October 2011 - openSUSE Contrib - openSUSE Mailing Lists

[Bug 700267] New: openSUSE:Factory:Contrib/cruisecontrol: Bug
by bugzilla_noreply＠novell.com 01 Aug '12

01 Aug '12

https://bugzilla.novell.com/show_bug.cgi?id=700267 https://bugzilla.novell.com/show_bug.cgi?id=700267#c0 Summary: openSUSE:Factory:Contrib/cruisecontrol: Bug Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software AssignedTo: graham(a)andtech.eu ReportedBy: rozelak(a)volny.cz QAContact: opensuse-communityscreening(a)forge.provo.novell.com CC: opensuse-contrib(a)opensuse.org Found By: Other Blocker: No Dear developer. We decided to use cruisecontrol on 'encfs'-encrypted path, which is not well supported by your init scripts (cruisecontrol-2.8.4-1.1.noarch.rpm). Therefore, I'm sending changes we made. They are not perfect, but please, have a look at them and consider the proposed generalizations in order to simplify transfer of CC to other path (ideal case is only to change settings in /etc/default/cruisecontrol). Unfortunatelly, I cannot append a file with changed files and diffs from ..2.8.4-1.1 rpm. But if you want, I can send it to you to graham(a)andtech.eu e-mail. ----- /etc/default/cruisecontrol: # Run CruiseControl as this user ID (default: ccontrol) # # Set this to an empty string to prevent CruiseControl from starting # automatically. Think to stop CruiseControl before setting an empty string ;o) # CRUISE_USER="cruise" CRUISE_SPOOL=/home/cruise CRUISE_PID=${CRUISE_SPOOL}/cc.pid # Port used for the JMX Http Console CRUISE_JMX_PORT=8000 # Port used for RMI CRUISE_RMI_PORT=1099 # Port used for HTTP CRUISE_WEB_PORT=8080 # The home directory of the Java development kit (JDK). #JAVA_HOME="/usr/lib/jvm/java-1.5.0-sun" # Arguments to pass to the CruiseControl script CRUISE_OPTS="-Xmx256m -Xms256m -server -Xincgc -Dcc.config.file=${CRUISE_SPOOL}/config.xml -Dcc.artifacts=${CRUISE_SPOOL} /artifacts -Dcc.projects=${CRUISE_SPOOL}/projects -Dcc.logdir=${CRUISE_SPOOL}/logs -Dcc.ajp13port=8009 -Dlog4j.configurat ion=file://${CRUISE_SPOOL}/log4j.properties" ----- /etc/init.d/cruisecontrol: #!/bin/bash # # Init file for CruiseControl server daemon # # chkconfig: 2345 20 80 # description: CruiseControl server daemon # ### BEGIN INIT INFO # Provides: cruisecontrol # Required-Start: $local_fs $network $syslog # Should-Start: java # Required-Stop: $null # Default-Start: 3 5 # Default-Stop: 0 1 2 4 6 # Short-Description: CruiseControl # Description: CruiseControl ### END INIT INFO # source function library if [ -f /lib/lsb/init-functions ]; then . /lib/lsb/init-functions fi if [ -f /etc/default/cruisecontrol ]; then . /etc/default/cruisecontrol fi # DT: Must use values defined in /etc/default/cruisecontrol CRUISE_PID=${CRUISE_PID:-/var/spool/cruisecontrol/cc.pid} CRUISE_SPOOL=${CRUISE_SPOOL:-/var/spool/cruisecontrol} start() { # DT: /etc/cruisecontrol/cruisecontrol.xml replaced by ${CRUISE_SPOOL}/config.xml # DT: must go to the directory, otherwise CC is started somehow strange ... # It may be enough to set CCHOME, but I'm not sure ... CMD="cd $CRUISE_SPOOL; JAVA_HOME=${JAVA_HOME:-/usr} PATH=${JAVA_HOME:-/usr}/bin:$PATH CC_OPTS=\"${CRUISE_OPTS:-}\" /u sr/bin/cruisecontrol -configfile ${CRUISE_SPOOL}/config.xml -jmxport ${CRUISE_JMX_PORT:-8000} -rmiport ${CRUISE_RMI_PORT: -1099} -webport ${CRUISE_WEB_PORT:-8080} -webapppath /usr/share/cruisecontrol/webapps/cruisecontrol -dashboard /usr/share /cruisecontrol/webapps/dashboard >/dev/null &" pgrep -f cruisecontrol-launcher.jar >/dev/null PROCESS_EXIST=$? if [ $PROCESS_EXIST -ne 0 ]; then if [ "`whoami`" == "${CRUISE_USER:-cruise}" ]; then echo -n "Starting Cruise Control..." eval ${CMD} elif [ "`whoami`" == "root" ]; then echo -n "Starting Cruise Control..." su -s /bin/sh ${CRUISE_USER:-cruise} -c "${CMD}" echo "started." else echo "You are not root or ${CRUISE_USER:-cruise}, not starting" fi else echo "Cruise Control already started." exit fi } stop() { # DT: will fail, if $CRUISE_PID is not accessigle (e.g. encfs-crypted CC home ...) if [ -f $CRUISE_PID ]; then PID=`cat $CRUISE_PID` fi PID_EXISTS=-1 if [ ! -z $PID ]; then ps -p $PID >/dev/null PID_EXISTS=$? fi # DT: If PID not found, use pgrep instead (exactly as in start() section # TODO: check the user -u ${CRUISE_USER:-cruise} as well? if [ $PID_EXISTS -ne 0 ] ; then PID=$(pgrep -f cruisecontrol-launcher.jar) PID_EXISTS=$? fi if [ $PID_EXISTS -eq 0 ] ; then echo "Stopping Cruise Control (process $PID)..." kill $PID else echo "Cruise Control not running..." fi } case "$1" in start) start ;; stop) stop ;; restart) stop sleep 5 start ;; force-reload) ;; status) ;; *) echo "Usage: $0 [start|stop|restart|force-reload|status]" exit 1 esac exit 0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-contrib+help(a)opensuse.org

