Bug#603544: [Pkg-openldap-devel] Bug#603544: rc bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/07/2011 02:07 PM, Matthijs Möhlmann wrote: Should not this be an RC bug? Breaking some people's slapd systems on upgrade to squeeze does not feel nice. Correct, I'm going to work on this one. Regards, Matthijs Möhlmann I already planned to work on this one this weekend, but I got sick. (bad timing) I just checked your configuration file. Do you have the correct schema files configured in /etc/ldap/slapd.conf ? If I check the contents of gosa-schema then I see the following: /etc/ldap/schema/gosa/goto.schema /etc/ldap/schema/gosa/gosystem.schema /etc/ldap/schema/gosa/rfc2307bis.schema /etc/ldap/schema/gosa/goserver.schema /etc/ldap/schema/gosa/gosa-samba3.schema /etc/ldap/schema/gosa/trust.schema /etc/ldap/schema/gosa/gofon.schema /etc/ldap/schema/gosa/gofax.schema /etc/ldap/schema/gosa/samba3.schema /etc/ldap/schema/gosa/goto-mime.schema And your configuration shows me: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/gosa+samba3.schema Notice the extra directory here, some left-over of the previous package? That's my first observation here, I'm doing a lenny to squeeze upgrade now to test if I get more upgrade failures. Regards, Matthijs Möhlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNLKkPAAoJEBXBjvSJ+ky+t0kP/RLsN7RJV41Abcs0JRHa3BM1 X4RKuMcRZVqms9EIqik99AITH5czmmc2dFLpWywonhyTrVr77VJsa76i2X12degD Atmp8gZ3oCQ25hPm5YrOfng5RW3nNiH4uI+FqBQaLOz/Y1WgrJnhv5W74fJZxXfR oBDb0M13KlEeoNUrURqRoQa3iklWde3bAY/RMgY5V2+M08DUlphtwfehb+SAzUAJ MBrBpuOKRHsjcJuQ5EoLlz/vfTImiBBMFmnE2vt+qGonnBF0PkvidDetccEvzI2V 74Hev2faJx2kBtolfwDoqi+9o0FvKTEJ655Mm4ct+NazkHCtYiSOL4R7An8NHi5q kVv1oibx8XJn8lgWvCfBDHE/WpFe4yH5nhUnKAQwZ++KVLptX9UKIsR2mtBSxRxw k4020J+ZUSc1v7XQHj6yngPvl/KtaJAKfQw6XlVxcMZpmH5xHRWDd2tTCeAQlKJA lYYQx+Y6jbYtCvj0nBrjbhxwSmuwR6cuLEVwgJm1wRATrxReBqgYAg9C3BqKjFrd EDA9LazXy1ziBX8seB9Ymt+PjD9rnl6K2cDC+JK28ZrhVhLdC6P+BUCsI+WcJfbz Jxs3er8qIsmXmdMTL8Y+eDO2qLdHsRp20wXfLkirW3l2blb+posathKf0ifR5BfD PckLIRvHD9Y/hDR01D7n =p4JL -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#603544: [Pkg-openldap-devel] Bug#603544: rc bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/11/2011 08:17 PM, Frederik Himpe wrote: On Tue, 2011-01-11 at 20:01 +0100, Matthijs Mohlmann wrote: I already planned to work on this one this weekend, but I got sick. (bad timing) I just checked your configuration file. Do you have the correct schema files configured in /etc/ldap/slapd.conf ? [...] Notice the extra directory here, some left-over of the previous package? You are right. But it should not have any influence on this bug: on another server where I am using the schemas in /etc/ldap/schema/gosa/ provided by the gosa-schema package, the same bug happens. Do you have some more information from that server too ? Configuration ? Because I changed the slapd.conf to use the new schema files, moved the backup out of the way and did the upgrade and all went ok. Regards, Matthijs Möhlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNLLDPAAoJEBXBjvSJ+ky+ZjUP/0ny2RfFeXfO8Wyd+4ze7eRA YDQw7jxe0yXgfZslR8MpvkqrFtdjS6nxAANoLO0zdhau7QQhK73b7eslOUR4CPjU 9giI/o9fajszl7siHrQOVo0/rg8eXD7Ck29Lfd1VT/EOWJzMuFRUDLMo/kJ7HEFU rM3mN/4GutbYq9CG6ehGauMih0NcYnPNhlhRUQruMnmHSzmD42cTI+HqPYry7+/o dW9lneCPdfmibS3/yNSQuzfsud/Y2o2OUVvgW7E28taE4etJRQwYTH0s6U0GgcGL F7mUhYo/sBdoQiSxCMkzxhNGIaxD/DCisE53b42Fkn1W+bwSZ9RWmy6Vn1NC1DBP w4l59Uv3GU/4IaeXgfUD+T2yN089y2xrT4IT+F/KwucGEQycDhA/yE0OQfsQrMYQ r0z+ONM3Gf74ADbYzpFoO7qBudhqN925auJg5XSfzh3cEj8QbVx1F2DGBWhBZ1IT 0soCBfv4t1yoM9ISycf0IfVR5Coo82wr+10DJx4Z/3VvF9xfamQ6M4KZPkF6uCyK yWFggk4QL+xXLl/vBkOvdhOsGUV/hGYQe1w7pqYI2uyXEaeCp1Mc3HP2V7sp/ayR v6ZFWHD1fomq7BR8cPegdlwU2FlN89n7Oq2KztVlYqQLqno1XDio7oPlp3FdVKs+ CtZpbLr7R/jX23a/1RBv =3+2v -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#603544: [Pkg-openldap-devel] Bug#603544: rc bug?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/11/2011 08:51 PM, Frederik Himpe wrote: On Tue, 2011-01-11 at 20:34 +0100, Matthijs Mohlmann wrote: Do you have some more information from that server too ? Configuration ? Because I changed the slapd.conf to use the new schema files, moved the backup out of the way and did the upgrade and all went ok. $ dpkg -l slapd gosa-schema Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii gosa-schema2.6.11-2 LDAP schema for GOsa iF slapd 2.4.23-6 OpenLDAP server (slapd) Hmm, I'm getting something different now on this system: Preparing to replace slapd 2.4.23-6 (using .../slapd_2.4.23-7_amd64.deb) ... Stopping OpenLDAP: slapd. Unpacking replacement slapd ... Preparing to replace libldap-2.4-2 2.4.23-6 (using .../libldap-2.4-2_2.4.23-7_amd64.deb) ... Unpacking replacement libldap-2.4-2 ... Processing triggers for man-db ... Setting up libldap-2.4-2 (2.4.23-7) ... Setting up ldap-utils (2.4.23-7) ... Setting up slapd (2.4.23-7) ... Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.4.11-1 +lenny2... done. Moving old database directories to /var/backups: - directory cn=accesslog... done. - directory dc=ai,dc=vub,dc=ac,dc=be... done. Loading from /var/backups/slapd-2.4.11-1+lenny2: - directory cn=accesslog... cp: cannot create regular file `/var/lib/ldap/accesslog/': Is a directory dpkg: error processing slapd (--configure): subprocess installed post-installation script returned error exit status 1 And now /var/lib/ldap is totally empty! Backup should be in /var/backups, the scripts always tries to move the existing content to /var/backups. You have 2 directories: - /var/lib/ldap - /var/lib/ldap/accesslog The openldap scripts move everything inside a directory defined in the openldap configuration to a backup directory, hence the removal of accesslog at that location. About fixing this: Change the accesslog directory in the configuration to: directory /var/lib/ldap-accesslog Create that directory and rerun the upgrade procedure. Regards, Matthijs Möhlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNLVnGAAoJEBXBjvSJ+ky+8dEQAIGa/apNFhxV068Mh40aeZfF qvUPvJGC2YsgupyDud0aIFX8O+VS4VyxAQAYd67qX2UAQS01wC3aqs5BL5efvwem P37TaJJy50bAlmyxttschUTc+WnnKpGwPc5RwvUSAgp5CoYRBJRKkuigysCgf7s+ M35TGdLYeUW61+AJbMXI8u5wSGQ8zlyXqY73LHE7goPL8eBHrDo3NjsWHzyqT6FB FHqU3sUowvJuKiyUcwjiDg3JKGts1DseAH/qma4e7SHHmGrsgACw1A3fPbB5+aBH L5vRfmSpBfZuyRXmMdaLjhcQfOJ3grRYl5E9DHY3y/32rVLyl2BtlB8nzgYPxkmU F3PH72CKZXnloxwrFiDCzGnCbuf0lF0AejQjhl+BjNwLkRomwz4+IyhkD7MRWlEB G5TiRPJHF8JRqJCDaStP3fz4Gm5V8un+bH9tw0VUj5MTG4z/pRfoL45hW92F0MHq f0tiDrpjtOBkPySWJ465L2W7grA40dDr1xzJl+Rfs/JHS4/R3Inv5di3R4tbipyd LP/dU4NM2YRz6ltc7Z5c0tTwA1dxvPmHZFsRg6uRo/lipudpFwXmAK2fYnqHJnJ8 yH71fwBKYYYIwmv5MRSloQnDr375srZuK+/rPweWiHO9HVWiQAeGtOWMRzTevCHm 81R21v42XfH+LAX6d4vE =OPDH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#603544: slapd.conf file
On Nov 15, 2010, at 9:44 AM, Frederik Himpe wrote: gosa schema files are provided by package gosa-schema 2.6.11-2. slapd.conf file: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/gosa+samba3.schema pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args loglevel 0 modulepath/usr/lib/ldap moduleloadback_hdb sizelimit 500 tool-threads 1 backend hdb databasehdb suffix dc=wise,dc=vub,dc=ac,dc=be checkpoint 512 30 rootdn cn=admin,dc=wise,dc=vub,dc=ac,dc=be directory /var/lib/ldap TLSCertificateFile/etc/ssl/private/wisepc3.pem TLSCertificateKeyFile /etc/ssl/private/wisepc3.pem dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givennameeq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by anonymous auth by self write by * none access to dn.base= by * read access to * by * read -- Frederik Himpe fhi...@vub.ac.be Thanks for the information, I'll check what's going on here. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#601569: slapschema: manpage without binary
Hi, I just checked the version 2.4.23-6, and I see the slapschema manpage there. matth...@monster # find /usr/share/man -name slapschema\* /usr/share/man/man8/slapschema.8.gz What did you do to check if it is available? Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#598361: slapd: slapcat gives unclean shutdown detected; attempting recovery after squeeze upgrade
On Sep 28, 2010, at 3:47 PM, Bryan K. Walton wrote: Package: slapd Version: 2.4.23-6 Severity: normal I've recently upgraded slapd from Lenny to Squeeze. Nightly, I run a slapcat to dump to directory to an LDIF file for backup. Since the upgrade, I now get the following error: bdb_db_open: database dc=i-clic,dc=uihc,dc=uiowa,dc=edu: unclean shutdown detected; attempting recovery. bdb_db_open: database dc=i-clic,dc=uihc,dc=uiowa,dc=edu: recovery skipped in read-only mode. Run manual recovery if errors are encountered. I get this error every time. I also get this error when I run slaptest. After doing some research online, I have installed db4.8-util and have run: db4.8-recover db4.8-checkpoint -1 These commands seem to run fine. I have verified that my slapd instance is using 4.8 (4.8.30). However, I can immediately run the slapcat or slaptest after running the above commands and the same error repeats itself. Hi, Do you before you backup, shutdown the slapd process ? /etc/init.d/slapd stop slapcat ... /etc/init.d/slapd start If you don't, then this is probably the reason for this error. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#597704: On upgrade to 2.4.23-5 an rm -f /* has been executed and crashed my whole system!
tags + moreinfo thanks On Sep 22, 2010, at 1:15 PM, Joerg Friedrich wrote: Package: slapd Version: 2.4.23-5 Severity: critical After the last upgrade of slapd my complete sytem was unusable because the update ran a rm -f /*. this fortunatly was not able to delete the directory bin, sbin, home, var, ... but it deleted the symlink lib64 - lib (amd64 system) and then the linker was not able to find some libraries so the system was unusable. I was able to recover the link by boot cd, so I think I did not lose any data. Background: I installed slapd on my desktop for testing with ldapbackend. I just did a straight installation of slapd but I changed slapd.conf afterwards to use the ldap-backend. During the upgrade either slapd.config or slapd.postinst failed and tried to delete the database directory but since my slapd.conf did not contain any directory statement any more get_directory returned nothing and $dbdir was emtpy. So instead of rm -f $dbdir/* it ran rm -f /*! Please add a test that checks if $dbdir has any value! Btw: I think rm -f $dbdir/* can run into MAX_ARGS. maybe using find -delete would be better -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.34-1-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages slapd depends on: ii adduser 3.112 add and remove users and groups ii coreutils 8.5-1 GNU core utilities ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy ii libc6 2.11.2-5 Embedded GNU C Library: Shared lib ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [ ii libgnutls26 2.8.6-1the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.23-5 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-14 shared Perl library ii libsasl2-22.1.23.dfsg1-6 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.8 OpenSLP libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-perl 5.10.1-14 Larry Wall's Practical Extraction ii psmisc22.11-1utilities that use the proc file s ii unixodbc 2.2.14p2-1 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-6 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: ii ldap-utils2.4.23-5 OpenLDAP utilities - Hi Joerg, Can you supply a configuration file (/etc/ldap/slapd.conf) ? Make sure there is no confidential information in that file. Furthermore, can you supply the debconf information ? Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#597704: On upgrade to 2.4.23-5 an rm -f /* has been executed and crashed my whole system!
tag 597704 - moreinfo thanks On Sep 22, 2010, at 2:25 PM, Bernd Zeimetz wrote: On 09/22/2010 01:41 PM, Matthijs Mohlmann wrote: Can you supply a configuration file (/etc/ldap/slapd.conf) ? Make sure there is no confidential information in that file. Although it might make sense to check *why* the variable was empty, you need to make sure never to call something like rm $foo/* when you're not sure that $foo is not empty. You should add an extra check here to ensure this. Also you should check if the slapd user actually owns the files (or at least the directory) before deleting them. -- Bernd ZeimetzDebian GNU/Linux Developer http://bzed.dehttp://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F This shouldn't happen in the first place, because the ldap backend is not a supported backend to upgrade from. I'm investigating why this is happening. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#597704: On upgrade to 2.4.23-5 an rm -f /* has been executed and crashed my whole system!
On Sep 22, 2010, at 2:52 PM, Bernd Zeimetz wrote: On 09/22/2010 02:39 PM, Matthijs Mohlmann wrote: This shouldn't happen in the first place, because the ldap backend is not a supported backend to upgrade from. That doesn't make a difference. Such things can always happen, so you need to check for them, even if you fix the real reason. -- Bernd ZeimetzDebian GNU/Linux Developer http://bzed.dehttp://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F Correct. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585966: Bug#594805: Bug#585966: installation of pdns-server 2.9.22-7 fails on squeeze
On Sep 13, 2010, at 8:54 AM, Juha Heinanen wrote: i...@dnsregistraties.be writes: Is there any update about this issue? We are now 2 weeks further and don't have received any update. i have not seen any updates. my conclusion is that the rules under which a package may list init dependencies should be clarified by the debian people who have invented the system. in my opinion, the policy should be that init dependency of a service on another service should only be listed if the init script of the service cannot be run unless this other service is already running ON THE SAME HOST. on top of that, perhaps there could be a customization mechanism that would allow system managers to add other init dependencies on top of the default ones that obey the above stated rule. -=- juha I'll remove the mysql dependency from the init.d script and will upload it when I tested it. Sorry for the delay in response. I need to check the other services too, like postgresql and slapd which also can have this behaviour. Expect an upload in a day or two. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594711: slapd: Migration of DB format fails during upgrade
On Sep 3, 2010, at 3:09 PM, Julien Cristau wrote: On Sat, Aug 28, 2010 at 17:34:37 +0200, Stefan Fritsch wrote: Package: slapd Version: 2.4.23-4 Severity: grave When upgrading from 2.4.23-2 to 2.4.23-4, I get a debconf message that tells me that slapcat failed during upgrade. dpkg then aborts with a failure. Also, contrary to the debconf message, the database files are not moved into /var/backup. I am guessing that the problem could have to do with slapd not being started on boot on my system. #593550 has some info about how to resolve the problem, but I think this information should be in slapd's README.Debian. Here is the log from the attempted upgrade: Preconfiguring packages ... (Reading database ... 261556 files and directories currently installed.) Preparing to replace slapd 2.4.23-2 (using .../slapd_2.4.23-4_i386.deb) ... Stopping OpenLDAP: slapd. Dumping to /var/backups/slapd-2.4.23-2: - directory dc=loglevel,dc=info... bdb(dc=loglevel,dc=info): Program version 4.8 doesn't match environment version 4.7 hdb_db_open: database dc=loglevel,dc=info cannot be opened, err -30971. Restore from backup! backend_startup_one (type=hdb, suffix=dc=loglevel,dc=info): bi_db_open failed! (-30971) slap_startup failed Could that be due to trying to do the dump with a version of slapcat (2.4.23-2) which already used db4.8, whereas the db was from 4.7? In that case this was a transitional issue only affecting sid, I think? Cheers, Julien Correct. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593878: [Pkg-openldap-devel] Bug#593878: Bug#593878: slapd upgrade/start fails when authz-regex / access statements are used in local config
On Aug 23, 2010, at 3:34 PM, Mathias Gug wrote:
Hi,
Excerpts from Peter Marschall's message of Sat Aug 21 15:30:23 -0400 2010:
The attached patch to debian/slapd.script-common fixes the problem:
- it check for the existence a bit more flexibly
- and adds the clauses with {-1} prepended
so that they get evaluated first (making use of the fact that slapd's
conversion logic starts with X=0 ;-))
With this patch applied and slapd re-compiled locally the upgrade works
without problems
--- openldap-2.4.32/debian/slapd.scripts-common
+++ openldap-2.4.32/debian/slapd.scripts-common
@@ -137,16 +137,16 @@
SLAPD_CONF=/etc/ldap/slapd.d
# Add the localroot authz mapping
-if ! grep -q -E '^olcAuthzRegexp:
gidNumber=\[\[:digit:]]\+\\\+uidNumber=0,cn=peercred,cn=external,cn=auth
cn=localroot,cn=config' ${SLAPD_CONF}/cn=config.ldif; then
-sed -i 's/^\(structuralObjectClass:
olcGlobal\)/olcAuthzRegexp:
gidNumber=[[:digit:]]+\\+uidNumber=0,cn=peercred,cn=external,cn=auth
cn=localroot,cn=config\n\0/' ${SLAPD_CONF}/cn=config.ldif
+if ! grep -q -E '^olcAuthzRegexp:
({.*})?gidNumber=\[\[:digit:]]\+\\\+uidNumber=0,cn=peercred,cn=external,cn=auth
cn=localroot,cn=config' ${SLAPD_CONF}/cn=config.ldif; then
+sed -i 's/^\(structuralObjectClass:
olcGlobal\)/olcAuthzRegexp:
{-1}gidNumber=[[:digit:]]+\\+uidNumber=0,cn=peercred,cn=external,cn=auth
cn=localroot,cn=config\n\0/' ${SLAPD_CONF}/cn=config.ldif
fi
I'd suggest to bypass the use of AuthzRegexp mapping to
cn=localroot,cn=config and use
gidNumber=[[:digit:]]+\\+uidNumber=0,cn=peercred,cn=external,cn=auth
directly in the ACL.
Ubuntu used AuthzRegexp during the first upgrade to slapd.d but I've
simplified the upgrade by dropping the auth mapping and just adding
olcAccess lines:
# Grant manage access to connections made by the root user via
# SASL EXTERNAL
if previous_version_older 2.4.21-0ubuntu5 ; then
if [ -d $SLAPD_CONF ]; then
# Stick the new olcAccess at the begining of the
# olcAccess list (using an index of 0 *and*
# adding it as early as possible in the ldif file)
# to make sure that local root has access to the
# database no matter what other acls say.
sed -i 's/^\(olcDatabase: {-1}frontend\)/\0\nolcAccess:
{0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage by * break/' ${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif
sed -i 's/^\(olcDatabase: {0}config\)/\0\nolcAccess:
{0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage by * break/' ${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif
fi
fi
This makes the whole configuration easier to understand IMO.
I've also implemented an alternate solution to using an index of -1:
The olcAccess lines are inserted at the very beginning of the ldif
file with an index set to 0 so that ACL defined by them are
applied first. slapd seems to sort first on index (0 being lowest) and
then by order of appearance in the ldif file.
I don't know which of the two solutions upstream supports the best.
I have committed the fix in svn. Peter can you try and see if this fixes
your problem ?
Regards,
Matthijs Möhlmann
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594234: Standards-Version incorrectly checked (value 3.8.4)
Package: lintian Version: 2.4.3 Severity: normal Hi, The package ajaxterm has a Standards-Version of 3.8.4 when checking the package with lintian it won't come up with saying that the Standards-Version is out of date. I get the following output with this package: matth...@monster % lintian -iv ajaxterm_0.10-6_amd64.changes N: Setting up lab in /tmp/wf1h8fk8fW ... N: Processing 3 packages... N: N: Processing changes file ajaxterm_0.10-6_amd64 (version 0.10-6) ... N: N: Processing source package ajaxterm (version 0.10-6) ... N: N: Processing binary package ajaxterm (version 0.10-6) ... N: Removing /tmp/wf1h8fk8fW ... Regards, Matthijs Mohlmann -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages lintian depends on: ii binutils 2.20.1-13 The GNU assembler, linker and bina ii diffstat 1.53-1produces graph of changes introduc ii dpkg-dev 1.15.8.4 Debian package development tools ii file 5.04-5Determines file type using magic ii gettext0.18.1.1-1GNU Internationalization utilities ii intltool-debian0.35.0+20060710.1 Help i18n of RFC822 compliant conf ii libapt-pkg-perl0.1.24Perl interface to libapt-pkg ii libclass-accessor-perl 0.34-1Perl module that automatically gen ii libipc-run-perl0.89-1Perl module for running processes ii libparse-debianchangel 1.1.1-2.1 parse Debian changelogs and output ii libtimedate-perl 1.2000-1 collection of modules to manipulat ii liburi-perl1.54-1module to manipulate and access UR ii locales2.11.2-2 Embedded GNU C Library: National L ii man-db 2.5.7-4 on-line manual pager ii perl [libdigest-sha-pe 5.10.1-14 Larry Wall's Practical Extraction lintian recommends no packages. Versions of packages lintian suggests: pn binutils-multiarchnone (no description available) pn libtext-template-perl none (no description available) ii man-db2.5.7-4on-line manual pager -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593550: [Pkg-openldap-devel] Bug#593550: Bug#593550: Bug#593550: A fix
On Aug 19, 2010, at 11:19 PM, Russ Allbery wrote: Quanah Gibson-Mount qua...@zimbra.com writes: Michael Rasmussen m...@datanom.net wrote: Quanah Gibson-Mount qua...@zimbra.com wrote: What version was being migrated from (i.e., what version of BDB was openldap linked against?). If it was prior to BDB 4.8, then you have to do a slapcat/slapadd of the database (I assume that's already being done), but before that, it is critical to completely checkpoint the database via db_recover (one of the steps taken above). I think this is the key question. Apparently the db-tools cannot handle a migration from = 4.7 to 4.8 in which case the only reliable way to do this is slapcat/slapadd. Correct, it is never possible to use db-tools to upgrade OpenLDAP Databases across BDB versions. The only method is slapcat/slapadd. Right, and the package already has all the logic to do that already. I think the only problem here is that it didn't trigger when it should have for your installation. Maybe the version number for the check for when to do this isn't quite right? I'd also note that BDB 4.8 versions prior to 4.8.30 are not reliable and should be avoided (Not sure what's in debian atm). 4.8.30 is in unstable and will migrate to testing as soon as we figure out what's going on with the mips and sparc builds. This has to do with gcj on these platforms which are fixed already, but probably the build is not ready on those platforms. I have to check if gcj is already build and then db4.8 can be rescheduled on those platforms. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593550: A fix
On Aug 19, 2010, at 10:32 AM, Michael Rasmussen wrote: Hi, A way to fix this: apt-get install db4.7-util cd /var/lib/ldap db4.7_checkpoint -1 db4.7_recover dpkg --configure -a Thanks for the fix, but I do not understand why your environment is still 4.7 The 2.4.23-2 version should already have db 4.8 as default. I'll investigate what's going on here. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593566: slapd - Root access to cn=config not working after upgrade
On Aug 19, 2010, at 12:10 PM, Bastian Blank wrote:
Package: slapd
Version: 2.4.23-3
Severity: grave
I installed 2.4.23-2 and updated to -3 without a config change. Now I
cannot access cn=config.
| # ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config
| SASL/EXTERNAL authentication started
| SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
| SASL SSF: 0
| # extended LDIF
| #
| # LDAPv3
| # base cn=config with scope subtree
| # filter: (objectclass=*)
| # requesting: ALL
| #
|
| # search result
| search: 2
| result: 32 No such object
|
| # numResponses: 1
ACL debugging log:
[startup]
| slapd starting
| = access_allowed: search access to cn=config entry requested
| = acl_get: [1] attr entry
| = acl_mask: access to entry cn=config, attr entry requested
| = acl_mask: to all values by cn=localroot,cn=config, (=0)
| = check a_dn_pat: *
| = acl_mask: [1] applying none(=0) (stop)
| = acl_mask: [1] mask: none(=0)
| = slap_access_allowed: search access denied by none(=0)
| = access_allowed: no more rules
| connection_read(12): no connection!
| connection_read(12): no connection!
| daemon: shutdown requested and initiated.
| slapd shutdown: waiting for 0 operations/tasks to finish
| slapd stopped.
The access is done as cn=localroot,cn=config
| # grep olcAuthz cn=config.ldif
| olcAuthzPolicy: none
| olcAuthzRegexp:
gidNumber=[[:digit:]]+\+uidNumber=0,cn=peercred,cn=external,cn=auth
cn=localroot,cn=config
But the first access rule already rejects all access
| # grep olcAcc cn=config/olcDatabase=\{0\}config.ldif
| olcAccess: {0}to * by * none
| olcAccess: {1}to * by dn.exact=cn=localroot,cn=config manage by * break
Not sure why this stunt it done instead of using
| gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
directly. If seen the later in Ubuntu.
Bastian
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.35-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages slapd depends on:
ii adduser 3.112add and remove users and groups
ii coreutils 8.5-1GNU core utilities
ii debconf [debconf-2.0] 1.5.35 Debian configuration management
sy
ii libc6 2.11.2-2 Embedded GNU C Library: Shared
lib
ii libdb4.84.8.30-1 Berkeley v4.8 Database Libraries
[
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime
libr
ii libldap-2.4-2 2.4.23-3 OpenLDAP libraries
ii libltdl72.2.6b-2 A system independent dlopen
wrappe
ii libperl5.10 5.10.1-14shared Perl library
ii libsasl2-2 2.1.23.dfsg1-5.1 Cyrus SASL - authentication
abstra
ii libslp1 1.2.1-7.8OpenSLP libraries
ii libwrap07.6.q-19 Wietse Venema's TCP wrappers
libra
ii lsb-base3.2-23.1 Linux Standard Base 3.2 init
scrip
ii perl [libmime-base64-pe 5.10.1-14Larry Wall's Practical
Extraction
ii psmisc 22.12-1 utilities that use the proc file
s
ii unixodbc2.2.14p2-1 ODBC tools libraries
Versions of packages slapd recommends:
ii libsasl2-modules2.1.23.dfsg1-5.1 Cyrus SASL - pluggable
authenticat
Versions of packages slapd suggests:
ii ldap-utils2.4.23-3 OpenLDAP utilities
-- Configuration Files:
/etc/default/slapd changed:
SLAPD_CONF=/etc/ldap/slapd.d
SLAPD_USER=openldap
SLAPD_GROUP=openldap
SLAPD_PIDFILE=
SLAPD_SERVICES=ldapi:///
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
SLAPD_OPTIONS=
-- debconf information excluded
Do you have any debconf information ?
Regards,
Matthijs Möhlmann
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585966: intent to NMU
Hi, I just uploaded 2.9.22-7 with some more fixes. Regards, Matthijs Möhlmann On Aug 6, 2010, at 1:08 AM, Serafeim Zanikolas wrote: On Fri, Aug 06, 2010 at 01:05:21AM +0200, Serafeim Zanikolas wrote: I've prepared an NMU for pdns (versioned as 2.9.22-6.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Forgot to attach the NMU patch. -S nmu.diff -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#590285: Patch to fix SQLite backslash-escaping issue
Hi Andy, Thanks for working on a patch, one question though did you first try to check if the new version has still this bug ? You're using version 2.9.21-2.1 which is currently the stable version. Can you try with 2.9.22-6 which is in testing to reproduce? Regards, Matthijs Möhlmann On Aug 3, 2010, at 3:29 PM, Andy Smith wrote: This works for me and shouldn't have any effect on MySQL; haven't looked at the pgsql backend though. thanks -- fix-sqlite-escaping.patch -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584133: slapd: Fails to lookup client hostname in hosts.allow and rejects connection
Current version in unstable is 2.4.23-2, can you please try if this is fixed in that version, 2.4.11 is pretty old and it is possible this bug is fixed in this version. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#573549: Re pdns-backend-ldap: Missing newer RR types (SPF, [DNS]KEY, etc.)
Hi, This is a plain new bug, forgot to include a required ldap schema file. Regards, Matthijs Möhlmann On Jul 18, 2010, at 8:38 PM, Petter Reinholdtsen wrote: The code might be fixed, but the LDAP schema provided is still missing some of the attributes. A new schema was announced in URL: http://mailman.powerdns.com/pipermail/pdns-users/2008-March/005262.html . Quite surprised to discover that the definition of the dnsdomain2 object class was changed without changing the OID, which I suspect might cause problems if the schema is changed when there is data stored in the LDAP database, but believe it would be good to have a new schema with all the attributes available. Not sure if I should reopen this bug or create a new one. Only adding information as a start. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#589337: FTBFS on mips and sparc
Package: db4.8 Version: 4.8.30-1 Severity: serious Tags: squeeze sid Build failure on mips and sparc, both architecture exit with the same error. make[1]: Entering directory `/build/buildd-db4.8_4.8.30-1-mips-vAKhTj/db4.8-4.8.30/debian/libdb4.8-java-gcj/usr/lib/gcj' /usr/bin/gcj -c -fsource-filename=/tmp/sourcelist.B2NkP5bldb -g -O2 -fPIC -findirect-dispatch -fjni libdb4.8-java-4.8.30.jar.1.jar -o libdb4.8-java-4.8.30.jar.1.o /usr/bin/gcj -c -fsource-filename=/tmp/sourcelist.B2NkP5bldb -g -O2 -fPIC -findirect-dispatch -fjni libdb4.8-java-4.8.30.jar.2.jar -o libdb4.8-java-4.8.30.jar.2.o gcj: libgcj.spec: No such file or directory gcj: libgcj.spec: No such file or directory make[1]: *** [libdb4.8-java-4.8.30.jar.1.o] Error 1 make[1]: *** Waiting for unfinished jobs make[1]: *** [libdb4.8-java-4.8.30.jar.2.o] Error 1 See buildd.debian.org for full log. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#588969: [Pkg-openldap-devel] Bug#588969: slapd 2.4.23-1 fails to start with libdb4.8 4.8.26-1
Hello Alexandar, Do you have some more information? What error do you get? Regards, Matthijs Möhlmann On Jul 13, 2010, at 11:01 PM, Alexander Samad wrote: Package: slapd Version: 2.4.23-1 Severity: important slapd should be libdb4.8 = 4.8.30-1, fails to start otherwise -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (100, 'unstable'), (50, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.34-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF8, LC_CTYPE=en_AU.UTF8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages slapd depends on: ii adduser 3.112 add and remove users and groups ii coreutils 8.5-1 GNU core utilities ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libdb4.8 4.8.30-1 Berkeley v4.8 Database Libraries [ ii libgnutls26 2.8.6-1the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.23-1 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-13 shared Perl library ii libsasl2-22.1.23.dfsg1-5 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.7 OpenSLP libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-perl 5.10.1-13 Larry Wall's Practical Extraction ii psmisc22.11-1utilities that use the proc file s ii unixodbc 2.2.14p2-1 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-5 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: ii ldap-utils2.4.23-1 OpenLDAP utilities -- Configuration Files: /etc/default/slapd changed: SLAPD_CONF= SLAPD_USER=openldap SLAPD_GROUP=openldap SLAPD_PIDFILE=/var/run/slapd/slapd.pid SLAPD_SERVICES=ldap:/// ldapi:/// SLAPD_SENTINEL_FILE=/etc/ldap/noslapd SLAPD_OPTIONS= -- debconf information: slapd/tlsciphersuite: slapd/password_mismatch: slapd/invalid_config: true shared/organization: samad.com.au slapd/upgrade_slapcat_failure: slapd/slurpd_obsolete: slapd/backend: HDB slapd/dump_database: when needed slapd/allow_ldap_v2: false slapd/no_configuration: false slapd/move_old_database: true slapd/suffix_change: false slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/purge_database: false slapd/domain: samad.com.au ___ Pkg-openldap-devel mailing list pkg-openldap-de...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#588969: [Pkg-openldap-devel] Bug#588969: Bug#588969: slapd 2.4.23-1 fails to start with libdb4.8 4.8.26-1
I got it already, busy on fixing this. Regards, Matthijs Möhlmann On Jul 14, 2010, at 7:51 AM, Matthijs Mohlmann wrote: Hello Alexandar, Do you have some more information? What error do you get? Regards, Matthijs Möhlmann On Jul 13, 2010, at 11:01 PM, Alexander Samad wrote: Package: slapd Version: 2.4.23-1 Severity: important slapd should be libdb4.8 = 4.8.30-1, fails to start otherwise -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (100, 'unstable'), (50, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.34-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF8, LC_CTYPE=en_AU.UTF8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages slapd depends on: ii adduser 3.112 add and remove users and groups ii coreutils 8.5-1 GNU core utilities ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libdb4.8 4.8.30-1 Berkeley v4.8 Database Libraries [ ii libgnutls26 2.8.6-1the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.23-1 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-13 shared Perl library ii libsasl2-22.1.23.dfsg1-5 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.7 OpenSLP libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-perl 5.10.1-13 Larry Wall's Practical Extraction ii psmisc22.11-1utilities that use the proc file s ii unixodbc 2.2.14p2-1 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-5 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: ii ldap-utils2.4.23-1 OpenLDAP utilities -- Configuration Files: /etc/default/slapd changed: SLAPD_CONF= SLAPD_USER=openldap SLAPD_GROUP=openldap SLAPD_PIDFILE=/var/run/slapd/slapd.pid SLAPD_SERVICES=ldap:/// ldapi:/// SLAPD_SENTINEL_FILE=/etc/ldap/noslapd SLAPD_OPTIONS= -- debconf information: slapd/tlsciphersuite: slapd/password_mismatch: slapd/invalid_config: true shared/organization: samad.com.au slapd/upgrade_slapcat_failure: slapd/slurpd_obsolete: slapd/backend: HDB slapd/dump_database: when needed slapd/allow_ldap_v2: false slapd/no_configuration: false slapd/move_old_database: true slapd/suffix_change: false slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/purge_database: false slapd/domain: samad.com.au ___ Pkg-openldap-devel mailing list pkg-openldap-de...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel ___ Pkg-openldap-devel mailing list pkg-openldap-de...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#568711: slapd: replication : consumer crashes due to assertion failure when replication starts the first time
Hi Adrien, Sorry for the late response. The OpenLDAP team doesn't have many active developers. I try to catch up with the open bug reports. Can you try to reproduce this bug with the current version in unstable ? Version in unstable is: 2.4.23-1. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#580819: pdns-server: Should start after slapd some times (when pdns uses LDAP)
On May 12, 2010, at 10:53 PM, Petter Reinholdtsen wrote: Hi. I plan to enable concurrenct booting by default in Debian/Squeeze (see thread on debian-devel@), and this will make this problem more serious for Debian Edu. I hope you can find time to look at this issue and upload a fix soon. Please object if I should not NMU to fix it. Happy hacking, -- Petter Reinholdtsen I'll fix it ASAP. Please wait with a NMU, trying to upload it this weekend ? Is that a good time frame for you ? Regards, Matthijs Mohlmann
Bug#579194:
No problem. Regards, Matthijs Mohlmann On Apr 26, 2010, at 9:02 AM, aklei...@sonic.net wrote: The following was brought to my attention so I apologize for troubling you with something that was already known. Original Message Subject: Re: Bug#579194: pdns-recursor 'has no installation candidate.' according to apt-get instal From:Imre Gergely gi...@narancs.net Date:Sun, April 25, 2010 11:54 pm To: Alex Kleider aklei...@sonic.net 579...@bugs.debian.org Cc: Debian Bug Tracking System sub...@bugs.debian.org -- If I'm not mistaken, pdns-recursor uses swapcontext which isn't available on ARM. I've tried to install it on my SheevaPlug a couple of weeks back when 3.2 appeared, but with no luck. On the #powerdns IRC channel I was pointed at another library that could replace/emulate(?) swapcontext, but I couldn't compile that either. I found this http://us.generation-nt.com/answer/bug-395801-pdns-recursor-doesnt-work-architectures-not-implementing-swapcontext-system-call-help-166839251.html On 04/26/2010 09:13 AM, Alex Kleider wrote: Package: pdns-recursor Severity: important Using Debian Testing (Squeeze) on a Marvel SheevaPlug, an attempt to install pdns-recursor results in the following output: a...@plug:~$ sudo apt-get install pdns-recursor Reading package lists... Done Building dependency tree Reading state information... Done Package pdns-recursor is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package pdns-recursor has no installation candidate a...@plug:~$ I can find no documentation that this package has been withdrawn and have to assume that the problem is in the package manager. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: armel (armv5tel) Kernel: Linux 2.6.32-trunk-kirkwood Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Imre Gergely Yahoo!: gergelyimre | ICQ#: 101510959 MSN: gergely_imre | GoogleTalk: gergelyimre gpg --keyserver subkeys.pgp.net --recv-keys 0x34525305 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#579192: [Pkg-openldap-devel] Bug#579192: openldap: [INTL:fr] French debconf templates translation update
On Apr 26, 2010, at 8:18 AM, Christian Perrier wrote: Package: openldap Version: N/A Severity: wishlist Tags: patch l10n Please find attached the french debconf templates update, proofread by the debian-l10n-french mailing list contributors. If you do not already use it, you might consider using the podebconf-report-po utility, which helps warning translators about changes when you modify some debconf templates in your packages. The usual policy when using it is sending a warning to translators when you plan to upload a version of your package with debconf templates changes (even typo corrections). Then leave about one week for them to update their files (several translation teams have a QA process which requires time). podebconf-report-po will take care of sending the translators the needed material as well as getting the translators adresses from the PO files. All you have to do is just using the utility..:-) Example use (from your package build tree): $ podebconf-report-po This will go through debian/po/*.po files, find those needing an update, extract the translators data from these files and prepare a mail to send to these translators (you can also use the --languageteam switch to also mail the mail addresses listed in Language-Team field). You can also use this utility to request for new translations: $ podebconf-report-po --call This will send a mail to debian-i...@lists.debian.org with all the needed information and material for new translators to add new languages to your supported languages. If you apply this policy, please forget about these remarks, of courseThis message is generic..:-) -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-3-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash fr.po___ Pkg-openldap-devel mailing list pkg-openldap-de...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel Hi Christian, Thanks for your work. Please don't send out a call for translations, I'm not yet done reworking the package templates. I still need to include the new configuration style and some debconf templates need to be added. I'll use the podebconf-report-po utility when I'm done. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#562723: config with slapd.d don't work
severity 562723 important fixed 562723 2.4.17-1 thanks Hi, First of all the use of slapd.d (new configuration style) isn't supported by the debian package in any way. Second this bug seems to be fixed in the version 2.4.17-1 according to the notes of the user. For now set the severity to important and mark it fixed in 2.4.17-1. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#563113: slapd.conf(5) man page patch
Hi Peter, Thanks for testing the package to this bug, currently 2.4.21 is in trunk and will be uploaded in the near future. I'll forward the patch to upstream. Regards, Matthijs Mohlmann On Apr 15, 2010, at 9:39 AM, Peter Marschall wrote: Package: slapd Severity: normal Tags: patch Hi, I wrote a small patch for the slapd.conf(5) man page. Please find it attached. In addition to that I can confirm that the bug does not occur in OpenDLAP 2.4.21 (tested with TLSCipherSuite NORMAL:!AES-128-CBC in slapd.conf). I did not test with earlier versions, but according to the code in tls_g.c the calls to gnutls_priority_init() were already in when 2.4.17 was released. So, I am quite confident the problem was already solved with OpenLDAP 2.4.17. Best regards Peter -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages slapd depends on: ii adduser 3.112 add and remove users and groups ii coreutils 7.4-2 The GNU core utilities ii debconf [debconf-2.0] 1.5.30 Debian configuration management sy ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libdb4.7 4.7.25-9 Berkeley v4.7 Database Libraries [ ii libgnutls26 2.8.6-1the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.21-0pm1OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-11 shared Perl library ii libsasl2-22.1.23.dfsg1-5 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.6 OpenSLP libraries ii libwrap0 7.6.q-18 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-perl 5.10.1-11 Larry Wall's Practical Extraction ii psmisc22.10-1utilities that use the proc file s ii unixodbc 2.2.11-21 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-5 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: ii ldap-utils 2.4.21-0pm1 OpenLDAP utilities -- debconf information excluded openldap-2.4.21-slapd.conf-TLSCipherSuite.patch -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#565052: pdns-recursor: ftbfs with gcc-4.5
Hi, Can you try to do a rebuilt with pdns-recursor version 3.2-1 ? I'm somehow unable to install gcc 4.5 / g++ 4.5 in my build environment / unstable environment. Regards, Matthijs Möhlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#566877: pdns-recursor: init.d script should depend on $syslog and start before pdns
Hello Petter, I'm currently fixing this bug, can I put slapd in the X-Start-Before and X-Stop-After ? Or do I need $slapd / $mysql / $postgresql there ? X-Start-After $slapd $mysql $postgresql X-Stop-Before $slapd $mysql $postgresql Or should I just use: slapd mysql and postgresql ? (Without the $ sign) Regards, Matthijs Möhlmann On Mar 6, 2010, at 1:32 AM, Petter Reinholdtsen wrote: Hi. Can I provide more information to improve the boot ordering of pdns for squeeze? Any hope of having this issue resolved soon? Happy hacking, -- Petter Reinholdtsen
Bug#558678: mod-security-common: Please enable a basic ruleset
Package: mod-security-common Version: 2.5.11-1 Severity: wishlist I've installed and enabled the mod security, but when enabling it would be nice if a basic ruleset will be enabled. I think a basic ruleset will give users a start to set up mod security. Maybe you can create a directory in /etc/ where to keep the configuration files for mod-security. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#555311: pdns-server postinst triggered blocks (upgrade never finishes).
On Nov 9, 2009, at 11:13 AM, Andreas Henriksson wrote: Package: pdns-server Version: 2.9.22-3 Severity: important When upgrading powerdns I need to press ctrl-C to finish the upgrade. I can reproduce the same issue by running: /var/lib/dpkg/info/pdns-server.postinst triggered I can work around this by adding db_stop to the triggered case in the postinst file. (Currently db_stop only gets run in the configure case.) Maybe the db_stop should be moved below the switch/case to always run? Correct, I'll fix this asap. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#551153: pdns-recursor: Please add sh4 into support architecture list
The easiest way to test is installing pdns-recursor and executing the following command: dig @localhost tweakers.net That command should return an A record. If not, please check the syslog and give me the results. Regards, Matthijs Mohlmann On 6 nov 2009, at 03:05, Nobuhiro Iwamatsu iwama...@nigauri.org wrote: Hi, Sorry , replay is late... 2009/11/5 Matthijs Möhlmann matth...@cacholong.nl: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Nobuhiro, Did you have a chance to look at this ? I installed debian package in sh4 board. It seems to move. And I tested the simple program that man of makecontext had. I do not know enough test methods. Could you teach what kind of test? Best regards, Nobuhiro -- Nobuhiro Iwamatsu -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#551153: pdns-recursor: Please add sh4 into support architecture list
Hi, Perfect, thanks for testing. It's supported, I'll add sh4 to the list of supported architectures. Regards, Matthijs Mohlmann On Nov 6, 2009, at 8:19 AM, Nobuhiro Iwamatsu wrote: Hi, 2009/11/6 Matthijs Mohlmann matth...@cacholong.nl: The easiest way to test is installing pdns-recursor and executing the following command: dig @localhost tweakers.net That command should return an A record. If not, please check the syslog and give me the results. I had result of dig command following - $ dig @localhost tweakers.net ; DiG 9.6.1-P1 @localhost tweakers.net ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 14239 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;tweakers.net. IN A ;; ANSWER SECTION: tweakers.net. 86400 IN A 213.239.154.35 ;; Query time: 699 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Nov 6 07:11:23 2009 ;; MSG SIZE rcvd: 46 --- Best regards, Nobuhiro On 6 nov 2009, at 03:05, Nobuhiro Iwamatsu iwama...@nigauri.org wrote: Hi, Sorry , replay is late... 2009/11/5 Matthijs Möhlmann matth...@cacholong.nl: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Nobuhiro, Did you have a chance to look at this ? I installed debian package in sh4 board. It seems to move. And I tested the simple program that man of makecontext had. I do not know enough test methods. Could you teach what kind of test? Best regards, Nobuhiro -- Nobuhiro Iwamatsu -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508987: Patch for the l10n upload of pdns
On Nov 4, 2009, at 7:13 AM, Christian Perrier wrote: Dear maintainer of pdns, On Wednesday, October 28, 2009 I sent you a notice announcing my intent to upload a NMU of your package to fix its pending l10n issues, after an initial notice sent on Wednesday, October 21, 2009. We finally agreed that you would do the update yourself at the end of the l10n update round. That time has come. To help you out, here's the patch which I would have used for an NMU. Please feel free to use all of it...or only the l10n part of it. The corresponding changelog is: Source: pdns Version: 2.9.22-1.1 Distribution: UNRELEASED Urgency: low Maintainer: Christian Perrier bubu...@debian.org Date: Wed, 21 Oct 2009 18:49:14 +0200 Closes: 508987 539465 552219 553150 553648 Changes: pdns (2.9.22-1.1) UNRELEASED; urgency=low . * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: * Spanish (Alba Ferri). Closes: #508987 * Russian (Yuri Kozlov). Closes: #539465 * Italian (Luca Monducci). Closes: #552219 * Basque (Piarres Beobide). Closes: #553150 * Finnish (Esko Arajärvi). Closes: #553648 Hello Christian, I'll upload the package this evening with the fixes. Thanks a lot. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#443073: Compile contrib slapd-module /smbk5pwd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I just processed this module and wanted to add it. But it needs OpenSSL to build. We have changed to GnuTLS and I don't know if adding OpenSSL as build dependency for smbk5pwd will have conflicts with slapd which links against GnuTLS. So if somebody is able to test it and give me feedback about it, would be nice. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIOcUn2n1ROIkXqbARApH5AJ94j6U51B5xZCHAXvEQmmBjg1rMLgCgi3bu xGwMTOva8nHz9LKf8Lp3oIs= =izch -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453241: still broken
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Can you try with ssh and debugging symbols on ? Probably you get more information with gdb then. I'll ask also the upstream maintainer. Russ: Can you take a look at this bug report. It seems that sshd is segfaulting on AMD64 when using the libpam-heimdal module. I do not have a AMD64 box, so it's almost impossible for me to test. Regards, Matthijs Mohlmann Richard Nelson wrote: Ah, a little more information - this segv only happens when using password authentication (ssh keys work fine) sshd_config has UsePAM yes PubkeyAuthentication yes PasswordAuthentication yes ChallengeResponseAuthentication no Richard Nelson wrote: # /usr/sbin/sshd -Dddd ~/log 21 Segmentation fault The last lines of log: debug3: mm_auth_password entering debug3: mm_request_send entering: type 11 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 12 debug3: mm_request_receive entering debug3: monitor_read: checking request 11 debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering gdb isn't very helpful Program received signal SIGSEGV, Segmentation fault. 0x2acda6fe7af2 in ?? () (gdb) bt #0 0x2acda6fe7af2 in ?? () #1 0x2acda692ad86 in ?? () #2 0x0050 in ?? () #3 0x0001 in ?? () #4 0x7fff05c7cf10 in ?? () #5 0x in ?? () (gdb) quit The program is running. Exit anyway? (y or n) y debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering I installed libpam-dbg, but still didn't get any information removing pam_krb5 from /etc/pam.d/common-auth fixes the problem -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIAb1n2n1ROIkXqbARAuG7AJ9glEncS6jvQie2UhnY4ya5Tk91HACbBKEp sgyobGhwwaO6vxCDg4TQb0U= =9KMZ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#399243: libdspam7-drv-mysql: configuration fails
Hi, As far as I can see this is merely a bug in dbconfig-common then in dspam. But I have just tested this and it seems to me that this is fixed. Can you confirm? Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#438605: dspam: HASH db maintenance bugs
Hi, Can you clarify about 'Signatures are NEVER deleted, ...' because there is a tool dspam_clean which periodically runs for the hash and db driver... see /etc/cron.daily/dspam Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#462114: Patch from recursor 3.1.5 snapshot 3
Philipp Kern wrote: On Wed, Feb 13, 2008 at 03:16:23PM -0500, Scott Kitterman wrote: This patch has been tested against long TXT records in a test package on Debian Sid. May I NMU this one or do you prefer a maintainer upload? I would take care of the other open bugs, too. Kind regards, Philipp Kern I didn't saw your message, but I've done the upload already. Thanks in advance. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#462966: pdns - FTBFS: Ignores build errors
Hi, I've pushed the patch upstream, but there are some problems with ldap-host which only takes a URI now. I'll try to fix that. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#421624: libpam-heimdal: Users in ldap can't log in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Can you provide some information about the configuration of pam ? I'm using libpam-heimdal too for authenticating my non local users and it works. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHW+6N2n1ROIkXqbARAp6LAJ9TK8oPihVcIw26LFIbWsBppRoP/QCfZA3w 6eqIO0ZC66HTbEJYsMFXqpA= =bUnn -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453241: libpam-heimdal: After recent NMU, my amd64 box is inaccessable (pam_session/account)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I do not have a AMD64 box to test it. I have put packages for 3.9 online. Can you please test those ? http://www.cacholong.nl/~matthijs/libpam-heimdal/ The missing libdb-4.2 is possible due to better dependency tracking. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHW/jL2n1ROIkXqbARAnmDAKCVtl2wW0Z3kaCFYo4qdNapZWzGSQCgm6m0 vR9H+GzCP+AU9Wd6ATxTSlU= =NGq6 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#448644: [Pkg-openldap-devel] Bug#448644: Bug#448644: CVE-2007-5708 remote denial of service
Russ Allbery wrote: Nico Golde [EMAIL PROTECTED] writes: Hi, attached is a proposal for an NMU. It will be archived on: http://people.debian.org/~nion/nmu-diff/openldap2.3-2.38-1_2.3.38-1.1.patch I'm not sure why we would do this rather than just package 2.3.39. Wouldn't the latter be a better idea for unstable? (For the stable security release, of course, we should just cherry-pick the one fix, assuming it applies to the stable version, which I haven't checked.) Also, 2.4 is now officially released, so we should really switch to that ASAP so that we can get rid of 2.2. I'll send more mail about that later this week, though, since that's going to be a complex transition. Upgrading to the upstream 2.3.39 release should be simple. Upgrade to 2.3.39 is I think the better choice here and after that we can make the switch to 2.4. And now that 2.4 is officially released I can add some initially packaging for 2.4 in svn. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#443649: [Pkg-openldap-devel] Bug#443649: slapd must depend on mktemp
Arieh Skliarouk wrote: Package: slapd Version: 2.3.38-1 I did upgrade of slapd and got following error: ... Setting up slapd (2.3.38-1) ... Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.3.35-2... done. /var/lib/dpkg/info/slapd.postinst: line 468: mktemp: command not found dpkg: error processing slapd (--configure): subprocess post-installation script returned error exit status 127 Can slapd depend on mktemp package? -- Arieh The package mktemp is Essential. How did you manage to remove mktemp from your system ? [EMAIL PROTECTED] % apt-cache show mktemp | grep ^Essential Essential: yes Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#443649: [Pkg-openldap-devel] Bug#443649: Bug#443649: slapd must depend on mktemp
Arieh Skliarouk wrote: The computer used to be etch, which I subsequently upgraded to unstable. On 9/23/07, *Matthijs Mohlmann* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Arieh Skliarouk wrote: Package: slapd Version: 2.3.38-1 I did upgrade of slapd and got following error: ... Setting up slapd (2.3.38-1) ... Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.3.35-2... done. /var/lib/dpkg/info/slapd.postinst: line 468: mktemp: command not found dpkg: error processing slapd (--configure): subprocess post-installation script returned error exit status 127 Can slapd depend on mktemp package? -- Arieh The package mktemp is Essential. How did you manage to remove mktemp from your system ? [EMAIL PROTECTED] % apt-cache show mktemp | grep ^Essential Essential: yes Regards, Matthijs Mohlmann -- Arieh Or mktemp is removed on the upgrade run, or mktemp wasn't installed at all on etch too. apt-get gives a warning about the removal of Essential packages. [EMAIL PROTECTED] # apt-get remove mktemp Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: mktemp WARNING: The following essential packages will be removed. This should NOT be done unless you know exactly what you are doing! mktemp 0 upgraded, 0 newly installed, 1 to remove and 9 not upgraded. Need to get 0B of archives. After unpacking 61.4kB disk space will be freed. You are about to do something potentially harmful. To continue type in the phrase 'Yes, do as I say!' ?] There is no need to add a dependency on an Essential packages, we may assume that they are on the system anyway. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402735: libapache2-mod-php4: Segmentation fault in php4 double free bug?
Hi,
I'm sorry that I came back to you so late. Here is the piece of code
that actually causes it:
?php
class parent2 {
function parent2() { $this-__construct(); }
function __construct() {
// Do something useful.
}
}
class sub extends parent2 {
function sub() { $this-__construct(); }
function __construct() {
parent::parent();
}
}
$c = new sub();
?
The constructor of parent is calling the __construct function. But the
'this' in parent2 class is actually sub. Which causes a loop.
As far as I can see this is intended behaviour so in my opinion you can
close the bug.
Regards,
Matthijs Mohlmann
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#387113: FTBFS with GCC 4.2: redefinition of '_Atomic_word __gnu_cxx::__exchange_and_add
tags + pending thanks I've a patch available, I'll apply it when gcc 4.2 becomes the default. The definition as mentioned in the error is now in gcc 4.2 by default but gcc 4.1`didn't have it. It was applied by upstream because it greatly improves the speed on uniprocessor and multiprocessor systems. So I'll wait with applying. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414872: PDNS recursor fails to start on mips, and bug in package/init scripts
Hi, The mips architecture is disabled right now, the libc6 on mips doesn't support swapcontext calls. There is a bug against libc6 to implement it on not supported architectures: #332969 I tried to reproduce the init script but wasn't able to: [EMAIL PROTECTED] # /etc/init.d/pdns-recursor stop Stopping PowerDNS recursor: pdns-recursor. [EMAIL PROTECTED] # ps auxw | grep pdns-recursor root 14787 0.0 0.0 4680 708 pts/0S+ 15:22 0:00 grep pdns-recursor [EMAIL PROTECTED] # /etc/init.d/pdns-recursor stop Stopping PowerDNS recursor: pdns-recursor. [EMAIL PROTECTED] # echo $? 0 [EMAIL PROTECTED] # There were some fixes in the last uploads, can you confirm that it's fixed ? Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#425441: overwrites configuration in /etc: please disable resolvconf snippet by default
martin f krafft wrote: Package: pdns-server Version: 2.9.20-8 Severity: serious The /etc/resolvconf/update.d/pdns script unconditionally replaces /etc/powerdns/pdns.d/pdns.recursors and thereby may overwrite the admin's settings. This is against Debian policy. I realise that the resolvconf integration is good, but may I suggest that we leave it disabled via a flag in /etc/default/pdns and leave it to the admin to turn it on? Have a look at how I did it for maradns if you care. #356725. Thanks, I'll check that. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#418736: [Pkg-dspam-misc] Bug#418736: dspam: New upstream release (3.8.0) available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Kahn Gillmor wrote: Package: dspam Version: 3.6.8-5 Severity: wishlist Version 3.8.0 of dspam is now available: http://dspam.nuclearelephant.com/download.shtml We should probably treat this new release as an opportunity to think through some of the packaging questions that have come up on the list over the last couple months. In particular, we should think about what configurations we want to support and encourage with our packaging. I've already documented problems with daemon mode, related to its LMTP handling and its use in conjunction with the hash driver. It would probably be a good idea to provide a default configuration in lenny that doesn't run afoul of these problems (unless they're fixed in 3.8.0). does anyone have a test rig that they can use to really slam a dspam installation? I'm concerned that, as a link in the MTA chain, it needs to be really robust under high loads and there are certain configurations which 3.6.8 (at least) has fallen down. --dkg Hi, I have a few production environments where I can test it. But I'll set it up first in a test environment. I can run some automated tests with the test environment. About the packaging questions, you are right. And according #366478 we need to look into the documentation too. I'm not really comfortable with the documentation that is delivered with dspam. What kind of configurations do you think about especially ? Currently I use: postfix - dspam - cyrus In other words, I use it as a delivery proxy. I am pretty comfortable with that configuration, but I can understand that someone needs another type of configuration. Probably we should support most of them. According to the documentation (README) there are 3 major configurations possible: - - delivery agent proxy - - pop3 proxy - - smtp relay I think we should support those configurations. In daemon mode there are some problems with the hash driver. So I think we need to issue a warning if someone wants to enable such a configuration. So only the mysql and pgsql driver are thread safe and can be used in daemon mode. There are also several configurations you need to enable on compile time that makes the packaging also a bit complicated. Probably we can change them to configuration time parameters ? (For example the filesystem scale options and the driver specific configure options) First things todo (IMO): - - Make example configurations in Debian for a 'delivery agent proxy', 'pop3 proxy' and 'smtp relay'. - - Get rid of the compile time options that should be configuration options (if possible) - - Create documentation for Debian how to integrate dspam. This is an initial TODO list, please correct me if I am wrong or add more TODO items. Regards, Matthijs Mohlmann PS: Sorry that I was not so active lately, I was pretty busy at work and when I arrived home it was time to go to bed. My work conditions are getting better now so I can spend some time on Debian :) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGIjTy2n1ROIkXqbARAtjDAJ9jlZZHZPH6NCLEMxnOlIexPmUKcwCeP7cW syxwjUZJT3gCGerKtkX07L4= =U0xD -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#403524: [Pkg-openldap-devel] Bug#403524: slapd: Upgrade from sarge to etch fails on a replica-server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mario Iseli wrote: On Mon, Dec 18, 2006 at 08:16:44PM +0100, Matthijs Mohlmann wrote: There is an error earlier in the process. Can you move /var/backups/dc=dmz,... move out of the way and try aptitude upgrade again ? Yes I already tried this and then started an apt-get -f install, it seems to rebuild this backup file and fails then with the same reason, I think it must be an error in postinst. I'll go to fetch the source tonight and also have a look at it. Maybe I will find the mistake... When I won't be too tired I will also test the script step by step. I hope to be able to help a little bit... Regards Ok, I've tested a bit of the upgrade procedure of slapd. On my side it seems to work, Preparing to replace slapd 2.2.23-8 (using .../slapd_2.3.29-1_i386.deb) ... Stopping OpenLDAP: slapd. Dumping to /var/backups/slapd-2.2.23-8: - directory dc=cacholong,dc=nl... done. Unpacking replacement slapd ... dpkg: warning - unable to delete old directory `/var/lib/ldap': Directory not empty [..] Setting up slapd (2.3.29-1) ... [..] Creating new user openldap... done. Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.2.23-8... done. Updating config access directives... done. Moving old database directories to /var/backups: - directory dc=cacholong,dc=nl... done. Loading from /var/backups/slapd-2.2.23-8: - directory dc=cacholong,dc=nl... done. - chowning database directory (openldap:openldap)... done Starting OpenLDAP: slapd. Can you give me some information on how you set up slapd ? A configuration file would be nice. (especially the part of the replica sections) Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFjEt32n1ROIkXqbARAsilAJ9/vH2PIzuIuvbPdsze0cO+gNz4igCfY5af LZjMV8ShsFSgQsuN/L/szTg= =c684 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#403524: [Pkg-openldap-devel] Bug#403524: slapd: Upgrade from sarge to etch fails on a replica-server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mario Iseli wrote: Package: slapd Version: 2.3.29-1 Severity: grave Justification: causes non-serious data loss Hello, last night i updated my 2nd LDAP server (just the one with the replication) to etch. The upgrade did not work totally, as you see in the message below. I also tried to purge slapd, install it newly and copy the databases in /var/lib/ldap from the master (on sarge) and start the server locally, this does also not work, maybe wrong settings in slapd.conf even when it's with BDB. I know that it was hard work to upgrade the openldap package for etch, and I'm sorry to have to file this bug but I think an upgrade documentation would be very helpful, maybe even in the release notes of etch. Thank you! Setting up slapd (2.3.29-1) ... Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.2.23-8... done. Updating config access directives... done. Moving old database directories to /var/backups: Backup path /var/backups/dc=dmz,dc=marioiseli,dc=com-2.2.23-8.ldapdb exists. Giving up... dpkg: error processing slapd (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: slapd E: Sub-process /usr/bin/dpkg returned an error code (1) There is an error earlier in the process. Can you move /var/backups/dc=dmz,... move out of the way and try aptitude upgrade again ? Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFhukc2n1ROIkXqbARAo5aAJsG7h7x+KibJWdsVNYZgC+k+4o8WwCgr7le xNZIOhq/kfV8vSQ6SOiKOY8= =Gohl -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402735: libapache2-mod-php4: Segmentation fault in php4 double free bug?
Package: libapache2-mod-php4 Version: 4.4.4-8 Severity: grave Justification: renders package unusable Hi, I've apache 2.2 installed including with libapache2-mod-php4 (same behaviour if I install fcgid module with php4-cgi). The problem seems to be a double free bug. Here a backtrace: [EMAIL PROTECTED] # gdb /usr/sbin/apache2 (gdb) run -X Starting program: /usr/sbin/apache2 -X Failed to read a valid object file image from memory. (no debugging symbols found) [..] (no debugging symbols found) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1215760704 (LWP 17157)] 0xb7c4489f in free () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0xb7c4489f in free () from /lib/tls/i686/cmov/libc.so.6 #1 0xb7c4687f in malloc () from /lib/tls/i686/cmov/libc.so.6 #2 0xb76b8c75 in _emalloc () from /usr/lib/apache2/modules/libphp4.so #3 0xb76cf305 in zend_hash_add_or_update () from /usr/lib/apache2/modules/libphp4.so #4 0xb76d884a in zend_assign_to_variable_reference () from /usr/lib/apache2/modules/libphp4.so #5 0xb76db6db in execute () from /usr/lib/apache2/modules/libphp4.so #6 0xb76dd61f in execute () from /usr/lib/apache2/modules/libphp4.so If you need more information please ask. It's partially working here so I can do things and this is on my development box. Regards, Matthijs Mohlmann -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402735: libapache2-mod-php4: Segmentation fault in php4 double free bug?
severity 402735 important thanks Hi, I've solved this through going back in a few versions of my code. Seems to be inheritance problem with classes. I'll try to come up with a testcase this evening. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402705: [Pkg-openldap-devel] Bug#402705: slapd: Runnin postinst chown -R'd /var/run to openldap:openldap
Manoj Srivastava wrote: Package: slapd Version: 2.3.30-1 Severity: critical Why is it critical? well sshd fails to restart saying that /var/run/sshd needs to be owned by root; inn did not restart, and neither did postgresql. All kinds of unrelated software broke when this happens. I can reproduce at will by running as root: bash -x /var/lib/dpkg/info/slapd.postinst configure I debugged it to the point where one part of the script was writing to file descriptor 9 for a Perl script to read to psit out where the database dir was, and realized this is a bit much to be debugging at 2am while trying to ensure my machine reovers from this. __ sudo grep '^directory' /etc/ldap/slapd.conf directory /var/lib/ldap I don't really use ldap anymore, so I am on the verge of purging this, but I'll keep it installed long enough to help debug this issue. Hi, Can you send me your parameters for argsfile and pidfile in /etc/ldap/slapd.conf ? (Or send me in private after removing the passwords the slapd.conf ?) Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398657: slapd's sasl looks in /usr/lib/sasl2/slapd.conf for its configuration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
tag 398657 + patch
thanks
Here a patch which adds a callback for the sasl context to get the path
of the sasl configuration file. It also looks in the old path
(/usr/lib/sasl2)
I think applying this for Etch doesn't harm.
See for more information:
http://www.openldap.org/lists/openldap-bugs/200309/msg00071.html
Regards,
Matthijs Mohlmann
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFetWF2n1ROIkXqbARAvFjAJ9tQzd9QZA4l6nrqserpMzuzCWKawCgmsiJ
e0eJkh9RyI9gw6JoQFM4kRw=
=gm3R
-END PGP SIGNATURE-
Index: include/ldap_defaults.h
===
--- include/ldap_defaults.h.orig
+++ include/ldap_defaults.h
@@ -65,4 +65,6 @@
/* dn of the default monitor subentry */
#define SLAPD_MONITOR_DN cn=Monitor
+#define SASL_CONFIGPATHLDAP_SYSCONFDIR LDAP_DIRSEP
sasl
+
#endif /* _LDAP_CONFIG_H */
Index: servers/slapd/sasl.c
===
--- servers/slapd/sasl.c.orig
+++ servers/slapd/sasl.c
@@ -951,12 +951,38 @@
#endif /* HAVE_CYRUS_SASL */
+static int
+slap_sasl_getpath( void * context, char ** path )
+{
+ char * sasl_default_configpath;
+ size_t len;
+
+#if SASL_VERSION_MAJOR = 2
+ sasl_default_configpath = /usr/lib/sasl2;
+#else
+ sasl_default_configpath = /usr/lib/sasl;
+#endif
+
+ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ +
+ strlen(sasl_default_configpath) + 1 /* \0 */;
+ *path = malloc( len );
+ if ( *path == NULL )
+ return SASL_FAIL;
+
+ if (snprintf( *path, len, %s:%s, SASL_CONFIGPATH,
+ sasl_default_configpath ) != len-1 )
+ return SASL_FAIL;
+
+ return SASL_OK;
+}
+
int slap_sasl_init( void )
{
#ifdef HAVE_CYRUS_SASL
int rc;
static sasl_callback_t server_callbacks[] = {
{ SASL_CB_LOG, slap_sasl_log, NULL },
+ { SASL_CB_GETPATH, slap_sasl_getpath, NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};
Bug#398657: slapd's sasl looks in /usr/lib/sasl2/slapd.conf for its configuration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Hm my patch wasn't ok, an updated is attached. The previous patch had
the wrong configuration file location. And used the wrong callback
function to set the configuration path. (My first testing did go ok, but
I didn't remove the /usr/lib/sasl2/slapd.conf and then the
authentication succeeded)
Updated version attached.
Regards,
Matthijs Mohlmann
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFevLw2n1ROIkXqbARAuDfAKCoUofnJWgwv2IdQcn/2xmNEEXYdQCeLC3t
U1QpR3nkZINtjCPu+3nY1eo=
=gr/L
-END PGP SIGNATURE-
Index: include/ldap_defaults.h
===
--- include/ldap_defaults.h.orig
+++ include/ldap_defaults.h
@@ -65,4 +65,6 @@
/* dn of the default monitor subentry */
#define SLAPD_MONITOR_DN cn=Monitor
+#define SASL_CONFIGPATHLDAP_SYSCONFDIR LDAP_DIRSEP
sasl2
+
#endif /* _LDAP_CONFIG_H */
Index: servers/slapd/sasl.c
===
--- servers/slapd/sasl.c.orig
+++ servers/slapd/sasl.c
@@ -951,12 +951,38 @@
#endif /* HAVE_CYRUS_SASL */
+static int
+slap_sasl_getconfpath( void * context, char ** path )
+{
+ char * sasl_default_configpath;
+ size_t len;
+
+#if SASL_VERSION_MAJOR = 2
+ sasl_default_configpath = /usr/lib/sasl2;
+#else
+ sasl_default_configpath = /usr/lib/sasl;
+#endif
+
+ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ +
+ strlen(sasl_default_configpath) + 1 /* \0 */;
+ *path = malloc( len );
+ if ( *path == NULL )
+ return SASL_FAIL;
+
+ if (snprintf( *path, len, %s:%s, SASL_CONFIGPATH,
+ sasl_default_configpath ) != len-1 )
+ return SASL_FAIL;
+
+ return SASL_OK;
+}
+
int slap_sasl_init( void )
{
#ifdef HAVE_CYRUS_SASL
int rc;
static sasl_callback_t server_callbacks[] = {
{ SASL_CB_LOG, slap_sasl_log, NULL },
+ { SASL_CB_GETCONFPATH, slap_sasl_getconfpath, NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};
Bug#392747: [Pkg-openldap-devel] Bug#392747: slapd: failed upgrade with ldbm backend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Filip Van Raemdonck wrote: Package: slapd Version: 2.3.27-1 Severity: important Due to some old bug I was using ldbm as slapd backend; when I upgraded to the latest version, (re)importing the database failed complaining that back_ldbm.so could not be found. Apparently ldbm support was removed; however while the changelog entry for 2.3.23-1 says it should halt in preinstall, it did not. Also, the manpage for slapd.conf still lists ldbm as backend option. I was upgrading from a fairly old version, /var/log/dpkg.log lists: 2006-10-13 10:21:39 upgrade slapd 2.2.26-5 2.3.27-1 Still shouldn't break like this though. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-686-smp Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages slapd depends on: ii adduser 3.97 Add and remove users and groups ii coreutils 5.97-3 The GNU core utilities ii debconf [debconf-2.0] 1.5.5Debian configuration management sy ii libc6 2.3.6.ds1-5 GNU C Library: Shared libraries ii libdb4.24.2.52-23.1 Berkeley v4.2 Database Libraries [ ii libiodbc2 3.52.4-2 iODBC Driver Manager ii libldap-2.3-0 2.3.27-1 OpenLDAP libraries ii libltdl31.5.22-4 A system independent dlopen wrappe ii libperl5.8 5.8.8-3 Shared Perl library ii libsasl22.1.19.dfsg1-0.2 Authentication abstraction library ii libslp1 1.2.1-5 OpenSLP libraries ii libssl0.9.8 0.9.8c-3 SSL shared libraries ii libwrap07.6.dbs-9Wietse Venema's TCP wrappers libra ii perl [libmime-base64-pe 5.8.8-3 Larry Wall's Practical Extraction ii psmisc 22.2-1 Utilities that use the proc filesy Versions of packages slapd recommends: ii db4.2-util 4.2.52-23.1 Berkeley v4.2 Database Utilities ii libsasl2-modules2.1.19.dfsg1-0.2 Pluggable Authentication Modules f -- debconf information: slapd/password_mismatch: slapd/fix_directory: true slapd/invalid_config: true slapd/upgrade_slapcat_failure: slapd/upgrade_slapadd_failure: slapd/backend: BDB * slapd/dump_database: when needed * slapd/allow_ldap_v2: false slapd/no_configuration: false * slapd/migrate_ldbm_to_bdb: false slapd/move_old_database: true slapd/suffix_change: false slapd/slave_databases_require_updateref: * slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/autoconf_modules: true slapd/purge_database: false slapd/admin: Hi, Which questions are asked when you upgraded ? Did you positive answer to the question about migrating the database from ldbm to bdb or not ? Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFVvvt2n1ROIkXqbARAp6fAJ95W3rgndYLNjACktJDQ8TjkC1kUwCgjvbX QzVZzRPMPqHYZepkngssjkA= =Eovc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398035: subversion-tools: svn_load_dirs command removed ?
Package: subversion-tools Version: 1.4.2dfsg1-2 Severity: normal Hi, Is svn_load_dirs removed by accident ? I couldn't find anything in the changelog or NEWS about it. [EMAIL PROTECTED] % dpkg -L subversion-tools | grep svn_load_dirs [EMAIL PROTECTED] % Regards, Matthijs Mohlmann -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages subversion-tools depends on: ii subversion 1.4.2dfsg1-2 Advanced version control system Versions of packages subversion-tools recommends: ii libconfig-inifiles-perl 2.39-2 Read .ini-style configuration file ii libsvn-perl 1.4.2dfsg1-2 Perl bindings for Subversion ii liburi-perl 1.35-2 Manipulates and accesses URI strin ii postfix [mail-transport-age 2.3.4-1 A high-performance mail transport ii python-subversion 1.4.2dfsg1-2 Python bindings for Subversion ii xsltproc1.1.18-1 XSLT command line processor -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#397673: [Pkg-openldap-devel] Bug#397673: CVE-2006-5779: OpenLDAP BIND Denial of Service Vulnerability
Quanah Gibson-Mount wrote: --On Wednesday, November 08, 2006 3:45 PM -0800 Quanah Gibson-Mount [EMAIL PROTECTED] wrote: --On Wednesday, November 08, 2006 3:02 PM -0800 Quanah Gibson-Mount [EMAIL PROTECTED] wrote: Upstream patch available at: http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c getdn.c 1.124.2.4 - 1.124.2.5 Just to note, this bug can be brute-forced via any existing SASL mech, if certain conditions are met. I won't post what those conditions are. :P So this is probably a fairly important patch to get put in place. Debian should also pick up the following commit: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/connection.c connection.c 1.296.2.17 - 1.296.2.18 --Quanah Hi, I'll pick it up this evening. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#395801: [powerdns-debian] Bug#395801: pdns-recursor: Doesn't work on architectures not implementing the swapcontext system call
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Package: pdns-recursor Version: 3.1.3-2 Severity: important Hi, To be able to operate pdns-recursor needs the swapcontext system call. Which isn't available on various architectures. A quick scan of the buildd logs suggest that at least arm, mips, mipsel, hppa and sparc don't support this call. The pdns-recursor binary package thus probably shouldn't be available for these architectures (it can't run so it doesn't make sense to be available). Although it would be nice if it could be fixed to run without swapcontext :) Sjoerd Hi, You are right about this. There are already several bugreports against libc6 asking for support for the *context calls. Is there a way to disable building on these architectures ? (I've never done such a thing.) Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFQyyB2n1ROIkXqbARAlgsAKCmttmpJpI+3AYZbSL/IWM3hBpVmQCgrTKB QMf4tWxgGst9+wMG2cZwXTA= =rdrG -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#390954: [Pkg-openldap-devel] Bug#390954: slapd is compiled withou SLAPI support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Torsten Landschoff wrote: On Sun, Oct 22, 2006 at 04:46:20PM -0700, Quanah Gibson-Mount wrote: On Thu, Oct 12, 2006 at 03:33:24PM -0700, Quanah Gibson-Mount wrote: Compiling OpenLDAP with SLAPI support means that ACL caching is disabled. However, I'll note that ACL caching is broken in 2.3 for some types of ACLs, and compiling with SLAPI support is the only way to make those ACL's work correctly. So even though I do not use SLAPI plugins, I compile with SLAPI enabled so that my ACL's work right. Wouldn't that come with a big performance impact? Always possible, I didn't really notice one. ;) And my ACL file is several hundred lines. On the other hand, I use SASL/GSSAPI binds, which slows down things enough that the missing caching may have no effect. So I think we should enable SLAPI. Matthias, any objections? Greetings Torsten No objections. Go ahead. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFQ6rX2n1ROIkXqbARAo7oAJ0ViZSKp8nbZyRNwTXtQ6OHZ24zFACcC2oG Jir3hl9iPsdz2fro+m/UdDc= =0enh -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#392716: [Pkg-dspam-misc] Bug#392716: Acknowledgement (libdspam7-drv-mysql: N)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jesus Climent wrote: On Mon, Oct 16, 2006 at 01:21:24PM -0400, Douglas F. Calvert wrote: Matthijs Mohlmann wrote: retitle 392716 libdspam7-drv-mysql fails purging I was busy to merge the changes of the NMU back in, but I hadn't time to completely test it. I'll fix it this evening. Regards, Matthijs Mohlmann I think that it was a dbconfig-common issue. It works (as in purges/installs) now. You might want to check and see if the change to dbconfig affects anything else... dbconfig-common (1.8.27) unstable; urgency=high * the patch to fix the patch to fix the patch to fix the bug release * unregistered pgsql questions were being asked even in mysql packages, causing confusion, breakage, chaos, riots, etc. fixed. closes: #393124. -- sean finney [EMAIL PROTECTED] Sun, 15 Oct 2006 18:42:24 +0200 Yep. I spent yesterday the whole day to figure it out today at work that it was awfully broken, not dspam, but dbconfog-common. Me too. I got everytime a return code 10. On install and purge. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFNAoq2n1ROIkXqbARAlQOAKCLvGZG5+SpJ1R0nOgFvTQ2kPXgWACeKCuX UVdzyHU4rUfjKAYx7/7V/Q4= =3yPY -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#392716: [Pkg-dspam-misc] Bug#392716: Acknowledgement (libdspam7-drv-mysql: N)
retitle 392716 libdspam7-drv-mysql fails purging severity 392716 serious thanks Douglas F. Calvert wrote: I apologize that there is no subject. Subject should be libdspam7-drv-mysql fails purging. I was busy to merge the changes of the NMU back in, but I hadn't time to completely test it. I'll fix it this evening. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#316789: [powerdns-debian] Bug#316789: (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tobias Richter wrote: tag 316789 + patch thanks The part that needs fixing is: # allow-axfr-ipsIf disabled, DO allow zonetransfers from these IP addresses # # allow-axfr-ips= it should read something like: # allow-axfr-ipsIf enabled, restrict zonetransfers to originate from these IP addresses # # allow-axfr-ips= Good point. That makes it more clear to people. Thanks. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFKPpk2n1ROIkXqbARAiN7AJ4/RJHxezy8G/x5WFHSoH+3LJxJwwCeIY9w f5KiN8yfbFdVD6iVdTlrPbQ= =1UH4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#385760: [Pkg-dspam-misc] Bug#385760: The dspam daemon should be run by user dspam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Erik Johansson wrote: Package: dspam Version: 3.6.8-2~erik.1 Severity: normal Hello, I maintain a sarge backport of dspam[1]. Today I received some suggestions from a user of the backport. Since I think the suggestions apply to the version in unstable as well, I'm forwarding the suggestions to you. My backported packages are identical to the version in unstable, except a change in build-dep: libmysqlclient15-dev = libmysqlclient14-dev I'm also considering trying to get dspam included on backports.org. If you have any objections to this, please let me know. Best regards // Erik [1] - deb http://eddie.ejohansson.se/debian/ sarge main == From Günther Mair == [...] I experienced some trouble when running it straigth away with the dspam-webinterface for learning. Reason: the webinterface while running suexec'ed as dspam would not have access to update the log- files in /var/spool/dspam/data/MYDOMAIN/MYUSERNAME... They regularly become owned by the root user and write-back to them from the webinterfaces becomes impossible (if i don't change root's umask which I would prefer not to ;-) ). What I did and what I would like you to consider on this package is the following: - change the init-script to run the dspam daemon as dspam user instead of root (doesn't change anything anyway - just one process needlessly running as root less), while you still may execute the dspam-client apps as root (use the --chuid parameter for start-stop- daemon) - chown chgrp the files beyond /var/spool/dspam to dspam user dspam group - change the PID-File in your init-script and dspam-default configuration to reside inside the /var/run/dspam directory owned by dspam (so dspam user can write to it) - change the logfile to reside in an directory writeable by dspam (ie. /var/log/dspam/dspam.log) - the dspam_logrotate application should obviously be run as user dspam (or like this: [su - dspam dspam_logrotate -a 90 -d /var/spool/dspam/data]), otherwise the rotated logfiles may not be accessible to the dspam-daemon anymore - as actualy happened today with my installation ;-) The dspam binary is setguid. This is done because of users can run the dspam binary by hand to gather information about the status of their spamfilter. So the files get owned by root:dspam. But it's always better to have it run as user, one daemon less that runs as root. Thanks. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFKQD72n1ROIkXqbARAg0UAJ9Kj8fiX8ybszXU6N7p+W/zfKVQ2gCgkgjW gsZbRPz0wapolr4cbNIJKPw= =GMum -END PGP SIGNATURE-
Bug#391158: copyright file outdated?
Björn Torkelsson wrote: Package: libpam-heimdal Version: 2.3 The copyright file says that the source was downloaded from http://www.squishy.cc/software/pam-krb5/ however starting with version 2, Russ rewrite of libpam-krb5, the upstream source is located at: http://www.eyrie.org/~eagle/software/pam-krb5/ /torkel Hi, Yes you are right, I've forgotten to change that. The copyright is ok, as there are a lot of code changes, not really a rewrite of the code, but a lot of fixes. Current copyright still applies. Regards, Matthijs Mohlmann
Bug#390337: [Pkg-openldap-devel] Bug#390337: slapd: make sure the pidfile directory exists with correct permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Marschall wrote: Package: slapd Version: 2.3.27-1 Severity: wishlist Tags: patch Hi, with /etc/init.d/slapd using the location of the PID file from slapd.conf, it should make sure that this directory exists and has the correct permissions. The atached patch does this by generating the directory if it does not exist and changing the permissions. It also helps with /var/run being a tmpfs (see discussions on -devel). Peter Hi, Thanks for the patch, I'll apply it. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFIWfm2n1ROIkXqbARAi6YAKCRzJzMAM0sHDeGHRxkj5/fCT5//gCfexJe IyW4WqDWDDmjkfRkri8O49Q= =mq8H -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#382483: pdns-backend-sqlite: Problems starting the backend [SEGV]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Can you check if this is still the case with 2.9.20 ? If so, can you give me the following piece of information: - - which user runs pdns - - what are the permissions of /var/spool/pdns (ls -al) ? Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFH8QI2n1ROIkXqbARAmqOAJ4vmANOITQew5bJPW4OJQ4yaT1ePgCgnT6y 09mzpqDeWmzQFROFsIq7jnU= =pGIr -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383676: [Pkg-openldap-devel] Bug#383676: slapd 2.3.25-1 fails to start, undefined symbol: ldap_pvt_sasl_mutex_new
On Fri, 18 Aug 2006 14:14:20 -0400 Michael Stella [EMAIL PROTECTED] wrote: O ldap2:~# ldd `which slapd` linux-gate.so.1 = (0xe000) libldap_r-2.3.so.0 = /usr/local/lib/libldap_r-2.3.so.0 (0xb7f81000) liblber-2.3.so.0 = /usr/local/lib/liblber-2.3.so.0 Why is your slapd looking at libraries in /usr/local/lib, instead of /usr/lib? I'm guessing you have an older build of OpenLDAP 2.3 in /usr/local? Ah hah! It seems there was a version of OpenLDAP installed in /usr/local at one point. Interesting it'd choose that over the stuff in /usr/lib. That solves it, thanks! I'm surprised I didn't see this. Hi, Did you compile slapd yourself and install it in /usr/local or did you install a Debian package at some time that installed it in /usr/local ? Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#383237: [Pkg-openldap-devel] Bug#383237: slapd: schemacheck option dropped in new upstream release
On Tue, 15 Aug 2006 17:39:22 -0300 Margarita Manterola [EMAIL PROTECTED] wrote: Package: slapd Version: 2.3.24-2 Severity: important Hi! The schemacheck option has been dropped in the new upstream release. This means that slapd will always check the schemas from now on. If a current installation has the option set to schemacheck off, where the schemas aren't completely fulfilled, then slapd suddenly won't start after upgrade. Even though I understand that there might be good reasons to be strict about checking the schemas, this is breaking the current installations that make use of this previous option, which I find quite unacceptable. I found this in OpenLDAP mailing lists: http://www.openldap.org/lists/openldap-software/200509/msg00476.html Apparently, it was removed because it was difficult to implement it, or something like that. They say they'd accept a patch that re-adds it, I don't know how difficult this might be. I'm really disappointed at this feature removal. I don't know if there is a fix. But at least there should be a warning on postinst, and it should be documented in README.Debian :-\ Love, Marga Hi, I'm not really a fan of this feature because it will break upgrades from earlier versions to the current version. (Well if the feature exist it would be easier to do upgrades) but I think a well designed directory shouldn't need this feature. You can eventually write your own schema's which are less strict then those shipped with slapd. I don't know if this is worth a note in README.Debian... Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#381788: [Pkg-openldap-devel] Bug#381788: slapd: TLS connections fail when running as non-root
On Mon, 07 Aug 2006 19:38:06 -0600 Berg, Michael [EMAIL PROTECTED] wrote: And just for completeness, here are the contents of my ldap.conf file == BASE dc=mydomain,dc=dyndns,dc=org URIldap://ldap.mydomain.dyndns.org TLS_CIPHER_SUITE HIGH:!ADH TLS_CACERT /etc/ssl/certs/mydomain.dyndns.org_CA.pem TLS_REQCERTdemand TLS_CRLCHECK none == This is the complete content of ldap.conf on the clients ? Those are the only uncommented lines in my ldap.conf files. I even tried purging slapd, reinstalling it, and re-populating it from scratch (I didn't just reload a DB backup). The fresh install worked fine as non-root until a reboot - at which point the problem described above returned and TLS connections fail. That's strange. I thought so too. Can you please send the output of: ldapsearch -x -ZZ -d 7 Output is attached. Thanks for the output, but I still don't see why it's failing. The only thing I see on the OpenLDAP mailinglist about this is when you connect on the SSL port and try to do starttls. Can somebody with some more SSL knowledge comment here ? Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#381788: [Pkg-openldap-devel] Bug#381788: slapd: TLS connections fail when running as non-root
# filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 13 Confidentiality required text: confidentiality required # numResponses: 1 -- Can you please send the output of: ldapsearch -x -ZZ -d 7 Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#381395: [Pkg-dspam-misc] Bug#381395: dspam fails to update header when classifying based on shared group
On Thu, 03 Aug 2006 23:15:20 -0400 Daniel Kahn Gillmor [EMAIL PROTECTED] wrote: Package: dspam Severity: normal Tags: patch When dspam is configured with a global shared user in addition to individual dspam learners, it occasionally classifies the message one way but writes the headers the other. I brought this up on the dspam development list a while back in hopes of getting feedback from upstream, but nothing has been forthcoming. Meanwhile, i'm using this patch in production now, and shared users doesn't work as expected without it. For detailed analysis of why i think it's necessary code-wise, see my initial post to the dev list: http://article.gmane.org/gmane.mail.spam.dspam.devel/2480 And there's more discussion about the need for such a patch on dspam-users: http://thread.gmane.org/gmane.mail.spam.dspam.user/10941 I'll commit this patch to pkg-dspam svn shortly, unless there are objections. No objections from my side. Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#380687: [Pkg-openldap-devel] Bug#380687: slapd: Fails to start after upgrade to from 2.3.24-1 (pid file)
On Sun, 06 Aug 2006 13:13:30 +0200 Franklin PIAT [EMAIL PROTECTED] wrote: On Thu, 2006-08-03 at 23:03 +0200, Matthijs Mohlmann wrote: Hi, Do you also have the log of the upgrade available? It seems to me something went wrong there but I couldn't find the bug in the scripts, are you able to send me the slapd.conf maybe there is something in that tricks the regexpression. I send _you_ my configuration files. (i wouldn't publish them on bts!) hope it helps. Franklin Hi, I was assuming that it was failing on the argsfile location but it was the pidfile. From when did you start to use slapd ? The pidfile location is changed 3 years ago and you seemed to have upgraded from that version ;-) Ok, in the next upload it will be fixed. Thanks for the help. Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#380687: [Pkg-openldap-devel] Bug#380687: slapd: Fails to start after upgrade to from 2.3.24-1 (pid file)
On Mon, 31 Jul 2006 23:10:28 +0200 Franklin PIAT [EMAIL PROTECTED] wrote: Package: slapd Version: 2.3.24-2 Severity: important Hello, After upgrading from 2.3.24-1 - 2.3.24-2, slapd refuses to start (silently). Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd. but no slapd is running Raising debug level in /etc/default/slapd (SLAPD_OPTIONS=-d 1) prints: [[removed lines]] unable to open pid file /var/run/slapd.pid: 13 (Permission denied) slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. I manually changed my /etc/ldap/slapd.conf file to move the location of my pidfile from /var/run/slapd.pid to /var/run/slapd/slapd.pid and everything is running fine now. (note that /var/run/slapd.args was already ok) P.S. thanks for making slapd running as non-root, it's nicer this way. Hi, Do you also have the log of the upgrade available? It seems to me something went wrong there but I couldn't find the bug in the scripts, are you able to send me the slapd.conf maybe there is something in that tricks the regexpression. Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#381153: [Pkg-openldap-devel] Bug#381153: slapd: Upgrade to 2.3.24-2 breaks system when using libnss-ldap
severity 381153 important
merge 381153 380658
thanks
On Wed, 02 Aug 2006 16:15:39 +0100
Paul LeoNerd Evans [EMAIL PROTECTED] wrote:
Package: slapd
Version: 2.3.24-2
Severity: critical
Justification: breaks the whole system
I have users stored in LDAP, using libnss-ldap and libpam-ldap. The
upgrade process to install 2.3.24-2 tries to stop slapd, then run
useradd to create the required user to run as, then start it again.
Because my user list is in LDAP, this all breaks. slapd is now
unstartable.
Furthermore, no user can log in to any terminal, nor can any existing
shells su, or sudo. PAM-ldap becomes unusable. Fortunately for me,
root is still in /etc/{passwd,shadow}, so I was able to ssh as root to
fix it. Were that not the case, the only way out of this is a hard
reboot, passing
init=/bin/sh
to GRUB/LILO, and manually fixing things from there.
I believe this total failure of ability to log in justifies the critical
classification, but I accept that it only happens in the non-default
case of passwd/group being LDAP-based.
Please check next time the bug page of slapd again, there are already 3
bug reports with this problem available: #379728, #380620 and #380658
This is also not really a bug in OpenLDAP bug in libnss-ldap which has a few
different settings that can cause this kind of breakage.
Regards,
Matthijs Mohlmann
signature.asc
Description: PGP signature
Bug#379728: [Pkg-openldap-devel] Bug#379728: slapd: upgrade to 2.3.24-2 hangs
Christoph Kaminski wrote: Stephen Gran schrieb: On Tue, Jul 25, 2006 at 12:07:25PM +0200, Christoph Kaminski said: + create_new_user ++ getent group openldap it hangs here! Does that command hang for you when run normally? Do you use libnss-ldap? P.S., please keep the bug log in the cc: list. getent group openldap doesnt hang here but it hasnt any output yes I use libnss-ldap. Ok, the problem is the following: (I would get the same trouble on my production systems if I upgrade them, but they're running Sarge) upgrade procedure: - stop slapd - check if user exists (including group) getent - adduser if it doesn't exist - standard procedure to upgrade a database. At the moment it checks for the user the LDAP database is down (I assume that libnss-ldap is using the database at localhost) which causes getent group openldap to hang. Solution: Move the checking code to the preinst before stopping slapd, add a flag to /var/lib/slapd that the user exist or not. And create the user according to that in the postinst. (Or add the user in the preinst too) Until someone comes up with a better solution, I'll implement that tonight and hopefully my sponsor is available to upload. Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#231950: What happens without admin password?
Hi Torsten, I was thinking about telling the admin. IMO we can set the rootdn and rootpw (with a unencrypted password) and then the admin can extract his password there. Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#305838: upgrade 2.0.23 - 2.2.23: parse error
Hi, The function telephoneNumberNormalize strips space and '-' characters. After this is stripped the value is empty which is wrong. Would be nice if fix_ldif would handle this case and remove the telephoneNumber attribute. On the other hand I don't know if we should support 2.0.23 - 2.3.24 upgrades. Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#310809: slapd fails on upgrade 2.1.30 - 2.2.25
Hi, I've tested to import the current ldif into slapd version 2.3.24-2. Even this wasn't possible todo, then I created my own userCertificate and tried to import it again. After that it worked. So I think you have some broken certificates in the LDAP directory. Probably you already fixed this. Regards, Matthijs Mohlmann signature.asc Description: PGP signature
Bug#378832: [Pkg-openldap-devel] Bug#378832: limits directive is not working in slapd.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quanah Gibson-Mount wrote: Package: slapd Version: 2.3.24-1 Severity: important Hi I have tried using limits users size=1000 but when I try to ldapsearch I get an error 4 size limit. when I change it to sizelimit 1000 and retry the ldapsearch it works. I don't want to open up the limits to every on I've tested this and I can confirm that it doesn't work for me too. Where did you place the limits directive in the configuration ? I would suggest sending OpenLDAP usage questions to [EMAIL PROTECTED] I will note that the limits command works just fine for me in the areas I use it, for example: # Let the ispace prinicpal have a search of 5000 entries limits dn.exact=cn=abcd,cn=Service,cn=Applications,dc=stanford,dc=edu time.soft=unlimited time.hard=unlimited size.soft=5000 size.hard=5000 I've tried this example on a freshly install of slapd but I still can't get that to work. Do you have some pointers to get some more information about the parameter. I tried this: limits users time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits anonymous time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 limits dn.exact=cn=test,dc=cacholong,dc=nl time.soft=unlimited time.hard=unlimited size.soft=1 size.hard=1 Running slapd -d 64 shows that the configuration file is ok. And that the directive is allowed there. But neither of these example work for me... probably I have a stupid thingie in the configuration file but I couldn't find it. Attached my slapd.conf. --Quanah Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEvoSg2n1ROIkXqbARAk0HAJ4uJFnFwB+Z7k8bM77ZHdpFNLmPoQCfZbwY 1A4IWY6R2e4OfDR5pBDYiuo= =40Jp -END PGP SIGNATURE- # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile/var/run/slapd.args # Read slapd.conf(5) for possible values loglevel0 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb # The maximum number of entries that is returned for a search operation sizelimit 500 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 # Limits limits dn.exact=cn=test,dc=cacholong,dc=nl time.hard=unlimited time.soft=unlimited size.hard=1 size.soft=1 ### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb checkpoint 512 30 ### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backendother ### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs databasebdb # The base of your directory in database #1 suffix dc=cacholong,dc=nl # Where the database file are physically stored for database #1 directory /var/lib/ldap # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM dbconfig set_cachesize 0 2097152 0 # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See http://bugs.debian.org/303057 # for more information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 # Indexing options for database #1 index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on # Where to store the replica logs for database #1 # replogfile/var/lib/ldap/replog # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access
Bug#231331: slapd install hangs on hppa
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tag 231331 + moreinfo thanks Hi, Did you get more information from sleepycat or openldap ? Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEuVaJ2n1ROIkXqbARAhqzAJ0VK19OKBnnVZMuqFkdqx64dHCMDQCeM3dE cIEyZO3nsASWl/Vnw6GdMvo= =M/hM -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#378235: [Pkg-openldap-devel] Bug#378235: slapd: slapadd gives completely useless error messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Eisentraut wrote: Package: slapd Version: 2.3.24-1 Severity: normal Behold: # slapadd slapadd: bad configuration file! I haven't yet figured out a way for it to tell me what's bad about it. Neither -v nor -d seem to help. I've tried strace but that's crazy. This is totally unusable. slapadd -d 64 will do the trick. Regards, Matthijs Mohlmann -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEt8Oo2n1ROIkXqbARAgDyAJ9R/DhcnaeHilhgWkB4/iTcZy0CdwCffhX3 CN70+rdCOk1kDCXSnjyoYX4= =wfLl -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#377812: [Pkg-openldap-devel] Bug#377812: slapd won't start at all
Eric Van Buggenhaut wrote: Package: slapd Version: 2.2.23-8 Severity: grave There's no way I can fire up slapd on the main server of our company. It used to run fine but today, when trying to launch it it just crashes. Attached is a strace. There's no *pid file hanging around AFAICT: Probably you have corruption in the database is it possible to install db4.2-util ? And then restart slapd (/etc/init.d/slapd restart) If this doesn't work, can you please attach the output of the following command: slapd -d 64 piano:/home/eric# ls -l /var/run/slapd/ total 0 I'm totally stuck. Regards, Matthijs Mohlmann -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.11.12 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages slapd depends on: ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii debconf 1.4.30.13 Debian configuration management sy ii fileutils 5.2.1-2The GNU file management utilities ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libiodbc2 3.52.2-3 iODBC Driver Manager ii libldap-2.2-7 2.2.23-8 OpenLDAP libraries ii libltdl3 1.5.6-6A system independent dlopen wrappe ii libperl5.85.8.4-8sarge4 Shared Perl library ii libsasl2 2.1.19-1.5sarge1 Authentication abstraction library ii libslp1 1.0.11a-2 OpenSLP libraries ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii perl [libmime-base64- 5.8.4-8sarge4 Larry Wall's Practical Extraction ii psmisc21.5-1 Utilities that use the proc filesy -- debconf information: slapd/password_mismatch: slapd/fix_directory: true slapd/invalid_config: true * shared/organization: b612arquitectura slapd/upgrade_slapcat_failure: slapd/upgrade_slapadd_failure: * slapd/backend: BDB * slapd/dump_database: when needed * slapd/allow_ldap_v2: false * slapd/no_configuration: false slapd/migrate_ldbm_to_bdb: false * slapd/move_old_database: true slapd/suffix_change: false slapd/slave_databases_require_updateref: * slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/autoconf_modules: true * slapd/purge_database: false * slapd/domain: b612arquitectura.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#348041: Crash on startup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I couldn't reproduce this problem, are you still experiencing the problems described in this bug report ? See: http://bugs.debian.org/348041 for more information. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtCXB2n1ROIkXqbARAn73AJ4oVpkWd5Jf0tzIuwNXJwnqwxWcxQCfRp8n yau/fbPg5ChBPTM+h0P8Aps= =60c6 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#377812: [Pkg-openldap-devel] Bug#377812: slapd won't start at all
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric Van Buggenhaut wrote: On Tue, Jul 11, 2006 at 05:13 +0200, Matthijs Mohlmann wrote: Eric Van Buggenhaut wrote: On Tue, Jul 11, 2006 at 03:02 +0200, Matthijs Mohlmann wrote: Eric Van Buggenhaut wrote: Package: slapd Version: 2.2.23-8 Severity: grave There's no way I can fire up slapd on the main server of our company. It used to run fine but today, when trying to launch it it just crashes. Attached is a strace. There's no *pid file hanging around AFAICT: Probably you have corruption in the database is it possible to install db4.2-util ? And then restart slapd (/etc/init.d/slapd restart) I indeed installed db4.2-util and removed libdb3-util: ii db4.2-util 4.2.52-18 Berkeley v4.2 Database Utilities pn libdb3-utilnone (no description available) but that didn't help If this doesn't work, can you please attach the output of the following command: slapd -d 64 Attached is the output. piano:/home/eric# ls -l /var/run/slapd/ total 0 I'm totally stuck. Regards, Matthijs Mohlmann -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.11.12 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages slapd depends on: ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii debconf 1.4.30.13 Debian configuration management sy ii fileutils 5.2.1-2The GNU file management utilities ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libiodbc2 3.52.2-3 iODBC Driver Manager ii libldap-2.2-7 2.2.23-8 OpenLDAP libraries ii libltdl3 1.5.6-6A system independent dlopen wrappe ii libperl5.85.8.4-8sarge4 Shared Perl library ii libsasl2 2.1.19-1.5sarge1 Authentication abstraction library ii libslp1 1.0.11a-2 OpenSLP libraries ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii perl [libmime-base64- 5.8.4-8sarge4 Larry Wall's Practical Extraction ii psmisc21.5-1 Utilities that use the proc filesy -- debconf information: slapd/password_mismatch: slapd/fix_directory: true slapd/invalid_config: true * shared/organization: b612arquitectura slapd/upgrade_slapcat_failure: slapd/upgrade_slapadd_failure: * slapd/backend: BDB * slapd/dump_database: when needed * slapd/allow_ldap_v2: false * slapd/no_configuration: false slapd/migrate_ldbm_to_bdb: false * slapd/move_old_database: true slapd/suffix_change: false slapd/slave_databases_require_updateref: * slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/autoconf_modules: true * slapd/purge_database: false * slapd/domain: b612arquitectura.com [..] line 87 (lastmod on) line 90 (replogfile /var/lib/ldap/replog) line 101 (access to attrs=userPasswordby dn=cn=admin,dc=b612arquitectura,dc=com writeby anonymous auth by self writeby * none) line 112 (access to dn.base= by * read) line 118 (access to *by dn=cn=admin,dc=b612arquitectura,dc=com writeby * read) backend_startup: bi_db_open failed! (1) Segmentation fault ok, try the following: check the permissions on /var/lib/ldap and see if they are ok (on Sarge it is root:root if you didn't change the user which slapd runs) if that didn't work try: (This will try to recover the database files) cd /var/lib/ldap db4.2_recover -v if no error occured then start openldap again. Recover went ok, but slap still can't fire up: piano:/var/lib/ldap# db4.2_recover -v db_recover: Finding last valid log LSN: file: 1 offset 163127 db_recover: Recovery starting from [1][163003] db_recover: Recovery complete at Tue Jul 11 18:06:43 2006 db_recover: Maximum transaction ID 80e0 Recovery checkpoint [1][163127] piano:/var/lib/ldap# slapd piano:/var/lib/ldap# ps aux |grep slap root9958 0.0 0.1 2128 584 pts/0 D+ 18:07 0:00 grep slap And at last if above didn't work: slapcat and slapadd the database again. slapcat -l db_to_backup.ldif slapadd -l db_to_backup.ldif piano:/var/lib/ldap# slapcat -l db_to_backup.ldif slap_startup failed Why does this fail ? Thanks for your patience. The database files seem to be ok. It breaks at the moment it tries to open the database files, so maybe the library libdb4.2 needs to be reinstalled to get the library proper back. On the other hand than db4.2_recover wouldn't work too as that binary is linked against libdb4.2. Can you try to setup another slapd instance (on another machine if available) and try to run it with the same configuration as the current
Bug#375494: [Pkg-openldap-devel] Bug#375494: slapd: buffer overflow on long host names [CVE-2006-2754]
Martin Pitt wrote: Package: slapd Version: 2.2.26-5 Severity: important Tags: security patch Hi! Several distros recently fixed a buffer overflow in slurpd wrt. long host names in the status file. This should not usually be exploitable, but it is at least a nice bug fix for crashes. Please see http://patches.ubuntu.com/patches/openldap2.2.CVE-2006-2754.diff for the patch. Thanks for notification, I'll apply it as soon as possible. Thank you, Martin Regards, Matthijs Mohlmann -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375494: [Pkg-openldap-devel] Bug#375494: slapd: buffer overflow on long host names [CVE-2006-2754]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quanah Gibson-Mount wrote: --On Tuesday, July 04, 2006 2:07 PM +0200 Matthijs Mohlmann [EMAIL PROTECTED] wrote: Martin Pitt wrote: Package: slapd Version: 2.2.26-5 Severity: important Tags: security patch Hi! Several distros recently fixed a buffer overflow in slurpd wrt. long host names in the status file. This should not usually be exploitable, but it is at least a nice bug fix for crashes. Please see http://patches.ubuntu.com/patches/openldap2.2.CVE-2006-2754.diff for the patch. Thanks for notification, I'll apply it as soon as possible. Thank you, Martin This was one of the patches for 2.3.23 or so that I emailed in a while ago (and then was included in 2.3.24). So you might have it in your email somewhere. --Quanah You are right, I didn't look at the version number which is 2.2.26-5. Sorry for the trouble. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEqsZ/2n1ROIkXqbARAnbjAJsGs3aJNllSvrSUGBFqx3326wVVxwCgi903 Ups/Z7TYOmS/qi9fZ1wddWU= =EsxJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375067: [Pkg-openldap-devel] Bug#375067: Running a second instance of slapd stops /etc/init.d/slapd stop from working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Westby wrote: Package: slapd Version: 2.3.24-1 Severity: minor [Apologies for the lack of additional information on the bug report, but slapd is only set up in a VM] Hi, I have been trying to debug some problems so I use -d quite often. If i forget to /etc/init.d/slapd stop before trying this then slapd -d from the command line fails as you would expect. Then when I try and stop the daemon with /etc/init.d/slapd stop it looks ok, but the daemon is left running, and must be killed, which is not so good. To reproduce /etc/init.d/slapd start slapd -d 1 (fails) /etc/init.d/slapd stop (nothing seems amiss) slapd -d 1 (fails again) /etc/init.d/slapd stop .. .. .. Doesn't stop the daemon. Thanks, James I can't reproduce it here, just tried your flow to reproduce but that didn't work: /etc/init.d/slapd start (works) slapd -d 1 (fails, because port is in use) /etc/init.d/slapd stop (works, check pstree -u if slapd is running) slapd -d 1 (works, because slapd is stopped) /etc/init.d/slapd stop (works also, the 'slapd -d 1' is killed) If you want to run a second instance of slapd, you can better try to create another configuration file and set it up so that it doesn't interfere with the other one. But why do you want that ? slapd can run with multiple directories ? Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEm4S22n1ROIkXqbARAtgEAJ9yQXh5dsMqmYRUgcHC2ug2stAeFgCfeAxd 421YTyCYAvUFTNTKBACLfb4= =rkfS -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#369886: [Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches for a couple of bugs.
Daniel Kahn Gillmor wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jesus-- [Moving this discussion to the debian bug tracker, since it's now more about debian packaging than upstream] On June 19, [EMAIL PROTECTED] said: On Mon, Jun 19, 2006 at 01:25:55PM -0400, Daniel Kahn Gillmor wrote: On June 19, [EMAIL PROTECTED] said: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369886 a variant of this patchset was already submitted on this list [0] (it was the command-line argument variant), and is probably indefinitely on hold for upstream due to a couple reasons: 0) jonz seemed unconvinced [1] that dropping privileges in the way i suggested would be sufficiently secure to avoid exploitation (though i confess i didn't understand his argument) Do you have a pointer to his explanation ? And yours ? 1) jonz and myself were unfortunately unable to come to a mutually-satisfactory agreement about copyright assignment :( Same goes for me. Ok, i will tag it wontfix, then. If you think that's the best way to go for this bug, i'll stick with your decision. But i'd like to continue to consider it for debian, at least. If the concern is the copyright assignment issue, that shouldn't have any bearing on the patch's integration with debian. jonz has only stated that he won't accept copywritable contributions from me upstream without giving him full copyright assignment. The patch itself is offered under the GPL, so i wouldn't think there would be a problem with debian using it. The source of dspam is released under the GPLv2, so it won't give a problem to apply a patch that is offered under the GPL. If the reason is the security argument, can you help me understand what the issue is with the patchset? I'd like to try to fix it, if possible. I went through the list of bugs to do the upload asap. That sounds great! Thanks for doing it. --dkg Hi, I like your patch and your proposal, and would like to see this in Debian, but doesn't this interfere with the patch: add-config-dir.dpatch ? And is there a possibility to write some documentation around it (in NEWS.Debian or README.Debian for example ? Regards, Matthijs Mohlmann PS: Did this conversation took place at the mailinglist of dspam ? I believe I missed something... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#369886: [Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches for a couple of bugs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Kahn Gillmor wrote: On June 21, [EMAIL PROTECTED] said: Daniel Kahn Gillmor wrote: 0) jonz seemed unconvinced [1] that dropping privileges in the way i suggested would be sufficiently secure to avoid exploitation (though i confess i didn't understand his argument) Do you have a pointer to his explanation ? And yours ? there wasn't as much in-depth discussion about the technical merit of the patch as i would have liked. What there was was on dspam-dev, which should be visible through gmane here (i tried to provide these links in the previous e-mail, but they may not have come through): http://news.gmane.org/find-root.php?message_id=%3c17515.39819.64753.124171%40localhost.localdomain%3e http://news.gmane.org/find-root.php?message_id=%3cB26CB601%2d821B%2d4B16%2d88CD%2dF8E29F9BAF49%40nuclearelephant.com%3e Thank you, I've read the discussion. Jonz is talking about remote code execution, but if you are dropping privileges and you are, then I don't see a security problem. So I'm wondering where he sees the security problem... afaik, the earliest request for this feature was on dspam-users: http://dspam.nuclearelephant.com/dspam-users/2736.html The source of dspam is released under the GPLv2, so it won't give a problem to apply a patch that is offered under the GPL. That's my understanding as well. I like your patch and your proposal, and would like to see this in Debian, but doesn't this interfere with the patch: add-config-dir.dpatch ? i don't think they interfere with each other. Both patches apply cleanly together (allow-alternate-config.dpatch goes at the end of d/p/00list), and they have orthogonal functionality: - add-config-dir allows you to Include other directories from your config file, wherever it is located. Ah fine, I could know that myself. - allow-alternate-config allows a dspam user to specify an entirely different config file (which may itself use Include directives, thanks to add-config-dir) instead of the default one. And is there a possibility to write some documentation around it (in NEWS.Debian or README.Debian for example ? I'd be happy to. Something short and sweet would be good to encourage folks to actually read it :) I'm not sure whether it warrants an entry in NEWS, but i'll defer to more experienced packagers on that. How about: --- As of version $(insert version here), debian's dspam packages allow the user to select an alternate configuration file at runtime, which should be indicated by name through the DSPAM_CONF environment variable. This is useful for (among other things) running multiple parallel daemons or individual users setting up their own classifier instances. For example (in bash): $ DSPAM_CONF=~/my-classifier/dspam.conf dspam_stats testerX For security reasons, use of an alternate config file will cause any setuid binary to drop privileges. Therefore, any use of dspam which relies on the setuid nature of the binary (e.g. updating the host's centralized data store as a non-privileged user) *must not* use an alternate config file (i.e. make sure that DSPAM_CONF is unset). --- meh. still too long, i think. i welcome edits. Let me think about it, I've not a direct edit for you. Regards, --dkg Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEmZp02n1ROIkXqbARAm9rAJoDgrEoQxVbR0pn/4sodtVPag0LbACfeqtp o3Q1nD47TmAt902Vrwvuf+4= =q0TA -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#292845: [Pkg-openldap-devel] Bug#292845: dynamically created files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Edward Allcutt wrote: Package: slapd Version: 2.3.24-1 Followup-For: Bug #292845 In addition to the pid file, the slapd.args file should also be relocated to /var/run/slapd Otherwise slapd fails silently (unless you manually enable logging) when running as a non-root user. True, I'm busy on implementing that part. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEkGxE2n1ROIkXqbARAoNjAKCR97Jf8sljDO+hl7rrCxNyBzvbSACfXUNf QOBZEdP+gbAMwBhKtpMLmFw= =gDZz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#373233: [Pkg-openldap-devel] Bug#373233: slapd: Fails to restart after upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 merge 373233 372194 thanks Juliet Kemp wrote: Package: slapd Version: 2.3.23-1 Severity: grave Justification: renders package unusable After upgrading to the most recent version of slapd in testing, it fails to start. This seems also to apply to the version in unstable. The relevant part of the logs is below: Jun 13 19:56:23 elysium slapd[27841]: backend_startup_one: starting dc=ph,dc=ic,dc=ac,dc=uk Jun 13 19:56:23 elysium slapd[27841]: bdb_db_open: dc=ph,dc=ic,dc=ac,dc=uk Jun 13 19:56:23 elysium slapd[27841]: bdb_db_open: dbenv_open(/var/lib/ldap) Jun 13 19:56:23 elysium slapd[27841]: slapd starting Jun 13 19:56:23 elysium slapd[27843]: daemon: epoll_ctl(ADD,fd=4) failed, errno=90, shutting down Jun 13 19:56:23 elysium slapd[27843]: daemon: added 4r Jun 13 19:56:23 elysium slapd[27843]: daemon: epoll_ctl(ADD,fd=6) failed, errno=90, shutting down Jun 13 19:56:23 elysium slapd[27843]: daemon: added 6r Jun 13 19:56:23 elysium slapd[27843]: daemon: abnormal condition, shutdown initiated. Jun 13 19:56:23 elysium slapd[27843]: daemon: closing 6 Jun 13 19:56:23 elysium slapd[27843]: slapd shutdown: waiting for 0 threads to terminate Jun 13 19:56:23 elysium slapd[27841]: slapd shutdown: initiated Jun 13 19:56:23 elysium slapd[27841]: bdb_cache_release_all Jun 13 19:56:23 elysium slapd[27841]: slapd destroy: freeing system resources. Jun 13 19:56:23 elysium slapd[27841]: slapd stopped. Please let me know if you need any further information, or if you can suggest a fix. Regards, Juliet Kemp -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (700, 'testing'), (650, 'unstable'), (600, 'stable') Architecture: sparc (sparc64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.26-sparc64 Hi, This is a known problem and is fixed in the current svn, when all architectures are updated to the new gcc-defaults and we've tested the current version in svn we'll upload openldap. The epoll(7) system call is not supported by 2.4 kernels which idd causes slapd fail to start. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEjxXK2n1ROIkXqbARAuTgAJsE6ilHDhWyzPaMqbJlIydkp3GLCQCeKrBs 0lCb6/EmIOpaw+UiytSc6ug= =67K7 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#367326: Fails to load when running under Xen
Package: nvidia-kernel-source
Version: 1.0.8762-2
Followup-For: Bug #367326
Hi,
Here are two problems, one in the kernel and one in the source of
nvidia. The kernel needs to export symbol xen_tlb_flush. And the source
of nvidia needs a patch to run properly in a xen environment.
Both patches are attached and more information can be found here:
http://www.nvnews.net/vbulletin/showthread.php?t=68648
An happy nvidia user running with a xen kernel.
Regards,
Matthijs Mohlmann
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-xen
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages nvidia-kernel-source depends on:
ii debhelper 5.0.35 helper programs for debian/rules
ii dpatch2.0.20 patch maintenance system for Debia
ii make 3.81-2 The GNU version of the make util
ii sed 4.1.5-1The GNU sed stream editor
Versions of packages nvidia-kernel-source recommends:
ii devscripts2.9.20 Scripts to make the life of a Debi
ii kernel-package10.048 A utility for building Linux kerne
ii nvidia-glx1.0.8762-2 NVIDIA binary XFree86 4.x driver
-- no debconf information
diff -urN linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c
linux-2.6-xen-sparse-nv/arch/i386/mm/hypervisor.c
--- linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c 2006-04-13
19:48:37.0 +0200
+++ linux-2.6-xen-sparse-nv/arch/i386/mm/hypervisor.c 2006-04-16
15:34:51.0 +0200
@@ -133,6 +133,7 @@
op.cmd = MMUEXT_TLB_FLUSH_LOCAL;
BUG_ON(HYPERVISOR_mmuext_op(op, 1, NULL, DOMID_SELF) 0);
}
+EXPORT_SYMBOL(xen_tlb_flush);
void xen_invlpg(unsigned long ptr)
{
diff -urN nv-1.0-8756/nv.c nv-1.0-8756-xen-3.0.2-2/nv.c
--- nv-1.0-8756/nv.c 2006-03-30 01:02:20.0 +0200
+++ nv-1.0-8756-xen-3.0.2-2/nv.c 2006-04-18 03:16:11.0 +0200
@@ -16,6 +16,9 @@
#include os-agp.h
#include nv-vm.h
+#define io_remap_page_range(vma, start, busaddr, size, prot) \
+ io_remap_pfn_range(vma, start, busaddrPAGE_SHIFT, size, prot)
+
#ifdef MODULE_ALIAS_CHARDEV_MAJOR
MODULE_ALIAS_CHARDEV_MAJOR(NV_MAJOR_DEVICE_NUMBER);
#endif
@@ -44,7 +47,11 @@
int nv_pat_enabled = 0;
+#ifdef CONFIG_XEN
+static int nv_disable_pat = 1;
+#else
static int nv_disable_pat = 0;
+#endif
NV_MODULE_PARAMETER(nv_disable_pat);
#if defined(NVCPU_X86) || defined(NVCPU_X86_64)
@@ -2087,7 +2094,11 @@
return -ENXIO;
}
+#ifdef CONFIG_XEN
+if (io_remap_page_range(vma, vma-vm_start,
+#else
if (NV_REMAP_PAGE_RANGE(vma-vm_start,
+#endif
NV_VMA_OFFSET(vma),
NV_VMA_SIZE(vma),
vma-vm_page_prot))
@@ -2112,7 +2123,11 @@
}
}
+#ifdef CONFIG_XEN
+if (io_remap_page_range(vma, vma-vm_start,
+#else
if (NV_REMAP_PAGE_RANGE(vma-vm_start,
+#endif
NV_VMA_OFFSET(vma),
NV_VMA_SIZE(vma),
vma-vm_page_prot))
@@ -2155,7 +2170,11 @@
NV_ATOMIC_INC(at-usage_count);
nv_up(nvl-at_lock);
+#ifdef CONFIG_XEN
+if (io_remap_page_range(vma, vma-vm_start,
+#else
if (NV_REMAP_PAGE_RANGE(vma-vm_start,
+#endif
NV_VMA_OFFSET(vma),
NV_VMA_SIZE(vma),
vma-vm_page_prot))
diff -urN nv-1.0-8756/nv-linux.h nv-1.0-8756-xen-3.0.2-2/nv-linux.h
--- nv-1.0-8756/nv-linux.h 2006-03-30 01:02:20.0 +0200
+++ nv-1.0-8756-xen-3.0.2-2/nv-linux.h 2006-04-17 01:46:37.0 +0200
@@ -19,8 +19,8 @@
#include linux/utsname.h
-#if LINUX_VERSION_CODE KERNEL_VERSION(2, 4, 0)
-# error This driver does not support pre-2.4 kernels!
+#if LINUX_VERSION_CODE KERNEL_VERSION(2, 4, 7)
+# error This driver does not support 2.4 kernels older than 2.4.7!
#elif LINUX_VERSION_CODE KERNEL_VERSION(2, 5, 0)
# define KERNEL_2_4
#elif LINUX_VERSION_CODE KERNEL_VERSION(2, 6, 0)
@@ -94,6 +94,7 @@
#include linux/spinlock.h
#include asm/semaphore.h
+#include linux/completion.h
#include linux/highmem.h
#ifdef CONFIG_PROC_FS
@@ -225,9 +226,13 @@
* tiny, and the kernel panics when it is exhausted. try to warn the user that
* they need to boost the size of their pool.
*/
+#if defined(CONFIG_XEN)
+#undef CONFIG_SWIOTLB
+#else
#if defined(CONFIG_SWIOTLB) !defined(GFP_DMA32)
#define NV_SWIOTLB 1
#endif
+#endif
/*
* early 2.6 kernels changed their swiotlb codepath, running into a
diff -urN nv-1.0-8756/nv-vm.c nv-1.0-8756-xen-3.0.2-2/nv-vm.c
--- nv-1.0-8756/nv-vm.c 2006-03-30 01:02:20.0 +0200
+++ nv-1.0-8756-xen-3.0.2-2/nv-vm.c 2006-04-18 02:16:21.0 +0200
Bug#333428: [Pkg-openldap-devel] Bug#333428: slapd.schema.conf?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Elrond wrote: Hi, Is anything happening regarding this idea? Elrond Hi, It's almost on top my TODO list. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEiFjs2n1ROIkXqbARArfaAJ9IGmguKTTCuzg9QPl0W1Dtd7Kn2wCdGvvg C86in3MuYPUxEto3YvEnVbY= =gJol -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#369544: [Pkg-openldap-devel] Bug#369544: openldap2.3: OpenLDAP 2.3.24 is available upstream
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Marschall wrote: Package: openldap2.3 Severity: normal Hi, a new upstream version of OpenLDAP is available: 2.3.24. According to the ChangeLog it is a putre bugfix version. Please consider packaging this one instead of 2.3.23 and apply the patches to the files in the debian/ directory. These patches fix regressions against older versions introduced with openldap2.3. Thanks in advance Peter Thanks for noticing. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEfG8E2n1ROIkXqbARAmmuAJ90271g7ZbIyA63aJOam5BDr5SLkwCfYiYi 8bac7c4Bv3twaXz/2Sy9jzc= =QuB6 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#369414: [Pkg-dspam-misc] Bug#369414: dspam: add-config-dir.dpatch passes args of wrong type, resulting in spurious compiler warnings
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Kahn Gillmor wrote: Package: dspam Version: 3.6.6-1 Severity: normal Tags: patch add-config-dir.dpatch passes several arguments around as config_t**, when it should probably be config_t*. since config_t itself is typedef'ed to attrib_t, the extra layer of dereferencing is one too many. i'm attaching a new version of add-config-dir.dpatch which should fix the issues. The patch now also limits itself to reading files named *.conf in any Include directories, which helps to avoid reading $EDITOR-generated backup files, for example. Thanks for maintaining dspam for debian! --dkg Thanks, that helped me understanding a bit more. Applied to the svn repository. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEe1FP2n1ROIkXqbARAoyPAJ41C2SkLBe/IRm9yJzPb3vSPLDZrQCeJLhY LS8DlfgR0tFFAFvsjexLsRA= =3zls -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
