diff options
Diffstat (limited to 'zarb-ml/mageia-dev/attachments/20110930')
6 files changed, 84 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment-0001.html b/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment-0001.html new file mode 100644 index 000000000..7e4fc6a5d --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment-0001.html @@ -0,0 +1,9 @@ +<p>It seems we are the only distros (with Mandriva) building syslinux with system libpng.</p> +<div class="gmail_quote">在 2011-9-30 上午2:41,"Erwan Velu" <<a href="mailto:erwanaliasr1@gmail.com">erwanaliasr1@gmail.com</a>>写道:<br type="attribution">> Le 28/09/2011 22:13, D.Morgan a écrit :<br>>> On Wed, Sep 28, 2011 at 9:56 PM, Erwan Velu<<a href="mailto:erwanaliasr1@gmail.com">erwanaliasr1@gmail.com</a>> wrote:<br> +>>> I'm currently updating Syslinux 4.04 and I'm currently facing a trouble as,<br>>>> historically speaking, we do remove the included libpng by the system one.<br>>>><br>>>> The compilation process fails. I was wondering if we really consider<br> +>>> replacing the libpng of syslinux as a security issue.<br>>>><br>>>> Sec team ? What's your opinion on it ?<br>>>><br>>>> Cheers,<br>>>><br>>> hi,<br>>><br> +>> i take my security hat on, we prefer when possible when we use the system libs.<br>>> i have not looked but which libpng is included ?<br>> <br>> It take the libpng-source to replace the current syslinux code.<br> +> <br>> The point is syslinux is a bootloader that obviously don't share libs <br>> with the rest of the system.<br>> Considering that we can attack the bootloader via a picture means you <br>> compromized the picture. If you can change the picture located at /boot, <br> +> means that you can compromize the booting parameters too.<br>> <br>> So if we take this road of removing bootloader's libs, shall we also <br>> remove the jpeg/gz/gcc/... libs too, and maybe for other bootloaders too ?<br> +> <br>> I do understand the need for the application that runs under linux... <br>> but about the bootloaders...<br>> <br>> What's your thoughts about it ?<br>> Would you agree on keep syslinux untouched regarding the png lib ?<br> +> <br></div> diff --git a/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment.html b/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment.html new file mode 100644 index 000000000..7e4fc6a5d --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20110930/1a03e360/attachment.html @@ -0,0 +1,9 @@ +<p>It seems we are the only distros (with Mandriva) building syslinux with system libpng.</p> +<div class="gmail_quote">在 2011-9-30 上午2:41,"Erwan Velu" <<a href="mailto:erwanaliasr1@gmail.com">erwanaliasr1@gmail.com</a>>写道:<br type="attribution">> Le 28/09/2011 22:13, D.Morgan a écrit :<br>>> On Wed, Sep 28, 2011 at 9:56 PM, Erwan Velu<<a href="mailto:erwanaliasr1@gmail.com">erwanaliasr1@gmail.com</a>> wrote:<br> +>>> I'm currently updating Syslinux 4.04 and I'm currently facing a trouble as,<br>>>> historically speaking, we do remove the included libpng by the system one.<br>>>><br>>>> The compilation process fails. I was wondering if we really consider<br> +>>> replacing the libpng of syslinux as a security issue.<br>>>><br>>>> Sec team ? What's your opinion on it ?<br>>>><br>>>> Cheers,<br>>>><br>>> hi,<br>>><br> +>> i take my security hat on, we prefer when possible when we use the system libs.<br>>> i have not looked but which libpng is included ?<br>> <br>> It take the libpng-source to replace the current syslinux code.<br> +> <br>> The point is syslinux is a bootloader that obviously don't share libs <br>> with the rest of the system.<br>> Considering that we can attack the bootloader via a picture means you <br>> compromized the picture. If you can change the picture located at /boot, <br> +> means that you can compromize the booting parameters too.<br>> <br>> So if we take this road of removing bootloader's libs, shall we also <br>> remove the jpeg/gz/gcc/... libs too, and maybe for other bootloaders too ?<br> +> <br>> I do understand the need for the application that runs under linux... <br>> but about the bootloaders...<br>> <br>> What's your thoughts about it ?<br>> Would you agree on keep syslinux untouched regarding the png lib ?