1 2

[obs submit-request 89711] openSUSE:Factory:Contrib/tor: accepted by AndreasStieger
by andreas.stieger＠gmx.de 28 Oct '11

28 Oct '11

State of submit-request #89711 was changed by AndreasStieger: new -> accepted Comment: https://build.opensuse.org/request/diff/89711 Source project: home:AndreasStieger:branches:openSUSE:Factory:Contrib package: tor revision: 2 Target: project: openSUSE:Factory:Contrib package: tor -- Hermes messaging (http://hermes.opensuse.org) openSUSE Build Service (https://build.opensuse.org/) -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org

1 0

[obs submit-request 89711] openSUSE:Factory:Contrib/tor: created by AndreasStieger
by andreas.stieger＠gmx.de 28 Oct '11

28 Oct '11

home:AndreasStieger:branches:openSUSE:Factory:Contrib/tor -> openSUSE:Factory:Contrib/tor https://build.opensuse.org/request/diff/89711 Description: update to upstream 0.2.2.34 changes files: -------------- --- tor.changes +++ tor.changes @@ -1,0 +2,119 @@ +Fri Oct 28 19:49:39 UTC 2011 - andreas.stieger(a)gmx.de + +- update to upstream 0.2.2.34 + +Changes in version 0.2.2.34 - 2011-10-26 + Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker + can deanonymize Tor users. Everybody should upgrade. + + The attack relies on four components: 1) Clients reuse their TLS cert + when talking to different relays, so relays can recognize a user by + the identity key in her cert. 2) An attacker who knows the client's + identity key can probe each guard relay to see if that identity key + is connected to that guard relay right now. 3) A variety of active + attacks in the literature (starting from "Low-Cost Traffic Analysis + of Tor" by Murdoch and Danezis in 2005) allow a malicious website to + discover the guard relays that a Tor user visiting the website is using. + 4) Clients typically pick three guards at random, so the set of guards + for a given user could well be a unique fingerprint for her. This + release fixes components #1 and #2, which is enough to block the attack; + the other two remain as open research problems. Special thanks to + "frosty_un" for reporting the issue to us! + + Clients should upgrade so they are no longer recognizable by the TLS + certs they present. Relays should upgrade so they no longer allow a + remote attacker to probe them to test whether unpatched clients are + currently connected to them. + + This release also fixes several vulnerabilities that allow an attacker + to enumerate bridge relays. Some bridge enumeration attacks still + remain; see for example proposal 188. + + o Privacy/anonymity fixes (clients): + - Clients and bridges no longer send TLS certificate chains on + outgoing OR connections. Previously, each client or bridge would + use the same cert chain for all outgoing OR connections until + its IP address changes, which allowed any relay that the client + or bridge contacted to determine which entry guards it is using. + Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un". + - If a relay receives a CREATE_FAST cell on a TLS connection, it + no longer considers that connection as suitable for satisfying a + circuit EXTEND request. Now relays can protect clients from the + CVE-2011-2768 issue even if the clients haven't upgraded yet. + - Directory authorities no longer assign the Guard flag to relays + that haven't upgraded to the above "refuse EXTEND requests + to client connections" fix. Now directory authorities can + protect clients from the CVE-2011-2768 issue even if neither + the clients nor the relays have upgraded yet. There's a new + "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option + to let us transition smoothly, else tomorrow there would be no + guard relays. + + o Privacy/anonymity fixes (bridge enumeration): + - Bridge relays now do their directory fetches inside Tor TLS + connections, like all the other clients do, rather than connecting + directly to the DirPort like public relays do. Removes another + avenue for enumerating bridges. Fixes bug 4115; bugfix on 0.2.0.35. + - Bridges relays now build circuits for themselves in a more similar + way to how clients build them. Removes another