Re: [CentOS] [CentOS-announce] CESA-2014:0626 Important CentOS 5 openssl097a Update
what about RHSA-2014:0624-1? On 06/05/2014 06:38 AM, Karanbir Singh wrote: > CentOS Errata and Security Advisory 2014:0626 Important > > Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0626.html > > The following updated files have been uploaded and are currently > syncing to the mirrors: ( sha256sum Filename ) > > i386: > 28a83a987c35bf2297a33d7e75703d345953cbb4ab2033f2e06a8be94b7ded0e > openssl097a-0.9.7a-12.el5_10.1.i386.rpm > > x86_64: > 28a83a987c35bf2297a33d7e75703d345953cbb4ab2033f2e06a8be94b7ded0e > openssl097a-0.9.7a-12.el5_10.1.i386.rpm > 56e0b690fa9182cc84f3ae8d7a0062cb0789b0f4a39045953eae63419f5dbb57 > openssl097a-0.9.7a-12.el5_10.1.x86_64.rpm > > Source: > 995d2c032cde0e3249e21f266e726217cbfe4ae7a0ed034855e4bc981407a890 > openssl097a-0.9.7a-12.el5_10.1.src.rpm > > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package chkconfig-1.3.49.3-2.el6_4.1.x86_64.rpm is not signed
On 09/23/2013 09:39 AM, Leonard den Ottolander wrote: > Hello, > > gpk-update-viewer on my CentOS 6 desktop gives me an error about > untrusted updates. When running yum update from a terminal I get the > following error: > > Package chkconfig-1.3.49.3-2.el6_4.1.x86_64.rpm is not signed > > No other packages seem to be affected so for now I updated excuding > chkconfig and ntsysv. > same here for i686 version of chkconfig. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Google Earth on EL6.x x86_64
On 03/03/2013 07:35 PM, Fred Smith wrote: > On Mon, Mar 04, 2013 at 10:56:26AM +0800, Earl Ramirez wrote: >> On Sun, 2013-03-03 at 21:49 -0500, Fred Smith wrote: >>> Has anyone gotten 64-bit google earth to run on el6 x86_64? >>> >>> It dies almost immediately, complaining for lack of ld-lsb.so.3. >>> Perusing user forums at google I see a few others with the problem, >>> but no (working) solutions. >>> >>> Thanks in advance! >>> >> Fred, >> >> You will need to install the following 32 bit packages >> >> 1. redhat-lsb.i686 >> 2. mesa-libGL.i686 >> 3. mesa-libGLU.i686 >> >> I get this to work on my laptop a few days ago. > thanks Earl, I'll give it a whirl. > > I did "ldd /opt/google/earth/free/googleearth-bin" and got back a list > of a dozen or so "not found" items, would you be willing to check on > your system and see what you get back? (that might be because it has > not been thru the preceding shellscript that might set up some ENV > to point to the right places, I suppose.) > you will also need to rename /etc/fonts/conf.d/65-fonts-persian.conf to something that doesn't end in .conf. there is a bug in google earth that breaks with large xml font config files that are larger than 8k. you could probably also remove comments and so forth from the file to make it smaller if you need to have persian fonts :-). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 2way authentication for SSH?
On 01/30/2013 09:44 AM, SilverTip257 wrote: > On Wed, Jan 30, 2013 at 8:40 AM, Nux! wrote: > >> On 28.01.2013 13:07, SilverTip257 wrote: >>> Google Auth >>> http://www.noktec.be/archives/1351 >>> >> http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secures-linux-logins-392 >>> http://prasys.info/2012/10/two-way-authentication-for-wordpress/ >> How can one be concerned with security AND put his login at the mercy >> of google (or any other 3rd party)?? >> >> > That's a good point to question. > > I was in no way endorsing that one should use Google's Auth services. > (Just that it exists and has been written about numerous times.) > > Personally I do not use it now and would not use it for any systems that > need to be secure. Which pretty much means unless I can run the auth > daemons on a server I control, I won't be using it. > after seeing this thread, i looked at the google auth stuff since i had been using that with dropbox and happy so far with it. google is not in the auth chain at all. what they have done is take a standard algorithm for time based keys and made an android app and pam module that work together to allow for two factor auth. basically you are creating a shared secret that is combined with a timestamp and that computed value is used to confirm that the user authenticating knows that shared secret. very similar to the rsa fobs, but all done with open software. and yes, it is only as secure as your file storage is on the server being connected to because each users' shared secret is stored in their home folder. if you add the epel repo, it is available from them. tweak your ssh config to allow challenge/response and pam to require google auth and then each user creates their own secret. because of how ssh works, this only happens if you don't have a keypair in place, so it lets you fall back to password combined with the auth token. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] anyone else noticed webalizer (or dns throughput in general) to be a lot slower lately?
