Bug 152787

Summary:

CAN-2004-0750 - redhat-config-nfs incorrect permission on exports

Product:

[Retired] Fedora Legacy

Reporter:

Marc Deslauriers <marc.deslauriers>

Component:

redhat-config-nfs

Assignee:

Fedora Legacy Bugs <bugs>

Status:

CLOSED ERRATA

QA Contact:

Severity:

medium

Docs Contact:

Priority:

low

Version:

unspecified

CC:

deisenst, jpdalbec, pekkas, s.j.thompson

Target Milestone:

---

Keywords:

Security

Target Release:

---

Hardware:

All

OS:

Linux

URL:

https://rhn.redhat.com/errata/RHSA-2004-434.html

Whiteboard:

1, 2, LEGACY, rh90

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2005-12-18 05:03:40 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Patch for properties window	none
Suggested system-config-nfs-1.2.3-exportsmissing.patch	none

Description David Lawrence 2005-03-30 23:27:27 UTC

John Buswell discovered a flaw in redhat-config-nfs that could lead to
incorrect permissions on exported shares when exporting to multiple
hosts. This could cause an option such as "all_squash" to not be
applied to all of the listed hosts. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0750 to
this issue.

Additionally, a bug was found that prevented redhat-config-nfs from being
run if hosts didn't have options set in /etc/exports.

Info:
https://rhn.redhat.com/errata/RHSA-2004-434.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107997



------- Additional Comments From marcdeslauriers 2004-09-22 13:56:24 ----

Need to check if rh9 and fc1 are vulnerable to this.



------- Additional Comments From marcdeslauriers 2004-09-22 17:44:26 ----

They are indeed vulnerable, must patch.



------- Additional Comments From marcdeslauriers 2004-09-22 18:33:46 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA for rh9 and fc1.
They fix CAN-2004-0750 and a few major functionality bugs.

rh9 Changelog:
* Thu Sep 23 2004 Marc Deslauriers <marcdeslauriers> 1.0.13-5.legacy
- - rebuilt as Fedora Legacy security update to fix CAN-2004-0750
- - revert desktop file to rh9 format

fc1 Changelog:
* Thu Sep 23 2004 Marc Deslauriers <marcdeslauriers> 1.1.3-2.legacy 
- - close properties dialog when clicking OK button
- - handle /etc/exports missing gracefully
- - fix incorrect syntax for multiple hosts with a single mount point
  CAN-2004-0750 (patch by Shannon Mitchell)
- - don't barf on optionless hosts
- - readonly is default

rh9:
0f7a70f06c62a187573e3894ae8fff214779ec92 
redhat-config-nfs-1.0.13-5.legacy.noarch.rpm
d87293932391ab05d23910f3a0babad3190d8485  redhat-config-nfs-1.0.13-5.legacy.src.rpm

fc1:
6cfebc18e601bdf90b5d4eb90747affd5fd3808c 
redhat-config-nfs-1.1.3-2.legacy.noarch.rpm
1f0816df60b01039c6bcbafa3b331abf30d420ce  redhat-config-nfs-1.1.3-2.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/9/redhat-config-nfs-1.0.13-5.legacy.noarch.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/redhat-config-nfs-1.0.13-5.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/redhat-config-nfs-1.1.3-2.legacy.noarch.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/redhat-config-nfs-1.1.3-2.legacy.src.rpm




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBUlIPLMAs/0C4zNoRApLmAKCSkfKgOfICo5NcF6SsLGfGIwiAnwCfX2kK
0dDtJxiRaya0kJUV7AODAa8=
=9bcQ
-----END PGP SIGNATURE-----




------- Additional Comments From rob.myers.edu 2004-09-23 04:31:12 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I did QA on the FC1 package:
 
1f0816df60b01039c6bcbafa3b331abf30d420ce  redhat-config-nfs-1.1.3-2.legacy.src.rpm
 