avenue for + enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha, + when bridges were introduced. + - Bridges now refuse CREATE or CREATE_FAST cells on OR connections + that they initiated. Relays could distinguish incoming bridge + connections from client connections, creating another avenue for + enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha. + Found by "frosty_un". + + o Major bugfixes: + - Fix a crash bug when changing node restrictions while a DNS lookup + is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix + by "Tey'". + - Don't launch a useless circuit after failing to use one of a + hidden service's introduction points. Previously, we would + launch a new introduction circuit, but not set the hidden service + which that circuit was intended to connect to, so it would never + actually be used. A different piece of code would then create a + new introduction circuit correctly. Bug reported by katmagic and + found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212. + + o Minor bugfixes: + - Change an integer overflow check in the OpenBSD_Malloc code so + that GCC is less likely to eliminate it as impossible. Patch + from Mansour Moufid. Fixes bug 4059. + - When a hidden service turns an extra service-side introduction + circuit into a general-purpose circuit, free the rend_data and + intro_key fields first, so we won't leak memory if the circuit + is cannibalized for use as another service-side introduction + circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251. + - Bridges now skip DNS self-tests, to act a little more stealthily. + Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced + bridges. Patch by "warms0x". + - Fix internal bug-checking logic that was supposed to catch + failures in digest generation so that it will fail more robustly + if we ask for a nonexistent algorithm. Found by Coverity Scan. + Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479. + - Report any failure in init_keys() calls launched because our + IP address has changed. Spotted by Coverity Scan. Bugfix on + 0.1.1.4-alpha; fixes CID 484. + + o Minor bugfixes (log messages and documentation): + - Remove a confusing dollar sign from the example fingerprint in the + man page, and also make the example fingerprint a valid one. Fixes + bug 4309; bugfix on 0.2.1.3-alpha. + - The next version of Windows will be called Windows 8, and it has + a major version of 6, minor version of 2. Correctly identify that + version instead of calling it "Very recent version". Resolves + ticket 4153; reported by funkstar. + - Downgrade log messages about circuit timeout calibration from + "notice" to "info": they don't require or suggest any human + intervention. Patch from Tom Lowenthal. Fixes bug 4063; + bugfix on 0.2.2.14-alpha. + + o Minor features: + - Turn on directory request statistics by default and include them in + extra-info descriptors. Don't break if we have no GeoIP database. + Backported from 0.2.3.1-alpha; implements ticket 3951. + - Update to the October 4 2011 Maxmind GeoLite Country database. + + +------------------------------------------------------------------- old: ---- tor-0.2.2.33.tar.bz2 new: ---- tor-0.2.2.34.tar.bz2 spec files: ----------- --- tor.spec +++ tor.spec @@ -1,7 +1,7 @@ # norootforbuild Name: tor -Version: 0.2.2.33 +Version: 0.2.2.34 Release: 1 BuildRoot: %{_tmppath}/%{name}-%{version}-build License: 3-clause BSD other changes: -------------- ++++++ tor-0.2.2.33.tar.bz2 -> tor-0.2.2.34.tar.bz2 (55271 lines skipped) To REVIEW against the previous version: osc request show --diff 89711 To ACCEPT the request: osc request accept 89711 --message="reviewed ok." To DECLINE the request: osc request decline 89711 --message="declined for reason xyz (see ... for background / policy / ...)." To REVOKE the request: osc request revoke 89711 --message="retracted because ..., sorry / thx / see better version ..." -- Hermes messaging (http://hermes.opensuse.org) openSUSE Build Service (https://build.opensuse.org/) Collaboration: http://en.opensuse.org/Build_Service/Collaboration -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org

