#mageia-qa log

19:03:17 <wilcal> #startmeeting
19:03:17 <Inigo_Montoya> Meeting started Thu Jul 23 19:03:17 2015 UTC.  The chair is wilcal. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:03:17 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:03:45 <wilcal> #chair lewyssmith
19:03:45 <Inigo_Montoya> Current chairs: lewyssmith wilcal
19:03:53 <wilcal> There now it's official
19:04:14 <lewyssmith> But only you have the topics, so you will have to be Dave.
19:04:21 <wilcal> #topic anyone new
19:04:48 <lewyssmith> More a question of "anyone out there?"
19:05:21 <wilcal> So true this time of year in Europe
19:05:55 <wilcal> Lets talk a little about the state of the bugs list to be tested
19:06:16 <wilcal> #topic Testing updates
19:06:38 <wilcal> As I've shared before I try to "touch" about one per day. Sometimes two
19:07:06 <lewyssmith> I am stil on M4, and have tried all those that I can - except new today.
19:07:07 <wilcal> May not validate something or even comment somewhere
19:07:34 <wilcal> I'm in the very final stages of my transition M4.1 -> M5
19:07:59 <wilcal> pretty much completed. Plus I had a couple of big hardware changes
19:08:28 <wilcal> I'm now capable of testing UEFI without putting something important at risk
19:09:06 <wilcal> I also try to go after the top most security bugs on the list first
19:09:14 <wilcal> also those things that effect me the most
19:09:23 <lewyssmith> If we can validate with only architecture, so much the better. I trust David/luigi's view on this for individual bugs.
19:09:24 <wilcal> Like the Apache bug
19:09:55 <wilcal> I think I'm gonna validate the Apache thing today
19:10:10 <lewyssmith> EFI should not be relevant for bugs (except pre-release testing).
19:10:28 <wilcal> Seems there's been no real big problems there in the field
19:11:43 <lewyssmith> Freeradius & Ansible are beyond me; I have asked Dave's advice.
19:11:50 <wilcal> FWIW I never never upgrade an install from one Ver to the next I always "killdisk" and start from zero
19:12:23 <wilcal> Lots of things on there are beyond me to. I'm trying to get better at db stuff but will never be 100%
19:13:00 <lewyssmith> All we can do is play with a few major PHP applications that use them.
19:14:01 <wilcal> phpmyadmin I'm start'n to get a handle on running
19:14:45 <lewyssmith> Moodle, Wordpress, what have you.
19:14:47 <wilcal> that to test the mariadb thingy
19:15:07 <wilcal> if they run then mariadb is probably ok
19:15:18 <lewyssmith> Exactly.
19:15:28 <wilcal> Some of these apps are careers
19:15:39 <lewyssmith> Exactly.
19:15:47 <wilcal> So all we can do is make sure they get in without error
19:16:30 <lewyssmith> I *must* migrate to M5 (I have it installed), since that list is longer.
19:16:39 <wilcal> Hopefully when MrsB gets back we can agree to just get a successful install and update on some of them
19:17:15 <wilcal> I also think David(luigi) had a lot of bugs pent up from the M5 testing
19:17:32 <lewyssmith> I still wonder at the absence of so many people.
19:17:44 <wilcal> Sorry where do you live Lewis?
19:18:04 <wilcal> Hi David
19:18:11 <lewyssmith> wilcal: France; why?
19:18:36 <wilcal> Well then you know in Europe July/Aug everyone is on Holiday
19:18:50 <lewyssmith> weeks.
19:18:58 <wilcal> I lived in The Netherlands for years and traveled Europe extensively for decades
19:19:07 <wilcal> not much going on in July/Aug
19:19:12 <lewyssmith> Ignore that. Most people take just 2 weeks.
19:19:35 <wilcal> BTW watching the Tour daily here
19:20:00 <lewyssmith> I have no TV.
19:20:20 <wilcal> I live near San Diego CA
19:20:44 <wilcal> Lets see if luigi is around
19:20:46 <lewyssmith> Shall we move on?
19:21:02 <wilcal> ping: luigi_work
19:21:20 <wilcal> ping: luigi_lappy
19:21:26 <wilcal> i don't know how to do that
19:21:33 <lewyssmith> Topic?
19:21:51 <lewyssmith> He ususally looks in anyway until his moment.
19:22:13 <wilcal> #topic Luigi's Roundup
19:22:22 <wilcal> we can kinda hang here for awhile
19:22:42 <wilcal> I'd like to know if there's a ton more bugs wait'n to go on the list
19:22:47 <wilcal> or not
19:22:57 <lewyssmith> I would rather not know...
19:23:47 <wilcal> ok i see the virtualbox upgrade got on there
19:23:58 <wilcal> that takes me about a day to get through that one
19:24:15 <wilcal> It's only M5 for now
19:25:54 <wilcal> pretty quiet in here for sure
19:26:21 <wilcal> I'll complete what I can do on mariadb then move on to virtualbox
19:26:43 <lewyssmith> -> "Anything else"; I have something.
19:26:48 <wilcal> ok
19:27:02 <wilcal> #topic Anything else
19:27:21 <wilcal> I don't have anything
19:27:34 <lewyssmith> Updates Testing is once again clogged with masses of KDE updates with no bug to test them against.
19:28:13 <wilcal> M5 & M4
19:28:44 <bozonius> Luigi12_work:  I think they are saying that Mageia is not one of the systems that VBox supports
19:29:07 <Luigi12_work> bozonius: no that's not what it said
19:29:18 <wilcal> Hello David
19:29:34 <Luigi12_work> oh yeah sorry I'm here now
19:29:36 <lewyssmith> David! wher did you spring from?
19:29:45 <Luigi12_work> was in the classroom for a minute testing something
19:29:59 <Luigi12_work> trying to figure out this system-wide certs for NSS thing that was discussed on the dev ml
19:30:25 <wilcal> Question of the day are there still tons of bugs waiting to get on the list or are most on there now
19:30:40 <Luigi12_work> let me see
19:30:47 <Luigi12_work> first I'd like to draw everyone's attention to
19:30:50 <Luigi12_work> bug 16459 is highly critical, please test if there's anyone out there
19:30:52 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=16459 critical, Normal, qa-bugs, NEW , libuser new security issues CVE-2015-3245 and CVE-2015-3246, libuser-0.60-5.mga5.src.rpm
19:31:05 <Luigi12_work> local privledge escalation flaw with exploit code already available
19:31:09 <Luigi12_work> please test ASAP
19:31:12 <bozonius> From the link:  "The only problem I see is you trying to run unsupported guests and expecting the official guest additions to work."
19:31:16 <wilcal> what's the best/quickest way to test that
19:31:23 <bozonius> The guest in question is Mageia.
19:31:30 <Luigi12_work> bozonius: exactly, the "official guest additions" as opposed to the Mageia packaged ones
19:31:40 <Luigi12_work> bozonius: for a Mageia guest, use our packages
19:31:53 <bozonius> But I AM!
19:31:54 <Luigi12_work> wilcal: there's exploit code linked in the bug, it's C code
19:31:58 <lewyssmith> 16459: I will look tomorrow - asuming I can try it.
19:31:59 <bozonius> and nothing else.
19:32:07 <Luigi12_work> bozonius: then they misunderstood and you need to clarify that
19:32:26 <bozonius> I think they know I am using the distro version
19:32:33 <Luigi12_work> wilcal: compile it with gcc and run it...I haven't tried it, don't know if it needs any arguments
19:32:44 <Luigi12_work> bozonius: from the comments it sounds like they didn't realize that
19:32:47 <bozonius> that was covered in earlier posts on that same thread
19:33:07 <Luigi12_work> not much you can do if the person on the other end can't read
19:33:07 <wilcal> I'm not really good at all that. If someone could document that in the bug step by step that would be nice
19:33:24 <Luigi12_work> not good at compiling a simple C program?
19:33:29 <Luigi12_work> it's one command
19:33:33 <Luigi12_work> gcc foo.c
19:33:43 <Luigi12_work> creates an executable called a.out, run it (./a.out)
19:34:06 <Luigi12_work> I e-mailed the dev list last night reminding of help needed for security updates
19:34:14 <Luigi12_work> but everyone ignores me these days
19:34:45 <Luigi12_work> OpenSuSE has updated libidn, but I'm waiting a while to see how to handle that issue
19:34:57 <wilcal> I'm gonna turn the apache thing loose after this meeting
19:35:01 <Luigi12_work> groovy and springframework bugs filed, need help on those
19:35:17 <Luigi12_work> did you search for PoCs for the Apache issues?
19:35:34 <wilcal> "PoC
19:35:48 <Luigi12_work> Luc has patched for an issue in kdepim where it doesn't encrypt attachments if you tell it to encrypt the message (Mageia 4 only), waiting for his OK to assign to QA
19:35:59 <wilcal> "PoC" point of Contact?
19:36:15 <Luigi12_work> are you serious?  How long have you been in the QA team?  You're supposed to know this.
19:36:17 <Luigi12_work> Proof of Concept
19:36:23 <Luigi12_work> details on how to reproduce the issue
19:36:25 <wilcal> sorry
19:36:36 <wilcal> looking for ways to recreate bug
19:36:45 <wilcal> i'll poke around a little
19:36:45 <Luigi12_work> so we can test either to verify that it's fixed, or at least to instrument the affected code to ensure that we didn't break it
19:37:01 <Luigi12_work> our apache tests so far have likely not instrumented the affected code at all, so we don't know if we broke something
19:37:27 <wilcal> hello tmb
19:37:31 <tmb> hi
19:37:35 <Luigi12_work> squashfs-tools patched and still assigned to tmb, waiting for feedback on whether to proceed with that update
19:37:39 <Luigi12_work> speak of the tmb
19:37:58 <Luigi12_work> bug filed for lxc, that will need to be patched at some point
19:38:05 <bozonius> Luigil2_work: I just posted a clarification of the point
19:38:13 <Luigi12_work> Chrome 44 is out, so a chromim-browser-stable update should be coming
19:38:25 <lewyssmith> bozonius: What ere you talking about?
19:38:33 <wilcal> I think those things can be tested and through pretty fast
19:38:34 <Luigi12_work> ghostscript update built, waiting for RedHat's bug to be opened so I know what to put in the advisory, then I'll assign to QA
19:38:44 <wilcal> like the weekly flash updates
19:38:46 <Luigi12_work> some integer overflow issue
19:38:56 <Luigi12_work> xfsprogs waiting for upstream to release fixes
19:39:08 <bozonius> lewyssmith:  a misunderstanding (I think) of VBox support's notion of what is the official way to handle GA on Mageia
19:39:21 <bozonius> (GA = guest additions)
19:39:34 <Luigi12_work> an openssh issue that's apparently creating some buzz that makes it easier to try more passwords more quickly for brute-forcing via keyboard authentication, got a patch committed to Mageia 5 SVN
19:39:46 <Luigi12_work> have something locally for Mageia 4, but not sure if it's correct, waiting to see others' backports
19:39:52 <Luigi12_work> but hopefully that'll get pushed to QA soonish
19:40:11 <wilcal> openssh can be tested quickly
19:40:19 <Luigi12_work> so yeah I guess you could say there's stuff in the pipeline
19:40:30 <lewyssmith> wilcal: How?
19:41:16 <Luigi12_work> for the pending openssh update, just testing that you can ssh into a machine (testing the server side) via keyboard authentication should be sufficient
19:41:21 <wilcal> how i did it on: https://bugs.mageia.org/show_bug.cgi?id=16266
19:41:22 <[mbot> Bug 16266: normal, Normal, qa-bugs, RESOLVED FIXED, openssh new security issue CVE-2015-5352, openssh-6.8p1-1.mga6.src.rpm
19:41:43 <Luigi12_work> just make sure you do test the server part of it, not just the client part, as wilcal originally did last time
19:42:03 <Luigi12_work> unless I misunderstood, but I think he fully tested it before validating
19:42:30 <wilcal> i used putty from another machine was that ok
19:42:36 <Luigi12_work> yep
19:42:43 <bozonius> Is my question better posted in the "mageia" channel than here?
19:42:44 <wilcal> so that's an easy on for me
19:42:56 <Luigi12_work> bozonius: this certainly wasn't the best channel for it
19:43:16 <bozonius> OK, taking it to #mageia instead.  thanks. sorry for the disruption.
19:43:24 <lewyssmith> wilcal: I only have a stand-alone box.
19:43:41 <Luigi12_work> oh, also a gdk-pixbuf heap overflow DoS issue is patched in SVN, waiting for a CVE assignment before pushing to QA
19:44:30 <Luigi12_work> ok, roundup's done unless there's questions
19:44:49 <wilcal> Thank you luigi
19:44:56 <wilcal> Anything else else?
19:45:00 <lewyssmith> Yes, thanks.
19:45:10 <lewyssmith> Not from me.
19:45:24 <wilcal> we should wrap this up then
19:45:34 <lewyssmith> Benmc: Hello & goodbyre!
19:45:39 <wilcal> you have the count down honors lewis
19:45:46 <lewyssmith> -5
19:45:47 <Benmc> goodmornong all
19:45:55 <lewyssmith> -4
19:45:56 <tmb> there will be some kernels landing...
19:46:09 <lewyssmith> -
19:46:14 <lewyssmith> -3
19:46:15 <wilcal> Ya I saw that. I can do those but they take a couple days
19:46:34 <lewyssmith> -2
19:46:43 <lewyssmith> -1
19:46:46 <tmb> but for mga5 I'd like the nvidia-current, fglrx and vbox validated an pushed before to make easier transition
19:47:01 <wilcal> ok tmb
19:47:42 <lewyssmith> Goodbye & thanks Bill.
19:47:46 <tmb> thats all for me for mow
19:47:46 <wilcal> bye all
19:47:53 <tmb> *now
19:48:09 <wilcal> #endmeeting