19:03:17 <wilcal> #startmeeting 19:03:17 <Inigo_Montoya> Meeting started Thu Jul 23 19:03:17 2015 UTC. The chair is wilcal. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:03:17 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:03:45 <wilcal> #chair lewyssmith 19:03:45 <Inigo_Montoya> Current chairs: lewyssmith wilcal 19:03:53 <wilcal> There now it's official 19:04:14 <lewyssmith> But only you have the topics, so you will have to be Dave. 19:04:21 <wilcal> #topic anyone new 19:04:48 <lewyssmith> More a question of "anyone out there?" 19:05:21 <wilcal> So true this time of year in Europe 19:05:55 <wilcal> Lets talk a little about the state of the bugs list to be tested 19:06:16 <wilcal> #topic Testing updates 19:06:38 <wilcal> As I've shared before I try to "touch" about one per day. Sometimes two 19:07:06 <lewyssmith> I am stil on M4, and have tried all those that I can - except new today. 19:07:07 <wilcal> May not validate something or even comment somewhere 19:07:34 <wilcal> I'm in the very final stages of my transition M4.1 -> M5 19:07:59 <wilcal> pretty much completed. Plus I had a couple of big hardware changes 19:08:28 <wilcal> I'm now capable of testing UEFI without putting something important at risk 19:09:06 <wilcal> I also try to go after the top most security bugs on the list first 19:09:14 <wilcal> also those things that effect me the most 19:09:23 <lewyssmith> If we can validate with only architecture, so much the better. I trust David/luigi's view on this for individual bugs. 19:09:24 <wilcal> Like the Apache bug 19:09:55 <wilcal> I think I'm gonna validate the Apache thing today 19:10:10 <lewyssmith> EFI should not be relevant for bugs (except pre-release testing). 19:10:28 <wilcal> Seems there's been no real big problems there in the field 19:11:43 <lewyssmith> Freeradius & Ansible are beyond me; I have asked Dave's advice. 19:11:50 <wilcal> FWIW I never never upgrade an install from one Ver to the next I always "killdisk" and start from zero 19:12:23 <wilcal> Lots of things on there are beyond me to. I'm trying to get better at db stuff but will never be 100% 19:13:00 <lewyssmith> All we can do is play with a few major PHP applications that use them. 19:14:01 <wilcal> phpmyadmin I'm start'n to get a handle on running 19:14:45 <lewyssmith> Moodle, Wordpress, what have you. 19:14:47 <wilcal> that to test the mariadb thingy 19:15:07 <wilcal> if they run then mariadb is probably ok 19:15:18 <lewyssmith> Exactly. 19:15:28 <wilcal> Some of these apps are careers 19:15:39 <lewyssmith> Exactly. 19:15:47 <wilcal> So all we can do is make sure they get in without error 19:16:30 <lewyssmith> I *must* migrate to M5 (I have it installed), since that list is longer. 19:16:39 <wilcal> Hopefully when MrsB gets back we can agree to just get a successful install and update on some of them 19:17:15 <wilcal> I also think David(luigi) had a lot of bugs pent up from the M5 testing 19:17:32 <lewyssmith> I still wonder at the absence of so many people. 19:17:44 <wilcal> Sorry where do you live Lewis? 19:18:04 <wilcal> Hi David 19:18:11 <lewyssmith> wilcal: France; why? 19:18:36 <wilcal> Well then you know in Europe July/Aug everyone is on Holiday 19:18:50 <lewyssmith> weeks. 19:18:58 <wilcal> I lived in The Netherlands for years and traveled Europe extensively for decades 19:19:07 <wilcal> not much going on in July/Aug 19:19:12 <lewyssmith> Ignore that. Most people take just 2 weeks. 19:19:35 <wilcal> BTW watching the Tour daily here 19:20:00 <lewyssmith> I have no TV. 19:20:20 <wilcal> I live near San Diego CA 19:20:44 <wilcal> Lets see if luigi is around 19:20:46 <lewyssmith> Shall we move on? 19:21:02 <wilcal> ping: luigi_work 19:21:20 <wilcal> ping: luigi_lappy 19:21:26 <wilcal> i don't know how to do that 19:21:33 <lewyssmith> Topic? 19:21:51 <lewyssmith> He ususally looks in anyway until his moment. 19:22:13 <wilcal> #topic Luigi's Roundup 19:22:22 <wilcal> we can kinda hang here for awhile 19:22:42 <wilcal> I'd like to know if there's a ton more bugs wait'n to go on the list 19:22:47 <wilcal> or not 19:22:57 <lewyssmith> I would rather not know... 19:23:47 <wilcal> ok i see the virtualbox upgrade got on there 19:23:58 <wilcal> that takes me about a day to get through that one 19:24:15 <wilcal> It's only M5 for now 19:25:54 <wilcal> pretty quiet in here for sure 19:26:21 <wilcal> I'll complete what I can do on mariadb then move on to virtualbox 19:26:43 <lewyssmith> -> "Anything else"; I have something. 19:26:48 <wilcal> ok 19:27:02 <wilcal> #topic Anything else 19:27:21 <wilcal> I don't have anything 19:27:34 <lewyssmith> Updates Testing is once again clogged with masses of KDE updates with no bug to test them against. 19:28:13 <wilcal> M5 & M4 19:28:44 <bozonius> Luigi12_work: I think they are saying that Mageia is not one of the systems that VBox supports 19:29:07 <Luigi12_work> bozonius: no that's not what it said 19:29:18 <wilcal> Hello David 19:29:34 <Luigi12_work> oh yeah sorry I'm here now 19:29:36 <lewyssmith> David! wher did you spring from? 19:29:45 <Luigi12_work> was in the classroom for a minute testing something 19:29:59 <Luigi12_work> trying to figure out this system-wide certs for NSS thing that was discussed on the dev ml 19:30:25 <wilcal> Question of the day are there still tons of bugs waiting to get on the list or are most on there now 19:30:40 <Luigi12_work> let me see 19:30:47 <Luigi12_work> first I'd like to draw everyone's attention to 19:30:50 <Luigi12_work> bug 16459 is highly critical, please test if there's anyone out there 19:30:52 <[mbot> Bug https://bugs.mageia.org/show_bug.cgi?id=16459 critical, Normal, qa-bugs, NEW , libuser new security issues CVE-2015-3245 and CVE-2015-3246, libuser-0.60-5.mga5.src.rpm 19:31:05 <Luigi12_work> local privledge escalation flaw with exploit code already available 19:31:09 <Luigi12_work> please test ASAP 19:31:12 <bozonius> From the link: "The only problem I see is you trying to run unsupported guests and expecting the official guest additions to work." 19:31:16 <wilcal> what's the best/quickest way to test that 19:31:23 <bozonius> The guest in question is Mageia. 19:31:30 <Luigi12_work> bozonius: exactly, the "official guest additions" as opposed to the Mageia packaged ones 19:31:40 <Luigi12_work> bozonius: for a Mageia guest, use our packages 19:31:53 <bozonius> But I AM! 19:31:54 <Luigi12_work> wilcal: there's exploit code linked in the bug, it's C code 19:31:58 <lewyssmith> 16459: I will look tomorrow - asuming I can try it. 19:31:59 <bozonius> and nothing else. 19:32:07 <Luigi12_work> bozonius: then they misunderstood and you need to clarify that 19:32:26 <bozonius> I think they know I am using the distro version 19:32:33 <Luigi12_work> wilcal: compile it with gcc and run it...I haven't tried it, don't know if it needs any arguments 19:32:44 <Luigi12_work> bozonius: from the comments it sounds like they didn't realize that 19:32:47 <bozonius> that was covered in earlier posts on that same thread 19:33:07 <Luigi12_work> not much you can do if the person on the other end can't read 19:33:07 <wilcal> I'm not really good at all that. If someone could document that in the bug step by step that would be nice 19:33:24 <Luigi12_work> not good at compiling a simple C program? 19:33:29 <Luigi12_work> it's one command 19:33:33 <Luigi12_work> gcc foo.c 19:33:43 <Luigi12_work> creates an executable called a.out, run it (./a.out) 19:34:06 <Luigi12_work> I e-mailed the dev list last night reminding of help needed for security updates 19:34:14 <Luigi12_work> but everyone ignores me these days 19:34:45 <Luigi12_work> OpenSuSE has updated libidn, but I'm waiting a while to see how to handle that issue 19:34:57 <wilcal> I'm gonna turn the apache thing loose after this meeting 19:35:01 <Luigi12_work> groovy and springframework bugs filed, need help on those 19:35:17 <Luigi12_work> did you search for PoCs for the Apache issues? 19:35:34 <wilcal> "PoC 19:35:48 <Luigi12_work> Luc has patched for an issue in kdepim where it doesn't encrypt attachments if you tell it to encrypt the message (Mageia 4 only), waiting for his OK to assign to QA 19:35:59 <wilcal> "PoC" point of Contact? 19:36:15 <Luigi12_work> are you serious? How long have you been in the QA team? You're supposed to know this. 19:36:17 <Luigi12_work> Proof of Concept 19:36:23 <Luigi12_work> details on how to reproduce the issue 19:36:25 <wilcal> sorry 19:36:36 <wilcal> looking for ways to recreate bug 19:36:45 <wilcal> i'll poke around a little 19:36:45 <Luigi12_work> so we can test either to verify that it's fixed, or at least to instrument the affected code to ensure that we didn't break it 19:37:01 <Luigi12_work> our apache tests so far have likely not instrumented the affected code at all, so we don't know if we broke something 19:37:27 <wilcal> hello tmb 19:37:31 <tmb> hi 19:37:35 <Luigi12_work> squashfs-tools patched and still assigned to tmb, waiting for feedback on whether to proceed with that update 19:37:39 <Luigi12_work> speak of the tmb 19:37:58 <Luigi12_work> bug filed for lxc, that will need to be patched at some point 19:38:05 <bozonius> Luigil2_work: I just posted a clarification of the point 19:38:13 <Luigi12_work> Chrome 44 is out, so a chromim-browser-stable update should be coming 19:38:25 <lewyssmith> bozonius: What ere you talking about? 19:38:33 <wilcal> I think those things can be tested and through pretty fast 19:38:34 <Luigi12_work> ghostscript update built, waiting for RedHat's bug to be opened so I know what to put in the advisory, then I'll assign to QA 19:38:44 <wilcal> like the weekly flash updates 19:38:46 <Luigi12_work> some integer overflow issue 19:38:56 <Luigi12_work> xfsprogs waiting for upstream to release fixes 19:39:08 <bozonius> lewyssmith: a misunderstanding (I think) of VBox support's notion of what is the official way to handle GA on Mageia 19:39:21 <bozonius> (GA = guest additions) 19:39:34 <Luigi12_work> an openssh issue that's apparently creating some buzz that makes it easier to try more passwords more quickly for brute-forcing via keyboard authentication, got a patch committed to Mageia 5 SVN 19:39:46 <Luigi12_work> have something locally for Mageia 4, but not sure if it's correct, waiting to see others' backports 19:39:52 <Luigi12_work> but hopefully that'll get pushed to QA soonish 19:40:11 <wilcal> openssh can be tested quickly 19:40:19 <Luigi12_work> so yeah I guess you could say there's stuff in the pipeline 19:40:30 <lewyssmith> wilcal: How? 19:41:16 <Luigi12_work> for the pending openssh update, just testing that you can ssh into a machine (testing the server side) via keyboard authentication should be sufficient 19:41:21 <wilcal> how i did it on: https://bugs.mageia.org/show_bug.cgi?id=16266 19:41:22 <[mbot> Bug 16266: normal, Normal, qa-bugs, RESOLVED FIXED, openssh new security issue CVE-2015-5352, openssh-6.8p1-1.mga6.src.rpm 19:41:43 <Luigi12_work> just make sure you do test the server part of it, not just the client part, as wilcal originally did last time 19:42:03 <Luigi12_work> unless I misunderstood, but I think he fully tested it before validating 19:42:30 <wilcal> i used putty from another machine was that ok 19:42:36 <Luigi12_work> yep 19:42:43 <bozonius> Is my question better posted in the "mageia" channel than here? 19:42:44 <wilcal> so that's an easy on for me 19:42:56 <Luigi12_work> bozonius: this certainly wasn't the best channel for it 19:43:16 <bozonius> OK, taking it to #mageia instead. thanks. sorry for the disruption. 19:43:24 <lewyssmith> wilcal: I only have a stand-alone box. 19:43:41 <Luigi12_work> oh, also a gdk-pixbuf heap overflow DoS issue is patched in SVN, waiting for a CVE assignment before pushing to QA 19:44:30 <Luigi12_work> ok, roundup's done unless there's questions 19:44:49 <wilcal> Thank you luigi 19:44:56 <wilcal> Anything else else? 19:45:00 <lewyssmith> Yes, thanks. 19:45:10 <lewyssmith> Not from me. 19:45:24 <wilcal> we should wrap this up then 19:45:34 <lewyssmith> Benmc: Hello & goodbyre! 19:45:39 <wilcal> you have the count down honors lewis 19:45:46 <lewyssmith> -5 19:45:47 <Benmc> goodmornong all 19:45:55 <lewyssmith> -4 19:45:56 <tmb> there will be some kernels landing... 19:46:09 <lewyssmith> - 19:46:14 <lewyssmith> -3 19:46:15 <wilcal> Ya I saw that. I can do those but they take a couple days 19:46:34 <lewyssmith> -2 19:46:43 <lewyssmith> -1 19:46:46 <tmb> but for mga5 I'd like the nvidia-current, fglrx and vbox validated an pushed before to make easier transition 19:47:01 <wilcal> ok tmb 19:47:42 <lewyssmith> Goodbye & thanks Bill. 19:47:46 <tmb> thats all for me for mow 19:47:46 <wilcal> bye all 19:47:53 <tmb> *now 19:48:09 <wilcal> #endmeeting