my nightly webalizer runs have gone from about 2 hours to over 8 hours. this change happened sometime after november. webalizer hasn't changed in years, but bind was updated in january, so i am thinking that is the likely culprit. has anyone else noticed a similar slowdown? i am going to dig through my logs to see if i can spot the day that things slowed down. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] heads up on silent change in recent samba3x update
i guess that upstream doesn't consider the samba3x packages should be treated the same way as other packages, but i just wanted to warn folks that the recent samba3x update changed a default setting. if you rely on hostnames in a hosts allow/deny clause (and possibly elsewhere), things won't work until you set 'hostname lookups=yes'. given that it jumped from 3.5 to 3.6, there may be other changes as well. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] restricting access to an NIS netgroup
On 11/09/2011 05:53 AM, Mike VanHorn wrote: >> You'll probably need to add a pam_access.so reference to the stock >> /etc/pam.d/password-auth. Make the first "account" line >> >>account required pam_access.so > My CentOS system doesn't have a stock password-auth file. I tried creating > one with that line in it, but that didn't work. Also, per some web pages I > found, I tried putting that line into system-auth, but that didn't work > either. i use this line in my /etc/pam.d/sshd file and it works correctly. i don't have other services, so i haven't put it in system-auth (or password-auth which is centos 6), but it does seem like it should work there as well. keep in mind that other things may interfere, there is a rule in system-auth that allows anyone with uid < 500 in, so that could be clouding things for you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd issue with C6 and NIS
On 09/29/2011 09:23 AM, Alain Péan wrote: > Hi Joe, > > Le 29/09/2011 18:18, Joe Pruett a écrit : >> since you mention nis, i'll guess you use automount as well. so be >> warned that centos 6 has some issues with automount. if automount >> requests are made rapidly (like on a mail server delivery to a large >> alias), it will quickly start failing to mount directories and get stuck >> that way for minutes. i don't have access to r*dh*t box to determine if >> this has been fixed with all the 6.1 updates. needless to say i can't >> roll out centos 6 yet. > Did you try to install the CentOS 6 CR repo (continuous releaes), which > brings to 6.0 the updates from 6.1 ? See : > https://www.centos.org/modules/newbb/viewtopic.php?topic_id=33458&forum=53 > > See if it solves the problem. sorry, forgot to mention that i have applied the cr updates. but i don't think the cr has everything from 6.1 yet (no new kernel, which i'd guess there will be). since the devs are still having issues with getting 6.1 to fully compile, i expect more packages to show up. there was an autofs update, but that didn't help the situation. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd issue with C6 and NIS
On 09/27/2011 11:55 AM, James A. Peltier wrote: > I seem to have this very odd issue with CentOS 6 WRT NIS. I have taken the > package selection that I used with CentOS 5 and basically plopped it into my > C6 kickstart file (see below). On C5 this works just fine and I'm able to > log in with NIS credentials just fine. However, it looks like on C6 if you > use a package selection like this, you also need to specify the yp-tools > package as part of the kickstart *even though* you specify an authentication > method of NIS in the kickstart. Seems like a bug to me?!? since you mention nis, i'll guess you use automount as well. so be warned that centos 6 has some issues with automount. if automount requests are made rapidly (like on a mail server delivery to a large alias), it will quickly start failing to mount directories and get stuck that way for minutes. i don't have access to r*dh*t box to determine if this has been fixed with all the 6.1 updates. needless to say i can't roll out centos 6 yet. i have filed a centos bug (4984), but since i can't compare against upstream, i don't know for sure where the problem lies. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /dev/null permission changes figured out
On Thu, 16 Dec 2010, Benjamin Franz wrote: > The man page for lastb says if you just complete delete /var/log/btmp > the system shouldn't recreate it on its own. > > That is the simplest answer. i have done this for now, but the initscripts rpm will recreate it for me if it updates (how helpful :-). i should probably whine upstream that nothing rotates the btmp file. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] /dev/null permission changes figured out
