Re: [CentOS] systemd-journald corruption
On Tue, Apr 26, 2016 at 3:01 PM, Chris Adamswrote: > Once upon a time, Chris Murphy said: >> On Tue, Apr 26, 2016, 2:09 PM Chris Adams wrote: >> > I have several recently-installed CentOS 7 servers that keep having >> > systemd-journald corruption >> >> Determined with 'journalctl --verify' or another way? > > I get messages like this in dmesg: > > [4756650.489117] systemd-journald[21364]: Failed to write entry (21 items, > 637 bytes), ignoring: Cannot assign requested address I haven't seen this. When I plug this text into a google search field, no quotes, there are 360 results. systemd-journald failed to write entry cannot assign requested address There's also this patch as a suggested fix: https://bugzilla.redhat.com/show_bug.cgi?id=1292447#c9 What version of systemd and rsyslog? systemd-219-19.el7_2.7 and rsyslog-7.4.7-12 are current. If you're there already you could ry editing /etc/systemd/journald.conf and uncommenting Compress=yes and changing it to no. -- Chris Murphy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bourne shell deprecated?
On 4/26/2016 7:27 PM, Alice Wonder wrote: bash is mostly compatible with bourne (can run most bourne scripts) which is why /bin/sh is a symlink to /bin/bash on GNU and most other *nix systems. when bash is invoked as /bin/sh, it reverts to more Bourne like behaviors in some circumstances where the default is not compatible. Most of the script developers at my $job seem to prefer ksh for serious scripting, apparently its more consistent. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bourne shell deprecated?
On 04/26/2016 07:21 PM, Digimer wrote: On 26/04/16 10:07 PM, John R Pierce wrote: On 4/26/2016 6:45 PM, Jack Bailey wrote: Today someone in a meeting claimed the Bourne shell is deprecated, one of the reasons being it supposedly has security issues. Well that's all news to me, and I cannot find anything online to corroborate the claim. Is this true, is it a bash vs. Bourne FUD, or something else? there's no Bourne shell in CentOS anyways, /bin/sh is a symlink to /bin/bash... last OS I can think of with an actual Bourne shell was Solaris. ?? [root@an-striker01 ~]# cat /etc/redhat-release CentOS release 6.7 (Final) [root@an-striker01 ~]# which bash /bin/bash [root@an-striker01 ~]# ls -lah /bin/bash -rwxr-xr-x. 1 root root 885K Sep 22 2015 /bin/bash [root@an-striker01 ~]# which sh /bin/sh [root@an-striker01 ~]# ls -lah /bin/sh lrwxrwxrwx. 1 root root 4 Mar 27 18:40 /bin/sh -> bash Yes, Red Hat and most (all?) GNU/Linux distributions have used bash as far back as I can remember. Some of the BSDs use to have a bourne shell and maybe some do, I don't know. bash is mostly compatible with bourne (can run most bourne scripts) which is why /bin/sh is a symlink to /bin/bash on GNU and most other *nix systems. Bourne is for all practical purposes dead. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bourne shell deprecated?
On 26/04/16 10:07 PM, John R Pierce wrote: > On 4/26/2016 6:45 PM, Jack Bailey wrote: >> >> Today someone in a meeting claimed the Bourne shell is deprecated, one >> of the reasons being it supposedly has security issues. Well that's >> all news to me, and I cannot find anything online to corroborate the >> claim. Is this true, is it a bash vs. Bourne FUD, or something else? > > there's no Bourne shell in CentOS anyways, /bin/sh is a symlink to > /bin/bash... > > last OS I can think of with an actual Bourne shell was Solaris. ?? [root@an-striker01 ~]# cat /etc/redhat-release CentOS release 6.7 (Final) [root@an-striker01 ~]# which bash /bin/bash [root@an-striker01 ~]# ls -lah /bin/bash -rwxr-xr-x. 1 root root 885K Sep 22 2015 /bin/bash [root@an-striker01 ~]# which sh /bin/sh [root@an-striker01 ~]# ls -lah /bin/sh lrwxrwxrwx. 1 root root 4 Mar 27 18:40 /bin/sh -> bash Same upstream on Fedora 23: 0 root@pulsar:/home/digimer# cat /etc/redhat-release Fedora release 23 (Twenty Three) 0 root@pulsar:/home/digimer# which bash /bin/bash 0 root@pulsar:/home/digimer# ls -lah /bin/bash -rwxr-xr-x. 1 root root 1.1M Jan 11 06:02 /bin/bash 0 root@pulsar:/home/digimer# which sh /bin/sh 0 root@pulsar:/home/digimer# ls -lah /bin/sh lrwxrwxrwx. 1 root root 4 Jan 11 06:02 /bin/sh -> bash -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bourne shell deprecated?
