20:04:26 <MrsB> #startmeeting 20:04:26 <Inigo_Montoya`> Meeting started Thu Dec 11 20:04:26 2014 UTC. The chair is MrsB. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:04:26 <Inigo_Montoya`> Useful Commands: #action #agreed #help #info #idea #link #topic. 20:04:28 <hviaene> No coffee late at night 20:04:43 <MrsB> welcome to another one everybody 20:04:51 <MrsB> Who's going to be Dave today? 20:05:07 <wilcal> oliver :-)) 20:05:29 <MrsB> any volunteers or shall i pick a victim? 20:05:38 <olivier_cc> I've already been Dave pick another one :) 20:05:49 <MrsB> #chair wilcal hviaene 20:05:49 <Inigo_Montoya`> Current chairs: MrsB hviaene wilcal 20:06:04 <hviaene> What does that mean??? 20:06:11 <MrsB> you get to set the topics 20:06:21 <lewyssmith> Then hanged tomorrow. 20:06:21 <MrsB> like this.. 20:06:28 <MrsB> #topic Who's new? 20:06:35 <hviaene> OK 20:06:38 <MrsB> Is there anyboyd new here today? 20:06:42 <MrsB> anybody* 20:07:15 <MrsB> it doesn't look like it 20:07:31 <MrsB> next topic hviaene 20:07:36 <hviaene> # topic Beta 2 20:07:45 <MrsB> without the space 20:08:14 <hviaene> #topic Beta 2 20:08:19 <wilcal> kool 20:08:21 <MrsB> \o/ thanks :) 20:08:22 <hviaene> Phew 20:08:43 <MrsB> #info I have the new rsync password and will email everybody privately 20:08:48 <sebsebseb> hi 20:08:50 <MrsB> thanks tmb 20:08:53 <RemyServices> Was just going to ask that 20:08:59 <olivier_cc> hi sebsebseb 20:09:05 <sebsebseb> olivier_cc: hi 20:09:08 <MrsB> sebsebseb 20:09:13 <sebsebseb> MrsB: 20:09:21 <MrsB> Is everybody ready for beta 2? 20:09:26 <wilcal> I have a little bit of scheduling conflict so I really won't be able to do much till Monday 20:09:44 <MrsB> Just do what you can. I'm likely going to be the same. 20:09:50 <hviaene> Looking forward 20:09:59 <wilcal> but I should be able to see if some of the live ISO's boot to a working desktop 20:10:44 <stef74> I can test on my dmraid machine only this week-end. I'm out for the next week. 20:10:49 <MrsB> #info in beta 2 we need to be more thorough, testing each of the applications and start testing upgrades from mga4 20:11:16 <MrsB> the more variety the better stef74 20:11:44 <MrsB> Everything should have settled down now and after this there will only be bugfixes 20:12:35 <MrsB> RemyServices: thanks for testing with Thierry. I don't think you'll see him on IRC. 20:12:57 <wilcal> M5 repo is still active but indeed has settled down 20:13:20 <MrsB> Has everybody renamed their beta 1 isos? 20:13:25 <RemyServices> No problem, ill do what I can 20:14:33 <Luigi12_work> tmb: you probably already saw, but the new xorg glx security issues also affect the proprietary nvidia module, so we'll need to update that for mga4 20:14:42 <MrsB> anybody anything they want to ask or any comments before we move on? 20:15:03 <wilcal> When do we expect to see them 20:15:09 <tarazed> Each of the applications? That is a tall order. 20:15:19 <MrsB> hi brian, welcome 20:15:21 <wilcal> I test all the apps I use 20:15:36 <MrsB> each of the ones on the ISO tarazed 20:15:37 <lewyssmith> tarazed: Basically just see that they start. 20:16:05 <MrsB> so we actually use it a bit once installed to make sure everything is as it should be 20:16:16 <hviaene> I hate this kind of unrealistic targets 20:16:30 <MrsB> #info every application - meaning those on the ISO. 20:16:47 <hviaene> And how many are those? 20:17:10 <MrsB> maybe 20 for each desktop 20:17:32 <hviaene> huh???? 20:17:38 <lewyssmith> Easy for the Lives, tedious for the Classic when you should launch every menu item from every desktop - at least once, initially. 20:17:39 <MrsB> we've had in the past where some don't work with certain video drivers so it's important everybody check please 20:18:12 <lewyssmith> You *do* find odd things that do not launch. 20:18:27 <MrsB> yes, as lewis says. Each menu item needs to actually work. 20:18:42 <hviaene> I wonder now what is understood by "applications" 20:18:55 <lewyssmith> Menu items. 