- - spec file looks good
- - builds ok
- - installs ok
- - works ok
- - source file identical to FC1 release
- - i'm no python expert, but patches look ok
 
i tried to follow the rules at http://www.fedoralegacy.org/wiki/index.php/QaTesting
but its my first time so please let me know if i missed anything!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFBUt3TtU2XAt1OWnsRAlNjAKD4V3IGWcfqQCyE+wb8HpS7Yv8hOgCgq3kG
6pyS28aG63/esk1nk/n04WU=
=23F4
-----END PGP SIGNATURE-----




------- Additional Comments From josh.kayse.edu 2004-10-08 03:11:00 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on the FC1 package:

1f0816df60b01039c6bcbafa3b331abf30d420ce  redhat-config-nfs-1.1.3-2.legacy.src.rpm

- - spec file looked good
- - builds ok
- - installs ok
- - runs ok
- - source file identical to previous FC1 release
- - patch files look ok
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBZpG4wnUFCSDmt7ERAooKAJ9Jbrvle9tAkSXjTibmM9ItNgXR9wCeODen
EgYgGppUE+5LuW2/cprk1JU=
=ogRz
-----END PGP SIGNATURE-----




------- Additional Comments From byte.my 2004-10-18 02:59:30 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA on the FC1 package performed

1f0816df60b01039c6bcbafa3b331abf30d420ce  redhat-config-nfs-1.1.3-2.legacy.src.rpm

- - spec file looks okay except for
        warning: File listed twice: /usr/share/redhat-config-nfs/pixmaps
        warning: File listed twice:
/usr/share/redhat-config-nfs/pixmaps/redhat-config-nfs.png
- - it buils okay
- - it installs okay
- - runs fine
- - source file is identical to previous in FC1 release
- - patches and python looks okay

Patch below "fixes" spec file warning. One last remainder error, its getting
late to fix...

warning: File listed twice:
/usr/share/redhat-config-nfs/pixmaps/redhat-config-nfs.png

diff -urN redhat-config-nfs.spec~ redhat-config-nfs.spec
- --- redhat-config-nfs.spec~     2004-09-23 14:24:15.000000000 +1000
+++ redhat-config-nfs.spec      2004-10-18 22:36:49.000000000 +1000
@@ -60,7 +60,6 @@
 %doc doc/*
 %{_bindir}/redhat-config-nfs
 %dir %{_datadir}/redhat-config-nfs
- -%dir %{_datadir}/redhat-config-nfs/pixmaps
 %{_datadir}/redhat-config-nfs/*
 %attr(0644,root,root) %{_datadir}/applications/redhat-config-nfs.desktop
 %attr(0644,root,root) %{_datadir}/%{name}/pixmaps/redhat-config-nfs.png
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBc7xQiktHAE0k2bYRAnTWAJ49eu2VFjXf2z/cX44VTB6dUaqZVgCgg7Fv
w/rMScMbhpT6fPNV+5ofYQo=
=Hg9y
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas 2004-12-15 09:26:22 ----

Where can I find redhat-config-nfs-1.0.13.tar.bz2 to verify that it's integrity
is OK?

I suggest we just either:
 1) stick to security fixes;
 2) functionality fixes if they can be clearly backported with minimal patching; or
 3) if creating a significant functionality increase go to a version the
correctness of which is easily verifiable.



------- Additional Comments From marcdeslauriers 2004-12-15 12:43:33 ----

In response to comment #7:

You can find the original tarball in the update Red Hat released for RHEL3:
https://rhn.redhat.com/errata/RHSA-2004-434.html

By the way, it IS a security fix.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0750

Sorry for not mentioning where the source came from. I didn't think it would be
difficult to find.