1 0

New version: alien World
by opendesktop.org RSS Reader 27 Oct '11

27 Oct '11

Hi, reading the opendesktop.org new releases RSS feed, I have found the (apparently) new version World of your package alien. (Old version last notified/in tree was Form). (This is just for your information. You decide whether to upgrade a package or not.) Location: http://openDesktop.org/content/show.php/Alien+World?content=146306 Ciao, opendesktop.org RSS Reader (/suse/meissner/projects/caldera-tools/packagehunter/rss/opendesktop.pl) -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org

1 0

New version: octave 3.4.3
by FreshMeat De Digester 24 Oct '11

24 Oct '11

Hi, By de-digesting the FreshMeat [fm] digest, I have found the (apparently) new version 3.4.3 of your package octave. (Old version last notified/in tree was ). (This is just for your information. You decide whether to upgrade a package or not.) Location: Extra Information: [021] OCTAVE 3.4.3 Project Tags: Software Development, Compilers Description: Octave is a high-level language, primarily intended for numerical computations. It provides a convenient command line interface for solving linear and nonlinear problems numerically, and for performing other numerical experiments. It may also be used as a batch-oriented language. Changes: Assorted bugfixes. Release Tags: Bugfixes, Stable License: GPL http://freshmeat.net/projects/octave ======================================================================== Ciao, FreshMeat De Digester (/suse/meissner/projects/caldera-tools/packagehunter/fm/filter_freshmeat.pl) -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org

1 0

New version: unetbootin 563
by SF release RSS Reader 13 Oct '11

13 Oct '11

Hi, reading the SF release RSS feeds, I have found the (apparently) new version 563 of your package unetbootin. (Old version last notified/in tree was 555). (This is just for your information. You decide whether to upgrade a package or not.) Location: http://sourceforge.net/projects/unetbootin/files%2FUNetbootin%2F563/ Ciao, SF release RSS Reader (/suse/meissner/projects/caldera-tools/packagehunter/rss/sf.pl) -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-contrib+owner(a)opensuse.org

1 0

New version: geany 0.21
by FreshMeat De Digester 03 Oct '11

03 Oct '11

Hi, By de-digesting the FreshMeat [fm] digest, I have found the (apparently) new version 0.21 of your package geany. (Old version last notified/in tree was 0.20). (This is just for your information. You decide whether to upgrade a package or not.) Location: Extra Information: [020] GEANY 0.21 Project Tags: Text Editors, Integrated Development Environments (IDE) Description: Geany is a small C editor using GTK2 with basic features of an integrated development environment. It features syntax highlighting, code completion, call tips, many supported filetypes (including C, Java, PHP, HTML, DocBook, Perl, LateX, and Bash), and symbol lists. Changes: This is a new major release with important bugfixes, better usability, new filetypes (Scala, Cython, Cobol), updated translations, and various new features. License: GPL http://freshmeat.net/projects/geany ======================================================================== Ciao, FreshMeat De Digester (/suse/meissner/projects/caldera-tools/packagehunter/fm/filter_freshmeat.pl) -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-contrib+help(a)opensuse.org

1 0