#mageia-qa log

19:05:10 <DavidWHodgins> #startmeeting
19:05:11 <Inigo_Montoya`> Meeting started Thu Oct 10 19:05:10 2013 UTC.  The chair is DavidWHodgins. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:05:11 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:05:32 <DavidWHodgins> Hi everyone
19:05:43 <Kernewes> hi
19:05:53 <DavidWHodgins> #topic Who's new?
19:06:21 <DavidWHodgins> Anyone here who has not participated in a qa irc meeting before?
19:07:08 <DavidWHodgins> #topic Testing updates
19:07:45 <wilcal> I wasn't quite sure how much testing was needed to ok glibc
19:07:58 <DavidWHodgins> Everyone please test glibc, and indicate in bug 11059 what hardware you've tested it on. Like the kernel, it should be tested on as many systems as possible.
19:08:00 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=11059 major, Normal, qa-bugs, qa-bugs, ASSIGNED , glibc new security issues CVE-2012-4412 CVE-2012-4424 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788, glibc
19:08:24 <lewyssmith> I need to know how to revert it from the update
19:08:43 <wilcal> Are there problems lew?
19:08:50 <DavidWHodgins> There are pocs for two of the cves. One of those only affects 32 bit systems. I'll try them both, right after the meeting.
19:09:11 <lewyssmith> I applied the update & found problems with LXterm
19:09:22 <lewyssmith> Don't know if they were there previously...
19:10:25 <DavidWHodgins> should be able to manually download the older packages, and install them with rpm -i --force
19:10:57 <lewyssmith> I will try that
19:10:58 <DavidWHodgins> Check /var/log/syslog, or journalctl, to confirm which packages were installed
19:11:23 <lewyssmith> What is  journalctl?
19:11:35 <DavidWHodgins> For libtar, no poc provided, so just need to confirm tar can create and read tar files
19:11:52 <DavidWHodgins> journalctl is the comand to read the systemd version of syslog
19:12:14 <DavidWHodgins> journalctl -a will show all logs
19:12:34 <DavidWHodgins> on Mageia 3 and later, journalctl -b will show the logs since bootup
19:12:43 <DavidWHodgins> see man journalctl for more info
19:13:23 <DavidWHodgins> for nmap, again no poc, so just has to be tested that it works
19:13:32 <lewyssmith> I got into deep water with that bug which cited remote login to test it
19:13:53 <DavidWHodgins> lewyssmith: In what way?
19:14:08 <lewyssmith> Installed the daemon & client, but MCC did not offer to start the service etc
19:14:36 <lewyssmith> Just said 'start on demand', & I did not know how
19:14:55 <DavidWHodgins> Which daemon?
19:15:08 <lewyssmith> I'll look at th ebug now
19:16:21 <DavidWHodgins> For chromium-browser, testing is done, but we are still waiting for the advisory
19:16:25 <wilcal> So glibc could cause problems anywhere, big and small?
19:16:54 <DavidWHodgins> glibc is one level up from the kernel. It's used all over the place
19:17:18 <wilcal> Is it more likely to crash the system then doing something subtile?
19:17:23 <DavidWHodgins> YEs
19:17:28 <lewyssmith> It has gone! Another iffy though: how does one get lightdm as the login manager?
19:17:46 <wilcal> It looks relitively small
19:17:53 <DavidWHodgins> Once it's installed, mcc/boot/setup display manager
19:18:13 <lewyssmith> I should be able to manage that
19:18:16 <spiky> I,m working on that with jani
19:18:25 <spiky> version 1.18
19:18:48 <DavidWHodgins> Yes, but this is for the Mageia 3 update, not the cauldron version
19:18:56 <spiky> ok
19:19:28 <DavidWHodgins> torque, I haven't looked at yet, to see if there is a poc
19:20:24 <DavidWHodgins> Same with quaqqa. Never even heard of that one before.
19:21:02 <DavidWHodgins> clamav still needs testing on Mageia 2 x86_64, and both arches on Mageia 3
19:21:34 <lewyssmith> I looked at that, & wondered whether a stand-alone machine can test it
19:21:57 <DavidWHodgins> I'll go through each bug after the meeting, to ensure the advisories are in svn
19:22:05 <lewyssmith> Claire cited a special virus test
19:22:46 <DavidWHodgins> eicar is a standard non-virus, that all virus scanners will detect as a virus, for testing purposes
19:23:03 <DavidWHodgins> A google search should easily find it. It's a text file
19:23:28 <lewyssmith> Repeat: can I use clamav stand-alone?