a while back i reported an issue where /dev/null was getting set to 600 perms after a system update. i finally figured out what it is. i don't care about failed logins and have limited space on some servers, so i symlinked /var/log/btmp to /dev/null. the initscripts package does a chmod 600 /var/log/btmp, so voila /dev/null gets changed. so now i know why it happened just to me. i now need to figure out a better way to deal with btmp. any ideas from the list? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] something chmod'ing /dev/null
On 11/17/2010 10:35 AM, Robert Heller wrote: > At Wed, 17 Nov 2010 10:16:51 -0800 CentOS mailing list > wrote: > >> it looks like one of the recent updates will sometimes chmod /dev/null >> to 600. out of 20 machines i've updated, 3 of them had the odd >> /dev/null perms afterwards. i haven't tried to identify what it doing >> it yet, but wanted to give a heads up to others that might start seeing >> weird behavior. > Look in /etc/udev/rules.d/50-udev.rules. My copy has the line: > > KERNEL=="null", MODE="0666", OPTIONS="last_rule" > > You haven't managed to mess with this rule? no changes to udev rules. and this happens immediately after the update is run, no reboot required. what is weird is that the config on the systems i run are pretty close to each other, so why only a few got hit by this is odd. i had one happen yesterday and thought i had just done something stupid, but then more popped up today immediately after doing updates, so that is why the warning. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] upgrading Centos-Xen when version 6 comes along
On Wed, 17 Nov 2010, Rudi Ahlers wrote: >> Have anyone used both XEN & KVM before? What are your experiences >> with either, in comparison to each other? We've been using XEN for >> about 4 years now, and only use CentOS as our server platform. I'd >> hate to move to Debian or OpenSuse just for XEN, and I don't know >> KVM at all. one big issue that has kept me from switching from xen to kvm is that the default init scripts for kvm don't have suspend/resume for guests when the host os is rebooted. it doesn't even do a shutdown of the guests, it just kills them. also, i haven't looked into whether you can limit cpu/network usage easily with kvm as you can with xen. hopefully some of these issues are fixed in the rhel6 kvm system. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] something chmod'ing /dev/null
it looks like one of the recent updates will sometimes chmod /dev/null to 600. out of 20 machines i've updated, 3 of them had the odd /dev/null perms afterwards. i haven't tried to identify what it doing it yet, but wanted to give a heads up to others that might start seeing weird behavior. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 6 Officially Released
the big piece that i've been waiting for is ipv6 stateful firewalling. without that, ipv6 has been a non-starter for me. On 11/10/2010 12:43 PM, Matthew Miller wrote: > On Wed, Nov 10, 2010 at 02:40:52PM -0600, Matt wrote: >> What does 6 bring with it? Anything new in virtualization and cloud >> computing? > http://www.redhat.com/rhel/server/details/ > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] xen vs kvm for virtualization on centos/rhel?
> Fedora 13 does save the guest on shutdown so I would expect this will be > supported in RHEL6/CentOS 6 too. But when do you actually power down a > RHEL/CentOS server? And if you did, wouldn't you have migrated the > guests to another box already? > mainly it is an issue for a quick reboot of the host for a kernel update. i guess migration is an option for that as well, but not everyone has that much hardware. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] xen vs kvm for virtualization on centos/rhel?
as i'm reviewing the courseware for the rhel (centos) course i'm teaching next week, i'm going to ask the occasional question, possibly technical, possibly more policy. first one involves the choice for virtualization. the course has a short section involving virt using xen but everything i've read suggests that red hat is concentrating on kvm for virt. thoughts on that? i have the freedom to replace the xen section with one covering kvm instead. the one thing that hasn't been addressed yet by kvm scripts is that a shutdown/reboot of the host won't do a save/restore of the guests like xen can do. for that reason i still use xen for production systems and only use kvm for testing random distros.___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to monitor,or be notified of email blacklisting ?
