• Esse quam videri.


  • Archives

  • Control Room

  • Categories

CVE-2014-7169 updates on Fedora.

CVE-2014-7169 is an additional security issue in the GNU bash shell that emerged after researchers discovered the fixes for CVE-2014-6271 did not completely solve the vulnerabilities they had identified. Fedora Magazine has a very useful story that tells you why these issues are important.

Since I already published a story on how to deal with CVE-2014-6271, I might as well do a quick followup here for my readers on how to deal with the additional vulnerability.

These instructions will allow you to quickly get packages from the Fedora Koji package build system to address both CVEs, without having to wait for them to propagate to Fedora’s worldwide mirror system.

Fedora 21 Alpha

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.3.25-2.fc21
su -c "yum localinstall bash-4.3.25-2.fc21.$(uname -m).rpm"   # provide root password again...

Fedora 20

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.48-2.fc20
su -c "yum localinstall bash-4.2.48-2.fc20.$(uname -m).rpm"   # provide root password again...

Fedora 19

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.48-2.fc19
su -c "yum localinstall bash-4.2.48-2.fc19.$(uname -m).rpm"   # provide root password again...

Hope this helps!

CVE-2014-6271 updates on Fedora.

IMPORTANT: Refer to this update for revised instructions.

What is CVE-2014-6271?

CVE-2014-6271 is a GNU bash vulnerability that permits specially-crafted environment variables to inject shell commands. This is a fairly serious issue. If you don’t want to wait out the hours until stable updates are issued to fix your Fedora system, here’s what you can do. (The Fedora Project may choose to issue some official guidance, this is just my own helpful hint.)

Fedora 21 Alpha

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.3.22-3.fc21
su -c "yum localinstall bash-4.3.22-3.fc21.$(uname -m).rpm"   # provide root password again...

Fedora 20

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.47-4.fc20
su -c "yum localinstall bash-4.2.47-4.fc20.$(uname -m).rpm"   # provide root password again...

Fedora 19

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.47-2.fc19
su -c "yum localinstall bash-4.2.47-2.fc19.$(uname -m).rpm"   # provide root password again...

Hope this helps!

Fedora 21 Alpha released.

I know there are a ton of posts about Fedora 21 Alpha hitting the Fedora Planet, and hopefully elsewhere on the web. But I couldn’t resist saying congratulations to the Fedora community on getting this release out.

We’ve had a long release cycle for Fedora 20 to accommodate a lot of thought and planning. How do we get three products out in place of one? How will we build them? What needs to change? How do we get the bits into place for releases? It’s a lot of work, and we’re not done yet. I suspect that we’ll see further change in the Fedora 22 cycle — although I’d also bet we won’t want to extend another cycle for it.

For my part as manager of the Fedora Engineering team, I am proud of the work all the folks on the team have done to support Fedora 21 Alpha. From changes to infrastructure, to work on new web applications to support multiple products, to notifying Fedora Project members of activity and contribution, to making things generally more beautiful, the team is tireless in their effort to serve the community. As always, my hat is off to them with awe and inspiration.

And of course it’s also off to you, the many, many members of the Fedora Project overall. From Ambassadors to Marketing to Docs to Translation to Websites to… whew. I ran out of breath there. But all of you folks rock!

Let’s take a moment (but just a moment!) :-) to be happy about Fedora 21 Alpha. It’s the first step down the road to the final release of Fedora 21 in December. Congratulations, everyone!

If you want to pick a copy of any of the new Fedora products — Fedora Server, Fedora Cloud, or Fedora Workstation — just visit the prerelease download page featuring Fedora 21 Alpha, and take your pick.

MeetBot makes for better meetings.

One of the aspects of Fedora is holding public meetings on IRC. We use Meetbot (courtesy of Debian, thanks!) to help administer meetings. Common commands allow Meetbot to do all the hard work of recording proceedings. The automatic minutes make it possible for people who couldn’t attend to follow what happened in the meeting. These minutes are key for maintaining transparency and information flow around the project.

But the minutes still depend on the people who chair the meetings to use the command set to record important data.

  • #startmeeting – Sets the overall group for the meeting
  • #endmeeting - Cleans up when done, and gives you the URLs for the minutes
  • #topic <Topic name> – Sets a topic heading for the next portion of the meeting
  • #info – Record some information that’s useful for anyone reading the minutes
  • #action <nick> <thing to do> – Clarifies who’s got the ball to complete something before the next meeting; it’s usually a good idea to set a due date*
  • #agreed – Documents something the attendees agreed on, also important to make decisions transparent
  • #idea – Helps give visibility to something no one is doing yet, but could be useful (also see #help in the MeetBot page)
  • #chair <person>… - Add someone(s) to the list of people MeetBot will listen to for commands

* A good friend of mine pointed out that unless you set a due date for an action item, you’re not writing actions, you’re writing a wish list. It should not only be clear who’s got the ball, but when they’re expected to give it back.

Here’s an example of a meeting I ran recently where I used the MeetBot commands to record useful minutes. If you were to look at these minutes later you’d get a pretty good idea of what was covered. You’d also know who was supposed to do tasks before the next meeting. There are a couple action items without clear dates, which is sub-optimal. But overall the meeting minutes are pretty clear.

In some cases, I ended up repeating things people said, using the #info command at the front to tell MeetBot to record in the minutes. If you’re running a meeting you should be prepared to do this. I also like to add everyone in the meeting to the #chair list, to help increase information flow when needed. (It’s also not a bad idea to reduce the chance that a single chairperson will be knocked offline and unable to #endmeeting.)

Are you reading your minutes when done to see if they’re effective? If not, you should. Use what you find to make your meetings better and more transparent for the community. I thought about showing some recent examples of poor minutes usage, but I didn’t want to embarrass anyone.

If your minutes only serve to show a link or two, and an attendance roster, that’s pretty much useless for most community members. Sure, logs are useful, and good for transparency too. But it takes a long time to read logs and extract necessary points from the dialogue. That dialogue can also sometimes be confusing after the fact due to the way IRC works.

Use the facilities we have available to us in Fedora to provide more information and transparency on what you’re doing. The couple of extra minutes per meeting spent using MeetBot will save each reader many more in return!

Flock Day 4.

Here’s a summary of Saturday’s activity at Flock 2014 where I participated or attended. I also have blog entries for Day 1, Day 2, and Day 3.

  • The constant stream of late nights was really getting to me. Didn’t arrive at the venue until about 9:15am. I skipped the first session and had some coffee, courtesy of Smooge.
  • Caught up on email sent overnight from people in the USA, and did final preparation for my talk.
  • I gave my session on the connection between RHEL and Fedora. I also discussed how well things went for RHEL 7 due to work in the Fedora community. I feel like it went very well. You can watch the complete video here.
  • I had an excellent conversation with Alberto Ruiz, who manages Red Hat’s desktop applications team.
  • Went with Alberto and Patrick Uiterwijk to lunch at the cafeteria. Got to know Patrick a little better, since he will soon be joining us on the Fedora Engineering team.
  • Sat in the hall with Patrick and got a Taskwarrior server running on one of my boxes.
  • Joined the session on revamping governance in Fedora, which was run by Toshio Kuratomi and Haïkel Guémar. This was hands down the best accomplishment of Flock. There will be a proposal for Board revamp coming from this session (finally!). I’m looking forward to the ensuing discussion and resulting improvements.

At this point I was finally exhausted. I headed back to the hotel early to do a little more reading and writing. I met up with some of the Anaconda team for a late dinner. Then I packed so I’d be ready in the morning to catch my flights back to the USA.

The Flock conference was excellent this year. It was nice getting back into the swing of community things. I enjoyed meeting up with everyone I saw. If I didn’t get a chance to see and talk with you personally, I’m still glad you were there. I hope you had a great time at Flock in Prague. Let’s do it again next year in the USA!

Flock Day 3.

Here’s a summary of Friday’s activity at Flock 2014 where I participated or attended. I also have blog entries for Day 1 and Day 2.

  • Didn’t make it up quite so early today, due to not turning in until about 2:30am the previous night. I got to the school basically on time, but worked on email and day job stuff for a little while.
  • Attended Matthew Miller’s joint session on Fedora.next.
  • Got lunch late, ending up at a table with Stephen Tweedie and a few others. We talked about containers and strategy.
  • Touched up my slides for Saturday, getting straight in my head how I wanted the presentation to go. Reveal.js is cool.
  • Attended Richard Hughes’ session on building an application installer. GNOME Software is a huge step in usability, and it was enlightening seeing the huge amount of work that went into this tool. I wrote an article on Fedora Magazine covering this presentation.
  • Attended Ralph Bean’s excellent workshop on making tools with fedmsg, the Fedora messaging bus built on Zeromq. We learned how to use just a few simple lines of Python to build a Twitter feed from Fedora Badges. Amazing!
  • Attended the workshop on DevAssistant. I talked with the developers to learn about their future plans and to discuss desktop integration.
  • Met up with Garrett LeSage, Chris Roberts, Matthew Miller, Haïkel Guémar, and others for a great dinner at an Italian pizzeria. It was delicious.
  • Late hangout with friends kept me up yet again too late!

Flock Day 2.

Here’s a summary of today’s activity at Flock 2014 where I participated or attended. I also have a blog entry reporting what I did on Day 1 of the conference.

  • Up at 7:00am (relatively late) to meet Fedorans for breakfast before going to the venue.
  • I attended Stephen Gallagher’s talk on Fedora Server. I also wrote this up for Fedora Magazine. You can read the article here.
  • I also attended Aditya Patawari’s talk on Ansible. I also wrote this up for Fedora Magazine. You can read the article here.
  • Then it was time for the Novena keynote on a fully open source laptop.
  • Sometimes even a great conference has to give way for your paid job. So I skipped lunch to work on some managerial duties. These things also have to get done, even at a Fedora conference, so the team can operate successfully.
  • I attended the Meet Your FESCo session. I even managed to get a question (and a “thank you” comment) into the proceedings. I did this mainly to prompt some comments from the FESCo members.
  • I had some side conversations with Radek Vokal and Denise Dumas. Like me, they’re part of Red Hat’s platform engineering organization (which makes RHEL).
  • I attended the Aditya Patawari’s talk on Docker. But mostly I realized I was running out of gas. Between the warm room and Aditya’s soothing voice, I had a hard time staying awake. So I decided to work on this blog to keep myself from dozing off.
  • I sat in on Stephen Gallagher’s talk on “Fedora.next.next.” This was his cute way of inspiring interest in the upcoming Fedora 22, to release in 2015.
  • After the talks ended, it was time to head back to the hotel to refresh. Then we met up and boarded a steamer for the big Flock Boat Party.

Flock Day 1.

Here’s a summary of today’s activity where I participated or attended:

  • Up at 5:45am so Matthew and I could meet up with Josh Boyer, Tom Callaway, Ruth Suehle, and Joe Brockmeier for breakfast. Then we arrived at the Flock venue early.
  • Helped set up rooms with wifi information for attendees. Discovered the rooms feature electronically controlled windows. Once opened, these made the venue much more comfortable.
  • Missed keynotes myself while ushing people around to them. :-)
  • Worked on my slides for Saturday’s talk, in the great Fedora tradition of iterating until the last minute.
  • Sat in on Tim Flink‘s Taskotron talk, and took notes for a Fedora Magazine article.
  • Went to a lunch meeting with Ludek Smid, Jaroslav Reznik, Joe Brockmeier, and Matthew Miller. We discussed some project management assistance for our Atomic/OStree work in Fedora. Very productive and we also had a good time.
  • Sat in on Christian Schaller’s Fedora Workstation talk. It was very well attended, so I think the idea that the Linux desktop is dead might be a tad premature. ;-)
  • Sat in on Marina Zhurakhinskaya’s talk on the Outreach Program for Women. I’m happy to say Fedora is an active player in this space. I look forward to our doing even more.
  • Sat in on a talk on Waartaa by Ratnadeep Debnath and Sayan Chowdhury. This is an interesting take on a Web IRC client as a basis for other collaboration tools.
  • Sat in on Chris Roberts’ and Marie ‘riecatnor’ Nordin’s talk on Fedora Badges and badge design. (If you’re looking for the resources shown in the talk, look here.)
  • Headed back to the hotel to finish a Fedora Magazine article. Then I met up with friends to head over to our event at The Pub.

Getting ready for Flock 2014.

If you’ve been reading the Planet Fedora feed lately, you probably know that we’re coming up to time for Flock 2014, a major Fedora conference for Fedora users and contributors from North America and EMEA (Europe/Middle East/Africa). Along with most of the Fedora Engineering team, I’m headed to Prague, Czech Republic for the event.

First, we’ll spend a couple days in the Red Hat Czech office in Brno. We are meeting with a number of colleagues from the office, both to brief them on work we’re doing, and to hear about their current projects and plans. This should help us have a more productive Flock as well.

It’s possible team members may be a little harder to instantaneously reach on Monday and Tuesday while we crunch on these meetups in Brno. At Flock, obviously things will be busy as well. But seeing many community members in one place will probably be quite helpful in getting things done. We’ll do our best as always to stay on top of community requests and input throughout.

Flock 2014 should be an exciting and fascinating conference, and I’m very much looking forward to it. I’m hoping to use the conference to jumpstart my knowledge on Docker, OStree, and some of the other awesome technologies going on in Fedora. And of course I’ll be thrilled to see old and new friends from around the community.

I’m writing this from Schiphol Airport in Amsterdam, getting ready for my next leg of travel to Prague. I’ll be catching a bus to Brno there to meet up with the team. On Tuesday night we’ll get back to Prague. We have a team event that night — so we’ll see everyone bright and early on Wednesday morning at the conference!

Stay tuned to the Planet feed for more information about Flock, so you can keep up with the news and proceedings from Prague.

Logitech M570 on Fedora.

I just bought a new Logitech M570 wireless trackball for use with my Fedora workstation. I favor a trackball over a moving mouse, because it’s easier on the joints, not to mention more practical on a crowded desk. My previous trackball device was a wired Logitech, and it developed a few problems recently. I’ve had it eight years, so I decided I got my money’s worth and could spring for a new one.

The Logitech M570 uses the Logitech Unifying Receiver USB wireless dongle, common to many Logitech devices. You can pair up to 6 of them to the current unifying device dongle that ships with the M570. Most Fedora users will want this device to be set with correct permissions for people who login on the console. It’s also helpful to be able to query or display battery status.

So here are the steps I recommend to install the Logitech M570 on Fedora. Do these steps before you plug in the receiver or turn on the trackball device. I’m using GNOME 3.12 on Fedora 20, so your mileage may vary:

  1. You may want to remove your existing pointing device first. Otherwise the new one may not work, at least until you do.
  2. Install solaar (upstream link), a monitoring and control gizmo for your Logitech Unifying Receiver and connected devices. Thank you to Eric Smith for packaging and maintaining this tool for Fedora!
  3. Plug in the receiver to an open USB slot. I recommend a rear slot since you likely won’t move this very often. (If you do, there’s a handy slot inside the trackball’s battery compartment where you can store the receiver without losing it!)
  4. Turn on the Logitech M570, and it should Just Work.
  5. You can launch solaar from the GNOME Shell, and a notification icon appears in the message tray. You can use this tool to see status and pair or unpair devices.
  6. (optional) If you want solaar to start every time you login, open the Terminal and enter these commands:
    $ cd ~/.config/autostart $ ln -s /usr/share/applications/solaar.desktop .

Enjoy!

Powered by Web Design Company Plugins

© 2002-2014 Paul W. Frields License: CC BY-SA 3.0. Some rights reserved. -- Copyright notice by Blog Copyright