19:23:32 <DavidWHodgins> It's probably attached to one of the older clamav update bug reports
19:23:35 <DavidWHodgins> Yes
19:24:12 <DavidWHodgins> Install it, ensure fresclam runs to update it's virus definitions, then scan a file containging the eicar text file
19:25:29 <lewyssmith> Does clamav work on-demand like Win anti-viruses?
19:26:07 <DavidWHodgins> No, it's a command line scanner, often invoked by mail programs to scan attachments, but can also be run manually
19:26:39 <lewyssmith> On-demand = command line!
19:26:48 <DavidWHodgins> Yep
19:27:04 <DavidWHodgins> Or, by a gui
19:27:10 <DavidWHodgins> Not a daemon
19:27:18 <Kernewes> clamtk is a gui for it
19:28:21 <DavidWHodgins> clamav does have a deamon that will check for updates to the virus database, but the scanning is only done by running commands
19:29:41 <lewyssmith> Dave: your various comments have clarified things; thanks
19:29:46 <DavidWHodgins> For apache-mod_nss, See the comment in the bug reports
19:29:51 <DavidWHodgins> You're welcome.
19:30:35 <DavidWHodgins> Any questions or comments on the testing?
19:31:05 <wilcal> I'm good
19:31:10 <wilcal> do'n what I can
19:31:18 <DavidWHodgins> Thanks!
19:31:47 <DavidWHodgins> Remember not to mark a bug as validated, before the advisory has been added to svn
19:32:08 <DavidWHodgins> #topic Luigi's Roundup
19:32:12 <wilcal> The libraw was kinda fun
19:32:33 <DavidWHodgins> Luigi12: ping
19:32:58 <Luigi12> hello
19:33:08 <wilcal> Hi there Luigi
19:33:10 <lewyssmith> No 'boo' tonight!
19:33:37 <DavidWHodgins> HiYa. Just went through all the bugs already assigned to qa, so basically just need to know what's likely to show up soon.
19:34:41 <Luigi12> ok
19:34:59 <Luigi12> you might have heard of quagga before BTW, as we've issued an update for it before (don't remember who tested it)
19:35:43 <Luigi12> I've been getting chromium advisories from Debian lately, but they still haven't updated theirs
19:36:20 <wilcal> Be happy your not in charge of IE security this week
19:36:25 <Luigi12> The torque maintainer (chris denice, aka eatdirt) has actually tested the torque update or is in the process of doing that.  He's e-mailed me directly, but not commented on the bug yet.
19:37:39 <lewyssmith> Dare I ask what it is?
19:38:37 <DavidWHodgins> Oh yes, I remember quagga now. We ended up just testing that it installs cleanly.
19:39:10 <Luigi12> that should be sufficient this time too
19:39:26 <DavidWHodgins> Makes it easy to test. :-)
19:39:29 <Luigi12> Oden reported an x11-server vuln this morning, not sure when/if tv will update it https://bugs.mageia.org/show_bug.cgi?id=11428
19:39:31 <[mbot> Bug 11428: normal, Normal, thierry.vignaud, thierry.vignaud, NEW , xorg-x11-server - use-after-free flaw when handling ImageText requests (CVE-2013-4396), x11-server
19:39:51 <Luigi12> I reported a qemu issue yesterday, no patches are available for the versions we have yet https://bugs.mageia.org/show_bug.cgi?id=11422
19:39:52 <[mbot> Bug 11422: critical, Normal, bugsquad, bugsquad, NEW , qemu new security issue CVE-2013-4344, qemu-1.2.0-8.2.mga3.src.rpm
19:40:00 <Luigi12> that's all that's new since last week
19:40:03 <DavidWHodgins> #info update for xorg-x11-server likely soon
19:40:24 <DavidWHodgins> #info new qemu security issue found. No update yet.
19:40:29 <DavidWHodgins> Thanks Luigi12
19:40:47 <DavidWHodgins> #topic Anything else?
19:40:52 <Luigi12> For the python-oauth2 thing I've mentioned before, it's a dependency of something else.  Philippe is working on updating that something else to a newer version which doesn't depend on it anymore.
19:41:06 <Kernewes> I'm taking alpha 3 for a spin
19:41:12 <wilcal> Has there been any major wrinkles to M4 since A3 got released?
19:41:27 <Luigi12> AL13N is working on Xen updates for Mageia 2 and Mageia 3
19:41:32 <Luigi12> the Mageia 3 update is actually already built
19:41:34 <Kernewes> with the classical installer my keyboard and mouse went dead
19:41:43 <Kernewes> the lives were ok
19:41:52 <lewyssmith> EFI: is there anyone actually working on this (development)?
19:41:55 <wilcal> Keyboard/Mouse wireless?
19:41:58 <Luigi12> There hasn't been movement on any other security bugs
19:41:58 <DavidWHodgins> #info xen updates to be tested soon too
19:42:05 <Kernewes> wilcal: no
19:42:13 <Luigi12> ok now i'm done
19:42:21 <DavidWHodgins> Ok. Thanks
19:42:21 <Kernewes> wilcal: I found a bug on Bugzilla and added my experiences to that
19:42:49 <wilcal> M4A3 seems pretty solid except for the Gnome thingy
19:42:53 <Kernewes> wilcal: the bug's now marked as closed so hopefully will be OK in beta 1
19:43:07 <DavidWHodgins> lewyssmith: I think tmb is the primary developer for efi, but he's been too busy on other stuff.
19:43:21 <Kernewes> I'm surprised how good MATE is considering it's its first appearance in Mageia
19:43:22 <lewyssmith> EFI: Tony Blackwell & I would like to talk to him - or whoever
19:43:38 <DavidWHodgins> And the various desktop managers where mcc will not start
19:43:50 <lewyssmith> True...
19:44:42 <lewyssmith> Kernewes: Agree with you about Mate - nimble, too
19:44:52 <Kernewes> lewyssmith: yes, it is
19:45:56 <DavidWHodgins> Ah for quagga, we did figure out how to at least ensure the services start. See bug 5108
19:45:57 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=5108 normal, Normal, qa-bugs, qa-bugs, RESOLVED FIXED, quagga new security issues CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, quagga-0.99.18-1.1.mga1.src.rpm
19:46:17 <lewyssmith> DavidWHodgins: Is there any commitment to make EFI work natively for M4?
19:46:59 <Kernewes> lewyssmith: did you see MrsB's reply to a comment on the alpha 3 release blog post?
19:47:20 <lewyssmith> Possibly; but no memeory of same
19:47:45 <DavidWHodgins> It was very close to working in m3, except for a problem in the installer, getting grub2-efi to install. Unfortunately installer changes always seem to get left till the last minute, and it looks like that may happen again.
19:47:47 <Kernewes> lewyssmith: it was along the lines that it means big changes in the installer and we're a community of volunteers
19:47:58 <Kernewes> but we'll get it going as soon as possible
19:48:28 <DavidWHodgins> There are very few people who know perl, and the drakx* tools, who can fix it, and they are all overloaded with other things.
19:49:05 <lewyssmith> My 64-bit box only works EFI, & I would like to test Mageia on it/with it
19:50:05 <lewyssmith> More honestly, migrate to it
19:51:01 <wilcal> Hold a sec lew I have a suggestion
19:51:21 <lewyssmith> I agree with the sentiment that (classic installed) M4 A3 was promising
19:51:42 <wilcal> Three of my machines have this in them:
19:51:44 <wilcal> http://www.newegg.com/Product/Product.aspx?Item=N82E16817121
19:51:45 <DavidWHodgins> I once got my system to boot in efi mode, using an install from a Mageia 3 live dvd
19:51:46 <[mbot> [ Newegg.com - Computer Parts, PC Components, Laptop Computers, LED LCD TV, Digital Cameras and more! ]
19:52:02 <wilcal> I've a selection of a dozen drives I swap in and out
19:52:41 <DavidWHodgins> See bug 9730
19:52:41 <lewyssmith> wilcal: Up to you!
19:52:42 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=9730 major, Normal, tmb, tmb, NEW , Mageia 3 beta4 LiveDVD-KDE does not boot from pendrive in EFI environment, dracut draklive
19:53:04 <Luigi12> BTW I think python-twitter is the thing that will be updated to obsolete python-oauth2
19:55:22 <DavidWHodgins> Ok, anyone have anything else before I end the meeting?
19:55:29 <wilcal> I'm good
19:55:31 <lewyssmith> No
19:55:31 <Kernewes> not here
19:55:55 <wilcal> I should be here next week 2
19:56:00 <DavidWHodgins> Thanks everyone. Same time next week
19:56:04 <wilcal> Yep
19:56:08 <lewyssmith> Hwyl
19:56:08 <Kernewes> wilcal: how did your Opentech thing go?
19:56:11 <DavidWHodgins> #end meeting
19:56:19 <DavidWHodgins> #endmeeting