Add zarb MLs html archivesHEAD master

author: Nicolas Vigier <boklm@mageia.org> 2013-04-14 13:46:12 +0000
committer: Nicolas Vigier <boklm@mageia.org> 2013-04-14 13:46:12 +0000
commit: 1be510f9529cb082f802408b472a77d074b394c0 (patch)
tree: b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-dev/attachments/20110930
parent: fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff)
download: archives-master.tar
archives-master.tar.gz
archives-master.tar.bz2
archives-master.tar.xz
archives-master.zip
6 files changed, 84 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment-0001.html b/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment-0001.html
new file mode 100644
index 000000000..7e4fc6a5d
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment-0001.html
@@ -0,0 +1,9 @@
+<p>It seems we are the only distros (with Mandriva) building syslinux with system libpng.</p>
+<div class="gmail_quote">在 2011-9-30 上午2:41，&quot;Erwan Velu&quot; &lt;<a href="mailto:erwanaliasr1@gmail.com">erwanaliasr1@gmail.com</a>&gt;写道：<br type="attribution">&gt; Le 28/09/2011 22:13, D.Morgan a écrit :<br>&gt;&gt; On Wed, Sep 28, 2011 at 9:56 PM, Erwan Velu&lt;<a href="mailto:erwanaliasr1@gmail.com">erwanaliasr1@gmail.com</a>&gt;  wrote:<br>
+&gt;&gt;&gt; I&#39;m currently updating Syslinux 4.04 and I&#39;m currently facing a trouble as,<br>&gt;&gt;&gt; historically speaking, we do remove the included libpng by the system one.<br>&gt;&gt;&gt;<br>&gt;&gt;&gt; The compilation process fails. I was wondering if we really consider<br>
+&gt;&gt;&gt; replacing the libpng of syslinux as a security issue.<br>&gt;&gt;&gt;<br>&gt;&gt;&gt; Sec team ? What&#39;s your opinion on it ?<br>&gt;&gt;&gt;<br>&gt;&gt;&gt; Cheers,<br>&gt;&gt;&gt;<br>&gt;&gt; hi,<br>&gt;&gt;<br>
+&gt;&gt; i take my security hat on, we prefer when possible when we use the system libs.<br>&gt;&gt; i have not looked but which libpng is included ?<br>&gt; <br>&gt; It take the libpng-source to replace the current syslinux code.<br>
+&gt; <br>&gt; The point is syslinux is a bootloader that obviously don&#39;t share libs <br>&gt; with the rest of the system.<br>&gt; Considering that we can attack the bootloader via a picture means you <br>&gt; compromized the picture. If you can change the picture located at /boot, <br>
+&gt; means that you can compromize the booting parameters too.<br>&gt; <br>&gt; So if we take this road of removing bootloader&#39;s libs, shall we also <br>&gt; remove the jpeg/gz/gcc/... libs too, and maybe for other bootloaders too ?<br>
+&gt; <br>&gt; I do understand the need for the application that runs under linux... <br>&gt; but about the bootloaders...<br>&gt; <br>&gt; What&#39;s your thoughts about it ?<br>&gt; Would you agree on keep syslinux untouched regarding the png lib ?<br>
+&gt; <br></div>
diff --git a/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment.html b/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment.html
new file mode 100644
index 000000000..7e4fc6a5d
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment.html
@@ -0,0 +1,9 @@
+<p>It seems we are the only distros (with Mandriva) building syslinux with system libpng.</p>
+<div class="gmail_quote">在 2011-9-30 上午2:41，&quot;Erwan Velu&quot; &lt;<a href="mailto:erwanaliasr1@gmail.com">erwanaliasr1@gmail.com</a>&gt;写道：<br type="attribution">&gt; Le 28/09/2011 22:13, D.Morgan a écrit :<br>&gt;&gt; On Wed, Sep 28, 2011 at 9:56 PM, Erwan Velu&lt;<a href="mailto:erwanaliasr1@gmail.com">erwanaliasr1@gmail.com</a>&gt;  wrote:<br>
+&gt;&gt;&gt; I&#39;m currently updating Syslinux 4.04 and I&#39;m currently facing a trouble as,<br>&gt;&gt;&gt; historically speaking, we do remove the included libpng by the system one.<br>&gt;&gt;&gt;<br>&gt;&gt;&gt; The compilation process fails. I was wondering if we really consider<br>
+&gt;&gt;&gt; replacing the libpng of syslinux as a security issue.<br>&gt;&gt;&gt;<br>&gt;&gt;&gt; Sec team ? What&#39;s your opinion on it ?<br>&gt;&gt;&gt;<br>&gt;&gt;&gt; Cheers,<br>&gt;&gt;&gt;<br>&gt;&gt; hi,<br>&gt;&gt;<br>
+&gt;&gt; i take my security hat on, we prefer when possible when we use the system libs.<br>&gt;&gt; i have not looked but which libpng is included ?<br>&gt; <br>&gt; It take the libpng-source to replace the current syslinux code.<br>
+&gt; <br>&gt; The point is syslinux is a bootloader that obviously don&#39;t share libs <br>&gt; with the rest of the system.<br>&gt; Considering that we can attack the bootloader via a picture means you <br>&gt; compromized the picture. If you can change the picture located at /boot, <br>
+&gt; means that you can compromize the booting parameters too.<br>&gt; <br>&gt; So if we take this road of removing bootloader&#39;s libs, shall we also <br>&gt; remove the jpeg/gz/gcc/... libs too, and maybe for other bootloaders too ?<br>
+&gt; <br>&gt; I do understand the need for the application that runs under linux... <br>&gt; but about the bootloaders...<br>&gt; <br>&gt; What&#39;s your thoughts about it ?<br>&gt; Would you agree on keep syslinux untouched regarding the png lib ?<br>
+&gt; <br></div>
diff --git a/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment-0001.bin b/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment-0001.bin
new file mode 100644
index 000000000..2a953f8ed
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment-0001.bin
@@ -0,0 +1,11 @@
+--- /usr/share/spec-helper/check_elf_files.orig	2011-09-30 00:10:33.644550738 +0200
++++ /usr/share/spec-helper/check_elf_files	2011-09-30 00:09:02.980027748 +0200
+@@ -46,7 +46,7 @@
+ # TODO: we should write a binding for libfile...
