FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 02-21-2011, 07:04 PM
Akemi Yagi
 
Default

On Mon, Feb 21, 2011 at 11:44 AM, Leonard den Ottolander
<leonard@den.ottolander.nl> wrote:

> Arguably not "critical" as per RHs vulnerability levels, but still
> "important":
>
> krb5-1.6.1-55.el5.src.rpm 2010-12-03(!!)
> https://rhn.redhat.com/errata/RHSA-2010-0926.html
> (that's 5.5, where my 5.5 system only has krb5-libs-1.6.1-36.el5_5.6)

Actually, krb5 for CentOS 5.5 is up-to-date as far as I can see. The
version referenced above is for 5.6.

However, there are some pending updates for CentOS *5.5*. For details,
see this bug report:

http://bugs.centos.org/view.php?id=4689

Hopefully they will come out soon.

Akemi
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 02-21-2011, 07:11 PM
Jerry Amundson
 
Default

On Mon, Feb 21, 2011 at 1:58 PM, Jeff Johnson <n3npq@mac.com> wrote:
> On Feb 21, 2011, at 2:50 PM, Leonard den Ottolander wrote:
>
>> On Mon, 2011-02-21 at 20:44 +0100, Leonard den Ottolander wrote:
>>> libuser-0.52.5-1.1.el4_8.1.src.rpm
>>> (https://rhn.redhat.com/errata/RHSA-2011-0170.html),
>>
>> The correct SRPM for 5 being: libuser-0.54.7-2.1.el5_5.2.src.rpm ,
>> CentOS-4 actually is up to date wrt this update.
>>
>
> Updates for both RHEL and CentOS are dead fish in a barrel on the web.

Yes, clearly the intent is to distract list members from the key
issues of the thread. "Look, over there, dead fish in a barrel.
Research them, and report back with your findings." :-)

jerry
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 02-21-2011, 07:16 PM
Leonard den Ottolander
 
Default

Hello Akemi,

On Mon, 2011-02-21 at 12:04 -0800, Akemi Yagi wrote:
> > krb5-1.6.1-55.el5.src.rpm 2010-12-03(!!)
> > https://rhn.redhat.com/errata/RHSA-2010-0926.html
> > (that's 5.5, where my 5.5 system only has krb5-libs-1.6.1-36.el5_5.6)
>
> Actually, krb5 for CentOS 5.5 is up-to-date as far as I can see.

No! The version above is 5.5, the one I mentioned below that is 5.6. For
5 we are currently using 1.6.1-36.el5_5.6 where 1.6.1-55.el5 was
released 2010-12-03 by Red Hat, just 2 days after CentOS released the
previous.

Regards,
Leonard.

--
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 02-21-2011, 07:20 PM
Jeff Johnson
 
Default

On Feb 21, 2011, at 3:11 PM, Jerry Amundson wrote:

> On Mon, Feb 21, 2011 at 1:58 PM, Jeff Johnson <n3npq@mac.com> wrote:
>> On Feb 21, 2011, at 2:50 PM, Leonard den Ottolander wrote:
>>
>>> On Mon, 2011-02-21 at 20:44 +0100, Leonard den Ottolander wrote:
>>>> libuser-0.52.5-1.1.el4_8.1.src.rpm
>>>> (https://rhn.redhat.com/errata/RHSA-2011-0170.html),
>>>
>>> The correct SRPM for 5 being: libuser-0.54.7-2.1.el5_5.2.src.rpm ,
>>> CentOS-4 actually is up to date wrt this update.
>>>
>>
>> Updates for both RHEL and CentOS are dead fish in a barrel on the web.
>
> Yes, clearly the intent is to distract list members from the key
> issues of the thread. "Look, over there, dead fish in a barrel.
> Research them, and report back with your findings." :-)
>

A web-page comparing the current differences between RHEL <-> CentOS
is more informative and more useful (and likely more accurate,
no additional e-mail straightening out which krb5 version it _REALLY_
was) than the current traffic through e-mail.