------- Additional Comments From pekkas 2004-12-15 20:04:41 ----

I couldn't find it with google, sorry ;-)

Yes, I wasn't refuting this didn't include a security fix, it just included a
lot of other stuff as well.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
                                                                               
                
QA on the SRPM w/ rpm-build-compare.sh
 - sources match the ones provided in RHEL3 update
 - spec file changes are reasonable
        * python-tools buildrequires was removed, but that's OK because it's
          not needed.
 - desktop file patch verified
 - rebuilds OK.
                                                                               
                
+PUBLISH (RH9)
                                                                               
                
d87293932391ab05d23910f3a0babad3190d8485  redhat-config-nfs-1.0.13-5.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
                                                                               
                
iD8DBQFBwSUVGHbTkzxSL7QRAldAAKDEuzTxk1vXkXZriAzgDTFj8840OgCfR/6o
tgMSzAQdPZIlHPSNMQkSr7M=
=lgx7
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2005-02-03 13:30:11 ----

packages pushed to updates-testing



------- Additional Comments From S.J.Thompson.ac.uk 2005-02-08 00:51:32 ----


RPM
0935165a66653b8c546713178b975e55119717fe 
redhat-config-nfs-1.0.13-5.legacy.noarch.rpm

This packages don't appear to fix the security problem (at least under RH9).

i.e. if I start the tool, create a new share which is "Read Only", exported to
"host1 host2" and has the option "Treat all clients as anonymous users" set, I
get the following in my /etc/exports file:

/sample/directory      host1 host2(ro,sync,all_squash)

I would _expect_ to get:
/sample/directory      host1(ro,sync,all_squash) host2(ro,sync,all_squash)

i.e. the options are only being applied to the _last_ host.

Package does NOT appear to resolve security issue in Comment #1.

(The bug where redhat-config-nfs won't run if there are no options is fixed though).



------- Additional Comments From S.J.Thompson.ac.uk 2005-02-08 00:53:00 ----

Actually not Comment #1 but Description



------- Additional Comments From pekkas 2005-02-08 07:18:54 ----

Could you double-check which version of the tool you were running?  The patch is
applied in the RPM, the patch is functionally identical to upstream bugzilla
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107997) and identical to
what was shipped in the RHEL3 update.

If their patch was broken,... well.. that can happen, of course. I'll try to
remember to test this myself.



------- Additional Comments From S.J.Thompson.ac.uk 2005-02-08 08:00:04 ----

% rpm -q redhat-config-nfs
redhat-config-nfs-1.0.13-5.legacy

I'll check on one of our boxes that is actually running RHEL3 and see if its
fixed on that.



------- Additional Comments From marcdeslauriers 2005-02-08 13:30:18 ----

Can someone else try this...I just did and it worked ok for me...




------- Additional Comments From pekkas 2005-02-08 22:20:24 ----

Worked for me as well.  Maybe you accidentally typed something else than space
in the tab or something?

I picked read-only, anonymous, and exported "/" to "host1 host", and the result was:

# more /etc/exports
/                        host1(ro,sync,all_squash)
/                        host2(ro,sync,all_squash)

Did you try removing /etc/exports before doing this?



------- Additional Comments From S.J.Thompson.ac.uk 2005-02-08 23:13:43 ----

OK if you remove /etc/exports then the issue is fixed. i.e. if you create a
*new* exported share however if you edit an existing share and add another host
then the problem still appears to exist.



------- Additional Comments From pekkas 2005-02-09 00:15:28 ----

Yes, I tested this as well.  The patch is IMHO incomplete; it does not handle
'properties' at all.  This is not fixed in the latest CVS version either.

I don't know much of python, but I tried a few ways to fix this, but it wouldn't
work properly.  Maybe the correct fix will be to remove being able to edit the
"hosts" line in 'edit' mode; otherwise the code will have to deduct which subset
of the hosts you added (or removed), and add those to the list and apply the
changes to the all.

I suggest you reopen the Red Hat bug report, and we'll see how that develops.



------- Additional Comments From S.J.Thompson.ac.uk 2005-02-10 23:20:51 ----

I have confirmed that the problem exists in RHEL 3 still - didn't think it
wouldn't as the FL patch is the same, but I had to check. I've attached a note
to the RHEL bugzilla entry.

Is it still worth pushing this updated package out as it partially resolves the
security problem?



------- Bug moved to this database by dkl 2005-03-30 18:27 -------

This bug previously known as bug 2086 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2086
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Pekka Savola 2005-05-05 06:30:20 UTC

For some reason, the tag for FC1 appears to be '-core1' not '-fc1'..