20:18:59 <hviaene> Aha 20:19:16 <MrsB> basically, when you have booted/installed then ensure each of the items in the menu starts/works and MCC etc 20:19:32 <tarazed> If things don't launch we should record that on the pad rather than report a bug? 20:19:42 <MrsB> do both please tarazed 20:19:56 <MrsB> the pad is just for our notes, bugs need to be reported so they can be fxed 20:20:26 <MrsB> the pad helps us collaborate 20:21:17 <MrsB> #info remember to note on the pad which ISO you're testing and note the results of your tests. Create bugs for any issues and make a note on the pad so other testers can see. 20:21:18 <hviaene> I'm always on the lookout for things I don't have to do anymore 20:21:59 <MrsB> yeah, it doesn't take long just to go through and make sure everything starts and is properly localised etc 20:22:13 <lewyssmith> MrsB: Fib! 20:22:19 * simonnzg realises the meeting has started 20:22:23 <MrsB> lol, well not long-ish 20:22:46 <brian_> is there a particular edition that is least used that I could help with? 20:22:57 <wilcal> FWIW over the years I have built an install list of instrutions and follow, and update, that list as I go from release to release 20:23:17 <hviaene> Just a sec 20:23:37 <MrsB> They're all important brian_. Are you on the ISO testers page here https://wiki.mageia.org/en/QA_ISO_testers ? 20:23:48 <lewyssmith> Bonsoir Yves. 20:24:06 <hviaene> OK 20:24:38 <MrsB> brian_: if you're not already, please add yourself to that page and I'll email privately later with some details 20:25:07 <brian_> I'm not, will register 20:25:26 <MrsB> tmb ennael - any ETA for the ISO's ? 20:26:09 <tmb> live medias are currently building so they should be available soon 20:26:13 <Akien> Reminds me I really have to integrate the artwork, too bad schultz isn't available 20:26:21 <MrsB> today-ish then 20:26:29 <Akien> I'll try to do that for round 2 then... :-) 20:26:42 <wilcal> tonight-ish in Euroland 20:26:59 <tmb> ennael did some testbuilds yesterday, but I dont know the results yet 20:27:08 <MrsB> #info live ISOs are currently building 20:27:20 <MrsB> thanks tmb 20:27:54 <MrsB> anybody any questions? 20:27:57 <lewyssmith> How big are the changes from Beta1? 20:28:19 <MrsB> some new versions, hopefully some bugfixes 20:28:24 <ennael> tests are going on. have some deps pb with mesa but should be fixed soon 20:28:34 <MrsB> thanks ennael 20:28:43 <ennael> we will work on syslinux with erwan tomorrow evening 20:29:03 <MrsB> #info classic isos will be a bit longer, early tests are ongoing 20:29:13 <MrsB> dude :) 20:29:19 <lewyssmith> Welcome Dave. 20:29:32 <tmb> ennael, what issues with syslinux ? 20:29:40 <DavidWHodgins> HiYa everyone. Sorry I'm late. Wasn't watching the clock. 20:29:53 <olivier_cc> hello Dave 20:29:53 <ennael> tmb: boot from hard disk 20:30:09 <MrsB> wow really, that's been there since forever 20:30:27 <tmb> ennael, ah, ok... otherwise we have latest 6.03 in cauldron and installed on rabbit 20:30:35 <MrsB> What's the EFI status tmb please? 20:30:40 <ennael> tmb: yep 20:31:33 <tmb> for efi status, first build wont carry my changes, hopefully the next build will 20:32:37 <tmb> I'm picking up some new hw tomorrow so I can test on 20:33:04 <MrsB> #info EFI changes should hopefully be in a 2nd build 20:33:06 <MrsB> thanks tmb 20:33:21 <lewyssmith> tmb: Are your comments for Live & Classic? 20:35:27 <MrsB> scared him away 20:36:21 <MrsB> I guess we'll wait and see lewis 20:36:37 <tmb> lewyssmith, technically for both as we use same drakx code, but atleast live as it does not boot in framebuffer mode like the installer does 20:37:00 <RemyServices> I can try to do efi testing if beta2 supports it 20:37:22 <lewyssmith> tmb: thanks. 20:38:01 <tmb> the problem is that stage2 assumes framebuffer mode and if that does not work fall back to vesa, neither of wich is specified in the efi standard :) 20:38:28 <MrsB> #info EFI should cover both Live ISOs and Classic when it's incorporated 20:39:11 <MrsB> Is there anything else to add about beta 2 or ISO testing? 