I have no clear intents, give it up.

73 de Jeff

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 02-21-2011, 07:33 PM
Leonard den Ottolander
 
Default

Hello Akemi,

On Mon, 2011-02-21 at 21:16 +0100, Leonard den Ottolander wrote:
> > Actually, krb5 for CentOS 5.5 is up-to-date as far as I can see.
>
> No! The version above is 5.5,

Oops. Sorry for the mixup, you are correct. 1.6.1-36.el5_5.6 is indeed
the 2010-12-01 update. It's the date on the krb5-1.6.1-55.el5.src.rpm
which is much earlier than the release date of 5.6 that confused me.

Regards,
Leonard.

--
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 02-21-2011, 07:47 PM
Jerry Amundson
 
Default

On Mon, Feb 21, 2011 at 2:20 PM, Jeff Johnson <n3npq@mac.com> wrote:
>
> On Feb 21, 2011, at 3:11 PM, Jerry Amundson wrote:
>
>> On Mon, Feb 21, 2011 at 1:58 PM, Jeff Johnson <n3npq@mac.com> wrote:
>>> On Feb 21, 2011, at 2:50 PM, Leonard den Ottolander wrote:
>>>
>>>> On Mon, 2011-02-21 at 20:44 +0100, Leonard den Ottolander wrote:
>>>>> libuser-0.52.5-1.1.el4_8.1.src.rpm
>>>>> (https://rhn.redhat.com/errata/RHSA-2011-0170.html),
>>>>
>>>> The correct SRPM for 5 being: libuser-0.54.7-2.1.el5_5.2.src.rpm ,
>>>> CentOS-4 actually is up to date wrt this update.
>>>>
>>>
>>> Updates for both RHEL and CentOS are dead fish in a barrel on the web.
>>
>> Yes, clearly the intent is to distract list members from the key
>> issues of the thread. "Look, over there, dead fish in a barrel.
>> Research them, and report back with your findings." :-)
>>
>
> A web-page comparing the current differences between RHEL <-> CentOS
> is more informative and more useful (and likely more accurate,
> no additional e-mail straightening out which krb5 version it _REALLY_
> was) than the current traffic through e-mail.
>
> I have no clear intents, give it up.

Sorry, lazy wording on my part - my context wasn't directed toward
you, it was directed towards KB playing the "what are these critical
security updates you speak of ?" card. I just also liked the dead fish
in a barrel "visual". :-)

jerry
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 02-22-2011, 09:20 AM
Karanbir Singh
 
Default

On 02/21/2011 07:50 PM, Leonard den Ottolander wrote:
> On Mon, 2011-02-21 at 20:44 +0100, Leonard den Ottolander wrote:
>> libuser-0.52.5-1.1.el4_8.1.src.rpm
>> (https://rhn.redhat.com/errata/RHSA-2011-0170.html),
>
> The correct SRPM for 5 being: libuser-0.54.7-2.1.el5_5.2.src.rpm ,
> CentOS-4 actually is up to date wrt this update.
>

I got a couple of emails about this offlist yesterday - we seem to come
up against this every release, and its really been answered a few times
already. Maybe we need a FAQ somewhere for this

all updates to the /5/ tree are monitored and anything which has a
remote or local exploit will get pushed into the /5/ tree; things in 5.6
and against 5.6 that dont meet that criteria wait for 5.6 release. build
order, linking, inheriting upstream testing etc etc to blame.