On 04/26/2016 06:45 PM, Jack Bailey wrote: Today someone in a meeting claimed the Bourne shell is deprecated, one of the reasons being it supposedly has security issues. Well that's all news to me, and I cannot find anything online to corroborate the claim. Is this true, is it a bash vs. Bourne FUD, or something else? The Bourne shell is not POSIX conforming. It's not widely available. It was included in Solaris until 11, when it was replaced with a POSIX compatible sh. It was affected by a security issue in 2014: http://www.cvedetails.com/vulnerability-list/vendor_id-15053/year-2014/Heirloom.html I think it's hard to argue that it's not deprecated. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bourne shell deprecated?
On 4/26/2016 6:45 PM, Jack Bailey wrote: Today someone in a meeting claimed the Bourne shell is deprecated, one of the reasons being it supposedly has security issues. Well that's all news to me, and I cannot find anything online to corroborate the claim. Is this true, is it a bash vs. Bourne FUD, or something else? there's no Bourne shell in CentOS anyways, /bin/sh is a symlink to /bin/bash... last OS I can think of with an actual Bourne shell was Solaris. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bourne shell deprecated?
There was the "Shell Shock" Vulnerability patched on the 24th of September 2014 Maybe this person was Misinformed after this incident. Microsoft and Ubuntu just announced BASH for Windows ( they called it Linux on Windows or something like that ). On 27 April 2016 at 13:47, Digimerwrote: > On 26/04/16 09:45 PM, Jack Bailey wrote: > > Hello List, > > > > Today someone in a meeting claimed the Bourne shell is deprecated, one > > of the reasons being it supposedly has security issues. Well that's all > > news to me, and I cannot find anything online to corroborate the claim. > > Is this true, is it a bash vs. Bourne FUD, or something else? > > > > Thanks, > > Jack > > [Citation Needed] > > -- > Digimer > Papers and Projects: https://alteeve.ca/w/ > What if the cure for cancer is trapped in the mind of a person without > access to education? > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bourne shell deprecated?
On 26/04/16 09:45 PM, Jack Bailey wrote: > Hello List, > > Today someone in a meeting claimed the Bourne shell is deprecated, one > of the reasons being it supposedly has security issues. Well that's all > news to me, and I cannot find anything online to corroborate the claim. > Is this true, is it a bash vs. Bourne FUD, or something else? > > Thanks, > Jack [Citation Needed] -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Bourne shell deprecated?
Hello List, Today someone in a meeting claimed the Bourne shell is deprecated, one of the reasons being it supposedly has security issues. Well that's all news to me, and I cannot find anything online to corroborate the claim. Is this true, is it a bash vs. Bourne FUD, or something else? Thanks, Jack ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/PHP Installation - opinions
On 04/26/2016 03:27 PM, Tim Dunphy wrote: Hey guys, I tend to work on small production environments for a large enterprise. Never more than 15 web servers for most sites. But most are only 3 to 5 web servers. Depends on the needs of the client.I actually like to install Apache and PHP from source and by hand. Although I know that's considered sacrilege in some shops. I do this because on RH flavored systems like CentOS the versions of Apache, php and most other software are a little behind the curve in terms of versions. And that's intentionally so! Because the versions that usually go into the various repos are tested and vetted thoroughly before going into the repos. I like to use the latest, stable versions of apache and php for my clients without having to create a custom RPM every time a new version comes out. So what I'd like to know is it better in your opinion to install from repos than to install by source as a best practice? Is it always better to use puppet, chef, ansible etc even if the environment is small? I'm sure this is a matter preference, but I would like to know what your preferences are. Thanks, Tim I don't have php 7 but I do have 5.6.20 (latest in 5.6 branch), Apache 2.4.20, etc. at https://librelamp.com/ The purpose of that repo is LAMP stack built against LibreSSL opposed to OpenSSL. I prefer LibreSSL over OpenSSL but I like CentOS so to use LibreSSL in CentOS I had to make that repo. I've been told the php 7 RPMs maintained by Remi work just fine with it if you really need php 7 (php 7 breaks some web apps I run so I stick to 5.6 branch) A lot of of the RPMs are tweaked rebuilds of Fedora source RPMs ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS-announce] CESA-2016:0695 Critical CentOS 7 firefox Security Update
CentOS Errata and Security Advisory 2016:0695 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0695.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 7ad87030365ab1016abb60f1e290685ad331c5a5f1562bde57106a7ccacaf69b firefox-45.1.0-1.el7.centos.i686.rpm 9d5a9f3245ea81a0750082d056031816b6d1d05fe278641a0aad4fd44f367c05 firefox-45.1.0-1.el7.centos.x86_64.rpm Source: ea6c6ab0a63372cae9b1c76d642de69e23866e790dc41d5a91f56b99d352ec34 firefox-45.1.0-1.el7.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS ___ CentOS-announce mailing list CentOS-announce@centos.org https://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] Apache/PHP Installation - opinions
On 04/26/2016 03:27 PM, Tim Dunphy wrote: So what I'd like to know is it better in your opinion to install from repos than to install by source as a best practice? Your tools should save you time. Building packages should involve three steps: download the source, update the version number in your spec file, mock build / sign / publish (the last set should be a small shell script). Building in mock means that the package is predictable. Every time it builds, it'll detect the same available libraries during ./configure, so your build is consistent. Is it always better to use puppet, chef, ansible etc even if the environment is small? Again, your tools should save you time. If your configuration manager takes more effort than configuring a system by hand, you should probably look for a better tool. Personally, I like bcfg2. And yes, I use it for everything. I use templates extensively so that anything that varies from site to site or host to host is easy to adjust, and I can apply a configuration far more quickly and reliably than I can configure a system manually. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/PHP Installation - opinions
If you need more recent versions checkout softwarecollections.org. It has more recent rebuilds of the big package suites that install under /opt and don't collide with the system installed packages. There is a CentOS specific channel in there somewhere. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where, if at all, is my virtual printer output?
