meeting reminder, mon jul 21, 22:00 UTC
by Max Spevack
Hi all,
Can we get a quick roll call on who will/won't be able to make our
meeting Monday at 22:00 UTC in #fedora-websites?
I apologize in advance, but I will *not* be at the meeting. I was at
LUG Radio Live in the UK all weekend, and while it was a pretty good
event, one of the things I brought back with me was the beginnings of a
cold, which I need to make sure goes away and does not get worse.
So let's get a quick show of who's in/out, see whether or not we have
quoroum, and get a volunteer to run down and update as necessary the
Task List on our wiki page.
thanks,
Max
15 years, 9 months
Re: meeting reminder, mon jul 21, 22:00 UTC
by Michael Beckwith
Michael Beckwith wrote:
> Ian Weller wrote:
>> On Mon, 21 Jul 2008, Max Spevack wrote:
>>
>>> So let's get a quick show of who's in/out, see whether or not we
>>> have quoroum, and get a volunteer to run down and update as
>>> necessary the Task List on our wiki page.
>>>
>>
>> I should be available to attend.
>>
> I'll piggyback my response on Ian, I won't be able to make it due to
> $dayjob shift tonight.
>
reposted for actual mailing list sending
--
~Michael
http://michaelbox.net
15 years, 9 months
Help Page Needs some... Help
by Mike McGrath
https://fedoraproject.org/wiki/Help is linked to by the Help on the left
side of the wiki. Its a pretty prominent link, think anyone could spruce
it up? Especially targeting new people that might click on it looking for
things like how to sign up for an account, etc.
Perhaps multiple sections, one for help with the Fedora Project and the
other section with links to various help on the wiki like wiki markup,
etc.
-Mike
15 years, 9 months
Outage Notification - 2008-07-22 04:59 UTC (MAJOR)
by Mike McGrath
There will be an outage starting at 2008-07-22 04:59 UTC, which will last
approximately 10 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2008-07-22 04:59 UTC'
Affected Services:
Websites
Buildsystem
Database
Unaffected Services:
CVS / Source Control
DNS
Mail
Torrent
Fedora Hosted
Talk
Ticket Link:
https://fedorahosted.org/fedora-infrastructure/ticket/705
Reason for Outage:
Re-migrating db1 to its new hardware (memory issues have hopefully been
resolved). Moving koji database from db2 to a dedicated new server, db3.
The db1 outage will cause the wiki and smolt to be offline for no longer
then an hour.
The koji move will cause the buildsystem (and whatever depends on the
build system) to be down for between 8 and 10 hours. We haven't padded
the outage so if something goes wrong, we'll have to abort and re-schedule
it for another time. Likely the next night so be prepared. Also please
make sure any builds you complete any builds prior to the time of the
outage.
Contact Information:
Please join #fedora-admin in irc.freenode.net or respond to this email to
track the status of this outage.
15 years, 9 months
Security Alert: <Fedora Project> : Response Requested
by Ernest Park
*Attention <Security Response Team>:*
Our research shows that your project may be using BIND, and may be impacted
by the vulnerabilities identified below.
Can you please provide a response regarding the impact of the BIND
vulnerabilities on *<Fedora Project>*? If you have a resolution, or feel
that you are using an unaffected version of BIND, please confirm such.
Palamida's Research Group will report this issue within 24hrs. Your
information will be used to update information reported to US-CERT, NVD and
Palamida's data library regarding this vulnerability within *<Fedora
Project>*.
1. What version of BIND is used?
2. What is patch or resolution proposed?
*The project <Fedora Project> may be affected by the following software
vulnerabilities reported by US-Cert and NVD.*
*Security Issue*: Project *<Fedora Project>* is suspected of using BIND.
Versions other than *9.3.5-P1*, *9.4.3b2*, *9.5.0-P1*, *9.5.1b1, all
released July 2008,* are considered potentially vulnerable to a number of
identified exploits.
*Recommendation*:(from maintainer ISC) *"ISC has discovered or has been
notified of several bugs which can result in vulnerabilities of varying
levels of severity in BIND as distributed by ISC. Upgrading to the latest
BIND version is strongly recommended."*
*Project*: *<Fedora Project>*
*Project URL*: http://fedoraproject.org/
*Last Updated Date*: *04/16/08*
*Current Release*: 9
Please feel free to contact me immediately.
With Regards,
Ernest Park
VP, Research Group
Palamida, Inc.
http://palamida.com
http://gpl3.blogspot.com
203-856-7778
******************************************************************************************************************************************************************************************
Vulnerability version matrix (
http://www.isc.org/index.pl?/sw/bind/bind-security.php):
# CVE number short description 0
1999-0833<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0833>
Buffer
overflow via NXT records. 1
1999-0835<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0835>
Denial
of service via malformed SIG records. 2
1999-0837<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0837>
Denial
of service by improperly closing TCP sessions via so_linger. 3
1999-0848<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0848>
Denial
of service named via consuming more than "fdmax" file descriptors. 4
1999-0849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0849> Denial
of service via maxdname. 5
1999-0851<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0851>
Denial
of service via naptr. 6
2000-0887<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0887>
Denial
of service by compressed zone transfer (ZXFR) request. 7
2000-0888<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0888>
Denial
of service via SRV record. 8
2001-0010<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0010>
Buffer
overflow in TSIG code allows root privileges. 9
2001-0011<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0011>
Buffer
overflow in nslookupComplain allows root privileges. 10
2001-0012<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0012>
Ability
to access sensitive information such as environment variables. 11
2001-0013<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0013>
Format
string vulnerability in nslookupComplain allows root privileges. 12
2002-0029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0029> Buffer
overflows in resolver library allows execution of arbitrary code. 13
2002-0400 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0400> Denial
of service via malformed DNS packet. 14
2002-0651<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0651>
Buffer
overflow in resolver code may cause a DoS and arbitrary code execution. 15
2002-1220 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1220> Denial
of service via request for nonexistent subdomain using large OPT RR. 16
2002-1221 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1221> Denial
of service via SIG RR elements with invalid expiry times. 17
2003-0914<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0914>
Cache
poisoning via negative responses with a large TTL value. 18
2005-0033<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0033>
Buffer
overflow in recursion and glue code allows denial of service. 19
2005-0034<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0034>
Denial
of service via crafted DNS packets causing internal self-check to fail. 20
2006-4095 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095> Denial
of service via certain SIG queries that return multiple RRsets. 21
2006-4096<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096>
Denial
of service via a flood of recursive queries causing INSIST failure. 22
2007-0493 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493> Denial
of service via unspecified vectors that cause named to "dereference a freed
fetch context." 23
2007-0494<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494>
Denial
of service via ANY query response containing multiple RRsets. 24
2007-2241<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2241>
Sequence
of queries can cause a recursive nameserver to exit. 25
2007-2925<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925>
allow-query-cache/allow-recursion
default acls not set. 26
2007-2926<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926>
cryptographically
weak query ids 27
2007-2930<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2930>
cryptographically
weak query ids (BIND 8) 28
2008-0122<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122>
inet_network()
off-by-one buffer overflow 29
2008-1447<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447>
DNS
cache poisoning issue
15 years, 9 months
On behalf of all of us here at InaTux...
by InaTux
Thank you for referencing to our "Fedora 9 & KDE 4 review" on our
Assocs. Blog in your "Fedora Weekly News Issue 133", your reference has
brought us much traffic, has helped support our business, and is much
appreciated. Please feel free to use any other content on our site and
any future content in anyway you like.
InaTux Founder,
-Jacob W. B.
15 years, 9 months
Some css from pkgdb for Fedora Apps
by Toshio Kuratomi
Hey all,
I have some css that I'm carrying i nthe pkgdb that would be more
generally useful (and could use some touchups by people who know more
about design than I :-) I think we should merge this to a global css
somewhere. Perhaps fedora.css or something that's for all of the Fedora
Applications.
I'm looking to answer two questions about these:
1) Where should we put them?
2) How can we improve them?
Here's what I have with annotations of what they do:
/***************
pageLogin is a box to log people into a TurboGears app. It could use
more styling than this if someone wanted to take the time.
***************/
#pageLogin
{
float: right;
}
/**************
actions is a menubar in the packagedb that links to bodhi, koji,
packagedb... Basically all the package oriented apps. Maybe this
needs a rename. Maybe it should be moved somewhere else in the
templates.
**************/
.actions
{
list-style: none;
line-height: 1;
margin: 1ex 0!important;
}
.actions li
{
display: inline;
margin-right: 1ex;
}
a.bodhi
{
padding-left: 20px;
background: url(../images/bodhi.png) 0 50% no-repeat;
}
a.koji
{
padding-left: 20px;
background: url(../images/koji.png) 0 50% no-repeat;
}
a.bugz
{
padding-left: 20px;
background: url(../images/bugz.png) 0 50% no-repeat;
}
a.pkgdb
{
padding-left: 20px;
background: url(../images/pkgdb.png) 0 50% no-repeat;
}
a.cvs
{
padding-left: 20px;
background: url(../images/emblem-cvs-controlled.png) 0 50% no-repeat;
}
/************
Tooltip is a tooltip. A little popup box when you mouseover an area.
Both Bodhi and FAS have other implementations of Tooltips. We should
have a tooltips class but I don't know which implementation is best.
************/
.ToolTip
{
display: block;
positon: absolute;
border: 1px solid black;
background-color: lightyellow;
width: 200px;
}
/*************
This is used to toggle an element on and off on the page. Using
javascript to set the class to invisible makes the element disappear
from the page.
*************/
.invisible
{
display: none;
}
/**************
filter is a box that I use for filtering searches. It contains a
list of form elements and a submit button to filter out extraneous
data.
**************/
.filter
{
background: #ddd;
float: right;
border-width: 1px;
border-color: #000;
border-style: solid;
padding: .4em;
margin: .1em;
}
.filter li
{
list-style-type: none;
line-height:0;
}
.filter li select
{
margin: .1em;
}
/**************
flash is for status messages (usually errors) generated by turbogears.
It appears as a banner across the top of a page when you do something
unexpected. This was taken from FAS and doesn't do what I want yet --
I haven't figured out how to have a success vs error image, for
instance. Bodhi has a different implementation of flash that I
haven't looked at. Just like tooltips we need to have something
for this.
***************/
.flash
{
background: #DEE681 url(../images/success.png) 10px 50% no-repeat;
border: 1px solid #CCBBAA;
padding: 1.5ex 15px 1.5ex 43px;
margin: 1ex 0;
}
-Toshio
15 years, 9 months
Mediawiki Skin
by Jürgen R. Plasser
Hi All,
ist the Mediawiki skin used for fedoraproject.org/wiki publicly available?
I would like to use it with some changes for our internal wiki site.
Best Regards
Jürgen R. Plasser
__________________________________________________
SOFTWARE QUALITY LAB GmbH
http://www.software-quality-lab.at <http://www.software-quality-lab.at>
__________________________________________________
DI Jürgen R. Plasser
Test-Spezialist, Pentester
mailto:juergen.plasser@software-quality-lab.at <mailto:kurt.aigner@software-quality-lab.at>
Mobil: +43-(0)676-840072-431
Büro Linz: A-4040 Linz, Freistädterstrasse 313 A
Tel.: +43-(0)732-890072-431
Büro Wien: A-1150 Wien, Mariahilfer Strasse 136
Firmensitz: A-4222 Langenstein / Linz, Fliederstrasse 8
Fax: +43-(0)7237-4941-11
__________________________________________________
Software Quality Days 2009 vom 20.-22.1.2009 in Wien
Die Veranstaltung für alle Software-Quality-, Test- & Tool-Interessierten!
Nähere Infos unter www.software-quality-days.at <http://www.software-quality-days.at/>
15 years, 9 months
italian translation
by Federico Fissore
I would like to point out a wrong translation in the
http://fedoraproject.org/it/get-fedora page
the label
"Dopo il download di una ISO, verificarla."
should be
"Dopo il download di una ISO, verificala" (without an "r")
literally, the first sentence in english is "after downloading an iso,
verifying it"
hth
federico
15 years, 9 months