Comment 2 Pekka Savola 2005-05-11 07:04:43 UTC

Adding "discuss" tag as we may need to discuss whether to ship incomplete fix
(but the same as RHEL) or wait for a better one..

Comment 3 John Dalbec 2005-07-13 20:54:00 UTC

Created attachment 116722 [details]
Patch for properties window

This patch looks for multiple hosts in the properties field.  If it finds them,
it replaces the original entry with separate entries for each host.  I don't
think we want more than one host on a line because there's no guarantee they'll
have the same properties if the file is edited outside redhat-config-nfs.

Comment 4 Pekka Savola 2005-07-14 07:47:25 UTC

Thanks.  Could folks test this w/ this patch to see if it workarounds the bug?
I don't have access to X-enabled linux right now.  If so, I can remove the
discuss tag and we need to respin the packages..

Comment 5 Eric Jon Rostetter 2005-07-14 15:34:31 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
++VERIFY for RHL 9
 
RHL 9 Packages:
redhat-config-nfs-1.0.13-5.legacy.noarch.rpm
 
SHA1 checksum matches.  Signatures verify okay.
 
I first tested the original RH9 version and saw indeed it didn't work
if /etc/exports didn't exist, and that it did indeed generate the wrong
entries when given an empty /etc/exports file.
 
I then upgraded to the FL update, and re-ran the tests.  This time, it
did work without an pre-existing /etc/exports file, and did generate the
expected results for multiple host entries.
 
I did not test the case of editing an existing rule, only of creating new
rules in an empty or missing /etc/exports file.
 
If there is a problem with the existing rules, I vote to publish anyway
and just put a note in the release advisory about that issue.  This fixes
two major problems, and it is worth pushing even if there is still a
third problem, as long as we document any such third problem.
 
Vote for release for RHL 9. ++VERIFY
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
 
iD8DBQFC1oVb4jZRbknHoPIRAk59AKCweMW1L16mDCSc/smWknw/+dscUQCfY+xe
3DKjLRwQdsNtKU290c9bHNY=
=Hi65
-----END PGP SIGNATURE-----

Comment 6 Pekka Savola 2005-07-27 06:50:22 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I've tested John's patch and it appears to be working OK.
 
The problem still persists in the latest upstream package; could someone try
reporting it to the authors?
 
In any case, I don't think this should stop us from finally proceeding.
 
I've created new packages which include this patch:
 
http://www.netcore.fi/pekkas/linux/redhat-config-nfs-1.0.13-6.legacy.src.rpm (RHL9)
http://www.netcore.fi/pekkas/linux/redhat-config-nfs-1.1.3-3.legacy.src.rpm (FC1)
http://www.netcore.fi/pekkas/linux/system-config-nfs-1.2.3-3.legacy.src.rpm (FC2)
 
ecb9560fc13e87d28c12594575364fa63174baee  redhat-config-nfs-1.0.13-6.legacy.src.rpm
a2440633bdb2ba9fda137bc256928e9745c77a5d  redhat-config-nfs-1.1.3-3.legacy.src.rpm
91ad6111c9f16818988ef24129303efe6731a099  system-config-nfs-1.2.3-3.legacy.src.rpm
 
* Wed Jul 27 2005 Pekka Savola <pekkas> 1.1.3-3.legacy
- - Patch from John Dalbec to completely fix CAN-2004-0750 (#152787)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFC5y31GHbTkzxSL7QRAi5DAKDNn7QlBfhRMIZoDf+iqNFoF+T8WgCghSuP
xTwcHVGReKaxuK4bRLEkkK0=
=SPG5
-----END PGP SIGNATURE-----

Comment 7 David Eisenstein 2005-09-27 10:58:39 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for FC1 package:

a2440633bdb2ba9fda137bc256928e9745c77a5d  
	redhat-config-nfs-1.1.3-3.legacy.src.rpm

   * All previous patches and tarball the same to
     redhat-config-nfs-1.1.3-2.legacy.src.rpm.
   * All signatures are good
   * Patch looks okay.  Though I don't know Python really well, this new
     patch to function on_edit_button_clicked looks very similar to what
     the multiple-hosts.patch file did to function on_add_button_clicked.
   * Built just fine.
   * Installs fine.
   * It runs.

PUBLISH++ FC1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFDOSWjxou1V/j9XZwRAnXjAJ937XORX9F/aXAIcBONPExCYBeJ3ACghJQR
v+F+1RUrlsl8OhhqxNNJOdY=
=19nx
-----END PGP SIGNATURE-----

Comment 8 Pekka Savola 2005-09-28 06:48:37 UTC

Thanks.  Still needs publishes for the other distros.

Comment 9 David Eisenstein 2005-09-30 13:00:23 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for FC2 package, submitted in comment #6.

91ad6111c9f16818988ef24129303efe6731a099  
   system-config-nfs-1.2.3-3.legacy.src.rpm

Contents of the .src.rpm:

	  698 Jul 27 01:43 nfs-fc2-CAN-2004-0750-complete.patch
	87853 Apr  8  2004 system-config-nfs-1.2.3.tar.bz2
	 7652 Jul 27 01:43 system-config-nfs.spec

I compared the patched sources of FC1's redhat-config-nfs-1.1.3-3.legacy.src.
rpm to the unpatched sources from FC2's system-config-nfs-1.2.3-3.legacy.
src.rpm.

I could find no evidence that any part of the patches for CAN-2004-0750 ever
made it into FC2's source tarball, dated 8-Apr-2004, listed above.  However,
it appears that the FC2 .src.rpm assumes that all the other patches *did* make
it into that tarball, with the only patch needed being John Dalbec's addition-
al patch.  I don't think that's the only patch needed.

Grepping all Fedora errata emails from 2004 and 2005 for the string
"CAN-2004-0750" yielded no matches.  FC2's original system-config-nfs package
appears to never have had any part of CAN-2004-0750 patch applied.

We're going to need to include (perhaps forward-port?) the other patch files,
included in FC1's redhat-config-nfs:

	  385 Sep 22  2004 redhat-config-nfs-1.0.13-dialogclose.patch
	 1006 Sep 22  2004 redhat-config-nfs-1.0.13-exportsmissing.patch
	 1424 Sep 22  2004 redhat-config-nfs-1.0.13-multiple-hosts.patch
	 4268 Sep 22  2004 redhat-config-nfs-1.0.13-optionless.patch

Until then,
  PUBLISH FC2--

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFDPTaoxou1V/j9XZwRAmdLAKCqN8wNeuO07P5T/JohUakEd0fu9ACfZE/8
xNt34oOKUC1t5FCct1gkcmk=
=czfx
-----END PGP SIGNATURE-----

Comment 10 Pekka Savola 2005-10-01 04:47:40 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, here's a new RPM which includes the same patches Marc included in FC1.

Available at:

http://www.netcore.fi/pekkas/linux/system-config-nfs-1.2.3-4.legacy.src.rpm

62c0839b4d6751403f72e51ca33de28961b83f0b  system-config-nfs-1.2.3-4.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFDPhU9GHbTkzxSL7QRAiUwAJ4gFcn+8PObB+9ccRL72j5Vbqat9gCguOHy
4mzijBEHVXIxehHRWCtPT9g=
=hL8J
-----END PGP SIGNATURE-----

Comment 11 David Eisenstein 2005-10-02 10:37:51 UTC

Created attachment 119518 [details]
Suggested system-config-nfs-1.2.3-exportsmissing.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The .src.rpm looks good, except there was a piece missing from the
exportsmissing patch.

Attached is the patch with the piece put back in.