On Tue, 26 Apr 2016 17:57:31 -0500 (CDT) Michael Hennebry wrote: > Now there are two virtual printers, > one named Cups-PDF Out of the box, cups-pdf creates a pdf and puts it on your desktop. You can configure that with /etc/cups/cups-pdf.conf -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/PHP Installation - opinions
On 4/26/2016 3:27 PM, Tim Dunphy wrote: I like to use the latest, stable versions of apache and php for my clients without having to create a custom RPM every time a new version comes out. So what I'd like to know is it better in your opinion to install from repos than to install by source as a best practice? Is it always better to use puppet, chef, ansible etc even if the environment is small? I'm sure this is a matter preference, but I would like to know what your preferences are. I would setup your own private yum repo, with RPMs built from source, ideally built to run in /opt/yourstuff or /usr/local or something, as you prefer, so they don't collide with any system packages.. once you've got the rpm build down, unless there's major architectural changes in the package, it shouldn't take more than fetching the latest tarball and run your rpm build script, then test it on a staging platform, when it meets your requirements, post it on your repo, and have your sites update via yum... I've never gotten into the puppet/chef/etc stuff cuz every one of the 35 servers and VMs in the development lab at work is a different custom configuration, so I config them by hand, its not that much work in my environment. For CentOS VMs, I generally install from the minimal ISO, then copypasta a few yum commands to get all my favorite tools onboard, and past that its a custom configuration of this java plus that database server and whatall user accounts this app environment needs, doesn't take a half hour to build a new system this way, and I don't have to build them that often (maybe a couple a month at most?). -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] where, if at all, is my virtual printer output?
I recently installed the package that allows having virtual printers under CUPS. I used the localhost:631 GUI to add a virtual pdf printer. I do not remember what I did. Now there are two virtual printers, one named Cups-PDF and the one I named pdfprinter. I cannot find the output from either. I do not know how to ask them. From firefox, print to file still works, but does not do what I want. Even if it did, I'd still want to know what's going on with my virtual printers. From an error log: Unable to create avahi client: Resource temporarily unavailable" -- Michael henne...@web.cs.ndsu.nodak.edu "Sorry but your password must contain an uppercase letter, a number, a haiku, a gang sign, a heiroglyph, and the blood of a virgin." -- someeecards ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Apache/PHP Installation - opinions
Hey guys, I tend to work on small production environments for a large enterprise. Never more than 15 web servers for most sites. But most are only 3 to 5 web servers. Depends on the needs of the client.I actually like to install Apache and PHP from source and by hand. Although I know that's considered sacrilege in some shops. I do this because on RH flavored systems like CentOS the versions of Apache, php and most other software are a little behind the curve in terms of versions. And that's intentionally so! Because the versions that usually go into the various repos are tested and vetted thoroughly before going into the repos. I like to use the latest, stable versions of apache and php for my clients without having to create a custom RPM every time a new version comes out. So what I'd like to know is it better in your opinion to install from repos than to install by source as a best practice? Is it always better to use puppet, chef, ansible etc even if the environment is small? I'm sure this is a matter preference, but I would like to know what your preferences are. Thanks, Tim Sent from my iPhone ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] username.pem
Best label available I can see is sshd_var_run_t. Not exactly named well but it would work. chcon -R -t sshd_var_run_t /var/lib/ssh-x509-auth On 04/26/2016 11:31 AM, m.r...@5-cent.us wrote: Hi, folks, Our system gets/creates /var/lib/ssh-x509-auth/,pem, then deletes it when the log out. selinux (in permissive mode) complains. First, I changed the context to cert_t, and *now* it complains that ksh93 wants write, etc access on the directory. grep ssh-x509-auth /var/log/audit/audit.log | audit2allow offers me this: #= sshd_t == allow sshd_t cert_t:dir write; allow sshd_t var_lib_t:file { write getattr create open ioctl }; So: first, is this an expected behavior; second, is that the correct fcontext, and, finally, is it safe for me to create this as a local policy? Thanks in advance. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemd-journald corruption
Once upon a time, Chris Murphysaid: > On Tue, Apr 26, 2016, 2:09 PM Chris Adams wrote: > > I have several recently-installed CentOS 7 servers that keep having > > systemd-journald corruption > > Determined with 'journalctl --verify' or another way? I get messages like this in dmesg: [4756650.489117] systemd-journald[21364]: Failed to write entry (21 items, 637 bytes), ignoring: Cannot assign requested address I'll check journalctl --verify when it happens next (seems to happen every day on at least one of the servers). It does only seem to be happening only on my spam-scanning VMs. Some of them do have a relatively high log rate (40-50 messages per second sometimes). I dug into it a little more after my original message, and it appears to be a recent issue; I have some VMs that were set up a little longer ago (still running CentOS 7.1 I believe) that have not had this problem. > If you are referring to native journald logs corrupting, that should not > affect rsyslog. If you remove /var/log/journal then systemd-journald logs > will be stored volatile in /run. That appears to be where they're going (I don't have a /var/log/journal, but I didn't do anything to remove it). I have had to remove files from /run/log/journal to get systemd-journald working again. > > Has anyone else seen this? > > Sortof, but not in a way that affects rsyslog. Usually journalctl just > skips over corrupt parts and systemd-journald will rotate logs when it > detects corruption to isolate corrupt files. When it happens, all logs just stop; rsyslogd appears to not get any more log entries (I have rsyslogd logging to central log hosts and they get nothing). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemd-journald corruption
On Tue, Apr 26, 2016, 2:09 PM Chris Adamswrote: > I have several recently-installed CentOS 7 servers that keep having > systemd-journald corruption Determined with 'journalctl --verify' or another way? (which stops ALL logging, including syslog). > Interestingly, they are all spam-scanning servers running amavisd-new > (so could be some particular pattern is triggering it). > > Is there a "supported" way to just cut systemd-journald out of the > picture and have log entries go straight to rsyslogd? > No. Everything reports to journald and rsyslog gets what it wants from journald. If you are referring to native journald logs corrupting, that should not affect rsyslog. If you remove /var/log/journal then systemd-journald logs will be stored volatile in /run. > Has anyone else seen this? > Sortof, but not in a way that affects rsyslog. Usually journalctl just skips over corrupt parts and systemd-journald will rotate logs when it detects corruption to isolate corrupt files. Chris Murphy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] systemd-journald corruption
I have several recently-installed CentOS 7 servers that keep having systemd-journald corruption (which stops ALL logging, including syslog). Interestingly, they are all spam-scanning servers running amavisd-new (so could be some particular pattern is triggering it). Is there a "supported" way to just cut systemd-journald out of the picture and have log entries go straight to rsyslogd? Has anyone else seen this? -- Chris Adams___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Flash
On Tue, 2016-04-26 at 19:04 +0200, Yamaban wrote: > On Tue, 26 Apr 2016 13:54, wwp wrote: > > > Hello Andreas, > > > > > > On Tue, 26 Apr 2016 09:03:12 +0200 Andreas Benzler wrote: > > > >> Hello every one I installed the official > >> flash plugin from adobe > >> > >> About Plugins tells me: > >> > >> Datei: libflashplayer.so > >> Pfad: /usr/lib64/flash-plugin/libflashplayer.so > >> Version: 11.2.202.577 > >> Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) > >> Shockwave Flash 11.2 r202 > >> > >> But it is: > >> > >> strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 > >> FlashPlayer_11_2_202_616_FlashPlayer > >> LNX 11,2,202,616 > >> 11.2.202.616 > >> drm/%s/%s/%s/11.2.202.616%s > >> > >> Any ideas? > > > > > b) Close firefox, remove 'pluginreg.dat', update flashplayer, start firefox This is what I've done for years when issues arise. Before doing so however, cp -a pluginreg.dat pluginregdat.dat.YYMMDD Just in case something is scrogged. > > - Yamaban > Bill ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Flash