On 03/12/2010 04:19 AM, Rudi Ahlers wrote: > Does anyone know how I can monitor our server's for blacklisting? We > run a large amount of shared hosting& reseller hosting servers and > from time to time one of the IP's will get blacklisted. I'm looking > for a way to be notified if any of our IP's get blacklisted. Is this > possible? > > get yourself registered on feedback loops. aol, comcast, earthlink, usa.net, and maybe some others offer this. then you'll get copies of email they consider to be spam. by using them as early warning systems, you can avoid getting on the blacklist in the first place. also, make sure you have a valid email address set on your ip whois info so that abuse messages can get to you. get registered with abuse.net. basically do as much as you can so that you're aware of what complaints are being generated and can shut off abusers more quickly. robtex.com is a good site to use to check for blacklist entries. you might be able to run a wget via cron to watch things daily. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php config security concern for c5
>> what in the docs are you reading to indicate forcetype won't work? > > http://httpd.apache.org/docs/2.2/mod/core.html#forcetype > says it works only if given in directory-type context and that's unlikely to > happen here. You would rather set the FilesMatch global. i think that directory context is not just , and the text at the url says the directive may be placed in , , or which i assume means as well. > i just >> put that in to match the addtype clause i removed. i didn't even check to >> see if the php module sets the type to text/html by default already. > > it does, but you can override it. I guess you can*not* override Forcetype, > which might be a problem. Many PHP outputs will not be text. i did some more testing and i was able to override the forcetype (if it truly is working) via header('content-type'), like you'd do for serving images via php. i guess i haven't tested without forcetype yet... > I think the AddType can stay there just fine. It's the AddHandler directive > that creates the problem. And one may rather consider this a bug in httpd. > AFAIK, the multiple extension handling is mostly there to allow content > negotiation. If so, then this functionality should be limited to the options > that are available to content-negotiation in that given configuration - e.g. > php.en php.es and not to any "unknown" string. right, the reason is to allow foo.en.html or foo.html.en. i'm not sure i agree that is good, but for simple text conditionals it is fine. using it for php is just bad. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php config security concern for c5
>> I had both of these on my server, and just now replaced them with >> similar sections. > > Just a comment about the FilesMatch thing. The proposed additional > ForceType will not work in there according to the httpd docs. Not that > this makes a big difference. what in the docs are you reading to indicate forcetype won't work? i just put that in to match the addtype clause i removed. i didn't even check to see if the php module sets the type to text/html by default already. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php config security concern for c5
>> a recent post on bugtraq hilighted an issue with how upstream has >> configured apache to invoke php, namely using addhandler, which has the >> behavior of matching the extension anywhere in the file. this means >> that foo.php.jpg will be run as php. where this becomes an issue is web >> apps that allow uploads into the webspace for images, pdfs, etc. if the >> app assumes that anything.jpg is safe, this addhandler feature will >> surprise it. > > Hi Joe, > > Are you sure this is limited to just CentOS? I've seen that config > used before on other distro's apache configs. i'm sure other distros use the same method, but i don't use any and this is the centos list, so that's all i'm talking about. > >> From the Apache 2.x Docs: > > --- > Care should be taken when a file with multiple extensions gets > associated with both a MIME-type and a handler. This will usually > result in the request being by the module associated with the handler. > For example, if the .imap extension is mapped to the handler > imap-file (from mod_imap) and the .html extension is mapped to the > MIME-type text/html, then the file world.imap.html will be associated > with both the imap-file handler and text/html MIME-type. When it is > processed, the imap-file handler will be used, and so it will be > treated as a mod_imap imagemap file. > --- > > So if example.php.gif is read by apache, the AddHandler for > php5-script (mod_php) will take precedence over the mime-type handler > for .gif (image/gif) and the file will be treated as a php script. > >> From that it almost sounds like it's not a bug, just apache's own > rules of precedence for handling files that match multiple > extensions/mime-types. i can understand why apache has this behaviour, but i think the bug is using it for handlers that can execute code. since the expected behaviour can be obtained more safely with the filesmatch mechanism, it sure seems like an obvious change. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] php config security concern for c5
a recent post on bugtraq hilighted an issue with how upstream has configured apache to invoke php, namely using addhandler, which has the behavior of matching the extension anywhere in the file. this means that foo.php.jpg will be run as php. where this becomes an issue is web apps that allow uploads into the webspace for images, pdfs, etc. if the app assumes that anything.jpg is safe, this addhandler feature will surprise it. a fix is to replace two lines in /etc/httpd/conf.d/php.conf: AddHandler php5-script .php AddType text/html .php with: SetHandler php5-script ForceType text/html i have reported this upstream. hopefully they will see it as a problem and address it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.4 :: partitionable RAID1
> Hi! Did anyone tried this on 5.4? having a look on > http://wiki.centos.org/HowTos/Install_On_Partitionable_RAID1 > is would seem that that mkinitrd patch is no longer required. > Can someone ack this? i just looked at the mkinitrd on my stock 5.4 system and it does not seem to have patches in it to cope with the new mdx_dx format. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using CentOS as an iSCSI server?
