Re: [CentOS] Where can I find the 6.10 centos-release srpm?
On Wed, 4 Jul 2018, Phil Wyett wrote: On Wed, 2018-07-04 at 16:06 -0400, m...@tdiehl.org wrote: Hi, Where can I find the srpm for centos-release-6-10.el6.centos.12.3.x86_64? I looked in vault and it is not there. The 6.10 folder is in place, but we need to give the team chance to upload. I would assume it will appear in coming days or alternatively, you could create your own from git.centos.org. Hi, Yea, I know it will show up in a few days. In the past when I asked, someone usually provides a url to it so that I can get going with what I have to do. TBH, Pulling the sources from git.centos.org would be a great way to get the sources if it worked as per the documentation @ https://wiki.centos.org/Sources I thought that I had this figured out for C7 by following the above wiki page but if I pull the sources for the c7 centos-release rpm when I look at the spec file I see it is for 7.3.1611. If I try to do a git checkout for c6 I get the following error: (vgeppetto2 pts14) $ git checkout c6 error: pathspec 'c6' did not match any file(s) known to git. (vgeppetto2 pts14) $ So at this point in time, I am lost. Can someone tell me what the magic incantation is to actually get the latest sources? It would also be nice if it was described how to do this @ https://wiki.centos.org/Sources so that mear mortals like myself could understand how to actually use it. Regards, -- Tom m...@tdiehl.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gpg2 (GnuPG) Security Update for CentOS 6.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2018-07-04 at 20:18 +, nschehovin--- via CentOS wrote: > Where do I get an update for gpg2 (GnuPG) for CentOS 6.10 that is compliant > with CVE-2018-12020? > I'm trying to update gpg2 (GnuPG GNU Privacy Guard) on my fully updated CentOS > 6.10 computer to comply with CVE-2018-12020. My system has gpg2 package > gnupg2-2.0.14-8.el6.x86_64.rpm > This package does not appear to be compliant with CVE-2018-12020. I can not > find and update anywhere. I have tried downloading the upstream version 2.2.8 > from GnuPG.org but am having trouble building it for CentOS 6.10 primarily due > to a requirement for a newer version of glibc. I'm getting the error undefined > reference to 'clock_gettime' and have not been able to resolve it > > Any suggestions on where to download the update or when an update might be > available or how to build gpg2 version 2.2.8 for CentOS 6 is appreciated. > Thanks,Ed > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Hi, This looks like it is in the works and may take a little time. References: https://access.redhat.com/security/cve/cve-2018-12020 https://bugzilla.redhat.com/show_bug.cgi?id=1589620 Regards Phil - -- *** If this is a mailing list, I am subscribed, no need to CC me.*** Playing the game for the games sake. IRC: kathenas Web: https://kathenas.org Github: https://github.com/kathenas GitLab: https://gitlab.com/kathenas Twitter: kathenasorg GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJbPTBkAAoJEDM/YNywubt3D0QP/164DSwRHiKt6uMylF76oAIN 6Cwr+1TgzHJiqp0so5Y2GvuBmfbU2K7nFKTrIF7hq/fn02sdvrU+S5xge2e0OHbC My94is11TrlqysK1DVRSWz1myaAD9onlQf9Z3/4B4ZN75Zkzw62Ct5akGcLu+cVR 6Mk22DqAnxl1W1TzB8VFUlaxbqXXTMypdfbuBiELJ3zJZwet4ITl//5W6fLlc62M 52/MKWQstoSNjssMlU0fJS5rwnwxo0ZG3pHlKr6zm9pi358OURImiKDY4BFty/pN nA58kNvTuTOozBgVaMMyX1w//gBVr05vS6KSlH1FZI3i7pG+jX3WtKYEoA+gFmZQ ZTXYOeHvGCPu5q3MjAFNeN8aqwcT77antFrzL8gUrnFl4WfXbRcPB7Y3Nm1nA86c UsrrRD61sQRVCYF3CbL2ldPkgc3eLl3zQ3WINKF3bkU0Ota8n4CPCtFmxtFqS5K3 vaidsmX8iiq/K7cACgIpJy5WSOldT49MVG1ujQCFNCPoesmjgea+kVU4KKEwpT8O 0Ond8/dvG7LSsLQCnhYeKyvhGLhsKHe098E10P+IIwu11iJ9228blxdoZhA80Ejd qB1E0ea7WtVNAyQrdBmUsKRieaWOWBHPsTh6KhgLqHoHrsgiRX8NPXIheNyfI6+w IYVkbyoIDz5Z8eo4TLoF =/OgR -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Where can I find the 6.10 centos-release srpm?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2018-07-04 at 16:06 -0400, m...@tdiehl.org wrote: > Hi, > > Where can I find the srpm for centos-release-6-10.el6.centos.12.3.x86_64? > > I looked in vault and it is not there. > > Regards, > Hi, The 6.10 folder is in place, but we need to give the team chance to upload. I would assume it will appear in coming days or alternatively, you could create your own from git.centos.org. Regards Phil - -- *** If this is a mailing list, I am subscribed, no need to CC me.*** Playing the game for the games sake. IRC: kathenas Web: https://kathenas.org Github: https://github.com/kathenas GitLab: https://gitlab.com/kathenas Twitter: kathenasorg GPG: A0C3 4C6A AC2B B8F4 F1E5 EDF4 333F 60DC B0B9 BB77 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJbPSwwAAoJEDM/YNywubt3giAP/0ECw9woBcVR/3NXa6mu56C/ u0J3FAE9fBNXPPp2jJvg+dP5em2zn3Jmm1L16C2vob4LsWZw0B7O/qFL6XcdCrQ0 3POuwPNJUVxiTAiBI9w54UePe7HBM+kvqgBeO1ANy3JjGq0rH7GGNdiLqxPMW1jC ueJ7t7DEpiluYzvMCGQLVM6FkOrqY0yTkBpCh42MR1qnYnu/jF9bNgzz9Et1PQMo uY/uwUKk7i9i+ggCK416bWr3/TC3kvWwMcSpIE4W4v0UeUBYS1eOl5VPk9hPlc63 1uS4f5LtuyIfQlwpIqSK4bQoN6JKIHOEtSAb9ZCE2MOJi5hKvxvu9/9dLImu2c1N jqqD4UGhTVh7piie+N1gXj1W2zIgieJQSAKi//cds+Y4L1I2xDcznuZu5whSRwQ7 YsvvzE4a8SfeJQ5KAFsRC14e1tdh0b04a/QUcn7etMiB4Uc9qgDSRtPmj+yYVYrn 8a3zoDXoWUTinpHZDOi22yp5Ui8cxo4eOXhfDG+oFGcHBH27Iy5/TpCjgkBut+uM eEptUx5DN6dKmpC/3nAXLw536qkqTG72np7kERFY1XRRj64/nWtHoWabUZo9ie7D ehInzeuOMQ/0XzbOyxTobHd2D3X5J/q9NYI/bWRH3NYLWd14e/FnLJtMLub7X/J/ l8Y/Cm0jzrsV9xi5ouQO =Toxw -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] gpg2 (GnuPG) Security Update for CentOS 6.10
Where do I get an update for gpg2 (GnuPG) for CentOS 6.10 that is compliant with CVE-2018-12020? I'm trying to update gpg2 (GnuPG GNU Privacy Guard) on my fully updated CentOS 6.10 computer to comply with CVE-2018-12020. My system has gpg2 package gnupg2-2.0.14-8.el6.x86_64.rpm This package does not appear to be compliant with CVE-2018-12020. I can not find and update anywhere. I have tried downloading the upstream version 2.2.8 from GnuPG.org but am having trouble building it for CentOS 6.10 primarily due to a requirement for a newer version of glibc. I'm getting the error undefined reference to 'clock_gettime' and have not been able to resolve it Any suggestions on where to download the update or when an update might be available or how to build gpg2 version 2.2.8 for CentOS 6 is appreciated. Thanks,Ed ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Where can I find the 6.10 centos-release srpm?
Hi, Where can I find the srpm for centos-release-6-10.el6.centos.12.3.x86_64? I looked in vault and it is not there. Regards, -- Tom m...@tdiehl.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba issues with Win 10
On Tue, 3 Jul 2018, mark wrote: m...@tdiehl.org wrote: On Thu, 28 Jun 2018, mark wrote: Walter H. wrote: On 28.06.2018 16:30, mark wrote: Just ran into a problem: someone with a new laptop, running Win 10, version 1709, tried to map their home directory (served from a CentOS 6.9 box, and it fails, with Windows complaining that it no longer supports SMBv1, and if you go to their site, you can install support for that manually The server running samba can *not* be updated to 7 - we have a lot of stuff based off it, and most of our users use it, one way or another, so it's a major thing when we do finally upgrade (or, more likely, replace the server). Has anyone run into this, and if so, any workarounds on the Linux end? You did not say what version of samba you are running but I am going to assume it is not the samba4 rpms that come with c-6. The default samba, 3.6.23-51. I would suggest that you remove the currently installed samba rpms and install samba4-4.2.10-12.el6_9.x86_64 and friends. I have several customers still running c-6 with the samba4 rpms using win10 and win server 2016 that work just fine and best of all no smb_1 The real issue, which you may have missed, is that this is *heavily* used by the entire Office. Such an upgrade would require extensive testing before we can roll it out. By the time we do that, we may have finally ordered a replacement server for the system, and the new one will be C7. I did not miss it. I seem to remember that you asked for something in SCL. If you are willing to use SCL then why not use packages supplied in base? If you are not willing to do the testing then your only choice is NO SECURITY. SMB_1 is not secure and should not be used. That is why it is no longer supported in Win 10 or samba 3.x. For once MS is doing the right thing. This isn't a cube farm, but 30 or 50 or 60 people being out of capability for hours or days is not something we do. It is not an intrusive change but I agree it should be tested. Bottom line is it is your system so you get to decide. :-) Regards, -- Tom m...@tdiehl.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic
On 04.07.2018 19:03, Walter H. wrote: > On 04.07.2018 18:37, Alice Wonder wrote: >> But anyway, does the changelog indicate why the certs were removed? > where can I find the changelog? rpm -q --changelog ca-certificates best regards Ulf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic
> Am 04.07.2018 um 17:54 schrieb Walter H. : > > Hello, > > the RPM > > ca-certificates-2018.2.22-65.1.el6.noarch > > has a big problem ... > many certificates were removed - my proxy uses this as source and isn't able > to validate correct any more - > most sites show this: > > /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) > > /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust > External TTP Network/CN=AddTrust External CA Root > > Self-signed SSL Certificate in chain: /C=US/O=DigiCert > Inc/OU=www.digicert.com/CN=DigiCert Global Root CA > > and many other Root certificates are missing ... Chapter 20. Deprecated Functionality might be related ...? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html-single/6.10_technical_notes/ -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic
On 04.07.2018 18:37, Alice Wonder wrote: On 07/04/2018 08:54 AM, Walter H. wrote: Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root Self-signed SSL Certificate in chain: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA and many other Root certificates are missing ... Not sure why they were removed but in the past, root certificates are removed due to problems with the certificate authorities that mean their signatures no longer mean the sites are who they say there. That's the problem with PKI. When you can't trust the root, you can't sign any certificate down the chain from the root. Unfortunately DANE is not yet supported by browsers. DANE is not a solution, it is another problem ... But anyway, does the changelog indicate why the certs were removed? where can I find the changelog? It may be a good thing - protecting you from potential MITM when you otherwise would have the assumption that the site is valid because it has a cert. depends ... this https://cdn.pbrd.co/images/Hs5VL82.png is not the cause of SSL everywhere, it is the answer of SSL everywhere ... I know digicert specifically has had problems before resulting in fraudulent certificates being issued. this had been in the past ..., not relevant to present time ... Hopefully the industry can move to DANE and make blind trust a thing of the past. before DANE, DNSSEC as a requirement has to be deployed ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic
On 07/04/2018 08:54 AM, Walter H. wrote: Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root Self-signed SSL Certificate in chain: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA and many other Root certificates are missing ... Not sure why they were removed but in the past, root certificates are removed due to problems with the certificate authorities that mean their signatures no longer mean the sites are who they say there. That's the problem with PKI. When you can't trust the root, you can't sign any certificate down the chain from the root. Unfortunately DANE is not yet supported by browsers. But anyway, does the changelog indicate why the certs were removed? It may be a good thing - protecting you from potential MITM when you otherwise would have the assumption that the site is valid because it has a cert. I know digicert specifically has had problems before resulting in fraudulent certificates being issued. Hopefully the industry can move to DANE and make blind trust a thing of the past. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic
Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root Self-signed SSL Certificate in chain: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA and many other Root certificates are missing ... Greetings, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] usb problem on Dell Latitude 3570
- Oorspronkelijk bericht - Van: "johan vermeulen7" Aan: "CentOS mailing list" Verzonden: Dinsdag 3 juli 2018 12:57:07 Onderwerp: Re: [CentOS] usb problem on Dell Latitude 3570 - Oorspronkelijk bericht - Van: "Nataraj" Aan: "CentOS mailing list" Verzonden: Maandag 2 juli 2018 23:21:39 Onderwerp: Re: [CentOS] usb problem on Dell Latitude 3570 On 07/02/2018 01:49 AM, johan.vermeul...@telenet.be wrote: > Hello All, > > after update to Centos7.5 all our Latitudes 3570 - some 150- suffer usb > problems. > Plug and play doesn't work any more, people need to insert usb devices - > mouse, keyboard, eidreader - first and then boot > in order to use them. > > dmesg | tail -n15 gives these EM: > > [ 25.164396] usb 1-8: device descriptor read/64, error -110 > [ 25.418387] usb 1-8: new full-speed USB device number 6 using xhci_hcd > [ 30.571460] usb 1-8: device descriptor read/64, error -110 > [ 53.084387] xhci_hcd :00:14.0: Timeout while waiting for setup device > command > [ 53.084435] xhci_hcd :00:14.0: Timeout while waiting for stop endpoint > command > [ 53.285343] usb 1-8: device not accepting address 7, error -62 > [ 58.300369] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300384] xhci_hcd :00:14.0: Command completion event does not match > command > [ 58.300394] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300401] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300408] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300415] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300421] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300428] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300435] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300441] xhci_hcd :00:14.0: ERROR mismatched command completion event > [ 58.300448] xhci_hcd :00:14.0: ERROR mismatched command completion event > > Googling this is see some posts with similar problems, but none on Centos7 > and none resolved. > I suppose this is some driver-shift-update in Centos7.5. > We are running MATE desktop, if that could be an issue > > Many thanks for any advise. > Jul 1 07:15:06 pygeum kernel: [ 10.85] usb 3-1: device descriptor > read/64, error -110 > Jul 1 07:15:06 pygeum kernel: [ 26.460443] usb 3-1: device descriptor > read/64, error -110 > Jul 1 07:15:06 pygeum kernel: [ 26.696308] usb 3-1: new full-speed USB > device number 3 using xhci_hcd > Jul 1 07:15:06 pygeum kernel: [ 31.836441] usb 3-1: device descriptor > read/64, error -110 > Jul 1 07:15:06 pygeum kernel: [ 47.452351] usb 3-1: device descriptor > read/64, error -110 > Jul 1 07:15:06 pygeum kernel: [ 47.560390] usb usb3-port1: attempt power > cycle > Jul 1 07:15:06 pygeum kernel: [ 48.212366] usb 3-1: new full-speed USB > device number 4 using xhci_hcd > Jul 1 07:15:06 pygeum kernel: [ 53.468442] xhci_hcd :39:00.0: Timeout > while waiting for setup device command > Jul 1 07:15:06 pygeum kernel: [ 58.88] xhci_hcd :39:00.0: Timeout > while waiting for setup device command > Jul 1 07:15:06 pygeum kernel: [ 59.052359] usb 3-1: device not accepting > address 4, error -62 > Jul 1 07:15:06 pygeum kernel: [ 59.180277] usb 3-1: new full-speed USB > device number 5 using xhci_hcd > Jul 1 07:15:06 pygeum kernel: [ 64.220453] xhci_hcd :39:00.0: Timeout > while waiting for setup device command > Jul 1 07:15:06 pygeum kernel: [ 69.596378] xhci_hcd :39:00.0: Timeout > while waiting for setup device command > Jul 1 07:15:06 pygeum kernel: [ 69.804359] usb 3-1: device not accepting > address 5, error -62 > Jul 1 07:15:06 pygeum kernel: [ 69.805459] usb usb3-port1: unable to > enumerate USB device > > Greetings, J. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Interesting. I get the following errors from my external monitor plugged into a USB C port on a Dell XPS 9360. This is under Ubuntu 18.04, kernel 4.15.0-23-generic. When I unplug and replug the USB C cable, the error goes away, but I don't believe it is a cable or connector problem. Most of the time the external monitor works even with these errors, but occasionally I have to reboot to get it to work. Biggest problem is it takes a long time to boot when it gets these errors. Jul 1 07:15:06 pygeum kernel: [ 10.85] usb 3-1: device descriptor read/64, error -110 Jul 1 07:15:06 pygeum kernel: [ 26.460443] usb 3-1: device descriptor read/64, error -110 Jul 1 07:15:06 pygeum kernel: [ 26.696308] usb 3-1: new full-speed USB device number 3 using xhci_hcd Jul 1 07:15:06 pygeum kernel: [ 31.836441] usb 3-1: device descriptor read/64, error -110 Jul 1 07:15:06 pygeum kernel: [