Anyone know when Mageia will be bringing out the critical fix for sudo (currently it allows anyone to craft a command to allow anyone to run
sudo, whether allowed to or not. Ie, anyone can gain root.)
Anyone know when Mageia will be bringing out the critical fix for sudo (currently it allows anyone to craft a command to allow anyone to run
sudo, whether allowed to or not. Ie, anyone can gain root.)
Run
sudoedit -s '\'
If it comes back with
useage: sudoedit .....
you are OK. Otherwise you are not.
~]$ sudoedit -s '\'
malloc(): invalid size (unsorted)
Aborted
it appears that I am not...
On 27/1/21 3:34 pm, William Unruh wrote:
Anyone know when Mageia will be bringing out the critical fix for sudo
(currently it allows anyone to craft a command to allow anyone to run
sudo, whether allowed to or not. Ie, anyone can gain root.)
Run
sudoedit -s '\'
If it comes back with
useage: sudoedit .....
you are OK. Otherwise you are not.
~]$ sudoedit -s '\'
malloc(): invalid size (unsorted)
Aborted
it appears that I am not...
On Wed, 27 Jan 2021 15:47:40 -0500, faeychild
<faeychild@nomail.afraid.org> wrote:
~]$ sudoedit -s '\'
malloc(): invalid size (unsorted)
Aborted
it appears that I am not...
$ sudoedit -s '\'
usage: sudoedit [-AknS] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
$ rpm -q -i sudo|grep -e ^In -e ^So
Install Date: 2021-01-26T17:20:00 EST
Source RPM : sudo-1.9.5p2-1.mga7.src.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/7.1/x86_64/media/core/updates/sudo-1.9.5p2-1.mga7.x86_64.rpm
What mirror are you using?
~]$ rpm -q -i sudo|grep -e ^In -e ^So
Install Date: Sat 23 Jan 2021 14:13:11 AEDT
Source RPM : sudo-1.9.5-1.mga7.src.rpm
What mirror are you using?http://mirror.aarnet.edu.au/pub/mageia/
On 28/1/21 7:52 am, David W. Hodgins wrote:
On Wed, 27 Jan 2021 15:47:40 -0500, faeychild
<faeychild@nomail.afraid.org> wrote:
~]$ sudoedit -s '\'
malloc(): invalid size (unsorted)
Aborted
it appears that I am not...
$ sudoedit -s '\'
usage: sudoedit [-AknS] [-C num] [-D directory] [-g group] [-h host] [-p
prompt] [-R directory] [-T timeout] [-u user] file ...
$ rpm -q -i sudo|grep -e ^In -e ^So
Install Date: 2021-01-26T17:20:00 EST
Source RPM : sudo-1.9.5p2-1.mga7.src.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/7.1/x86_64/media/core/updates/sudo-1.9.5p2-1.mga7.x86_64.rpm
~]$ rpm -q -i sudo|grep -e ^In -e ^So
Install Date: Sat 23 Jan 2021 14:13:11 AEDT
Source RPM : sudo-1.9.5-1.mga7.src.rpm
What mirror are you using?
http://mirror.aarnet.edu.au/pub/mageia/
On Thu, 28 Jan 2021 06:59:22 -0500, faeychild <faeychild@nomail.afraid.org> wrote:
~]$ rpm -q -i sudo|grep -e ^In -e ^So
Install Date: Sat 23 Jan 2021 14:13:11 AEDT
Source RPM : sudo-1.9.5-1.mga7.src.rpm
What mirror are you using?http://mirror.aarnet.edu.au/pub/mageia/
It's there, or at least it is now. https://mirror.aarnet.edu.au/pub/mageia/distrib/7/x86_64/media/core/updates/sudo-1.9.5p2-1.mga7.x86_64.rpm
What does "urpmq --list-media active" show?
Regards, Dave Hodgins
Also run uprmi.update -a
before you try updating your system.
On Thu, 28 Jan 2021 06:59:22 -0500, faeychild
<faeychild@nomail.afraid.org> wrote:
~]$ rpm -q -i sudo|grep -e ^In -e ^So
Install Date: Sat 23 Jan 2021 14:13:11 AEDT
Source RPM : sudo-1.9.5-1.mga7.src.rpm
What mirror are you using?http://mirror.aarnet.edu.au/pub/mageia/
It's there, or at least it is now. https://mirror.aarnet.edu.au/pub/mageia/distrib/7/x86_64/media/core/updates/sudo-1.9.5p2-1.mga7.x86_64.rpm
What does "urpmq --list-media active" show?
Also run uprmi.update -a
before you try updating your system.
~]$ rpm -q -i sudo|grep -e ^In -e ^SoWrong on. You MUST have 1.9.5p2 not 1.9.5!
Install Date: Sat 23 Jan 2021 14:13:11 AEDT
Source RPM : sudo-1.9.5-1.mga7.src.rpm
What mirror are you using?
http://mirror.aarnet.edu.au/pub/mageia/
That has p2 as the sudo update on it now.
(17:30 UTC Jan 28) It says they put it up Jan26
Does the update application have a critical mass trigger or will it run
for one new file only?
What does "urpmq --list-media active" show?~]$ urpmq --list-media active
On Thu, 28 Jan 2021 16:04:49 -0500, faeychild
<faeychild@nomail.afraid.org> wrote:
Does the update application have a critical mass trigger or will it run
for one new file only?
One update will trigger it.
What does "urpmq --list-media active" show?~]$ urpmq --list-media active
That looks fine. The update should have shown up for you by now.
You can always (as root) run "urpmi --auto-update" instead of waiting
for the
applet.
It should have triggered by now. Maybe there is a granularity to the update
On Thu, 28 Jan 2021 19:46:34 -0500, faeychild
<faeychild@nomail.afraid.org> wrote:
It should have triggered by now. Maybe there is a granularity to the
update
Check /etc/urpmi/urpmi.cfg and confirm that the stanza for Core\
Updates\ has
the keyword "update" on the line after the one with the key-id.
If that's there, check that mgaapplet is actually running with the
command "ps -A|grep mgaapplet", which should show a line for it with a process id.
Are you running plasma? If so, right click on a blank part of the system tray and
select "Configure System Tray ...", then select the Entries tab and
select the
option to "Always show all entries", and see if it shows up.
Yes it does and the tooltip says :Your system is up to date"
On 29/1/21 12:08 pm, David W. Hodgins wrote:
On Thu, 28 Jan 2021 19:46:34 -0500, faeychild
<faeychild@nomail.afraid.org> wrote:
It should have triggered by now. Maybe there is a granularity to the
update
Check /etc/urpmi/urpmi.cfg and confirm that the stanza for Core\
Updates\ has
the keyword "update" on the line after the one with the key-id.
OK "Update" on some, "Ignore" on others . Like on "Testing" for example
If that's there, check that mgaapplet is actually running with the
command "ps -A|grep mgaapplet", which should show a line for it with a
process id.
~]$ ps -A|grep mgaapplet
7932 ? 00:00:00 mgaapplet
Are you running plasma? If so, right click on a blank part of the system
tray and
select "Configure System Tray ...", then select the Entries tab and
select the
option to "Always show all entries", and see if it shows up.
Yes it does and the tooltip says :Your system is up to date"
Open a terminal. Log into root.
urpmi sudo
It will either say 1.9.5p2 is installed, or it will install it.
On Fri, 29 Jan 2021 15:35:21 -0500, faeychild
<faeychild@nomail.afraid.org> wrote:
Yes it does and the tooltip says :Your system is up to date"
Does /etc/urpmi/skip.list contain any non-comment lines?
Regards, Dave Hodgins
It was Core Updates that you were to look at.
Open a terminal. Log into root.
urpmi sudo
It will either say 1.9.5p2 is installed, or it will install it.
On Fri, 29 Jan 2021 18:14:49 -0500, William Unruh <unruh@invalid.ca> wrote:
Open a terminal. Log into root.
urpmi sudo
It will either say 1.9.5p2 is installed, or it will install it.
Not if sudo is listed in /etc/urpmi/skip.lst, as I'm now suspecting.
That's the
only thing I can think of to explain things so far.
Regards, Dave Hodgins
On 30/1/21 10:14 am, William Unruh wrote:
It was Core Updates that you were to look at.
cat /etc/urpmi/urpmi.cfg | grep -i core
I don't think I'm in any immediate peril from the sudo bug, I'm the only
one here.
On 30/1/21 10:22 am, David W. Hodgins wrote:
On Fri, 29 Jan 2021 18:14:49 -0500, William Unruh <unruh@invalid.ca> wrote: >>> Open a terminal. Log into root.
urpmi sudo
It will either say 1.9.5p2 is installed, or it will install it.
Not if sudo is listed in /etc/urpmi/skip.lst, as I'm now suspecting.
That's the
only thing I can think of to explain things so far.
Regards, Dave Hodgins
I checked with MCC update
only two are pending
glibc and glibc-devel NO sudo
neither of which has triggered the update applet
I checked with MCC update
only two are pending
glibc and glibc-devel NO sudo
neither of which has triggered the update applet
The sudo bug means that anyone who gets into your machine as any user at
all can immediately become root. It is not who is in your house. It is
anyone from anywhere in the world -- a few billion people.
On 28/1/21 7:47 am, faeychild wrote:
It is now 19:50 hours here and I have noticed the mgaapplet in the task
bar. finaly
As David suggested the priority glib files loaded first and then some
others including sudo
~]$ rpm -q -i sudo|grep -e ^In -e ^So
Install Date: Sat 30 Jan 2021 19:52:18 AEDT
Source RPM : sudo-1.9.5p2-1.mga7.src.rpm
All OK
RegardsIs this thread about the sudo critical bug, or about the mgaapplet?
On 30/1/21 8:04 pm, faeychild wrote:
On 28/1/21 7:47 am, faeychild wrote:Is this thread about the sudo critical bug, or about the mgaapplet?
It is now 19:50 hours here and I have noticed the mgaapplet in the task
bar. finaly
As David suggested the priority glib files loaded first and then some
others including sudo
~]$ rpm -q -i sudo|grep -e ^In -e ^So
Install Date: Sat 30 Jan 2021 19:52:18 AEDT
Source RPM : sudo-1.9.5p2-1.mga7.src.rpm
All OK
Regards
The mgaapplet has not been appearing in my Cauldron installation for a while.
Re sudo: Surely sudo was simply doing what it was designed to do,
namely, to allow users to have some root privileges? It was never
intended to obsolete firewalls, etc.
Is this thread about the sudo critical bug, or about the mgaapplet?
The mgaapplet has not been appearing in my Cauldron installation for a while.
On Sat, 30 Jan 2021 10:20:19 -0500, Doug Laidlaw
<laidlaws@hotkey.net.au> wrote:
Is this thread about the sudo critical bug, or about the mgaapplet?
It was about mgaapplet.
The mgaapplet has not been appearing in my Cauldron installation for a
while.
Run "drakrpm-edit-media --expert" (as root), and set the updates flag
for the
release media. This is not done in stable releases due to the extra time it takes to look for updates in the release media. Don't forget to remove the updates tag from the release media after Mageia 8 has been released.
Regards, Dave Hodgins
On 31/1/21 10:30 am, David W. Hodgins wrote:
Don't forget to remove the
updates tag from the release media after Mageia 8 has been released.
Regards, Dave Hodgins
And when will that be?
Mga8 was supposed to be ready in "a few weeks,"
and I thought that the absence of updates meant that the distro was
frozen to create a DVD image, but I was wrong.
Now it has more bugs than ever before.
The history is sounding too like Mandriva.
On Sun, 31 Jan 2021 20:26:14 +1100, Doug Laidlaw wrote:
Now it has more bugs than ever before.
I disagree. Watching bugzilla seems to indicate far more security updates than bugs.
The history is sounding too like Mandriva.
I really do not understand your ranting. If 8 were to be released
today you would still get the same number of package updates that
the current Release candidate gets.
On 31/1/21 10:30 am, David W. Hodgins wrote:
On Sat, 30 Jan 2021 10:20:19 -0500, Doug Laidlaw
<laidlaws@hotkey.net.au> wrote:
Is this thread about the sudo critical bug, or about the mgaapplet?
It was about mgaapplet.
The mgaapplet has not been appearing in my Cauldron installation for a >>> while.
Run "drakrpm-edit-media --expert" (as root), and set the updates flag
for the
release media. This is not done in stable releases due to the extra time it >> takes to look for updates in the release media. Don't forget to remove the >> updates tag from the release media after Mageia 8 has been released.
Regards, Dave Hodgins
And when will that be? Mga8 was supposed to be ready in "a few weeks,"
and I thought that the absence of updates meant that the distro was
frozen to create a DVD image, but I was wrong. Now it has more bugs
than ever before. The history is sounding too like Mandriva.
And when will that be? Mga8 was supposed to be ready in "a few weeks,"
and I thought that the absence of updates meant that the distro was
frozen to create a DVD image, but I was wrong. Now it has more bugs
than ever before. The history is sounding too like Mandriva.
On Sun, 31 Jan 2021 04:26:14 -0500, Doug Laidlaw
<laidlaws@hotkey.net.au> wrote:
And when will that be? Mga8 was supposed to be ready in "a few weeks,"
and I thought that the absence of updates meant that the distro was
frozen to create a DVD image, but I was wrong. Now it has more bugs
than ever before. The history is sounding too like Mandriva.
My opinion only, others have different opinions ...
When the qa team is satisfied, we will recommend to the council to go
for release.
Once that happens, the other teams indicate if they are ready or not.
When all of
the teams agree it's ready, then it is released.
The qa team is currently testing the 5th build of the rc iso images. If
the qa team
and others didn't keep finding bugs, it would have been released by now. Since that
is not the case, the release stays on hold until we are satisfied.
Whether or not there is second RC created, or this will be the last RC release before
final depends on the severity of bugs found after the rc iso images are released,
and whether the bugs are on the ISO images, or can be fixed by updates
after release.
I do not care about arbitrary deadlines, imposed just for the sake of keeping some
people happy. We aim for the target dates, but are not controlled by them.
Mageia is made entirely by people volunteering their time and effort. My primary
concern is that the people who contribute to making Mageia are happy
with the result,
for their own use, as well as their family and friends.
Making it work well for others too is primarily to our benefit in that
they will
find bugs that the above group has not yet found, due to the limited
variety of
hardware, and different usage choices.
There are people contributing to Mageia who care what the press, or
other groups
say about Mageia. I'm not one of them. That's why I joined the QA team
and became
it's leader, and did not volunteer for the Atelier team. I have zero interest in
marketing.
As above, this is only my personal opinion. Many, perhaps most of the
other people
contributing to Mageia would not agree with me.
Regards, Dave Hodgins
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 296 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 43:52:24 |
| Calls: | 6,648 |
| Files: | 12,193 |
| Messages: | 5,329,698 |