> Has anyone succesfully setup, and used CentOS as an iSCSI server? I'm > trying to setup a server with 4x500GB HDD's, setup in RAID 10 to act > as an iSCSI server for a virtualization project, but I can't find a > decent howto on how to setup an iSCSI server using CentOS. > > I would like to setup something like Openfiler, but we also need todo > some other stuff that OpenFiler doesn't support, so I would prefer to > export some of the HDD space (about 500GB) as iSCSI LUN's yes, just last week i set this up. yum install scsi-target-utils chkconfig tgtd on edit /etc/tgt/targets.conf service tgtd start works from a windows client just fine. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need httpd / apache RPM > 2.2.3 for 5.3
> H, OK, I get it. > > I know I can build the latest Apache on CentOS, and what we currently > do is put it into /usr/local - which I guess works. > > I'd really prefer to have an RPM though. > > Certainly the CentOS team as a way in which they produce this RPM. > Is this method public? And if so, is it easy to obtain, and run > against the latest Apache source code to produce my own RPM? there is the redhat webstack (rhwas) code base to use. it has newer http, php, mysql, postgres, etc. i have grabbed those srpms from ftp.redhat.com and built my own repo. centos has a testing repo that is doing the same kind of thing, but has been a bit spotty with keeping up with changes from upstream. maybe that has cleared up now, but since i put the effort into my own repo, i haven't kept tabs. kbsingh has talked about making a sub repo just for the webstack code, but i don't think that has ever happened. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mailing List "mail forwarding loop"
> Kai Schaetzl wrote: >> I've been getting over the last months several of these notices. Sometimes >> a few per day. What's the problem? Can't this be avoided? > >>The mail system >> >> : mail forwarding loop for centos@centos.org > > I haven't the faintest idea *why* those happen. Especially as the mails > in question do make it through to the list (and I never got one of > those, so I cannot really look at all the headers). > > There is a user "centos" on that machine, but as aliases >> local users > in postfix context, I'm really out of ideas. i got one as well and when i looked in the headers it appears to be getting generated via a ohio state trying to reinject the message back to the list. Received: from meriadoc.asc.ohio-state.edu (meriadoc.asc.ohio-state.edu [128.146.117.124]) by mail.centos.org (Postfix) with ESMTP id 8326B67B45 for ; Tue, 16 Jun 2009 10:33:39 -0400 (EDT) Received: from gollum.asc.ohio-state.edu ([128.146.117.98]) by meriadoc.asc.ohio-state.edu with Microsoft SMTPSVC(6.0.3790.3959); Tue, 16 Jun 2009 10:33:36 -0400 Received: from mail pickup service by gollum.asc.ohio-state.edu with Microsoft SMTPSVC; Tue, 16 Jun 2009 10:33:34 -0400 Received: from exchange.asc.ohio-state.edu ([128.146.117.123]) by meriadoc.asc.ohio-state.edu with Microsoft SMTPSVC(6.0.3790.3959); Fri, 12 Jun 2009 13:18:04 -0400 Received: from tnc-mta-2.it.ohio-state.edu ([140.254.54.48]) by exchange.asc.ohio-state.edu with Microsoft SMTPSVC(6.0.3790.3959); Fri, 12 Jun 2009 12:41:16 -0400 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPv6 docs, howtos, descriptions