- KB
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 02-22-2011, 04:41 PM
"David C. Rankin"
 
Default

On 02/21/2011 08:41 PM, David C. Rankin wrote:
> On 02/21/2011 05:09 PM, PICCORO McKAY Lenz wrote:
>> uff i reading this
>> http://lists.freedesktop.org/archives/xcb/2010-March/005818.html and
>> seem like that!
>>
>> any help fron anybody here!
>>
>
> I'll follow up there. I can't believe that an libxcb problem would still be
> around a year later.
<snip>

Guys,

The problem is glibc-2.13-4. I have about 5 Arch/Trinity Virtualbox VMs. On
one I had not updated, I started Trinity x86_64 and there was NO kdesktop crash.
I then proceeded to update the VM to the current Arch packages which included:

[2011-02-22 11:13] Generating locales...
[2011-02-22 11:13] en_US.UTF-8... done
[2011-02-22 11:13] en_US.ISO-8859-1... done
[2011-02-22 11:13] Generation complete.
[2011-02-22 11:13] upgraded glibc (2.13-3 -> 2.13-4)
<snip>
[2011-02-22 11:17] upgraded kernel26 (2.6.37-6 -> 2.6.37.1-1)
[2011-02-22 11:17] upgraded kernel26-headers (2.6.37-6 -> 2.6.37.1-1)
<snip>
[2011-02-22 11:18] upgraded trinity-kdelibs (1220926-1 -> 1222098-1)
[2011-02-22 11:18] upgraded trinity-kdebase (1221507-1 -> 1221588-1)

On next reboot/restart, I got the kdesktop.kcrash (attached). So then I
downgraded glibc (2.13-4 -> 2.13-3), restarted Trinity -> perfect No
kdesktop,kcrash. It looks like this is a glibc issue, so I'll follow up (below)
with Arch to make sure it looks like glibc and not a package issue. Thanks for
your help.

cc: arch-general

Arch devs - Do you think this could be a packaging/patch issue with Arch, or
do you think is going to be glibc itself? It looks like glibc to me, but I
thought I'd ask first before going to the glibc folks.


--
David C. Rankin, J.D.,P.E.
[Thread debugging using libthread_db enabled]
[KCrash handler]
#5 0x00007ff2ed6d7655 in raise () from /lib/libc.so.6
#6 0x00007ff2ed6d8ad6 in abort () from /lib/libc.so.6
#7 0x00007ff2ed7117eb in ?? () from /lib/libc.so.6
#8 0x00007ff2ed716b96 in ?? () from /lib/libc.so.6
#9 0x00007ff2ed717000 in ?? () from /lib/libc.so.6
#10 0x00007ff2ed718b74 in ?? () from /lib/libc.so.6
#11 0x00007ff2ed71b460 in malloc () from /lib/libc.so.6
#12 0x00007ff2ed748685 in getpwuid () from /lib/libc.so.6
#13 0x00007ff2ee521872 in ?? () from /opt/qt/lib/libqt-mt.so.3
#14 0x00007ff2ee522309 in ?? () from /opt/qt/lib/libqt-mt.so.3
#15 0x00007ff2eb60bd0e in _SmcProcessMessage () from /usr/lib/libSM.so.6
#16 0x00007ff2eb81f573 in IceProcessMessages () from /usr/lib/libICE.so.6
#17 0x00007ff2ee520b12 in QSmSocketReceiver::qt_invoke(int, QUObject*) () from /opt/qt/lib/libqt-mt.so.3
#18 0x00007ff2ee5d00d4 in QObject::activate_signal(QConnectionList*, QUObject*) () from /opt/qt/lib/libqt-mt.so.3
#19 0x00007ff2ee5d028a in QObject::activate_signal(int, int) () from /opt/qt/lib/libqt-mt.so.3
#20 0x00007ff2ee5e62bb in QSocketNotifier::event(QEvent*) () from /opt/qt/lib/libqt-mt.so.3
#21 0x00007ff2ee57e0a5 in QApplication::internalNotify(QObject*, QEvent*) () from /opt/qt/lib/libqt-mt.so.3
#22 0x00007ff2ee57e26e in QApplication::notify(QObject*, QEvent*) () from /opt/qt/lib/libqt-mt.so.3
#23 0x00007ff2eedfc573 in KApplication::notify (this=0x18559f0, receiver=0x18a0af0, event=0x7ffff0553bd0) at /home/david/tblds/trinity-kdelibs/src/kdelibs/kdecore/kapplication.cpp:553
#24 0x00007ff2ee5749d6 in QEventLoop::activateSocketNotifiers() () from /opt/qt/lib/libqt-mt.so.3
#25 0x00007ff2ee537e30 in QEventLoop:rocessEvents(unsigned int) () from /opt/qt/lib/libqt-mt.so.3
#26 0x00007ff2ee58f809 in QEventLoop::enterLoop() () from /opt/qt/lib/libqt-mt.so.3
#27 0x00007ff2ee58f792 in QEventLoop::exec() () from /opt/qt/lib/libqt-mt.so.3
#28 0x00007ff2e7b38dee in kdemain (argc=1, argv=0x1866300) at /home/david/tblds/trinity-kdebase/src/kdebase/kdesktop/main.cc:293
#29 0x00007ff2e7dd077c in kdeinitmain (argc=1, argv=0x1866300) at /home/david/tblds/trinity-kdebase/src/kdebase/kdesktop/kdesktop_kdeinit_module.cpp:3
#30 0x0000000000408728 in launch (argc=1, _name=0x1865a98 "kdesktop", args=0x1865aa1 "", cwd=0x0, envc=0, envs=0x1865aa9 "", reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x40e3df "0") at /home/david/tblds/trinity-kdelibs/src/kdelibs/kinit/kinit.cpp:673
#31 0x0000000000409f75 in handle_launcher_request (sock=9) at /home/david/tblds/trinity-kdelibs/src/kdelibs/kinit/kinit.cpp:1240
#32 0x000000000040a866 in handle_requests (waitForPid=0) at /home/david/tblds/trinity-kdelibs/src/kdelibs/kinit/kinit.cpp:1443
#33 0x000000000040c1c1 in main (argc=5, argv=0x7ffff0554e28, envp=0x7ffff0554e58) at /home/david/tblds/trinity-kdelibs/src/kdelibs/kinit/kinit.cpp:1908
 
Old 02-22-2011, 05:23 PM
Lukas Fleischer
 
Default

On Tue, Feb 22, 2011 at 11:41:12AM -0600, David C. Rankin wrote:
> On next reboot/restart, I got the kdesktop.kcrash (attached). So then I
> downgraded glibc (2.13-4 -> 2.13-3), restarted Trinity -> perfect No
> kdesktop,kcrash. It looks like this is a glibc issue, so I'll follow up (below)
> with Arch to make sure it looks like glibc and not a package issue. Thanks for
> your help.
>
> cc: arch-general
>
> Arch devs - Do you think this could be a packaging/patch issue with Arch, or
> do you think is going to be glibc itself? It looks like glibc to me, but I
> thought I'd ask first before going to the glibc folks.

Allan broke it!

No, seriously... glibc 2.13-4 introduced a patch from the Fedora glibc
branch that is not included in mainline glibc and fixes issues with
prelink [1]. Obviously, this has some side effects. Seems like it
requires some more investigation.

[1] https://bugs.archlinux.org/task/22656
 
Old 02-22-2011, 05:34 PM
Alan Bartlett
 
Default

On 22 February 2011 10:20, Karanbir Singh <mail-lists@karan.org> wrote:
> On 02/21/2011 07:50 PM, Leonard den Ottolander wrote:

>>> libuser-0.52.5-1.1.el4_8.1.src.rpm
>>> (https://rhn.redhat.com/errata/RHSA-2011-0170.html),
>>
>> The correct SRPM for 5 being: libuser-0.54.7-2.1.el5_5.2.src.rpm ,
>> CentOS-4 actually is up to date wrt this update.

> I got a couple of emails about this offlist yesterday - we seem to come
> up against this every release, and its really been answered a few times
> already. Maybe we need a FAQ somewhere for this

We also see this being raised on the fora at every point release. A
wiki FAQ entry would be a good idea.

Calling Phil (Schaffner) -- A little job for you. ;-)

Alan.
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 

Thread Tools




All times are GMT. The time now is 09:41 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org