#mageia-qa log

20:04:26 <MrsB> #startmeeting
20:04:26 <Inigo_Montoya`> Meeting started Thu Dec 11 20:04:26 2014 UTC.  The chair is MrsB. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:04:26 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic.
20:04:28 <hviaene> No coffee late at night
20:04:43 <MrsB> welcome to another one everybody
20:04:51 <MrsB> Who's going to be Dave today?
20:05:07 <wilcal> oliver :-))
20:05:29 <MrsB> any volunteers or shall i pick a victim?
20:05:38 <olivier_cc> I've already been Dave pick another one :)
20:05:49 <MrsB> #chair wilcal hviaene
20:05:49 <Inigo_Montoya`> Current chairs: MrsB hviaene wilcal
20:06:04 <hviaene> What does that mean???
20:06:11 <MrsB> you get to set the topics
20:06:21 <lewyssmith> Then hanged tomorrow.
20:06:21 <MrsB> like this..
20:06:28 <MrsB> #topic Who's new?
20:06:35 <hviaene> OK
20:06:38 <MrsB> Is there anyboyd new here today?
20:06:42 <MrsB> anybody*
20:07:15 <MrsB> it doesn't look like it
20:07:31 <MrsB> next topic hviaene
20:07:36 <hviaene> # topic Beta 2
20:07:45 <MrsB> without the space
20:08:14 <hviaene> #topic Beta 2
20:08:19 <wilcal> kool
20:08:21 <MrsB> \o/ thanks :)
20:08:22 <hviaene> Phew
20:08:43 <MrsB> #info I have the new rsync password and will email everybody privately
20:08:48 <sebsebseb> hi
20:08:50 <MrsB> thanks tmb
20:08:53 <RemyServices> Was just going to ask that
20:08:59 <olivier_cc> hi sebsebseb
20:09:05 <sebsebseb> olivier_cc: hi
20:09:08 <MrsB> sebsebseb
20:09:13 <sebsebseb> MrsB:
20:09:21 <MrsB> Is everybody ready for beta 2?
20:09:26 <wilcal> I have a little bit of scheduling conflict so I really won't be able to do much till Monday
20:09:44 <MrsB> Just do what you can. I'm likely going to be the same.
20:09:50 <hviaene> Looking forward
20:09:59 <wilcal> but I should be able to see if some of the live ISO's boot to a working desktop
20:10:44 <stef74> I can test on my dmraid machine only this week-end. I'm out for the next week.
20:10:49 <MrsB> #info in beta 2 we need to be more thorough, testing each of the applications and start testing upgrades from mga4
20:11:16 <MrsB> the more variety the better stef74
20:11:44 <MrsB> Everything should have settled down now and after this there will only be bugfixes
20:12:35 <MrsB> RemyServices: thanks for testing with Thierry. I don't think you'll see him on IRC.
20:12:57 <wilcal> M5 repo is still active but indeed has settled down
20:13:20 <MrsB> Has everybody renamed their beta 1 isos?
20:13:25 <RemyServices> No problem, ill do what I can
20:14:33 <Luigi12_work> tmb: you probably already saw, but the new xorg glx security issues also affect the proprietary nvidia module, so we'll need to update that for mga4
20:14:42 <MrsB> anybody anything they want to ask or any comments before we move on?
20:15:03 <wilcal> When do we expect to see them
20:15:09 <tarazed> Each of the applications?  That is a tall order.
20:15:19 <MrsB> hi brian, welcome
20:15:21 <wilcal> I test all the apps I use
20:15:36 <MrsB> each of the ones on the ISO tarazed
20:15:37 <lewyssmith> tarazed: Basically just see that they start.
20:16:05 <MrsB> so we actually use it a bit once installed to make sure everything is as it should be
20:16:16 <hviaene> I hate this kind of unrealistic targets
20:16:30 <MrsB> #info every application - meaning those on the ISO.
20:16:47 <hviaene> And how many are those?
20:17:10 <MrsB> maybe 20 for each desktop
20:17:32 <hviaene> huh????
20:17:38 <lewyssmith> Easy for the Lives, tedious for the Classic when you should launch every menu item from every desktop - at least once, initially.
20:17:39 <MrsB> we've had in the past where some don't work with certain video drivers so it's important everybody check please
20:18:12 <lewyssmith> You *do* find odd things that do not launch.
20:18:27 <MrsB> yes, as lewis says. Each menu item needs to actually work.
20:18:42 <hviaene> I wonder now what is understood by "applications"
20:18:55 <lewyssmith> Menu items.
20:18:59 <hviaene> Aha
20:19:16 <MrsB> basically, when you have booted/installed then ensure each of the items in the menu starts/works and MCC etc
20:19:32 <tarazed> If things don't launch we should record that on the pad rather than report a bug?
20:19:42 <MrsB> do both please tarazed
20:19:56 <MrsB> the pad is just for our notes, bugs need to be reported so they can be fxed
20:20:26 <MrsB> the pad helps us collaborate
20:21:17 <MrsB> #info remember to note on the pad which ISO you're testing and note the results of your tests. Create bugs for any issues and make a note on the pad so other testers can see.
20:21:18 <hviaene> I'm always on the lookout for things I don't have to do anymore
20:21:59 <MrsB> yeah, it doesn't take long just to go through and make sure everything starts and is properly localised etc
20:22:13 <lewyssmith> MrsB: Fib!
20:22:19 * simonnzg realises the meeting has started
20:22:23 <MrsB> lol, well not long-ish
20:22:46 <brian_> is there a particular edition that is least used that I could help with?
20:22:57 <wilcal> FWIW over the years I have built an install list of instrutions and follow, and update, that list as I go from release to release
20:23:17 <hviaene> Just a sec
20:23:37 <MrsB> They're all important brian_. Are you on the ISO testers page here https://wiki.mageia.org/en/QA_ISO_testers ?
20:23:48 <lewyssmith> Bonsoir Yves.
20:24:06 <hviaene> OK
20:24:38 <MrsB> brian_: if you're not already, please add yourself to that page and I'll email privately later with some details
20:25:07 <brian_> I'm not, will register
20:25:26 <MrsB> tmb ennael - any ETA for the ISO's ?
20:26:09 <tmb> live medias are currently building so they should be available soon
20:26:13 <Akien> Reminds me I really have to integrate the artwork, too bad schultz isn't available
20:26:21 <MrsB> today-ish then
20:26:29 <Akien> I'll try to do that for round 2 then... :-)
20:26:42 <wilcal> tonight-ish in Euroland
20:26:59 <tmb> ennael did some testbuilds yesterday, but I dont know the results yet
20:27:08 <MrsB> #info live ISOs are currently building
20:27:20 <MrsB> thanks tmb
20:27:54 <MrsB> anybody any questions?
20:27:57 <lewyssmith> How big are the changes from Beta1?
20:28:19 <MrsB> some new versions, hopefully some bugfixes
20:28:24 <ennael> tests are going on. have some deps pb with mesa but should be fixed soon
20:28:34 <MrsB> thanks ennael
20:28:43 <ennael> we will work on syslinux with erwan tomorrow evening
20:29:03 <MrsB> #info classic isos will be a bit longer, early tests are ongoing
20:29:13 <MrsB> dude :)
20:29:19 <lewyssmith> Welcome Dave.
20:29:32 <tmb> ennael, what issues with syslinux ?
20:29:40 <DavidWHodgins> HiYa everyone. Sorry I'm late. Wasn't watching the clock.
20:29:53 <olivier_cc> hello Dave
20:29:53 <ennael> tmb: boot from hard disk
20:30:09 <MrsB> wow really, that's been there since forever
20:30:27 <tmb> ennael, ah, ok... otherwise we have latest 6.03 in cauldron and installed on rabbit
20:30:35 <MrsB> What's the EFI status tmb please?
20:30:40 <ennael> tmb: yep
20:31:33 <tmb> for efi status, first build wont carry my changes, hopefully the next build will
20:32:37 <tmb> I'm picking up some new hw tomorrow so I can test on
20:33:04 <MrsB> #info EFI changes should hopefully be in a 2nd build
20:33:06 <MrsB> thanks tmb
20:33:21 <lewyssmith> tmb: Are your comments for Live & Classic?
20:35:27 <MrsB> scared him away
20:36:21 <MrsB> I guess we'll wait and see lewis
20:36:37 <tmb> lewyssmith, technically for both as we use same drakx code, but atleast live as it does not boot in framebuffer mode like the installer does
20:37:00 <RemyServices> I can try to do efi testing if beta2 supports it
20:37:22 <lewyssmith> tmb: thanks.
20:38:01 <tmb> the problem is that stage2 assumes framebuffer mode and if that does not work fall back to vesa, neither of wich is specified in the efi standard :)
20:38:28 <MrsB> #info EFI should cover both Live ISOs and Classic when it's incorporated
20:39:11 <MrsB> Is there anything else to add about beta 2 or ISO testing?
20:40:55 <MrsB> #info anybody who has not yet added themselves to the ISO testers list and wants to help pre-release testing the ISOs please add yourself here and let somebody know https://wiki.mageia.org/en/QA_ISO_testers
20:41:14 <MrsB> Let's move on then :)
20:41:16 <hviaene> #topic Testing Updates
20:41:21 <MrsB> thanks Dave
20:41:40 <lewyssmith> Should you explain to Dave?
20:41:48 <DavidWHodgins> That was hviaene, not me.
20:42:02 <MrsB> We've been doing pretty well with updates. The challenge now will be to try to keep on top of them whilst the ISOs are being tested
20:42:03 <wilcal> List has been cut down considerable
20:42:16 <lewyssmith> DavidWHodgins: he is you tonight.
20:42:30 <wilcal> Why cannot Flightgear be pushed?
20:42:57 <MrsB> Backports need a new keyword adding to bugzilla and some stuff sorting out sysadmin side for advisories
20:43:18 <wilcal> Flightgear = addiction
20:43:29 <Akien> It's a bit sad to have backports stuck because of that though
20:43:47 <MrsB> what do you suggest Akien?
20:44:05 <Akien> A nice incentive for Colin :-D
20:44:23 <Akien> If we want an easy solution, IMO the updates related stuff in mgaadv could be duplicated and adapted for backports
20:44:26 <MrsB> i'll try and catch up with him and add it to his todo list
20:44:38 <Akien> And we could push backports advisories to advisories.mageia.org/backports.html or something like that
20:44:53 <Akien> And maybe use a "validated_backport" keyword indeed
20:44:53 <MrsB> that's the plan really, just needs somebody to do it Akien
20:45:07 <Akien> Yes I understand that :-)
20:45:15 <MrsB> Anyway.. updates..
20:45:24 <MrsB> Are there any there right now that look scary?
20:45:53 <lewyssmith> It was nearly "Are there any?" for x64 earlier this week.
20:45:58 <MrsB> http://mageia.madb.org/tools/updates
20:46:05 <MrsB> yes we're doing well
20:46:26 <MrsB> there are two ready for pushing i see, nice, well done
20:46:45 <wilcal> Ya i did the Apache thing just before this meeting
20:46:54 <lewyssmith> Good on you.
20:46:56 <MrsB> Please don't forget to validate any which are ready to be validated
20:47:33 <tmb> and add advisories to svn
20:47:45 <MrsB> that's my job
20:47:50 <MrsB> and akien
20:48:11 <MrsB> and one day maybe even wilcal!
20:48:33 <wilcal> :-0
20:48:51 <DavidWHodgins> Used to be just me an Claire, but I have not been active for a while.
20:49:00 <DavidWHodgins> s /an/and/
20:49:07 <MrsB> you can have a practise if you like Dave
20:49:50 <MrsB> So is everybody happy with the updates?
20:49:55 <wilcal> yep
20:50:02 <wilcal> happy to say that
20:50:09 <MrsB> let's move on if so
20:50:10 <DavidWHodgins> #topic Luigi's Roundup
20:50:19 <MrsB> #chair DavidWHodgins
20:50:19 <Inigo_Montoya`> Current chairs: DavidWHodgins MrsB hviaene wilcal
20:50:26 <hviaene> Hey you
20:50:31 <DavidWHodgins> #topic Luigi's Roundup
20:50:38 <MrsB> thanks herman
20:50:45 <MrsB> Luigi12_work: ping!
20:51:08 <DavidWHodgins> Luigi12_lappy: ping!
20:51:26 <lewyssmith> He spoke on 'work' earlier.
20:51:44 <MrsB> let's give him a minute
20:52:00 <Luigi12_work> boo
20:52:07 <wilcal> Hello Luigi
20:52:14 <MrsB> thought you were still in makeup
20:52:27 <DavidWHodgins> :-)
20:53:02 <lewyssmith> MrsB: Good one!
20:53:12 <MrsB> :)
20:53:52 <Luigi12_work> still got my hat though
20:54:07 <MrsB> :D
20:54:18 <Luigi12_work> so I got cpio fixed thanks to some help from Fedora's packager and an upstream developer
20:54:37 <MrsB> #info cpoi is ready for testing
20:54:40 <MrsB> cpio
20:54:44 <Luigi12_work> still waiting to hear additional details on possibly other security issues fixed in freetype2 2.5.4, as well as a CVE for the fix I already backported
20:55:01 <MrsB> do you want to push it or is it non urgent?
20:55:21 <Luigi12_work> maybe we should just push it as is and add more patches later, since it is critical
20:55:25 <MrsB> it is a red one
20:55:27 <Luigi12_work> yeah
20:55:33 <MrsB> ok i'll do that after
20:55:45 <Luigi12_work> cool, I wish MITRE wasn't so slow sometimes
20:55:49 <wilcal> i got something for Luigi
20:55:53 <MrsB> #info we'll push freetype2 and update it again later when there is news of more patches
20:56:07 <Luigi12_work> I committed patches for the rpm CVEs into SVN, just waiting for tv to review them
20:56:24 <MrsB> #info rpm update coming
20:56:51 <Luigi12_work> not sure how the x11-server update will be handled, the patches will need to be backported to whatever it is that we have in mga4
20:57:21 <MrsB> #info x11-server update coming too once patches have been backported
20:57:32 <Luigi12_work> philippem will be updating python and python3 at some point, due to SSL cert verification fixes upstream
20:58:00 <MrsB> #info python & python3 updates coming for SSL cert verification fixes
20:58:16 <MrsB> theres not normally alot we can test for cert things
20:58:17 <Luigi12_work> also have an unrtf update in SVN waiting for a freeze push, it fixes crashes with bad RTF files, basically denial of service for anything that uses unrtf to decode RTF files with possible untrusted input
20:58:40 <MrsB> i don't think we've had that one before
20:58:45 <Luigi12_work> indeed
20:58:47 <NyB> Luigi12_work: how serious are the X11 CVEs in your opinion? anything special that we should do mitigation-wise on installed systems?
20:58:59 <MrsB> #info also unrtf - a new one to QA
20:59:09 <Luigi12_work> NyB: if you haven't undone the "-nolisten tcp" default from Mageia, you don't need to worry
20:59:19 <DavidWHodgins> Never heard of that one before.
20:59:24 <MrsB> me either
20:59:46 <NyB> DavidWHodgins: unrtf? or the X11 option?
20:59:55 <DavidWHodgins> unrtf
21:00:16 <olivier_cc> what is the no-listen tcp option ?
21:00:17 <NyB> Luigi12_work: no I have not changed that one :-) Fortunately SSH X11 forwading works without such tricks these days...
21:00:32 <Luigi12_work> NyB: indeed, I'm glad for that too
21:00:46 <DavidWHodgins> olivier_cc: In what context?
21:00:50 <NyB> olivier_cc: it allows the X11 server to listen on a local port (6000 IIRC) for application connections
21:00:51 <Luigi12_work> olivier_cc: by default, the X server listens on port 6000 to allow remote clients to display a window on your X server
21:01:03 <Luigi12_work> olivier_cc: through msec, this is disabled by default in Mageia
21:01:14 <NyB> mc uses unrtf to view RTF files IIRC...
21:01:24 <olivier_cc> ok didn't mess with that then
21:01:41 <MrsB> you can mess with it when we test the update though
21:02:04 <olivier_cc> ok so I shall mess
21:02:15 <Luigi12_work> so with nolisten tcp, you're only vulnerable to local users exploiting the issues, but if they're local they can do so many other things
21:02:27 <Luigi12_work> if you really want to mitigate it from local users, you can disable glx
21:02:33 <Akien> unrtf lets you transform .rtf files into html files or other formats
21:02:36 <NyB> and there may be other scripts/tools that use unrtf. I think there were some SpamAssassin/Amavis plugins that use to look in attachments
21:02:45 <MrsB> #info Congrats to Luigi12 on making it into distrowatch weekly, all the best do ;)
21:02:59 <Luigi12_work> ugh, yeah I saw that
21:03:07 <DavidWHodgins> Ahh. Yes for X11, the no-listen tcp option means the server is only available on the localhost. Without it, other computers that have access can connect to it.
21:03:13 <Luigi12_work> at least I didn't get any snarky comments
21:03:17 <NyB> Luigi12_work: hmmm... are SSH-forwarded connections safe with GLX enabled?
21:04:28 <NyB> DavidWHodgins: IIRC with -nolisten tcp it is not available on localhost either - only through a UNIX domain socket...
21:04:34 <MrsB> that's what we're here for Luigi12_work
21:04:43 <Luigi12_work> NyB: the exploits happen on the "server" side in X parlance, which is where the display is
21:04:47 <DavidWHodgins> NyB: Correct.
21:05:03 <Luigi12_work> so if someone is SSH'ing into your machine to run an application and display it on their machine, the vulnerability is on their machine, not yours
21:05:30 <MrsB> it's done from the DM IINM
21:05:43 <NyB> Luigi12_work: It's the reverse I'm worried about :-)
21:05:50 <MrsB> not done so for years though :\
21:06:01 <NyB> Mageia has X11 forwarding enabled on the client by default IIRC
21:06:10 <DavidWHodgins> Yes, client/server distinction is a bit unusual with X11. The server is the computer connected to the monitor.
21:06:10 <NyB> s/client/SSH client/
21:06:19 <Luigi12_work> NyB: then yes if someone can trick you into running a malicious application over SSH
21:06:47 <MrsB> Is there anything else?
21:06:53 <NyB> if you logon to a compromised server, all it takes is a little change in .bashrc over there...
21:07:14 <wilcal> ya i got something
21:07:16 <Luigi12_work> I don't have anything else
21:07:18 <Luigi12_work> wilcal had a questio
21:07:24 <MrsB> go for it wilcal
21:07:27 <wilcal> Any information on a Linux compromise called "Uroburos or Snake"
21:07:29 <wilcal> Seems it's been modified from the Windows world that has been around
21:07:30 <wilcal> for quite some time. Any idea on the threat here?
21:07:39 <Luigi12_work> never heard of it
21:08:04 <MrsB> oh, i think thats the govt spyware thing isn't it
21:08:15 <wilcal> i think if you just google Uroburos or Snake"
21:08:17 <Luigi12_work> I heard about Turla this week, but nobody knows anything about it since Kaspersky keeps that to themselves
21:08:42 <DavidWHodgins> A quick search shows it's a rootkit.
21:08:43 <MrsB> you can find -type f and exec file on everything in your home and grep for ELF's
21:09:06 <MrsB> oh turla, mayeb i'm thinking of that
21:09:18 <Luigi12_work> yeah that's the one that's been in the press this week
21:09:21 <NyB> I had a look around about it - none of the major OSS malware detection toolkits for Linux seems to know about ut...
21:09:33 <wilcal> anyway the security podcast I listened to made a big thing of it all
21:09:35 <Luigi12_work> NyB: seems to know about what?
21:09:51 <NyB> about turla/ouroboros/whats-its-name
21:10:05 <wilcal> http://www.symantec.com/connect/blogs/turla-spying-tool-targets-governments-and-diplomats
21:10:06 <Luigi12_work> NyB: I don't know what ourbos is, but of course they wouldn't know about Turla
21:10:26 <wilcal> Seems they've re-treaded it to Linux
21:10:55 <Luigi12_work> what I can tell you, is the press stories about Turla mention a certain hostname that it tries to connect to for command & control
21:11:12 <Luigi12_work> so if you're worried about it, you can block outbound connections to that in your perimeter firewall
21:11:12 <DavidWHodgins> IIRC, only targeting systems in Russia and China.
21:11:24 <Luigi12_work> that's not what I heard
21:11:35 <Luigi12_work> but again, only Kaspersky knows for sure
21:11:38 <NyB> they also mention a couple of strings supposedly in its code.
21:12:01 <hviaene> Have to go, evening all
21:12:03 <Luigi12_work> NyB: was it in the code, or part of the magic packets used to trigger it?
21:12:07 <MrsB> nite hviaene
21:12:10 <wilcal> Anyway I don't think there's anything on the forums yet
21:12:11 <olivier_cc> evening herman
21:12:11 <marja> hviaene: good night
21:12:15 <MrsB> thanks for beign Dave
21:12:28 <DavidWHodgins> :-)
21:12:34 <MrsB> Shall we move on
21:12:41 <DavidWHodgins> #topic Anything else?
21:12:43 <wilcal> sometimes these things get spun up before we have answers
21:12:49 <MrsB> Is there anythign else?
21:12:51 <Luigi12_work> that would be the case here
21:12:54 <wilcal> not here
21:12:58 <NyB> Luigi12_work: can't really remember, but they were talking about building signatures. I suppose they could be referring to Snort IDS signatures or something...
21:13:04 <DavidWHodgins> Nothing else here.
21:13:12 <lewyssmith> Nor me.
21:13:13 <Luigi12_work> NyB: yeah I did see it too but I can't remember which it was
21:13:16 <marja> nothing here either
21:13:18 <olivier_cc> good for me
21:13:24 <MrsB> T - 5 then
21:13:30 <wilcal> thks all
21:13:31 <Luigi12_work> ooh a response from tv
21:13:35 <MrsB> thanks for comign everybody, keep an eye on your email.
21:13:37 <lewyssmith> Goodnight everyone.
21:13:38 <Luigi12_work> rpm updates coming
21:13:43 <MrsB> 4
21:13:45 <MrsB> 3
21:13:46 <MrsB> 2
21:13:48 <MrsB> 1
21:13:49 <brian_> bye
21:13:50 <MrsB> #endmeeting