>> I know...google...BUT: >> Does someone has good howtos, docs, descriptions, opinions in forums, or >> similar things about IPv6 and "related things"? >> I just think it would be a very good idea to collect some links about it... >> Regards, and thank you in anticipation > > The wiki ( wiki.centos.org ) would be a good place to aggregate some of > these things into. the main thing to put in big flashing letters is that there is no conntrack netfilter for ipv6 in the current c5 setup. that makes for very unpleasant firewalling. a good general place to start is: http://www.getipv6.info/index.php/Main_Page and a quick centos setup: http://www.linode.com/wiki/index.php/IPv6#CentOS ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php-mcrypt from c5-testing is the wrong version
Would you be willing to make the RPM available? On Tue, Apr 28, 2009 at 2:56 PM, Joe Pruett wrote: as i was waiting for the c5-testing repo to catch up with redhat, i went ahead and built my own. i had to take the php-extras rpm and merge the php changes between 5.1.6 and 5.2.6 into it. and to get mock to be happy i had to add the normal extras repo into the mock config so that the mcrypt libraries were there. i hesitate to make my repo public, but i know it is possible to make a new php-mcrypt based on the upstream code. i don't think that making just my rpm avaialble would necessarily work because it is based on the php rpm i built, and i can't guarantee it will be compatible with what is in the c5-testing repo. i guess i could make the sprm available. then you (or karanbir) could rebuild from that. it is now at: http://www.spiretech.com/~joey/php-extras-5.2.6-4.src.rpm you do have to have the regular extras repo available to build it.___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php-mcrypt from c5-testing is the wrong version
> I am using the c5-testing repo to fetch PHP 5.2.6 and related > libraries, required for the LAMP apps that I want to use. php-mcrypt > still seems to come from the extras repo and is version 5.1.6 and the > php binary doesn't load this module. > > Any ideas on howto get php-mcrypt 5.2.6? as i was waiting for the c5-testing repo to catch up with redhat, i went ahead and built my own. i had to take the php-extras rpm and merge the php changes between 5.1.6 and 5.2.6 into it. and to get mock to be happy i had to add the normal extras repo into the mock config so that the mcrypt libraries were there. i hesitate to make my repo public, but i know it is possible to make a new php-mcrypt based on the upstream code. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] openjdk experiences?
has anyone replaced the sun jdk with the new openjdk and had any issues? i had forgotten it was now in 5.3 until the errata announcement came through. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] warning for nis users and 5.3 upgrade
i think that previous versions did this as well, but for sure the newest ypserv in 5.3 replaces /var/yp/Makefile with a new copy. needless to say if you've made any changes to that file, you will not be happy. we had a couple hours of phone calls after passwords stopped working. the original file is save as Makefile.rpmsave, so recovery of the file is straightforward. the issue has been flagged upstream and it sounds like it should be fixed before any new updates to ypserv are made. /etc/ypserv.conf is another file that can get overwritten. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cisco netflow analyzer?