<br> +> <br></div> diff --git a/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment-0001.bin b/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment-0001.bin new file mode 100644 index 000000000..2a953f8ed --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment-0001.bin @@ -0,0 +1,11 @@ +--- /usr/share/spec-helper/check_elf_files.orig 2011-09-30 00:10:33.644550738 +0200 ++++ /usr/share/spec-helper/check_elf_files 2011-09-30 00:09:02.980027748 +0200 +@@ -46,7 +46,7 @@ + # TODO: we should write a binding for libfile... + sub expensive_test { + my ($file) = @_; +- my $type = `file -- $file`; ++ my $type = `file -- "${file}"`; + } + + # Check if a file is an elf binary, shared library, or static library, diff --git a/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment.bin b/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment.bin new file mode 100644 index 000000000..2a953f8ed --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20110930/22cb56d4/attachment.bin @@ -0,0 +1,11 @@ +--- /usr/share/spec-helper/check_elf_files.orig 2011-09-30 00:10:33.644550738 +0200 ++++ /usr/share/spec-helper/check_elf_files 2011-09-30 00:09:02.980027748 +0200 +@@ -46,7 +46,7 @@ + # TODO: we should write a binding for libfile... + sub expensive_test { + my ($file) = @_; +- my $type = `file -- $file`; ++ my $type = `file -- "${file}"`; + } + + # Check if a file is an elf binary, shared library, or static library, diff --git a/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment-0001.html b/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment-0001.html new file mode 100644 index 000000000..22d0a614a --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment-0001.html @@ -0,0 +1,22 @@ +Hello!<br> +<br> +My name is Joaquin, belonging to <a href="http://blogdrake.net/" target="_blank">http://blogdrake.net</a> team. I am<br> +writing to you because I would like to let you know that we have<br> +created a repository with a big amount of good programs for Mageia.<br> +Our final target is to upload all of them to the official Mageia's<br> +repositories.<br> +<br> +We are currently uploading all these packages to the Mageia's BS step<br> +by step, because there are few people of us to do so. Also, also we<br> +don't have too much time because we also take care of Blogdrake,<br> +Mageia's news and the translations English to Spanish.<br> +<br> +Meanwhile, you can use and enjoy our repository in this way:<br> +<div class="im"><br> +urpmi.addmedia --wget --distrib <a href="ftp://ftp.blogdrake.net/mageia/mageia1/i586" target="_blank">ftp://ftp.blogdrake.net/mageia/mageia1/i586</a><br> +<br> +</div>The x86_64 repository is not finished yet, but you still can add it in this way:<br> +<div class="im"><br> +urpmi.addmedia --wget --distrib <a href="ftp://ftp.blogdrake.net/mageia/mageia1/x86_64" target="_blank">ftp://ftp.blogdrake.net/mageia/mageia1/x86_64</a><br> +<br> +</div>Cheers! diff --git a/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment.html b/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment.html new file mode 100644 index 000000000..22d0a614a --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20110930/b03d6f3e/attachment.html @@ -0,0 +1,22 @@ +Hello!<br> +<br> +My name is Joaquin, belonging to <a href="http://blogdrake.net/" target="_blank">http://blogdrake.net</a> team. I am<br> +writing to you because I would like to let you know that we have<br> +created a repository with a big amount of good programs for Mageia.<br> +Our final target is to upload all of them to the official Mageia's<br> +repositories.<br> +<br> +We are currently uploading all these packages to the Mageia's BS step<br> +by step, because there are few people of us to do so. Also, also we<br> +don't have too much time because we also take care of Blogdrake,<br> +Mageia's news and the translations English to Spanish.<br> +<br> +Meanwhile, you can use and enjoy our repository in this way:<br> +<div class="im"><br> +urpmi.addmedia --wget --distrib <a href="ftp://ftp.blogdrake.net/mageia/mageia1/i586" target="_blank">ftp://ftp.blogdrake.net/mageia/mageia1/i586</a><br> +<br> +</div>The x86_64 repository is not finished yet, but you still can add it in this way:<br> +<div class="im"><br> +urpmi.addmedia --wget --distrib <a href="ftp://ftp.blogdrake.net/mageia/mageia1/x86_64" target="_blank">ftp://ftp.blogdrake.net/mageia/mageia1/x86_64</a><br> +<br> +</div>Cheers! |