On Tue, Apr 26, 2016 at 07:04:41PM +0200, Yamaban wrote: > On Tue, 26 Apr 2016 13:54, wwp wrote: > > >Hello Andreas, > > > > > >On Tue, 26 Apr 2016 09:03:12 +0200 Andreas Benzler wrote: > > > >>Hello every one I installed the official > >>flash plugin from adobe > >> > >>About Plugins tells me: > >> > >>Datei: libflashplayer.so > >>Pfad: /usr/lib64/flash-plugin/libflashplayer.so > >>Version: 11.2.202.577 > >>Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) > >>Shockwave Flash 11.2 r202 > >> > >>But it is: > >> > >> strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 > >>FlashPlayer_11_2_202_616_FlashPlayer > >>LNX 11,2,202,616 > >>11.2.202.616 > >>drm/%s/%s/%s/11.2.202.616%s > >> > >>Any ideas? > > > >On my 3 CentOS 6.5 systems here (all up-to-date), only one shows '577' > >whereas 616 is installed and the 577 binary has gone. Strange, I still > >didn't get how to "fix" this, even if doesn't sound overcritical to me. > > Cause is the file "pluginreg.dat" in the Firefox profile folder. > It stores the version info, but upon updates of the flashplayer, > some times it will not get updated. > Two ways to 'cure' that: > > a) Uninstall flash, (Re-)start Firefox, >close Firefox, install new version, start Firefox. >(Due to the 'absence' of flash, the 'pluginreg.dat' gets removed, and >afterwards it will get recreated with the new info) > > b) Close firefox, remove 'pluginreg.dat', update flashplayer, start firefox What always works for me, figured out after MUCH head-banging is: c) exit firefox, do yum install for the new package, restart firefox. no need to delete anything. -- Fred Smith -- fre...@fcshome.stoneham.ma.us - But God demonstrates his own love for us in this: While we were still sinners, Christ died for us. --- Romans 5:8 (niv) -- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Firefox and Flash
On Tue, 26 Apr 2016 13:54, wwp wrote: Hello Andreas, On Tue, 26 Apr 2016 09:03:12 +0200 Andreas Benzler wrote: Hello every one I installed the official flash plugin from adobe About Plugins tells me: Datei: libflashplayer.so Pfad: /usr/lib64/flash-plugin/libflashplayer.so Version: 11.2.202.577 Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 But it is: strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 FlashPlayer_11_2_202_616_FlashPlayer LNX 11,2,202,616 11.2.202.616 drm/%s/%s/%s/11.2.202.616%s Any ideas? On my 3 CentOS 6.5 systems here (all up-to-date), only one shows '577' whereas 616 is installed and the 577 binary has gone. Strange, I still didn't get how to "fix" this, even if doesn't sound overcritical to me. Cause is the file "pluginreg.dat" in the Firefox profile folder. It stores the version info, but upon updates of the flashplayer, some times it will not get updated. Two ways to 'cure' that: a) Uninstall flash, (Re-)start Firefox, close Firefox, install new version, start Firefox. (Due to the 'absence' of flash, the 'pluginreg.dat' gets removed, and afterwards it will get recreated with the new info) b) Close firefox, remove 'pluginreg.dat', update flashplayer, start firefox - Yamaban ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] username.pem
Hi, folks, Our system gets/creates /var/lib/ssh-x509-auth/,pem, then deletes it when the log out. selinux (in permissive mode) complains. First, I changed the context to cert_t, and *now* it complains that ksh93 wants write, etc access on the directory. grep ssh-x509-auth /var/log/audit/audit.log | audit2allow offers me this: #= sshd_t == allow sshd_t cert_t:dir write; allow sshd_t var_lib_t:file { write getattr create open ioctl }; So: first, is this an expected behavior; second, is that the correct fcontext, and, finally, is it safe for me to create this as a local policy? Thanks in advance. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Flash
Hello Andreas, On Tue, 26 Apr 2016 15:18:15 +0200 Andreas Benzlerwrote: > Do as allready commited: > > close firefox > uninstall fash > start firefox > close firefox > install flash > hopefully this works for you. > > config is inside $HOME/.mozzilla It simply worked, thanks! Regards, > Am Dienstag, den 26.04.2016, 13:54 +0200 schrieb wwp: > > Hello Andreas, > > > > > > On Tue, 26 Apr 2016 09:03:12 +0200 Andreas Benzler > > wrote: > > > > > Hello every one I installed the official > > > flash plugin from adobe > > > > > > About Plugins tells me: > > > > > > Datei: libflashplayer.so > > > Pfad: /usr/lib64/flash-plugin/libflashplayer.so > > > Version: 11.2.202.577 > > > Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) > > > Shockwave Flash 11.2 r202 > > > > > > But it is: > > > > > > strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 > > > FlashPlayer_11_2_202_616_FlashPlayer > > > LNX 11,2,202,616 > > > 11.2.202.616 > > > drm/%s/%s/%s/11.2.202.616%s > > > > > > Any ideas? > > > > On my 3 CentOS 6.5 systems here (all up-to-date), only one shows '577' > > whereas 616 is installed and the 577 binary has gone. Strange, I still > > didn't get how to "fix" this, even if doesn't sound overcritical to me. > > > > > > > > Regards, > > > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- wwp pgpcS5FOkSldv.pgp Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] evolution libsoup and samba bug 765106