>> Anyone knows any Cisco netflow analyzer that could run on Linux/Windows? I >> know that cisco ASDM works at somewhat level but too rough... >> >> For example, CIsco ASDM can only shows at IP level and only three types >> graph, like top 10 source Address, top ten destination level, or top ten >> services. but I want the analyzer to show different traffics from the same >> box when in need. i've been pretty impressed with nfsen. took a little bit of fiddling to figure out, but lets me drill down into things pretty well. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SquirrelMail Sending Under Wrong Username
the problem is mixed up session ids. i have made a quick patch based on the upstream update. i've attached it. it is for the c4 version, but probably would apply to c5. apply it with: cd /usr/share/squirrelmail patch -p3 < FILE also, after this sometimes customers will have to clear the SQMSESSID cookie from their browser or they won't be able to login.diff -ru /usr/share/squirrelmail/functions/global.php usr/share/squirrelmail/functions/global.php --- /usr/share/squirrelmail/functions/global.php2009-01-14 13:40:23.0 -0800 +++ usr/share/squirrelmail/functions/global.php 2009-01-21 13:49:14.0 -0800 @@ -123,6 +123,10 @@ ini_set('session.use_cookies','1'); } +/* Make sure to have $base_uri always initialized to avoid having session + cookie set twice (for $base_uri and $base_uri/src. */ +$base_uri = sqm_baseuri(); + /* convert old-style superglobals to current method * this is executed if you are running PHP 4.0.x. * it is run via a require_once directive in validate.php @@ -379,9 +383,12 @@ global $base_uri; -if (isset($_COOKIE[session_name()])) sqsetcookie(session_name(), '', 0, $base_uri); -if (isset($_COOKIE['username'])) sqsetcookie('username', '', 0, $base_uri); -if (isset($_COOKIE['key'])) sqsetcookie('key', '', 0, $base_uri); +if (isset($_COOKIE[session_name()])) { +sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri); +sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri."src/"); +} +if (isset($_COOKIE['username'])) sqsetcookie('username', '', 1, $base_uri); +if (isset($_COOKIE['key'])) sqsetcookie('key', '', 1, $base_uri); $sessid = session_id(); if (!empty( $sessid )) { @@ -428,6 +435,12 @@ // could be: sq_call_function_suppress_errors('session_start'); $session_id = session_id(); +// make sure 'deleted' is never a valid session identifier +if ($session_id == 'deleted') { +session_regenerate_id(); +$session_id = session_id(); +} + // session_starts sets the sessionid cookie but without the httponly var // setting the cookie again sets the httponly cookie attribute // diff -ru /usr/share/squirrelmail/functions/strings.php usr/share/squirrelmail/functions/strings.php --- /usr/share/squirrelmail/functions/strings.php 2009-01-14 13:40:25.0 -0800 +++ usr/share/squirrelmail/functions/strings.php2009-01-21 13:49:16.0 -0800 @@ -16,7 +16,7 @@ * SquirrelMail version number -- DO NOT CHANGE */ global $version; -$version = '1.4.8-5.el4.centos.2'; +$version = '1.4.8-5.3'; /** * SquirrelMail internal version number -- DO NOT CHANGE Binary files /usr/share/squirrelmail/images/sm_logo.png and usr/share/squirrelmail/images/sm_logo.png differ Only in /usr/share/squirrelmail/plugins: abook_import_export Only in /usr/share/squirrelmail/plugins: address_add Only in /usr/share/squirrelmail/plugins: change_pass Only in /usr/share/squirrelmail/plugins: gpg Only in /usr/share/squirrelmail/plugins: vacation_local Only in /usr/share/squirrelmail/plugins: vacation_spire Only in /usr/share/squirrelmail/plugins: virtualtable diff -ru /usr/share/squirrelmail/src/redirect.php usr/share/squirrelmail/src/redirect.php --- /usr/share/squirrelmail/src/redirect.php2009-01-14 13:40:23.0 -0800 +++ usr/share/squirrelmail/src/redirect.php 2009-01-21 13:49:14.0 -0800 @@ -71,6 +71,9 @@ if (!sqsession_is_registered('user_is_logged_in')) { do_hook ('login_before'); +// make sure to regenerate session id upon user login +session_regenerate_id(); + $onetimepad = OneTimePadCreate(strlen($secretkey)); $key = OneTimePadEncrypt($secretkey, $onetimepad); sqsession_register($onetimepad, 'onetimepad'); ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmforge, perl-dbd-mysql, yum, priorities, centos, and you
Anything like this would probably have to be an upstream thing. But it would probably be a good idea for people to put this into their kickstart configs... i think that the yum setup diverges from upstream already, so i don't see this as a big change from that. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmforge, perl-dbd-mysql, yum, priorities, centos, and you
also, i'd like to suggest that the priorities plugin be made added to the base install and that the centos-base repos be configured with priority 1. it looks like c4 has the priority setting, but c5 doesn't and neither have the plugin installed. it seems like this would create a little more stable setup for people when they start adding other repos. i forgot to add to my suggestion: make the check_obsoletes option in yum-priorities be enabled by default for c5 as it is in c4. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rpmforge, perl-dbd-mysql, yum, priorities, centos, and you