+ sub expensive_test {
+     my ($file) = @_;
+-    my $type = `file -- $file`;
++    my $type = `file -- "${file}"`;
+ }
+ 
+ # Check if a file is an elf binary, shared library, or static library,
diff --git a/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment.bin b/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment.bin
new file mode 100644
index 000000000..2a953f8ed
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment.bin
@@ -0,0 +1,11 @@
+--- /usr/share/spec-helper/check_elf_files.orig	2011-09-30 00:10:33.644550738 +0200
++++ /usr/share/spec-helper/check_elf_files	2011-09-30 00:09:02.980027748 +0200
+@@ -46,7 +46,7 @@
+ # TODO: we should write a binding for libfile...
+ sub expensive_test {
+     my ($file) = @_;
+-    my $type = `file -- $file`;
++    my $type = `file -- "${file}"`;
+ }
+ 
+ # Check if a file is an elf binary, shared library, or static library,
diff --git a/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment-0001.html b/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment-0001.html
new file mode 100644
index 000000000..22d0a614a
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment-0001.html
@@ -0,0 +1,22 @@
+Hello!<br>
+<br>
+My name is Joaquin, belonging to <a href="http://blogdrake.net/" target="_blank">http://blogdrake.net</a> team. I am<br>
+writing to you because I would like to let you know that we have<br>
+created a repository with a big amount of good programs for Mageia.<br>
+Our final target is to upload all of them to the official Mageia&#39;s<br>
+repositories.<br>
+<br>
+We are currently uploading all these packages to the Mageia&#39;s BS step<br>
+by step, because there are few people of us to do so. Also, also we<br>
+don&#39;t have too much time because we also take care of Blogdrake,<br>
+Mageia&#39;s news and the translations English to Spanish.<br>
+<br>
+Meanwhile, you can use and enjoy our repository in this way:<br>
+<div class="im"><br>
+urpmi.addmedia --wget --distrib <a href="ftp://ftp.blogdrake.net/mageia/mageia1/i586" target="_blank">ftp://ftp.blogdrake.net/mageia/mageia1/i586</a><br>
+<br>
+</div>The x86_64 repository is not finished yet, but you still can add it in this way:<br>
+<div class="im"><br>
+urpmi.addmedia --wget --distrib <a href="ftp://ftp.blogdrake.net/mageia/mageia1/x86_64" target="_blank">ftp://ftp.blogdrake.net/mageia/mageia1/x86_64</a><br>
+<br>
+</div>Cheers!
diff --git a/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment.html b/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment.html
new file mode 100644
index 000000000..22d0a614a
--- /dev/null
+++ b/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment.html
@@ -0,0 +1,22 @@
+Hello!<br>
+<br>
+My name is Joaquin, belonging to <a href="http://blogdrake.net/" target="_blank">http://blogdrake.net</a> team. I am<br>
+writing to you because I would like to let you know that we have<br>
+created a repository with a big amount of good programs for Mageia.<br>
+Our final target is to upload all of them to the official Mageia&#39;s<br>
+repositories.<br>
+<br>
+We are currently uploading all these packages to the Mageia&#39;s BS step<br>
+by step, because there are few people of us to do so. Also, also we<br>
+don&#39;t have too much time because we also take care of Blogdrake,<br>
+Mageia&#39;s news and the translations English to Spanish.<br>
+<br>
+Meanwhile, you can use and enjoy our repository in this way:<br>
+<div class="im"><br>
+urpmi.addmedia --wget --distrib <a href="ftp://ftp.blogdrake.net/mageia/mageia1/i586" target="_blank">ftp://ftp.blogdrake.net/mageia/mageia1/i586</a><br>
+<br>
+</div>The x86_64 repository is not finished yet, but you still can add it in this way:<br>
+<div class="im"><br>
+urpmi.addmedia --wget --distrib <a href="ftp://ftp.blogdrake.net/mageia/mageia1/x86_64" target="_blank">ftp://ftp.blogdrake.net/mageia/mageia1/x86_64</a><br>
+<br>
+</div>Cheers!
author	Nicolas Vigier <boklm@mageia.org>	2013-04-14 13:46:12 +0000
committer	Nicolas Vigier <boklm@mageia.org>	2013-04-14 13:46:12 +0000
commit	1be510f9529cb082f802408b472a77d074b394c0 (patch)
tree	b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-dev/attachments/20110930
parent	fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff)
download	archives-master.tar archives-master.tar.gz archives-master.tar.bz2 archives-master.tar.xz archives-master.zip