0544f2e65c3493737d0e6471e14fdbd41119cb07
      system-config-nfs-1.2.3-exportsmissing.patch

Let me know what you think?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFDP7iXxou1V/j9XZwRAvXZAKDDzKwxCaebrXcRRhxqZBEQKLxZQQCg6zON
JuxEXF/tLmoRsQpb7HOF6Ow=
=1MXD
-----END PGP SIGNATURE-----

Comment 12 David Eisenstein 2005-10-02 11:36:00 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's a new RPM which includes an updated "system-config-nfs-1.2.3-
exportsmissing.patch" file.

Available at:

http://fedoralegacy.org/contrib/system-config-nfs/system-config-nfs-1.2.3-5.legacy.src.rpm

8f4d6cba6ba6c98509062d94d7234808ba63e00a
  system-config-nfs-1.2.3-5.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFDP8ZExou1V/j9XZwRAl+kAJ4tu+8jttT+heeC8U0XfMJiJVt7zACgqJNb
nm1jfsmyZQLyq13MpWzvoh8=
=MJOq
-----END PGP SIGNATURE-----

Comment 13 Pekka Savola 2005-10-03 04:59:10 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
The patch addition was OK (it was indeed missing), there weren't other changes
in the package.
 
+PUBLISH FC2
 
8f4d6cba6ba6c98509062d94d7234808ba63e00a  system-config-nfs-1.2.3-5.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFDQLrtGHbTkzxSL7QRAjrgAJ9k2PZQ70cg+zy7U7iqF0kJzNPyfgCeN8gm
Cpzsdf8GKuxNa0JgnoNvHQ4=
=gTZY
-----END PGP SIGNATURE-----

Comment 14 David Eisenstein 2005-10-08 14:54:04 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for RH9 package:

ecb9560fc13e87d28c12594575364fa63174baee
       redhat-config-nfs-1.0.13-6.legacy.src.rpm

   * All previous patches and tarball the same to
     redhat-config-nfs-1.0.13-5.legacy.src.rpm.
   * All signatures are good
   * New Patch looks good.
   * All patches apply cleanly.

PUBLISH++ RH9


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFDR91oxou1V/j9XZwRAiRYAKDN6miHKnSNbCTXIX2PQRkElfZjKQCglwqR
OP2N64aHJwS8MnzeN2zLSKo=
=eRVU
-----END PGP SIGNATURE-----

Comment 15 Marc Deslauriers 2005-10-26 00:39:29 UTC

Packages were pushed to updates-testing

Comment 16 Pekka Savola 2005-11-16 11:06:24 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA for RHL9. Signatures OK, installs OK.  Generates good exports files, also
modification is OK. rpm-build-compare.sh on the binaries looks sane.
 
+VERIFY RHL9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFDexMQGHbTkzxSL7QRAuQDAJ9Vsf0cMuD847gemwFfGcOnlPiESwCglln4
QfapvcTThEdDkcZ8qpChy58=
=PWsn
-----END PGP SIGNATURE-----

Timeout in 4 weeks.

Comment 17 David Eisenstein 2005-11-17 07:29:04 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for FC1.

376cd7a13d85877976d606a2a8dc57e5a9de1766 
redhat-config-nfs-1.1.3-3.legacy.noarch.rpm
at
http://download.fedoralegacy.org/fedora/1/updates-testing/i386/redhat-config-nfs-1.1.3-3.legacy.noarch.rpm

  * sha1sums okay
  * signatures okay
  * installs fine
  * runs fine
  * rpm-build-compare.sh on one I built and this one looks good.

  FC1 VERIFY++

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFDfDGLxou1V/j9XZwRAi24AJ0XfEcnw0gHRuQpkwVZmYKMfm5oAwCg9BsX
34bp8eMUi4BvgUOL+u9cwSE=
=O9Oa
-----END PGP SIGNATURE-----

Comment 18 David Eisenstein 2005-11-17 08:40:03 UTC

$ cat <comment #17> | \
  awk '/e1766/ { x = $0; getline; print x " " $0 ; getline; } {print;}' | \
  gpg --verify

to verify my last post.

Comment 19 Pekka Savola 2005-11-30 19:07:06 UTC

Timeout over.

Comment 20 Marc Deslauriers 2005-12-18 05:03:40 UTC

Packages were released.