20:40:55 <MrsB> #info anybody who has not yet added themselves to the ISO testers list and wants to help pre-release testing the ISOs please add yourself here and let somebody know https://wiki.mageia.org/en/QA_ISO_testers 20:41:14 <MrsB> Let's move on then :) 20:41:16 <hviaene> #topic Testing Updates 20:41:21 <MrsB> thanks Dave 20:41:40 <lewyssmith> Should you explain to Dave? 20:41:48 <DavidWHodgins> That was hviaene, not me. 20:42:02 <MrsB> We've been doing pretty well with updates. The challenge now will be to try to keep on top of them whilst the ISOs are being tested 20:42:03 <wilcal> List has been cut down considerable 20:42:16 <lewyssmith> DavidWHodgins: he is you tonight. 20:42:30 <wilcal> Why cannot Flightgear be pushed? 20:42:57 <MrsB> Backports need a new keyword adding to bugzilla and some stuff sorting out sysadmin side for advisories 20:43:18 <wilcal> Flightgear = addiction 20:43:29 <Akien> It's a bit sad to have backports stuck because of that though 20:43:47 <MrsB> what do you suggest Akien? 20:44:05 <Akien> A nice incentive for Colin :-D 20:44:23 <Akien> If we want an easy solution, IMO the updates related stuff in mgaadv could be duplicated and adapted for backports 20:44:26 <MrsB> i'll try and catch up with him and add it to his todo list 20:44:38 <Akien> And we could push backports advisories to advisories.mageia.org/backports.html or something like that 20:44:53 <Akien> And maybe use a "validated_backport" keyword indeed 20:44:53 <MrsB> that's the plan really, just needs somebody to do it Akien 20:45:07 <Akien> Yes I understand that :-) 20:45:15 <MrsB> Anyway.. updates.. 20:45:24 <MrsB> Are there any there right now that look scary? 20:45:53 <lewyssmith> It was nearly "Are there any?" for x64 earlier this week. 20:45:58 <MrsB> http://mageia.madb.org/tools/updates 20:46:05 <MrsB> yes we're doing well 20:46:26 <MrsB> there are two ready for pushing i see, nice, well done 20:46:45 <wilcal> Ya i did the Apache thing just before this meeting 20:46:54 <lewyssmith> Good on you. 20:46:56 <MrsB> Please don't forget to validate any which are ready to be validated 20:47:33 <tmb> and add advisories to svn 20:47:45 <MrsB> that's my job 20:47:50 <MrsB> and akien 20:48:11 <MrsB> and one day maybe even wilcal! 20:48:33 <wilcal> :-0 20:48:51 <DavidWHodgins> Used to be just me an Claire, but I have not been active for a while. 20:49:00 <DavidWHodgins> s /an/and/ 20:49:07 <MrsB> you can have a practise if you like Dave 20:49:50 <MrsB> So is everybody happy with the updates? 20:49:55 <wilcal> yep 20:50:02 <wilcal> happy to say that 20:50:09 <MrsB> let's move on if so 20:50:10 <DavidWHodgins> #topic Luigi's Roundup 20:50:19 <MrsB> #chair DavidWHodgins 20:50:19 <Inigo_Montoya`> Current chairs: DavidWHodgins MrsB hviaene wilcal 20:50:26 <hviaene> Hey you 20:50:31 <DavidWHodgins> #topic Luigi's Roundup 20:50:38 <MrsB> thanks herman 20:50:45 <MrsB> Luigi12_work: ping! 20:51:08 <DavidWHodgins> Luigi12_lappy: ping! 20:51:26 <lewyssmith> He spoke on 'work' earlier. 20:51:44 <MrsB> let's give him a minute 20:52:00 <Luigi12_work> boo 20:52:07 <wilcal> Hello Luigi 20:52:14 <MrsB> thought you were still in makeup 20:52:27 <DavidWHodgins> :-) 20:53:02 <lewyssmith> MrsB: Good one! 20:53:12 <MrsB> :) 20:53:52 <Luigi12_work> still got my hat though 20:54:07 <MrsB> :D 20:54:18 <Luigi12_work> so I got cpio fixed thanks to some help from Fedora's packager and an upstream developer 20:54:37 <MrsB> #info cpoi is ready for testing 20:54:40 <MrsB> cpio 20:54:44 <Luigi12_work> still waiting to hear additional details on possibly other security issues fixed in freetype2 2.5.4, as well as a CVE for the fix I already backported 20:55:01 <MrsB> do you want to push it or is it non urgent? 