rpmforge has just released a new perl-DBD-mysql for el4 that has an obsoletes against perl-DBD-MySQL and the protectbase yum plugin doesn't grok obsoletes. the priorities plugin does. so if you are having issues with this, install the yum-plugin-priorities first, make sure that the CentOS-Base repo is priority 1 and the rpmforge repo is priority 2 or higher (99 is the default). also, i'd like to suggest that the priorities plugin be made added to the base install and that the centos-base repos be configured with priority 1. it looks like c4 has the priority setting, but c5 doesn't and neither have the plugin installed. it seems like this would create a little more stable setup for people when they start adding other repos. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] new 4.7 i586 kernel not happy
my poor little toshiba libretto (p-120) won't boot with the new 4.7 i586 kernel. i've reverted back to the previous kernel for now. anyone else using the new i586 kernel successfully on old hardware? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: i didn't see the 4.7 announcement
from looking at the regexs for the subscriptions, i can see that the announcement would not be caught by any of the arch specific subscriptions. so that explains why i (and probably others) didn't see it. mystery solved. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] i didn't see the 4.7 announcement
i (and others) have missed messages on centos-devel as well. did other people not see the 4.7 announcement message? i'm wondering if the centos list server is having some kind of issue. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] xen save/restore causes cron to hang
i haven't found anything online to talk about this, so maybe i've got something odd going on here. i have my xen set up to save/restore on dom0 reboot. almost everything works fine, but cron on the guest os'es (everything is centos 5 x86_64) stop processing jobs. i'm guessing it is missing an alarm or something like that. anyone else see this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel
On Thu, 29 May 2008, Johnny Hughes wrote: This is already solved on another thread ... but for closure on this one, there is a known bug here with that kernel and ipsec: http://bugs.centos.org/view.php?id=2853 that bug entry does say to use the upstream bug for info about a workaround, but the upstream bug is blocked to mere mortals. is there a workaround other than just using the older kernel? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5 2.6.18-53.1.21.el5 kernel and ipsec
On Thu, 29 May 2008, Ned Slider wrote: See here: http://bugs.centos.org/view.php?id=2853 thanks. i had looked in the upstream bugzilla and not found anything obvious, but didn't think to look at the centos bug database. i'll remember that for next time. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] centos 5 2.6.18-53.1.21.el5 kernel and ipsec
i had previously been having issues with automount being slow with this new kernel and i tracked it down to dns delays which were being caused by ipsec not working. i have spent a few hours poking around and ipsec seems quite broken with this new kernel. esp packets go in and out just fine, but when i look at ip xfrm stats on the machine with the new kernel, i see that for input packets, the ah layer is being processed just fine, but the esp layer is showing 0 bytes/packets and no errors. i can't find any errors or other indications of what is going on. is anyone else running a standard ipsec tunnel (using the standard ifcfg method for creating the tunnel) under this new kernel? i know that a new 5.2 kernel should be coming soon, but i worry that whatever broke this version may happen there as well. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel
On Sat, 24 May 2008, Marko A. Jennings wrote: What type(s) of filesystems are you experiencing this with? I am seeing no additional delays with CIFS filesystems after the upgrade. for nfs mounts. i am using a centos 4 nfs server, but from running strace and enabling -d for automount, the delay seems to be before it unvokes mount so i think it is just client side. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 40 second delay on automounts with 2.6.18-53.1.21.el5 kernel
after this latest centos 5 kernel update, i am seeing 40 second delays on automount points. nothing in the rpm changelog looks obviously related to autofs and the autofs module seems to be the same as the previous kernel. i'm starting to do some strace'ing and other debugging, but nothing has jumped out at me yet. i'm hoping someone else has seen it so i know i'm not alone :-). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ntpd date sync before service startup
Hello, in system-config-date i have checkbox synchronize date before service startup. Which config switch,file does it affect? I want to turn it on on my CentOS machine without xauth , just editing config files , i was hoping it could be in /etc/sysconfig/ntpd but no. ok ... I do not see exactly where, but it seems that somewhere a -x switch is set and the file /etc/ntp/step-tickers gets the server name to sync from. I do no see a -x switch anywhere though the -x switch is part of the init script. it isn't actually handled by ntpd. the init script will use step-tickers if it has entries, or pull the server lines from ntp.conf, and then invoke ntpdate with the list it figures out. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos