.13-1
- Update to 1.13
- Fix handling of outbuf that contains '0' (CPAN RT#67458)
- Nobody else likes macros for commands
--------------------------------------------------------------------------------
================================================================================
python-rhev-0.9-1.20110316git.el6 (FEDORA-EPEL-2011-3073)
Python binding to Red Hat Enterprise Virtualization's REST API
--------------------------------------------------------------------------------
Update Information:
Python binding to Red Hat Enterprise Virtualization's REST API
--------------------------------------------------------------------------------
================================================================================
rubygem-kwalify-0.7.2-3.el6 (FEDORA-EPEL-2011-3078)
A parser, schema validator, and data-binding tool for YAML and JSON
--------------------------------------------------------------------------------
Update Information:
New package: rubygem-kwalify - A parser and schema validator for YAML and JSON
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #692466 - Review Request: rubygem-kwalify - A parser and schema validator for YAML and JSON
https://bugzilla.redhat.com/show_bug.cgi?id=692466
--------------------------------------------------------------------------------
The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/rt3-3.6.10-2.el5https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-5.el5https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.el5https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el5https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el5https://admin.fedoraproject.org/updates/tmux-1.4-3.el5.1
The following builds have been pushed to Fedora EPEL 5 updates-testing
389-ds-base-1.2.8.2-1.el5
apcupsd-3.14.8-1.el5
chm2pdf-0.9.1-5.el5
ntfs-3g-2011.4.12-1.el5.1
rubygem-kwalify-0.7.2-3.el5
Details about builds:
================================================================================
389-ds-base-1.2.8.2-1.el5 (FEDORA-EPEL-2011-3076)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
The 389-ds-base-1.2.8.2 release - fix bug 696407
The 389-ds-base-1.2.8.1 release
This is the 389-ds-base-1.2.8.0 release - some bug fixes for winsync
and matching rules and schema
The 389-ds-base-1.2.8.rc5 release - Fix a bug in settting up GSSAPI replication
This is the 1.2.8 release candidate 4 release
This is 389-ds-base-1.2.8 RC 2 - this fixes several bugs found in alpha and RC 1 testing
This is the 389-ds-base-1.2.8 release candidate 1 build
Split off 389-ds-base-libs to solve multilib issues
1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
see bugs for a list of bugs fixed
This is the 1.2.8 alpha 2 release - many bug fixes
389-ds-base 1.2.8 alpha 1
contains many bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8.2-1
- 389-ds-base-1.2.8.2
- Bug 696407 - If an entry with a mixed case RDN is turned to be
- a tombstone, it fails to assemble DN from entryrdn
* Fri Apr 8 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8.1-1
- 389-ds-base-1.2.8.1
- Bug 693962 - Full replica push loses some entries with multi-valued RDNs
* Tue Apr 5 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8.0-1
- 389-ds-base-1.2.8.0
- Bug 693473 - rhds82 rfe - windows_tot_run to log Sizelimit exceeded instead of LDAP error - -1
- Bug 692991 - rhds82 - windows_tot_run: failed to obtain data to send to the consumer; LDAP error - -1
- Bug 693466 - Unable to change schema online
- Bug 693503 - matching rules do not inherit from superior attribute type
- Bug 693455 - nsMatchingRule does not work with multiple values
- Bug 693451 - cannot use localized matching rules
- Bug 692331 - Segfault on index update during full replication push on 1.2.7.5
* Mon Apr 4 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.9.rc5
- 389-ds-base-1.2.8.rc5
- Bug 692469 - Replica install fails after step for "enable GSSAPI for replication"
* Tue Mar 29 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.8.rc4
- 389-ds-base-1.2.8.rc4
- Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv
ice is restarted
- 389-ds-base-1.2.8.rc3
- Bug 690955 - Mrclone fails due to the replica generation id mismatch
* Tue Mar 22 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.7.rc2
- 389-ds-base-1.2.8 release candidate 2 - git tag 389-ds-base-1.2.8.rc2
- Bug 689537 - (cov#10610) Fix Coverity NULL pointer dereferences
- Bug 689866 - ns-newpwpolicy.pl needs to use the new DN format
- Bug 681015 - RFE: allow fine grained password policy duration attributes
- in days, hours, minutes, as well
- Bug 684996 - Exported tombstone cannot be imported correctly
- Bug 683250 - slapd crashing when traffic replayed
- Bug 668909 - Can't modify replication agreement in some cases
- Bug 504803 - Allow maxlogsize to be set if logmaxdiskspace is -1
- Bug 644784 - Memory leak in "testbind.c" plugin
- Bug 680558 - Winsync plugin fails to restrain itself to the configured subtree
* Wed Mar 2 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.6.rc1
- 389-ds-base-1.2.8 release candidate 1 - git tag 389-ds-base-1.2.8.rc1
- Bug 518890 - setup-ds-admin.pl - improve hostname validation
- Bug 681015 - RFE: allow fine grained password policy duration attributes in
- days, hours, minutes, as well
- Bug 514190 - setup-ds-admin.pl --debug does not log to file
- Bug 680555 - ns-slapd segfaults if I have more than 100 DBs
- Bug 681345 - setup-ds.pl should set SuiteSpotGroup automatically
- Bug 674852 - crash in ldap-agent when using OpenLDAP
- Bug 679978 - modifying attr value crashes the server, which is supposed to
- be indexed as substring type, but has octetstring syntax
- Bug 676655 - winsync stops working after server restart
- Bug 677705 - ds-logpipe.py script is failing to validate "-s" and
- "--serverpid" options with "-t".
- Bug 625424 - repl-monitor.pl doesn't work in hub node
* Mon Feb 28 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.5.a3
- Bug 676598 - 389-ds-base multilib: file conflicts
- split off libs into a separate -libs package
* Thu Feb 24 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.4.a3
- do not create /var/run/dirsrv - setup will create it instead
- remove the fedora-ds initscript upgrade stuff - we do not support that anymore
- convert the remaining lua stuff to plain old shell script
* Wed Feb 9 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.3.a3
- 1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
- Bug 675320 - empty modify operation with repl on or lastmod off will crash server
- Bug 675265 - preventryusn gets added to entries on a failed delete
- Bug 677774 - added support for tmpfiles.d
- Bug 666076 - dirsrv crash (1.2.7.5) with multiple simple paged result search
es
- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
- Bug 671199 - Don't allow other to write to rundir
- Bug 678646 - Ignore tombstone operations in managed entry plug-in
- Bug 676053 - export task followed by import task causes cache assertion
- Bug 677440 - clean up compiler warnings in 389-ds-base 1.2.8
- Bug 675113 - ns-slapd core dump in windows_tot_run if oneway sync is used
- Bug 676689 - crash while adding a new user to be synced to windows
- Bug 604881 - admin server log files have incorrect permissions/ownerships
- Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv
ice is restarted
- Bug 675853 - dirsrv crash segfault in need_new_pw()
* Thu Feb 3 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8-0.2.a2
- 1.2.8.a2 release - git tag 389-ds-base-1.2.8.a2
- Bug 674430 - Improve error messages for attribute uniqueness
- Bug 616213 - insufficient stack size for HP-UX on PA-RISC
- Bug 615052 - intrinsics and 64-bit atomics code fails to compile
- on PA-RISC
- Bug 151705 - Need to update Console Cipher Preferences with new ciphers
- Bug 668862 - init scripts return wrong error code
- Bug 670616 - Allow SSF to be set for local (ldapi) connections
- Bug 667935 - DS pipe log script's logregex.py plugin is not redirecting the
- log output to the text file
- Bug 668619 - slapd stops responding
- Bug 624547 - attrcrypt should query the given slot/token for
- supported ciphers
- Bug 646381 - Faulty password for nsmultiplexorcredentials does not give any
- error message in logs
* Fri Jan 21 2011 Nathan Kinder <nkinder(a)redhat.com> - 1.2.8-0.1.a1
- 1.2.8-0.1.a1 release - git tag 389-ds-base-1.2.8.a1
- many bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #696407 - If an entry with a mixed case RDN is turned to be a tombstone, it fails to assemble DN from entryrdn
https://bugzilla.redhat.com/show_bug.cgi?id=696407
[ 2 ] Bug #693962 - Full replica push loses some entries with multi-valued RDNs
https://bugzilla.redhat.com/show_bug.cgi?id=693962
--------------------------------------------------------------------------------
================================================================================
apcupsd-3.14.8-1.el5 (FEDORA-EPEL-2011-3079)
APC UPS Power Control Daemon for Linux
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 15 2011 Michal Hlavinka <mhlavink(a)redhat.com> - 3.14.8-1
- update apcupsd to 3.14.8 (fixes #696722)
* Wed Feb 9 2011 Michal Hlavinka <mhlavink(a)redhat.com> - 3.14.0-5
- add readme file to doc explaining needed configuration of halt script
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #696722 - apcupsd dies with "FATAL ERROR in newups.c [...] Mutex lock failure. ERR=Invalid argument" after a while
https://bugzilla.redhat.com/show_bug.cgi?id=696722
--------------------------------------------------------------------------------
================================================================================
chm2pdf-0.9.1-5.el5 (FEDORA-EPEL-2011-3082)
A tool to convert CHM files to PDF files
--------------------------------------------------------------------------------
Update Information:
This update fixes security bugs #474455 and #474457. The security issue is about unsafe use of fixed temporary directories by chm2pdf.
This update will break --dontextract option. The option will not be shown in the list of available options.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #474455 - CVE-2008-5298 chm2pdf insecure temporary file use
https://bugzilla.redhat.com/show_bug.cgi?id=474455
[ 2 ] Bug #474457 - CVE-2008-5299 chm2pdf insecure temporary file symlink flaw
https://bugzilla.redhat.com/show_bug.cgi?id=474457
--------------------------------------------------------------------------------
================================================================================
ntfs-3g-2011.4.12-1.el5.1 (FEDORA-EPEL-2011-3072)
Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:
Update to ntfs-3g 2011.4.12. This release also merged with ntfsprogs, which is now a subpackage of ntfs-3g.
STABLE Version 2011.4.12 (April 10, 2011)
ntfs-3g: fixed possible wrong hole size when overwriting compressed data.
ntfs-3g: fixed listxattr() to environments with extended attributes.
ntfs-3g: fixed ENOSPC when making an index non-resident.
ntfs-3g: fixed partial mapping ahead of mapped runlist.
ntfs-3g: enabled forensic mounting (currently same as read-only).
ntfs-3g: expand an attribute without creating a hole.
ntfs-3g: improved appending data to a long hole.
ntfs-3g: deny direct modifications to metadata files.
ntfs-3g: option ‘acl’ to request the use of Posix ACLs.
ntfsclone: fixed reading old big-endian ntfsclone images.
ntfsclone: avoided writing beyond allocated variable.
ntfsclone: close volume and cleanup when exiting.
ntfsclone: new option not to clear the timestamps.
ntfsclone: sync created image before remounting.
ntfsclone: use a stream to produce aligned writes during image creation.
ntfsinfo: display times in UTC.
mkntfs: don’t store full bitmap and logfile in memory.
mkntfs: set a volume UUID if option -U.
mkntfs: fixed $MFT allocated size.
mkntfs: fixed allocated size of resident unnamed data.
ntfsfix: new option -n for no action.
ntfsfix: try alternate boot sector if cannot start up.
ntfsfix: check and fix the upcase table.
ntfsfix: try to fix file systems with incorrect size.
ntfsundelete: fixed a segfault.
ntfsresize: new option –info-mb-only.
ntfsresize: new option –check.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Tom Callaway <spot(a)fedoraproject.org> - 2:2011.4.12-1.1
- fix up BR for el5
- drop ntfsdecrypt (gnutls is too old in el5)
* Thu Apr 14 2011 Tom Callaway <spot(a)fedoraproject.org> - 2:2011.4.12-1
- update to 2011.4.12
- pickup ntfsprogs and obsolete the old separate packages
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2:2011.1.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #696577 - ntfs-3g-2011.4.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=696577
[ 2 ] Bug #695531 - ntfsprogs is deprecated
https://bugzilla.redhat.com/show_bug.cgi?id=695531
--------------------------------------------------------------------------------
================================================================================
rubygem-kwalify-0.7.2-3.el5 (FEDORA-EPEL-2011-3075)
A parser, schema validator, and data-binding tool for YAML and JSON
--------------------------------------------------------------------------------
Update Information:
New package: rubygem-kwalify - A parser and schema validator for YAML and JSON
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #692466 - Review Request: rubygem-kwalify - A parser and schema validator for YAML and JSON
https://bugzilla.redhat.com/show_bug.cgi?id=692466
--------------------------------------------------------------------------------
The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
wxGTK-2.8.12-1.el4
Details about builds:
================================================================================
wxGTK-2.8.12-1.el4 (FEDORA-EPEL-2011-3074)
GTK2 port of the wxWidgets GUI library
--------------------------------------------------------------------------------
Update Information:
update to new bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Dan Horák <dan[at]danny.cz> - 2.8.12-1
- updated to 2.8.12
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6https://admin.fedoraproject.org/updates/libmodplug-0.8.8.2-1.el6https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el6https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el6https://admin.fedoraproject.org/updates/tmux-1.4-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
collectl-3.5.0-1.el6
mrbs-1.4.6-1.el6
uboot-tools-2011.03-1.el6
wxGTK-2.8.12-1.el6
Details about builds:
================================================================================
collectl-3.5.0-1.el6 (FEDORA-EPEL-2011-3064)
A utility to collect various Linux performance data
--------------------------------------------------------------------------------
Update Information:
update to upstream version 3.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 25 2011 Dan Horák <dan[at]danny.cz> 3.5.0-1
- upgrade to upstream version 3.5.0
--------------------------------------------------------------------------------
================================================================================
mrbs-1.4.6-1.el6 (FEDORA-EPEL-2011-3065)
Meeting Room Booking System
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.6.
See upstream changelog for details : http://mrbs.sourceforge.net/view_text.php?section=NEWS&file=NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 11 2011 Xavier Bachelot <xavier(a)bachelot.org> 1.4.6-1
- Update to 1.4.6.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Dec 3 2010 Xavier Bachelot <xavier(a)bachelot.org> 1.4.5-1
- Update to 1.4.5.
--------------------------------------------------------------------------------
================================================================================
uboot-tools-2011.03-1.el6 (FEDORA-EPEL-2011-3068)
U-Boot utilities
--------------------------------------------------------------------------------
Update Information:
- updated mkimage to U-Boot 2011-03
- added man page and some docs
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Dan Horák <dan[at]danny.cz> - 2011.03-1
- updated to to 2011.03
- build the tool for manipulation with environment only on arm
--------------------------------------------------------------------------------
================================================================================
wxGTK-2.8.12-1.el6 (FEDORA-EPEL-2011-3062)
GTK2 port of the wxWidgets GUI library
--------------------------------------------------------------------------------
Update Information:
update to new bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Dan Horák <dan[at]danny.cz> - 2.8.12-1
- updated to 2.8.12
--------------------------------------------------------------------------------
The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/rt3-3.6.10-2.el5https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.el5https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el5https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el5https://admin.fedoraproject.org/updates/tmux-1.4-3.el5.1
The following builds have been pushed to Fedora EPEL 5 updates-testing
collectl-3.5.0-1.el5
mrbs-1.4.6-1.el5
uboot-tools-2011.03-1.el5
wxGTK-2.8.12-1.el5
Details about builds:
================================================================================
collectl-3.5.0-1.el5 (FEDORA-EPEL-2011-3069)
A utility to collect various Linux performance data
--------------------------------------------------------------------------------
Update Information:
update to upstream version 3.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 25 2011 Dan Horák <dan[at]danny.cz> 3.5.0-1
- upgrade to upstream version 3.5.0
--------------------------------------------------------------------------------
================================================================================
mrbs-1.4.6-1.el5 (FEDORA-EPEL-2011-3066)
Meeting Room Booking System
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.6.
See upstream changelog for details : http://mrbs.sourceforge.net/view_text.php?section=NEWS&file=NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 11 2011 Xavier Bachelot <xavier(a)bachelot.org> 1.4.6-1
- Update to 1.4.6.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Dec 3 2010 Xavier Bachelot <xavier(a)bachelot.org> 1.4.5-1
- Update to 1.4.5.
--------------------------------------------------------------------------------
================================================================================
uboot-tools-2011.03-1.el5 (FEDORA-EPEL-2011-3067)
U-Boot utilities
--------------------------------------------------------------------------------
Update Information:
- updated mkimage to U-Boot 2011-03
- added man page and some docs
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Dan Horák <dan[at]danny.cz> - 2011.03-1
- updated to to 2011.03
- build the tool for manipulation with environment only on arm
--------------------------------------------------------------------------------
================================================================================
wxGTK-2.8.12-1.el5 (FEDORA-EPEL-2011-3063)
GTK2 port of the wxWidgets GUI library
--------------------------------------------------------------------------------
Update Information:
update to new bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2011 Dan Horák <dan[at]danny.cz> - 2.8.12-1
- updated to 2.8.12
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/clamav-0.97-12.el6https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6https://admin.fedoraproject.org/updates/libmodplug-0.8.8.2-1.el6https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el6https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el6https://admin.fedoraproject.org/updates/tmux-1.4-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
django-dpaste-0.2.4-3.el6
django-mptt-0.4.2-2.el6
django-simple-captcha-0.2.0-4.el6
fedora-packager-0.5.8.1-1.el6
fpaste-server-0.1-3.el6
libmodplug-0.8.8.2-1.el6
mod_auth_pam-1.1.1-9.el6
perl-File-Map-0.31-4.el6.1
python-fedora-0.3.21-1.el6
Details about builds:
================================================================================
django-dpaste-0.2.4-3.el6 (FEDORA-EPEL-2011-3051)
Dpaste is a code paste-bin application using Django
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
================================================================================
django-mptt-0.4.2-2.el6 (FEDORA-EPEL-2011-3053)
Utilities for implementing Modified Preorder Tree Traversal
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
================================================================================
django-simple-captcha-0.2.0-4.el6 (FEDORA-EPEL-2011-3059)
Django application to add captcha images to any Django form
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
================================================================================
fedora-packager-0.5.8.1-1.el6 (FEDORA-EPEL-2011-3047)
Tools for setting up a fedora maintainer environment
--------------------------------------------------------------------------------
Update Information:
New upstream bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 9 2011 Jesse Keating <jkeating(a)redhat.com> - 0.5.8.1-1
- Man page comment syntax fix. (ville.skytta)
- Make sure the bodhi.template file got written out (#683602) (jkeating)
- Wrap the diff in a try (#681789) (jkeating)
- Don't try to upload directories. (#689947) (jkeating)
- Fix tag-request (#684418) (jkeating)
* Fri Mar 4 2011 Jesse Keating <jkeating(a)redhat.com> - 0.5.7.0-1
- If chain has sets, handle them right (#679126) (jkeating)
- Fix "fedpkg help" command (make it work again) (#681242) (hun)
- Always generate a new srpm (#681359) (jkeating)
- Fix up uses of path (ticket #96) (jkeating)
- Clean up hardcoded "origin" (ticket #95) (jkeating)
- Fix obvious error in definition of curl command (pebolle)
* Wed Feb 23 2011 Jesse Keating <jkeating(a)redhat.com> - 0.5.6.0-1
- Fix improper use of strip() (jkeating)
- Improve the way we detect branch data (jkeating)
- Fix clone to work with old/new branch styles (jkeating)
- Add new and old support to switch_branches (jkeating)
- Update the regexes used for finding branches (jkeating)
- Don't use temporary editor files for spec (#677121) (jkeating)
- fedpkg requires rpm-build (#676973) (jkeating)
- Don't error out just from stderr from rpm (jkeating)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #683602 - [abrt] fedpkg-0.5.5.0-2.fc14: __init__.py:87:_hash_file:IOError: [Errno 2] No such file or directory: 'bodhi.template'
https://bugzilla.redhat.com/show_bug.cgi?id=683602
[ 2 ] Bug #681789 - [abrt] fedpkg-0.5.5.0-2.fc14: __init__.py:191:_run_command:FedpkgError
https://bugzilla.redhat.com/show_bug.cgi?id=681789
[ 3 ] Bug #689947 - RFE: don't add a line in .gitignore if the file is already ignored by git
https://bugzilla.redhat.com/show_bug.cgi?id=689947
[ 4 ] Bug #685107 - [abrt] fedpkg-0.5.6.0-1.fc14: __init__.py:90:_hash_file:IOError: [Errno 21] Is a directory: 'Biostrings'
https://bugzilla.redhat.com/show_bug.cgi?id=685107
--------------------------------------------------------------------------------
================================================================================
fpaste-server-0.1-3.el6 (FEDORA-EPEL-2011-3049)
Fedora Pastebin
--------------------------------------------------------------------------------
Update Information:
Initial import
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #676175 - Review Request: fpaste-server - Fedora Pastebin
https://bugzilla.redhat.com/show_bug.cgi?id=676175
--------------------------------------------------------------------------------
================================================================================
libmodplug-0.8.8.2-1.el6 (FEDORA-EPEL-2011-3052)
Modplug mod music file format library
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 0.8.8.2 (CVE-2011-1574).
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 2 2011 Ville Skyttä <ville.skytta(a)iki.fi> - 1:0.8.8.2-1
- Update to 0.8.8.2.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:0.8.8.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #695420 - CVE-2011-1574 libmodplug: ReadS3M stack overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=695420
--------------------------------------------------------------------------------
================================================================================
mod_auth_pam-1.1.1-9.el6 (FEDORA-EPEL-2011-3046)
PAM authentication module for Apache
--------------------------------------------------------------------------------
================================================================================
perl-File-Map-0.31-4.el6.1 (FEDORA-EPEL-2011-3055)
Memory mapping made simple and safe
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3.21-1.el6 (FEDORA-EPEL-2011-3048)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 11 2011 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.21-1
- Upstream 0.3.21 release
* Mon Feb 28 2011 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.21-0.a1
- 0.3.21 alpha1 release.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.3.20-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Aug 3 2010 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.20-4
- Add the cherrypy and TG reqs back as their rebuilt now.
* Tue Jul 27 2010 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.20-3
- Remove some requires so that we will work on python-2.7. The other libraries
have not yet been rebuilt for python-2.7
* Thu Jul 22 2010 David Malcolm <dmalcolm(a)redhat.com> - 0.3.20-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/rt3-3.6.10-2.el5https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.el5https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.el5https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.el5https://admin.fedoraproject.org/updates/tmux-1.4-3.el5.1
The following builds have been pushed to Fedora EPEL 5 updates-testing
django-dpaste-0.2.4-3.el5
django-mptt-0.4.2-2.el5
django-simple-captcha-0.2.0-4.el5
fedora-packager-0.5.8.1-1.el5
libmodplug-0.8.7-3.el5
python-fedora-0.3.21-1.el5
Details about builds:
================================================================================
django-dpaste-0.2.4-3.el5 (FEDORA-EPEL-2011-3056)
Dpaste is a code paste-bin application using Django
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
================================================================================
django-mptt-0.4.2-2.el5 (FEDORA-EPEL-2011-3058)
Utilities for implementing Modified Preorder Tree Traversal
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
================================================================================
django-simple-captcha-0.2.0-4.el5 (FEDORA-EPEL-2011-3045)
Django application to add captcha images to any Django form
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
================================================================================
fedora-packager-0.5.8.1-1.el5 (FEDORA-EPEL-2011-3050)
Tools for setting up a fedora maintainer environment
--------------------------------------------------------------------------------
Update Information:
New upstream bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 9 2011 Jesse Keating <jkeating(a)redhat.com> - 0.5.8.1-1
- Man page comment syntax fix. (ville.skytta)
- Make sure the bodhi.template file got written out (#683602) (jkeating)
- Wrap the diff in a try (#681789) (jkeating)
- Don't try to upload directories. (#689947) (jkeating)
- Fix tag-request (#684418) (jkeating)
* Fri Mar 4 2011 Jesse Keating <jkeating(a)redhat.com> - 0.5.7.0-1
- If chain has sets, handle them right (#679126) (jkeating)
- Fix "fedpkg help" command (make it work again) (#681242) (hun)
- Always generate a new srpm (#681359) (jkeating)
- Fix up uses of path (ticket #96) (jkeating)
- Clean up hardcoded "origin" (ticket #95) (jkeating)
- Fix obvious error in definition of curl command (pebolle)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #683602 - [abrt] fedpkg-0.5.5.0-2.fc14: __init__.py:87:_hash_file:IOError: [Errno 2] No such file or directory: 'bodhi.template'
https://bugzilla.redhat.com/show_bug.cgi?id=683602
[ 2 ] Bug #681789 - [abrt] fedpkg-0.5.5.0-2.fc14: __init__.py:191:_run_command:FedpkgError
https://bugzilla.redhat.com/show_bug.cgi?id=681789
[ 3 ] Bug #689947 - RFE: don't add a line in .gitignore if the file is already ignored by git
https://bugzilla.redhat.com/show_bug.cgi?id=689947
[ 4 ] Bug #685107 - [abrt] fedpkg-0.5.6.0-1.fc14: __init__.py:90:_hash_file:IOError: [Errno 21] Is a directory: 'Biostrings'
https://bugzilla.redhat.com/show_bug.cgi?id=685107
--------------------------------------------------------------------------------
================================================================================
libmodplug-0.8.7-3.el5 (FEDORA-EPEL-2011-3057)
Modplug mod music file format library
--------------------------------------------------------------------------------
Update Information:
Apply upstream fix for stack-based buffer overflow on S3M read (CVE-2011-1574).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 11 2011 Ville Skyttä <ville.skytta(a)iki.fi> - 1:0.8.7-3
- Apply upstream fix for stack-based buffer overflow on S3M read (#695420).
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1:0.8.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #695420 - CVE-2011-1574 libmodplug: ReadS3M stack overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=695420
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3.21-1.el5 (FEDORA-EPEL-2011-3054)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 11 2011 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.21-1
- Upstream 0.3.21 release
* Mon Feb 28 2011 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.21-0.a1
- 0.3.21 alpha1 release.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.3.20-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Aug 3 2010 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.20-4
- Add the cherrypy and TG reqs back as their rebuilt now.
* Tue Jul 27 2010 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.20-3
- Remove some requires so that we will work on python-2.7. The other libraries
have not yet been rebuilt for python-2.7
* Thu Jul 22 2010 David Malcolm <dmalcolm(a)redhat.com> - 0.3.20-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
==================================
#fedora-meeting: EPEL (2011-04-11)
==================================
Meeting started by nirik at 19:30:07 UTC. The full logs are available at
http://meetbot.fedoraproject.org/fedora-meeting/2011-04-11/epel.2011-04-11-…
Meeting summary
---------------
* init process/agenda (nirik, 19:30:07)
* LINK: https://bugzilla.redhat.com/show_bug.cgi?id=694673 - I've a
package that is similar to postgresql vs postgresql83 or php vs
php53 - does this work in EPEL, too? A /etc/postfix26 etc. causes
SELinux trouble :( (rsc_, 19:38:42)
* parallel installable packages (postfix) (nirik, 19:39:19)
* LINK: http://fedoraproject.org/wiki/Packaging:Conflicts is the
Fedora guideline. (nirik, 19:55:34)
* ACTION: will post to the list about conflicts and epel packages.
(nirik, 20:02:36)
* Open Floor (nirik, 20:10:32)
Meeting ended at 20:15:16 UTC.
Action Items
------------
* will post to the list about conflicts and epel packages.
Action Items, by person
-----------------------
* **UNASSIGNED**
* will post to the list about conflicts and epel packages.
People Present (lines said)
---------------------------
* nirik (41)
* smooge (21)
* rsc_ (19)
* nb (8)
* tremble (5)
* zodbot (4)
* skvidal (3)
* fenrus02 (1)
* abadger1999 (1)
* Southern_Gentlem (1)
* dgilmore (1)
--
19:30:07 <nirik> #startmeeting EPEL (2011-04-11)
19:30:07 <zodbot> Meeting started Mon Apr 11 19:30:07 2011 UTC. The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:30:07 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:30:07 <nirik> #meetingname epel
19:30:07 <nirik> #topic init process/agenda
19:30:07 <nirik> #chair smooge tremble
19:30:07 <nirik> EPEL meeting ping abadger1999 rsc stahnma tremble dgilmore smooge nb maxamillion tremble Jeff_S
19:30:07 <zodbot> The meeting name has been set to 'epel'
19:30:07 <zodbot> Current chairs: nirik smooge tremble
19:30:14 * abadger1999 here
19:31:07 * rsc_ 's around, too
19:32:07 * nb
19:32:33 <nirik> cool. Anyone have topics for today?
19:32:45 * dgilmore has no topics
19:32:48 <rsc_> except that I miss CentOS 6, not :)
19:32:51 <nb> clamav is in stable
19:32:58 <smooge> here
19:33:10 <nb> -12 (latest) is in el4 and el5, -11 (which only has a small bug with i forget what it was) is in el6
19:33:12 <smooge> I will be working on xfce
19:33:20 <nb> karma for -12 in el6 is welcome
19:33:39 <nirik> smooge: oh yeah? I have been poking at it as time permits, but more help would be very welcome.
19:34:22 <nirik> smooge: epel5 should have the base packages done, but is waiting on cwickert for which plugins we can ship.
19:34:30 <rsc_> nb: testing with EL-6 is still hard, because most servers still run CentOS 5, I think
19:34:33 <nirik> on epel6, I need to try and build the 4.8 stack.
19:35:01 <smooge> plugins we can ship?
19:35:05 <nb> rsc_, true
19:35:24 <rsc_> nb: can't we build CentOS as part of EPEL? :)
19:35:25 <smooge> my plan is to get my home system able to build stuff again in mock and then attack the 4.8 as a mass rebuild
19:36:05 <nirik> smooge: well, epel5 is way too old for some of the plugins... or things are missing. epel6 might have better luck...
19:36:16 <skvidal> rsc_: haha
19:36:25 <nb> rsc_, it'd be nice :)
19:36:41 <smooge> yeah. I figured 4.6 for el5 and 4.8 for el6
19:36:46 <nb> rsc_, i kinda wonder how feasible that would be
19:36:48 <smooge> or is that too far off
19:36:56 <nb> rsc_, although i doubt redhat would like it
19:36:59 * nirik nods. Exactly what I was thinking too.
19:37:17 <rsc_> nb: what's redhat? *hides* ;)
19:37:21 <nirik> well, currently EPEL doesn't replace base packages, so it's not very feasable. ;)
19:37:36 <rsc_> ah, but if we're all together...
19:38:42 <rsc_> https://bugzilla.redhat.com/show_bug.cgi?id=694673 - I've a package that is similar to postgresql vs postgresql83 or php vs php53 - does this work in EPEL, too? A /etc/postfix26 etc. causes SELinux trouble :(
19:39:19 <nirik> #topic parallel installable packages (postfix)
19:39:51 <nirik> rsc_: well, thats a tough one.
19:40:09 <nirik> we want different version packages like that to parallel install...
19:40:21 <nirik> but as you note those ones above don't in base RHEL
19:40:29 <rsc_> nirik: I am forced to postfix > 2.3 in that case. And you know, having postfix 2.3 + 2.6 doesn't make sense...
19:41:08 <nirik> can you not just go to rhel6? or you must have this on rhel5?
19:41:28 <rsc_> this must be RHEL 5, because HyperV vs RHEL 6 is unsupported for at least 1+ year :(
19:41:59 <tremble> It is? Surprised it's taking them that long.
19:42:14 <nirik> yeah, that seems slow.
19:42:46 <rsc_> tremble: well, it works as long as you don't need paravirtualized drivers as in supported at all. And from what I got when playing with upstream stuff, it is broken. Thus RHEL 5 :/
19:42:48 <nirik> anyhow, I really don't like the idea of conflicting with base packages. ;(
19:43:36 <smooge> well lets look at it this way.
19:43:48 <nirik> even if rhel does it... I don't think we should.
19:43:49 <rsc_> nirik: I know...ideas? /etc/postfix26, postconf26, /var/spool/postfix26 etc. isn't funny too - especially it requires SELinux exceptions while it now works without any additional SELinux rule here
19:43:51 <smooge> can one do a yum install * in RHEL5/6 by default?
19:44:01 <rsc_> smooge: no, will fail anyway ;)
19:44:07 <skvidal> smooge: pretty sure 'no'
19:44:15 <nirik> I doubt it too.
19:44:20 <tremble> smooge: No
19:44:27 <smooge> so ... as long as we don't override a RHEL package and just conflict is that a problem?
19:44:44 <smooge> [loves to see all the people who have RHEL and yum as irc keywords]
19:44:57 <skvidal> hah
19:45:21 <tremble> I see no reason to ban it.
19:45:34 <smooge> basically as long as yum install postfix does not get the EPEL package is that a problem?
19:45:43 <tremble> exactly
19:45:44 <nirik> well, conflicts are nasty from a end user viewpoint... "I'd like to install postfix*' downloads, wanders off 'conflicts! you lose'
19:45:55 <smooge> and maybe we get all nice and pretty with some selinux policy or another and RH adds it into 5.8 or something
19:45:56 <nirik> but I guess it's a pretty corner case.
19:46:03 <rsc_> nirik: if you do 'yum install postfix-*' everything is fine :)
19:46:13 <nirik> sure.
19:46:25 <rsc_> but there is only postfix-pflogsumm or so anyway
19:46:28 <smooge> nirik, but wouldn't I run into that with a yum install php* with just regular stuff?
19:46:53 <smooge> argues by absurdium
19:47:01 <nirik> yep. Since they added the php53 stuff.
19:47:16 <nirik> but you wouldn't with 'yum install python*' at least.
19:47:21 <nirik> dunno about mediawiki*
19:48:57 * nirik tries.
19:49:26 <nirik> how about this: post to the list a proposed conflicts guideline, discuss on list, revisit next week?
19:51:36 <nirik> thoughts?
19:52:19 <rsc_> if I need to be the one to write that proposal, I need some help - never did that before, even I read lots of our existing guidelines
19:52:56 <nirik> rsc_: I can try and assist. Basically we need to explain why we want EPEL to behave differently from Fedora's conflict guideline...
19:55:17 <nirik> or does everyone think we should just relax the rule now?
19:55:34 <nirik> http://fedoraproject.org/wiki/Packaging:Conflicts is the Fedora guideline.
19:55:53 <rsc_> (I'm not going to answer this, because my point of view is obviously clear and not from a neutral perspective)
19:58:10 <smooge> I would say we need to look at this and then ask the FPC for input.
19:58:44 <smooge> though I expect from some it would be "GTFA"
19:59:07 <nirik> so, how about we post to the list and have a weeks discussion and revisit next week?
19:59:17 <tremble> sounds good here
20:01:18 <smooge> hahaha Requires: postfix >= 2.6; Provides: postfix >=2.6 && postfix <=2.7
20:02:17 <nirik> woah. thats pretty weird.
20:02:33 <rsc_> smooge: hu?
20:02:36 <nirik> #action will post to the list about conflicts and epel packages.
20:03:34 <smooge> I don't know if that would work.. the && part is guesswork.
20:04:20 <smooge> the provides though would make a yum install postfix use the epel package before the RHEL one so would not be good.
20:05:58 <nirik> yeah, that would be bad
20:06:42 <rsc_> smooge: shouldn't what I did in the current *.spec work?
20:06:59 <fenrus02> 'Provides: postfix26' would work, but might be an issue to maintain
20:07:36 <rsc_> smooge: at least our company-internal overlay repo wanted nowhere to install postfix26 so far - except where I did it intended
20:08:17 <smooge> rsc_, yours will work. I was reading through the fedora conflicts on how they wanted it fixed and thought that was silly.
20:10:32 <nirik> #topic Open Floor
20:10:39 <nirik> anyone have anything for open floor?
20:11:01 <smooge> not me
20:13:00 <nirik> cool. will close out in a minute if nothing else shows up.
20:14:47 <Southern_Gentlem> nothing else :)
20:15:16 <nirik> #endmeeting