Archive

Archive for the ‘Fedora 20’ Category

New version of CQRLOG available for testing in Fedora repos

2014-01-31 Leave a comment

Just two short weeks after the release of the previous version of CQRLOG, version 1.7.1 has been released to the public with the following bugfixes:

  • “When TRX control is not active, use frequency and mode from NewQSO window” option to Preferences->Band map added
  • CTRL+N hotkey to QSO list window added (do NOT send QSL)
  • TRX control window was not sizeable – fixed
  • when ESC was pressed twice in Remote mode, log crashed – fixed
  • program crashed when freq was entered with comma as decimal separator – fixed
  • broken grid square statistic fixed

If you can, please evaluate this new package and provide karma.  The new package should already be in rawhide.

CQRLOG 1.7.1 for Fedora 19

CQRLOG 1.7.1 for Fedora 20

Configuring offlineimap to validate SSL/TLS certificates

2014-01-30 Leave a comment

I recently upgrade to Fedora 20 and quickly found my offlineimap instance failing.  I was getting all kinds of errors regarding the certificate not being authenticated.  Concerned wasn’t really the word I’d use to describe my feelings around the subject.  Turns out, the version of offlineimap in Fedora 20 (I won’t speculate as to earlier versions) requires a certificate fingerprint validation or a CA validation if SSL=yes is in the configuration file (.offlineimaprc).  I was able to remedy the situation by putting sslcacertfile = /etc/ssl/certs/ca-bundle.crt in the config file.

I won’t speculate as to the functionality in earlier versions but checking to make sure the SSL certificate is valid is quite important (MITM).  If you run across a similar problem just follow the instructions above and all should, once again, be right with the world.

Categories: Fedora 20, Integrity, Security Tags: , ,

New CQRLOG package available for testing

2013-11-15 Leave a comment

I’ve just built the latest version of CQRLOG, version 1.6.1, for Fedora 18 through 21.  The packages are being pushed to the updates-testing repos now and should be available soon.  If you use CQRLOG in Fedora from the repositories I’d appreciate you testing this latest build and giving karma if it works (or doesn’t work) for you.

This update provides the following enhancements and bugfixes:

  • 630M band added
  • added OQRS (online QSL request system) to QSL sent menu
  • added “Always sort by QSO date” option to Search function
  • cursor is moved to last opened log in DB connection window
  • “Ask before creating a backup” option to “Auto backup” added
  • band map is much faster, a few optimization added
  • program freezed for a few milliseconds with every bandmap refresh – fixed
  • “MySQL server has gone away” problem fixed
  • membership values collation were case sensitive – fixed
  • ADIF import sometimes crashed with access vioalation, now will show what happened
  • qrz search with right click on a call in the recent QSOs list didn’t work
  • band map font settings was not loaded when program started

Thanks!

Fedora still vulnerable to the BEAST

2013-09-12 5 comments

This morning I was greeted with a blog post from the fine folks over at Qualys on how BEAST isn’t really still a threat (unless you are using an Apple product).  BEAST, a vulnerability found in SSL and TLS 1.0, was discovered around this time a couple of years ago and put web users in a precarious position of using a poor cipher choice (RC4) or be vulnerable.  Not to worry, however, as developers were able to come up with a solution to the problem (n/n-1).

So I mentioned the Qualys article in my $dayjob IRC channel where my always awake coworker provided information that Fedora is, in fact, still vulnerable to the attack.  Thanks to a problem with pidgin-sipe connecting to a Microsoft server, the n/n-1 split was backed out of the NSS software leaving anything that depends on it potentially vulnerable (Chrome, Firefox, and Thunderbird to name a few).

There is a fix, although it’s not fantastic by any stretch of the imagination.  By simply adding these two lines to your /usr/bin/firefox file the vulnerability should be fixed:

NSS_SSL_CBC_RANDOM_IV=1
export NSS_SSL_CBC_RANDOM_IV

We added these two lines at line 36 and restarted Firefox.  My way-too-awake coworker did a test and confirmed that it was working in his environment.  Your mileage may vary.

Hopefully the fix for BEAST can be reapplied to NSS in Fedora soon as leaving users exposed can be dangerous.

Thanks to Hubert Kario for pointing me, and walking me, though this stuff before my morning coffee.

Update: 2013-09-12 @ 14:30 UTC

Apparently this problem will be persistent according to the NSS package maintainer.  From the ticket:

I bit of information from the nss side of things. The nss disabling patch is not applied on Rawhide or f20, onlt applied on stable branches. After we branch Rawhide for the next fedora release and we enter in Alpha, I send emails to the fedora development mailing list telling them that NSS_SSL_CBC_RANDOM_IV=1 will be the default as they use updates-testing and ask for feedback on whether it causes problems. Twice they have said it still causes problems. There are still unpatches servers out there. Once we go beta I have to enable the patch again. f20 is entering Alpha soon so I’ll send that email again. I know this bug is for Firefox but I though worth informing you that we monitor this every six months for nss.

Update: 2013-10-10 @ 15:22 UTC

After several weeks of inaction I’ve filed a ticket with FESCo to hopefully compel NSS to be remedied and any software that breaks with this fix should be patched to undo the fix.

Update: 2013-10-17 @ 10:32 UTC

I believe this problem has been fixed (finally!) for Fedora 19 and beyond.

New version of CQRLOG available in Fedora

2013-09-10 Leave a comment

On Sunday, 08 September, upstream developers released version 1.6.0 of CQRLOG.  This update has been pushed to the testing repositories in Fedora for versions F21, F20, and F19.  Three +1 karma feedback gets the update into the normal Fedora update repos sooner.  Please give it a test.

Another new version of tudu available for testing

2013-08-26 Leave a comment

Pretty much as soon as I had pushed the 0.9 version of tudu version 0.9.1 became available.  The test packages are available for testing.  Add karma points if works for you (and, obviously, negative karma if it doesn’t).  Thanks!