20:55:21 <Luigi12_work> maybe we should just push it as is and add more patches later, since it is critical 20:55:25 <MrsB> it is a red one 20:55:27 <Luigi12_work> yeah 20:55:33 <MrsB> ok i'll do that after 20:55:45 <Luigi12_work> cool, I wish MITRE wasn't so slow sometimes 20:55:49 <wilcal> i got something for Luigi 20:55:53 <MrsB> #info we'll push freetype2 and update it again later when there is news of more patches 20:56:07 <Luigi12_work> I committed patches for the rpm CVEs into SVN, just waiting for tv to review them 20:56:24 <MrsB> #info rpm update coming 20:56:51 <Luigi12_work> not sure how the x11-server update will be handled, the patches will need to be backported to whatever it is that we have in mga4 20:57:21 <MrsB> #info x11-server update coming too once patches have been backported 20:57:32 <Luigi12_work> philippem will be updating python and python3 at some point, due to SSL cert verification fixes upstream 20:58:00 <MrsB> #info python & python3 updates coming for SSL cert verification fixes 20:58:16 <MrsB> theres not normally alot we can test for cert things 20:58:17 <Luigi12_work> also have an unrtf update in SVN waiting for a freeze push, it fixes crashes with bad RTF files, basically denial of service for anything that uses unrtf to decode RTF files with possible untrusted input 20:58:40 <MrsB> i don't think we've had that one before 20:58:45 <Luigi12_work> indeed 20:58:47 <NyB> Luigi12_work: how serious are the X11 CVEs in your opinion? anything special that we should do mitigation-wise on installed systems? 20:58:59 <MrsB> #info also unrtf - a new one to QA 20:59:09 <Luigi12_work> NyB: if you haven't undone the "-nolisten tcp" default from Mageia, you don't need to worry 20:59:19 <DavidWHodgins> Never heard of that one before. 20:59:24 <MrsB> me either 20:59:46 <NyB> DavidWHodgins: unrtf? or the X11 option? 20:59:55 <DavidWHodgins> unrtf 21:00:16 <olivier_cc> what is the no-listen tcp option ? 21:00:17 <NyB> Luigi12_work: no I have not changed that one :-) Fortunately SSH X11 forwading works without such tricks these days... 21:00:32 <Luigi12_work> NyB: indeed, I'm glad for that too 21:00:46 <DavidWHodgins> olivier_cc: In what context? 21:00:50 <NyB> olivier_cc: it allows the X11 server to listen on a local port (6000 IIRC) for application connections 21:00:51 <Luigi12_work> olivier_cc: by default, the X server listens on port 6000 to allow remote clients to display a window on your X server 21:01:03 <Luigi12_work> olivier_cc: through msec, this is disabled by default in Mageia 21:01:14 <NyB> mc uses unrtf to view RTF files IIRC... 21:01:24 <olivier_cc> ok didn't mess with that then 21:01:41 <MrsB> you can mess with it when we test the update though 21:02:04 <olivier_cc> ok so I shall mess 21:02:15 <Luigi12_work> so with nolisten tcp, you're only vulnerable to local users exploiting the issues, but if they're local they can do so many other things 21:02:27 <Luigi12_work> if you really want to mitigate it from local users, you can disable glx 21:02:33 <Akien> unrtf lets you transform .rtf files into html files or other formats 21:02:36 <NyB> and there may be other scripts/tools that use unrtf. I think there were some SpamAssassin/Amavis plugins that use to look in attachments 21:02:45 <MrsB> #info Congrats to Luigi12 on making it into distrowatch weekly, all the best do ;) 21:02:59 <Luigi12_work> ugh, yeah I saw that 21:03:07 <DavidWHodgins> Ahh. Yes for X11, the no-listen tcp option means the server is only available on the localhost. Without it, other computers that have access can connect to it. 21:03:13 <Luigi12_work> at least I didn't get any snarky comments 21:03:17 <NyB> Luigi12_work: hmmm... are SSH-forwarded connections safe with GLX enabled? 21:04:28 <NyB> DavidWHodgins: IIRC with -nolisten tcp it is not available on localhost either - only through a UNIX domain socket... 21:04:34 <MrsB> that's what we're here for Luigi12_work 21:04:43 <Luigi12_work> NyB: the exploits happen on the "server" side in X parlance, which is where the display is 21:04:47 <DavidWHodgins> NyB: Correct. 21:05:03 <Luigi12_work> so if someone is SSH'ing into your machine to run an application and display it on their machine, the vulnerability is on their machine, not yours 21:05:30 <MrsB> it's done from the DM IINM 21:05:43 <NyB> Luigi12_work: It's the reverse I'm worried about :-) 21:05:50 <MrsB> not done so for years though :\ 21:06:01 <NyB> Mageia has X11 forwarding enabled on the client by default IIRC 21:06:10 <DavidWHodgins> Yes, client/server distinction is a bit unusual with X11. The server is the computer connected to the monitor. 21:06:10 <NyB> s/client/SSH client/ 21:06:19 <Luigi12_work> NyB: then yes if someone can trick you into running a malicious application over SSH 21:06:47 <MrsB> Is there anything else? 21:06:53 <NyB> if you logon to a compromised server, all it takes is a little change in .bashrc over there... 21:07:14 <wilcal> ya i got something 21:07:16 <Luigi12_work> I don't have anything else 21:07:18 <Luigi12_work> wilcal had a questio 21:07:24 <MrsB> go for it wilcal 21:07:27 <wilcal> Any information on a Linux compromise called "Uroburos or Snake" 21:07:29 <wilcal> Seems it's been modified from the Windows world that has been around 21:07:30 <wilcal> for quite some time. Any idea on the threat here? 21:07:39 <Luigi12_work> never heard of it 21:08:04 <MrsB> oh, i think thats the govt spyware thing isn't it 21:08:15 <wilcal> i think if you just google Uroburos or Snake" 21:08:17 <Luigi12_work> I heard about Turla this week, but nobody knows anything about it since Kaspersky keeps that to themselves 21:08:42 <DavidWHodgins> A quick search shows it's a rootkit. 21:08:43 <MrsB> you can find -type f and exec file on everything in your home and grep for ELF's 21:09:06 <MrsB> oh turla, mayeb i'm thinking of that 21:09:18 <Luigi12_work> yeah that's the one that's been in the press this week 21:09:21 <NyB> I had a look around about it - none of the major OSS malware detection toolkits for Linux seems to know about ut... 21:09:33 <wilcal> anyway the security podcast I listened to made a big thing of it all 21:09:35 <Luigi12_work> NyB: seems to know about what? 21:09:51 <NyB> about turla/ouroboros/whats-its-name 21:10:05 <wilcal> http://www.symantec.com/connect/blogs/turla-spying-tool-targets-governments-and-diplomats 21:10:06 <Luigi12_work> NyB: I don't know what ourbos is, but of course they wouldn't know about Turla 21:10:26 <wilcal> Seems they've re-treaded it to Linux 21:10:55 <Luigi12_work> what I can tell you, is the press stories about Turla mention a certain hostname that it tries to connect to for command & control 21:11:12 <Luigi12_work> so if you're worried about it, you can block outbound connections to that in your perimeter firewall 21:11:12 <DavidWHodgins> IIRC, only targeting systems in Russia and China. 21:11:24 <Luigi12_work> that's not what I heard 21:11:35 <Luigi12_work> but again, only Kaspersky knows for sure 21:11:38 <NyB> they also mention a couple of strings supposedly in its code. 21:12:01 <hviaene> Have to go, evening all 21:12:03 <Luigi12_work> NyB: was it in the code, or part of the magic packets used to trigger it? 21:12:07 <MrsB> nite hviaene 21:12:10 <wilcal> Anyway I don't think there's anything on the forums yet 21:12:11 <olivier_cc> evening herman 21:12:11 <marja> hviaene: good night 21:12:15 <MrsB> thanks for beign Dave 21:12:28 <DavidWHodgins> :-) 21:12:34 <MrsB> Shall we move on 21:12:41 <DavidWHodgins> #topic Anything else? 21:12:43 <wilcal> sometimes these things get spun up before we have answers 21:12:49 <MrsB> Is there anythign else? 21:12:51 <Luigi12_work> that would be the case here 21:12:54 <wilcal> not here 21:12:58 <NyB> Luigi12_work: can't really remember, but they were talking about building signatures. I suppose they could be referring to Snort IDS signatures or something... 21:13:04 <DavidWHodgins> Nothing else here. 21:13:12 <lewyssmith> Nor me. 21:13:13 <Luigi12_work> NyB: yeah I did see it too but I can't remember which it was 21:13:16 <marja> nothing here either 21:13:18 <olivier_cc> good for me 21:13:24 <MrsB> T - 5 then 21:13:30 <wilcal> thks all 21:13:31 <Luigi12_work> ooh a response from tv 21:13:35 <MrsB> thanks for comign everybody, keep an eye on your email. 21:13:37 <lewyssmith> Goodnight everyone. 21:13:38 <Luigi12_work> rpm updates coming 21:13:43 <MrsB> 4 21:13:45 <MrsB> 3 21:13:46 <MrsB> 2 21:13:48 <MrsB> 1 21:13:49 <brian_> bye 21:13:50 <MrsB> #endmeeting