Hello everyone, while i was play around with winhq install winbind-clients. After this I never can open evolution with exchange ews connector. https://bugzilla.gnome.org/show_bug.cgi?id=765106 I patches libsoup by my self diff -up ./libsoup/soup-auth-ntlm.c.prev ./libsoup/soup-auth-ntlm.c --- ./libsoup/soup-auth-ntlm.c.prev 2016-04-15 14:18:02.680276592 +0200 +++ ./libsoup/soup-auth-ntlm.c 2016-04-15 15:20:00.337116508 +0200 @@ -359,6 +359,7 @@ soup_auth_ntlm_update_connection (SoupCo conn->state = SOUP_NTLM_SSO_FAILED; success = FALSE; } else if (!g_ascii_strcasecmp (response, "PW")) { + conn->state = SOUP_NTLM_SSO_FAILED; priv->sso_available = FALSE; g_free (response); } else { @@ -489,7 +490,7 @@ soup_auth_ntlm_get_connection_authorizat priv->sso_available = FALSE; } } else { - g_warning ("NTLM single-sign-on using %s failed", NTLM_AUTH); + g_debug ("NTLM single-sign-on using %s failed", NTLM_AUTH); } } /* If NTLM single-sign-on fails, go back to original @@ -525,7 +526,7 @@ soup_auth_ntlm_get_connection_authorizat #ifdef USE_NTLM_AUTH case SOUP_NTLM_SSO_FAILED: /* Restart request without SSO */ - g_warning ("NTLM single-sign-on by using %s failed", NTLM_AUTH); + g_debug ("NTLM single-sign-on by using %s failed", NTLM_AUTH); priv->sso_available = FALSE; header = soup_ntlm_request (); conn->state = SOUP_NTLM_SENT_REQUEST; and rebuild mock SRPMS/libsoup-2.48.1-4.el7.centos.src.rpm Now I can open evolution with winbind-cients installed. http://centos.cms4all.org/centos/7/other/SRPMS/libsoup-2.48.1-4.el7.centos.src.rpm Hopefully without any other side effect. Sincerely Andy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Flash
Do as allready commited: close firefox uninstall fash start firefox close firefox install flash hopefully this works for you. config is inside $HOME/.mozzilla Am Dienstag, den 26.04.2016, 13:54 +0200 schrieb wwp: > Hello Andreas, > > > On Tue, 26 Apr 2016 09:03:12 +0200 Andreas Benzler> wrote: > > > Hello every one I installed the official > > flash plugin from adobe > > > > About Plugins tells me: > > > > Datei: libflashplayer.so > > Pfad: /usr/lib64/flash-plugin/libflashplayer.so > > Version: 11.2.202.577 > > Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) > > Shockwave Flash 11.2 r202 > > > > But it is: > > > > strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 > > FlashPlayer_11_2_202_616_FlashPlayer > > LNX 11,2,202,616 > > 11.2.202.616 > > drm/%s/%s/%s/11.2.202.616%s > > > > Any ideas? > > On my 3 CentOS 6.5 systems here (all up-to-date), only one shows '577' > whereas 616 is installed and the 577 binary has gone. Strange, I still > didn't get how to "fix" this, even if doesn't sound overcritical to me. > > > > Regards, > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 134, Issue 13
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2016:0684 Moderate CentOS 5 nspr SecurityUpdate (Johnny Hughes) 2. CESA-2016:0684 Moderate CentOS 5 nss Security Update (Johnny Hughes) 3. CESA-2016:0685 Moderate CentOS 7 nspr SecurityUpdate (Johnny Hughes) 4. CESA-2016:0685 Moderate CentOS 7 nss-util Security Update (Johnny Hughes) 5. CESA-2016:0685 Moderate CentOS 7 nss-softokn Security Update (Johnny Hughes) 6. CESA-2016:0685 Moderate CentOS 7 nss Security Update (Johnny Hughes) -- Message: 1 Date: Mon, 25 Apr 2016 13:19:01 + From: Johnny HughesTo: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2016:0684 Moderate CentOS 5 nspr SecurityUpdate Message-ID: <20160425131901.ga13...@chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2016:0684 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0684.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 2542e599e93d78a8b51ee1e9ad58b24edf8d70029defc49f8b032e4b5782c6bf nspr-4.11.0-1.el5_11.i386.rpm 5dedec41a954bc0562095cd6d5c43165056c256a66cf1389df0d8414e7c96105 nspr-devel-4.11.0-1.el5_11.i386.rpm x86_64: 2542e599e93d78a8b51ee1e9ad58b24edf8d70029defc49f8b032e4b5782c6bf nspr-4.11.0-1.el5_11.i386.rpm f54f893419cc8223d491056a96e33c327a1a6b3e6585c9d91edcaf227a546dc3 nspr-4.11.0-1.el5_11.x86_64.rpm 5dedec41a954bc0562095cd6d5c43165056c256a66cf1389df0d8414e7c96105 nspr-devel-4.11.0-1.el5_11.i386.rpm d0bc78381c24c31a38ea4297e6ec8f6b2dceb676fa83be84d07d8213f9b1c441 nspr-devel-4.11.0-1.el5_11.x86_64.rpm Source: 27c20b9b8a0d828b87cf67ca091669580d1506904edac211c643a8ab5f2fcaa6 nspr-4.11.0-1.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: JohnnyCentOS -- Message: 2 Date: Mon, 25 Apr 2016 13:20:12 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2016:0684 Moderate CentOS 5 nss SecurityUpdate Message-ID: <20160425132012.ga13...@chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2016:0684 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0684.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e nss-3.21.0-6.el5_11.i386.rpm 28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d nss-devel-3.21.0-6.el5_11.i386.rpm bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339 nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm d70335c291e0b4b34b7e7e4294a284b59d26617edb92d601b2e281c3e48995aa nss-tools-3.21.0-6.el5_11.i386.rpm x86_64: 22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e nss-3.21.0-6.el5_11.i386.rpm 891293a24f0e8664504d9bf777844c333efb8f77d7bed69163857dea240e0425 nss-3.21.0-6.el5_11.x86_64.rpm 28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d nss-devel-3.21.0-6.el5_11.i386.rpm c442280aab2f2064a0ef4b0794ac1f926422eb44a1e8c0759a54f6f0f71e9cce nss-devel-3.21.0-6.el5_11.x86_64.rpm bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339 nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm f412a80e0611d89981d883653a2bb309afbd20dd825770d45ef0d267e6ee18e7 nss-pkcs11-devel-3.21.0-6.el5_11.x86_64.rpm ae5698473b4847dc48f6e13ed0747c092487843889f88df8741692076fd6ff25 nss-tools-3.21.0-6.el5_11.x86_64.rpm Source: 4813046342f6562e761c0d1f6c782de5cebaa62fa06523482498dcd1b2c2e8ea nss-3.21.0-6.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: JohnnyCentOS -- Message: 3 Date: Mon, 25 Apr 2016 17:49:11 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2016:0685 Moderate CentOS 7 nspr SecurityUpdate Message-ID: <20160425174911.ga16...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2016:0685 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html The
Re: [CentOS] Firefox and Flash
Hello Andreas, On Tue, 26 Apr 2016 09:03:12 +0200 Andreas Benzlerwrote: > Hello every one I installed the official > flash plugin from adobe > > About Plugins tells me: > > Datei: libflashplayer.so > Pfad: /usr/lib64/flash-plugin/libflashplayer.so > Version: 11.2.202.577 > Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) > Shockwave Flash 11.2 r202 > > But it is: > > strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 > FlashPlayer_11_2_202_616_FlashPlayer > LNX 11,2,202,616 > 11.2.202.616 > drm/%s/%s/%s/11.2.202.616%s > > Any ideas? On my 3 CentOS 6.5 systems here (all up-to-date), only one shows '577' whereas 616 is installed and the 577 binary has gone. Strange, I still didn't get how to "fix" this, even if doesn't sound overcritical to me. Regards, -- wwp pgpP6XPCiiRNJ.pgp Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Flash
> Date: Tuesday, April 26, 2016 09:26:11 + > From: Liam O'Toole> > On 2016-04-26, Alice Wonder > wrote: >> On 04/26/2016 12:03 AM, Andreas Benzler wrote: >>> Hello every one I installed the official flash plugin from adobe >>> >>> About Plugins tells me: >>> >>> Datei: libflashplayer.so Pfad: >>> /usr/lib64/flash-plugin/libflashplayer.so Version: >>> 11.2.202.577 Status: Aktiviert >>> (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 >>> >>> But it is: >>> >>> strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 >>> FlashPlayer_11_2_202_616_FlashPlayer LNX 11,2,202,616 >>> 11.2.202.616 drm/%s/%s/%s/11.2.202.616%s >>> >>> Any ideas? > > In case anyone else has this problem, the issue seems to be that > firefox retains stale information about the plugin status. You can > force a refresh as follows: > > 1. Exit firefox > 2. Uninstall flash-plugin > 3. Start firefox, and exit again > 4. Install flash-plugin My flash install is showing 616 both in the binary and as reported from "about:plugins". When I've had reason to look at this the past things were always in sync. My standard approach is to make certain that all instances of my FF version that uses flash are closed before I install from the adobe repo. I've never had to uninstall/reinstall the plugin. I agree with generally trying to avoid flash (and cookies and javascript) so have different FF versions and instances that I use based on what is needed and what I'm willing to allow a site to use. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Flash
On 2016-04-26, Alice Wonderwrote: > On 04/26/2016 12:03 AM, Andreas Benzler wrote: >> Hello every one I installed the official flash plugin from adobe >> >> About Plugins tells me: >> >> Datei: libflashplayer.so Pfad: >> /usr/lib64/flash-plugin/libflashplayer.so Version: 11.2.202.577 >> Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave >> Flash 11.2 r202 >> >> But it is: >> >> strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 >> FlashPlayer_11_2_202_616_FlashPlayer LNX 11,2,202,616 11.2.202.616 >> drm/%s/%s/%s/11.2.202.616%s >> >> Any ideas? > > As far as I can tell Adobe stopped supporting flash on Linux and a > deprecated vulnerable version is all that is available. No, flash is still supported by Adobe on linux. Only security updates, though. No new features. The last update was on 8 April. > > I would highly advice against using the flash plugin. Unfortunately > advertising networks do not adequately vet flash based advertisements > resulting in malware being distributed via flash on common websites we > all visit, including news sites. > > Usually the malware targets Windows but there is some that targets Linux > and will encrypt files on your system asking a ransom for the decryption > key. > > Just say no to flash. I agree with that sentiment. Sometimes, however, there are circumstances in which you just can't say no. > > That's not what you asked, but that's what I advise. In case anyone else has this problem, the issue seems to be that firefox retains stale information about the plugin status. You can force a refresh as follows: 1. Exit firefox 2. Uninstall flash-plugin 3. Start firefox, and exit again 4. Install flash-plugin -- Liam ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Flash
On 04/26/2016 12:03 AM, Andreas Benzler wrote: Hello every one I installed the official flash plugin from adobe About Plugins tells me: Datei: libflashplayer.so Pfad: /usr/lib64/flash-plugin/libflashplayer.so Version: 11.2.202.577 Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 But it is: strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 FlashPlayer_11_2_202_616_FlashPlayer LNX 11,2,202,616 11.2.202.616 drm/%s/%s/%s/11.2.202.616%s Any ideas? As far as I can tell Adobe stopped supporting flash on Linux and a deprecated vulnerable version is all that is available. I would highly advice against using the flash plugin. Unfortunately advertising networks do not adequately vet flash based advertisements resulting in malware being distributed via flash on common websites we all visit, including news sites. Usually the malware targets Windows but there is some that targets Linux and will encrypt files on your system asking a ransom for the decryption key. Just say no to flash. That's not what you asked, but that's what I advise. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox and Flash
While this is a developer edition only i delete rm -rf $HOME/.mozilla this be can be done better but now flash looks ok to Datei: libflashplayer.so Pfad: /usr/lib64/flash-plugin/libflashplayer.so Version: 11.2.202.616 Status: Aktiviert Shockwave Flash 11.2 r202 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Firefox and Flash
Hello every one I installed the official flash plugin from adobe About Plugins tells me: Datei: libflashplayer.so Pfad: /usr/lib64/flash-plugin/libflashplayer.so Version: 11.2.202.577 Status: Aktiviert (STATE_VULNERABLE_UPDATE_AVAILABLE) Shockwave Flash 11.2 r202 But it is: strings /usr/lib64/mozilla/plugins/libflashplayer.so | grep 616 FlashPlayer_11_2_202_616_FlashPlayer LNX 11,2,202,616 11.2.202.616 drm/%s/%s/%s/11.2.202.616%s Any ideas? Sincerely Andy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] version(qemu-kvm) with parallel port support
On Wed, Apr 20, 2016 at 11:06 AM, Subscriberwrote: > > Whether there is a version of the qemu-kvm with support for parallel > port (passthrough). I need parallel port for Windows VM (security > dongle LPT). > > I use > on one host > # /usr/libexec/qemu-kvm -version > QEMU emulator version 2.3.0 (qemu-kvm-ev-2.3.0-31.el7_2.10.1) > > another host > /usr/libexec/qemu-kvm -version > QEMU emulator version 1.5.3 (qemu-kvm-1.5.3-105.el7_2.3) > > > Both versions do not support parallel port and generate error: > > qemu-kvm: -device isa-parallel,chardev=char parallel 0,id=parallel > 0: 'isa-parallel' is not a valid device model name > Yes on CentOS / RHEL this is not supported, you can open a RFE about it on bugzilla.redhat.com. > > ___ > CentOS-virt mailing list > CentOS-virt@centos.org > https://lists.centos.org/mailman/listinfo/centos-virt > -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt