Re: Openssh protocol 2 for potato - rather urgent help needed
On Thu, Mar 28, 2002 at 11:07:16AM +1000, John F wrote: Hi all! Has anyone any idea where I can find debs for potato for Recent versions of OpenSSH? I need non-broken protocol 2 but still be able to support protocol 1. Building OpenSSH3.1p1 from source requires an upgrade of OpenSSL. If I replace the OpenSSL in Potato with version 0.9.6c (from openssl.org)v will it break stuff using the version in Potato? What I did was: remove ssh leave old openssl installed compile new openssl and install in /usr/local/openssl compile new openssh using new openssl (--with-ssl-dir=/usr/local/openssl) John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: 2 nics, 1 network, puzzle?
On Tue, Mar 26, 2002 at 10:31:45AM -0600, Shawn Yarbrough wrote: I have an x86 server computer containing two network cards: eth0 -- 192.168.1.130 eth1 -- 192.168.1.131 This is NOT a router-type computer. It's just a server that I really want to have on the same network, twice. And I'd rather not use IP aliasing + one card. I really want two cards for convienence and redundancy. (ex: in theory if one card failed or was misconfigured I should still be able to reach the machine through the other card). I was on the 3com site today looking for some drivers and I found this: Broadcom Advanced Server Program (BASP) Driver for Linux 2.2.x and 2.4.x kernel BASP is a kernel module designed for Linux 2.2.x and 2.4.x kernels that provides load-balancing, fault-tolerance, and VLAN features. These features are provided by creating teams that consist of multiple NIC interfaces. http://support.3com.com/infodeli/tools/nic/linuxdownloads.htm http://support.3com.com/infodeli/tools/nic/linux/linuxasp996release.txt I have never used this, have no idea if it will work with your hardware etc. John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: solution for GMT and ps2epsi
On Sat, Mar 23, 2002 at 10:34:51AM +0100, Malte Thoma wrote: I have found a solution for the problem. the debian 'gs' package contains gs -v GNU Ghostscript 6.53 (2002-02-13) Copyright (C) 2002 artofcode LLC, Benicia, CA. All rights reserved. which is NOT compatible to the postscript code GMT creates the debian 'gs-aladdin' package contains gs -v AFPL Ghostscript 7.00 (2001-04-08) Copyright (C) 2001 artofcode LLC, Benicia, CA. All rights reserved. if you install 'gs-aladdin' instead of 'gs' 1. ps2epsi works and 2. the problem descriped at the bottom of this page disappears ... but I still do nit understand the reason. Is the aladdin-gs 'better' than the GNU-Version? John Kuhn wrote: psxy -R-180/180/-90/90 -JN0/15 -Sc0.15 -G0 END my.ps 2.5 52.5 END This really is a bug in GMT, not a questions of which gs is better. For your example, and many variations, including the small example above, GMT is producing incorrect PostScript. For some variations of your example using a certain version of gs, it might display as you expect, but the PostScript is still incorrect. If you look at the PostScript output from the above expample you will see a few near MAX_INTs in the output (search for 21474). These are incorrect. The authors of GMT are now aware of the problem and are working on a patch. John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GMT-Bug solved ... BUT
On Fri, Mar 22, 2002 at 10:42:23AM +0100, Malte Thoma wrote: It's not a GMT bug but a Bug in 'gv' gv -v gv 3.5.8 (debian) ghostview shows the correct output. The same gv version (without the 'debian') on a SuSE Linux works correct , any Ideas? I have GMT 3.4 (and gv) on both HP-UX and Debian Linux. On HP-UX your script works fine. With Debian, gv will not display the PS file. I diffed the PS file from the HP and Linux versions, and they are different. They should not be. I won't have much time to look at this today, but I'll try to look at it in the next few days. John
Re: Serious bub in zlib library
On Tue, Mar 19, 2002 at 06:04:34AM -0400, Roberto Pereyra wrote: Please read http://www.linuxsecurity.com/articles/vendors_products_article-4616.html Please read http://www.debian.org/security/2002/dsa-122 John
Re: Apache config not accepted after upgrade to Testing
On Wed, Feb 20, 2002 at 11:58:50PM +0100, Erik van der Meulen wrote: On Wed, Feb 20, 2002 at 22:58:54 +0100, Erik van der Meulen wrote: Syntax error on line 75 of /etc/apache/access.conf: Invalid command 'order', perhaps mis-spelled or defined by a module not included in the server configuration /usr/sbin/apachectl start: httpd could not be started I have been doing a little experimenting. It seems that Apache has become picky about caps since the upgrade. I get no complaints about 'Order' but do about 'order'. I would like to know if this is familiar? Yes, change 'order' to 'Order' then run apacheconfig. This bug has been fixed in 1.2.23-1 (unstable). See BTS #131104. John
Re: Galeon unstability
On Tue, Feb 12, 2002 at 10:24:24AM +0200, Johann Spies wrote: I have galeon installed on woody and initially it worked without a problem and I was impressed. But for the last few weeks galeon crashes when I try to set the preferences. That happens even when I remove ~/.galeon and try again. The error message is: - GnomeUI-ERROR **: file gnome-icon-item.c: line 304 (get_default_font): assertion failed: (default_font != NULL) aborting... --- I have the same problem. If I create a new user on this machine with no previous ~/.galeon or ~/.gnome* I am able to set preferences. When I try to set preferences from my standard login, it will crash every time. I am using galeon 1.0.2-0.2. John
Re: General Update Hints Potato-Woody
On Fri, Feb 01, 2002 at 04:39:37AM -0500, Bob Thibodeau wrote: On Fri, Feb 01, 2002 at 01:13:53AM -0800, Terry Carney wrote: On Thu, 31 Jan 2002, John Kuhn wrote: The original line 33 of access.conf was order allow,deny. I tried changing this to Order Allow,Deny and Order allow,deny. All variations that I tried resulted in a syntax error on line 33 when I ran apache -t. From a quick scan of the apache source it appears that apache does not care about the case of directives, but the Debian install and config scripts might. I found that apacheconfig was not loading DSO modules that didn't have directives in the /usr/lib/apache/1.3/*.info files being used in httpd.conf. In my case mod_access.so which handles the 'Order' directive wasn't being loaded. My solution was to Uppercase the 'order' directives and run apacheconfig again. That's what worked for me, too. (The difference being that you seem to have known what you were doing.) Terry Bob, Thanks for the input. I'll give it a try tonight. John
Re: Is Framebuffer needed?
On Wed, Jan 30, 2002 at 08:36:14PM -0600, Lance Hoffmeyer wrote: In trying to optimize my Voodoo 3500 with mplayer I compiled my kernel 2.4.17 with framebuffer support. Is this necessary, or what advantages do framebuffers have? In the docs it seems that fb's simply allow for similar config's on different architechures. Therefore, if one is running an Intel machine then it doesn't seem like framebuffers have any added advantage. Is this correct? Here is a quote from Linus himself on this issue: No sane person should use frame buffers if they have the choice. http://www.uwsg.indiana.edu/hypermail/linux/kernel/0112.3/1199.html John
Re: General Update Hints Potato-Woody
On Thu, Jan 31, 2002 at 12:45:47AM -0500, Bob Thibodeau wrote: On Wed, Jan 30, 2002 at 12:27:44PM -0500, John Kuhn wrote: I don't have a solution to the second bug (#131104) yet. It is a problem when you upgrade from apache 1.3.9 (stable) to 1.3.22. The solution does not seem to be as simple as correcting the capitalization in the config file to the apache standard. Perhaps it has to do with the 3 config file vs 1 config file in 1.3.9/1.3.22. I don't know. You just reminded me that I did have to change the capitalization when I moved to testing a few months ago. My apache needs are pretty modest, but I haven't had any problems with it since then. What are you experiencing? My testing machine is at home, but here are some notes that I made about the problem. First the error message while upgrading: Restart Apache now? [Y/n] y Stopping apache with apachectl ... done. Waiting for apache to terminate ... done. Syntax error on line 33 of /etc/apache/access.conf: Invalid command 'order', perhaps mis-spelled or defined by a module not included in the server configuration /usr/sbin/apachectl start: httpd could not be started Configuration failed! Run apacheconfig to try this again later. The original line 33 of access.conf was order allow,deny. I tried changing this to Order Allow,Deny and Order allow,deny. All variations that I tried resulted in a syntax error on line 33 when I ran apache -t. From a quick scan of the apache source it appears that apache does not care about the case of directives, but the Debian install and config scripts might. I have attached my access.conf file. Those who have a potato box will see that it has very few modifications from the original distribution. I did not file the original bug report on this, but in the next few days I will add some notes to the bug report. I know the apache maintainers are currently working on 1.3.23 so I'll give that a try when it makes it to unstable. John # access.conf: Global access configuration # Online docs at http://www.apache.org/ # This file defines server settings which affect which types of services # are allowed, and in what circumstances. # Each directory to which Apache has access, can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # Originally by Rob McCool # This should be changed to whatever you set DocumentRoot to. Directory /var/www # This may also be None, All, or any combination of Indexes, # Includes, FollowSymLinks, ExecCGI, or MultiViews. # Note that MultiViews must be named *explicitly* --- Options All # doesn't give it to you (or at least, not yet). Options Indexes FollowSymLinks # This controls which options the .htaccess files in directories can # override. Can also be All, or any combination of Options, FileInfo, # AuthConfig, and Limit AllowOverride None # Controls who can get stuff from this server. Order allow,deny allow from all /Directory # /usr/lib/cgi-bin should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. Directory /usr/lib/cgi-bin AllowOverride None Options ExecCGI FollowSymLinks /Directory # Allow server status reports, with the URL of http://servername/server-status # Change the .your_domain.com to match your domain to enable. #Location /server-status #SetHandler server-status #order deny,allow #deny from all #allow from .your_domain.com #/Location # Allow server info reports, with the URL of http://servername/server-info # Change the .your_domain.com to match your domain to enable. #Location /server-info #SetHandler server-info #order deny,allow #deny from all #allow from .your_domain.com #/Location # Debian Policy assumes /usr/doc is /doc/, at least from the localhost. Directory /usr/doc Options Indexes FollowSymLinks AllowOverride None Order deny,allow deny from all allow from localhost /Directory # This sets the viewable location of the mod_throttle status display. # # location /throttle-info # SetHandler throttle-info # /location # Do not allow users to browse foreign files using symlinks in # their private webspace public_html. # Note: This should be changed if you modify the UserDir-Option. # We would really like to use LocationMatch but the Option we want # is ignored with that directive. DirectoryMatch ^/home/.*/public_html Options Indexes SymLinksIfOwnerMatch AllowOverride None /DirectoryMatch # Do not allow retrieval of the override files, a standard security measure. Files .htaccess Order allow,deny deny from all /Files # You may place any other directories or locations you wish to have # access information for after this one.
Re: Any comercial apps made it back to the community?
On Thu, Jan 31, 2002 at 01:49:32PM -0500, Stan Brown wrote: Thats what the Progeny web pag said was going to happen to there stuff, which I really enjoyed. However I have seen no evidence of it. I can't say whether this is the fault of the folks at Progeny, or the NIH syndrome a Daebina. At least some packages have made it from Progeny: Package: autoinstall 0.9.7.2 Progeny Debian auto-installation system John
Re: base-passwd fixed?
On Wed, Jan 30, 2002 at 07:49:39AM -0500, Michael P. Soulier wrote: Hey people. I saw the warning about base-passwd being broken, and not to upgrade. I searched and found this http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=nobug=130735 Is this problem fixed? Also, where should I look for any known showstoppers before upgrading unstable, and how do I know when they're fixed? The bug that was discussed in detail on this list is #130032 which affected base-passwd 3.2.2. This bug has been fixed. The bug that you reference is a new and different bug which has not been fixed. I am still using base-passwd 3.2.1. As far as known showstopping bugs, the latest to affect me is #131104 in apache. It appears the solution is not as simple as changing the captialization in the config file. There are also other grave bugs filed against apache. John K.
Re: General Update Hints Potato-Woody
On Tue, Jan 29, 2002 at 09:35:37PM +0100, Holger Rauch wrote: Hi! Is there something like a upgrade HOWTO describing upgrading Potato-Woody in more detail? If so, pointers are most welcome. Is it safe to upgrade to Woody/testing at present or may it leave the system unusable? Others have already described the mechanics of upgrading. I will add some comments about whether it is safe to upgrade to testing. Last Friday I upgraded my old (~6 months) testing system to the current testing. As a result of the upgrade I hit 2 release critical bugs. The first (BTS #130306) was a because of a conflict between the old libaspell4 and new libaspell10/aspell-en. The solution for this was easy enough -- manually remove libaspell4 then the new packages will install correctly. A fix for this has been uploaded to unstable, but I don't think it is in testing yet. I don't have a solution to the second bug (#131104) yet. It is a problem when you upgrade from apache 1.3.9 (stable) to 1.3.22. The solution does not seem to be as simple as correcting the capitalization in the config file to the apache standard. Perhaps it has to do with the 3 config file vs 1 config file in 1.3.9/1.3.22. I don't know. Anyway, this was a long way of saying: if you NEED or EXPECT your system to work without a hitch, don't upgrade to testing. If you are willing to track down problems, check the BTS, file new bugs as needed, and provide solutions to bugs then go ahead and upgrade to testing. Have fun, John
Re: What is wrong with gcc-doc?
On Fri, Jan 18, 2002 at 02:34:39PM -0500, Paul Smith wrote: For a few months now I haven't been able to install the GCC documentation. This is most annoying. However, there is no bug filed so I'm wondering if maybe I've just got something broken? Here's what happens: # apt-get -s install gcc-doc Reading Package Lists... Done Building Dependency Tree... Done The following packages will be REMOVED: alsa-source build-essential g++ g++-2.95 gcc gcc-2.95 gobjc gobjc-2.95 libstdc++2.10-dev libtool task-devel-common task-objc-dev The following NEW packages will be installed: gcc-doc Try installing gcc-2.95-doc John
Re: scientific graphing program with histograms
On Thu, Dec 27, 2001 at 10:12:57PM -0600, Lance Hoffmeyer wrote: How about R? It's a stats program but I imagine that is what you are referring to. If you have numeric data it will graph it. Has perhaps the best graphing package around. You can do anything you need to do with it. More flexability than any other package I have seen (steep learning curve though). GMT is another very flexible plotting package. Its learning curve is also steep. John
Re: Preparations for installing a Farm
On Thu, Nov 08, 2001 at 03:07:17PM +0100, martin f krafft wrote: * Paul Sargent [EMAIL PROTECTED] [2001.11.08 13:20:21+]: OK, I'll give it a go. Would that be a entry for the testing or stable part of the UK mirror? stable (i.e. potato) do you purge or delete packages? I tend to purge, trying to keep the system as clean as possible. good. i thought --set-selections takes care of that. let me research a little... I think the key is when doing your get-selections use: dpkg --get-selections \* my_selections Without the '*' dpkg will only list installed packages. With the '*' it will also list purged packages. John
Re: gnucash dependencies in unstable
On Fri, Oct 26, 2001 at 12:17:41PM +, Jose Juan Iglesias wrote: El Vie 26 Oct 2001 10:00, Erik Steffl escribió: Jose Juan Iglesias wrote: Hi all! I've been trying to install gnucash package from ustable, version 1.6.1-4. dselect says that gnucash depends on libgal9 (= 0.10) and on libgtkhtml14 (= 0.11.1). And none seems to be available. looks like that's fixed (you might need to do update): ii libgal9 0.10-1 ii libgtkhtml14 0.11.1-5 but still no cigar: jojda:~gnucash ERROR: no such module (g-wrapped gw-runtime) bug is already filed... erik I got this same error after compilling gnucash 1.6.1 from sources. Which library is the responsible of this error? I haven't updated yet but I will, I prefer to install the package. Thanks. Note that a gnucash 1.6.4 (not 1.6.1) source and powerpc binary have been uploaded to the pool directory. You can download the source and compile for your architecture. ftp://ftp.debian.org/debian/pool/main/g/gnucash John
Re: using /home with potato woody
On Fri, Oct 26, 2001 at 01:37:07PM +, Vittorio wrote: In my laptop I've three partitions hda1= Debian Potato all directories but /home hda2= /home currently referring to Potato hda3= Woody all in this partition Now I'd like to refer both potato and woody to the same /home partition (hda2) and of course to the same user victor (that's me!). Is that possible? If yes, what steps should I take to be on the safe side? Vittorio One potential problem with doing this is the dot files in your home directory. Particularly if you use GNOME or KDE you could have problems. When you save configuration changes from the new (woody) environment it could write options to the files that are not understood by your old (potato) environment. John
gnucash woody
This is not another question about how to install gnucash 1.6.x on woody. There have been a few recent threads which answer this question. My question is: when woody is released as stable, is there any chance that it will include a modern gnucash? Woody currently has gnucash 1.3.4 which is an experimental developers release from March 2000. Since that time, unstable has had at least a few 1.4.x and 1.6.x releases which have not migrated to testing. What is it that keeps a new gnucash out of testing? I know that the version of gnucash currently in unstable has unresolvable dependencies, but when the package maintainer is available I'm sure these will be resolved. According to testing's update excuses, it appears to me that the biggest hurdle is gnucash's dependency on guile1.4/libguile9. So what is it that keeps libguile9 out of testing? Is it because libguile9 (unstable) conflicts with libguile6 (testing)? I notice that there are many packages in unstable that are kept back from testing because of their dependency on libguile9. John
Re: Probs compiling gnucash 1.4.11 from sources (gtk-xmhtml.h is missing)
Gnucash 1.4.10 is available in unstable as a deb or source package: ftp://ftp.debian.org/debian/pool/main/g/gnucash/ You will also need libgwrapguile if you don't already have it installed: ftp://ftp.debian.org/debian/pool/main/g/gwrapguile/ I am currently using gnucash 1.4.9 compiled from a Debian source package on a stable (potato) system. John On Sat, Apr 14, 2001 at 05:34:08PM +0200, Viktor Rosenfeld wrote: Hello folks, since the packaged version of gnucash is 1.3.4 (even in unstable) I downloaded the sources to for 1.4.11 and tried to compile from sources. However ./configure tells me, that it can't find the gtk-xmhtml.h header file. I have libgtkxmhtml1 installed, and tried to install libgtkmhtml1-dev, but this package does not exist (not even in unstable). So I am stuck with unmet dependencies. Was anybody lucky in installing 1.4.11 from sources? Or is there an unofficial site out there, that hosts Debian packages for gnucash? BTW, I'm currently running woody, but am willing to install some packages from unstable. TIA, Viktor -- Viktor Rosenfeld WWW: http://www.informatik.hu-berlin.de/~rosenfel/ Geek Code (3.1): GCS/SS d-@ s+: a20 C++@ UL++$ P+ L+++ E--- W++ N++ o? K? !W O? M? V? PS++@ PE+(-) Y+ P?(+++) t+ 5+ X- R? !tv b+ DI+ D- G e+++ h-- r- !y+
Re: GMT problems.
I currently use GMT 3.3.6 and 3.4-beta (both compiled from original source) on Debian systems. My guess is that the problem you are seeing is an NFS issue, not a GMT issue. You may want to repost with an NFS related subject. I'm not an NFS expert, so I can't be much help, but there should be many people on this list who know these issues. If you believe that this really is a problem with the way GMT handles file locking, please let me know so I can work with the GMT developers to resolve this before 3.4 is released. John On Tue, Apr 03, 2001 at 01:54:11PM +0200, Karsten Bolding wrote: Hi When I do: psbasemap -JM5 -R0.5/2.0/58.9/59.8 -B0.25 -P -K station.ps I get psbasemap: Error returned by fcntl [F_WRLCK] It's the same with any other GMT program. My home directory is mounted from a DEC-alpha via nfs and I'm running 2.4.1. Any help will be appriciated. Karsten
Re: 3com 3c90x install
You don't need to compile this driver from source. During the 'Configure Device Driver Modules' load the '3c59x' module. Yes, the current 3c59x module does work with the 3c905c-tx. I used the 3com source driver with older versions of the 2.2.x kernels, but it is not needed for 2.2.18pre21. John On Wed, Feb 21, 2001 at 09:59:40AM -0500, Ron Peterson wrote: I'm trying to do a network install of debian on a computer which has a 3com 3c905c-tx network card. 3com kindly provides GNU licenced source code for this card on their website. I succesfully compiled the module on another debian system, and put it on a floppy, in directory /lib/modules/2.2.18pre21/. I inserted this floppy when appropriate during the 'Configure Device Driver Modules' portion of the installation. However, no network interfaces are found. I imagine I need to pass some kernel or insmod parameters for the specified module. Where/How do I do this? -- Ron Peterson Network Systems Manager Mount Holyoke College GPG and other info at http://www.mtholyoke.edu/~rpeterso -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
dependency problem
I have a mostly potato system with a few newer packages installed. In particular I have installed newer ALSA packages including libesd-alsa0_0.2.22-3. The control info for this package indicates that it Provides: libesd0. Now when I run apt-get upgrade I get the following error messages: Sorry, but the following packages have unmet dependencies: gedit: Depends: libesd0 (= 0.2.14-0.2) gtop: Depends: libesd0 (= 0.2.14-0.2) E: Unmet dependencies. Try using -f. apt-get -f upgrade - wants to remove gedit and gtop. Why doesn't libesd-alsa0 meet this dependency? Does it need version info in the Provides line? Both gtop and gedit run and even emit an occasional annoying noise. How can I make apt-get happy? John
Re: dependency problem
I need to remember to check the bug reports before asking questions like this. There is a information about this in the gedit bug reports. I have not done this yet, but it looks like the solution is to recompile gedit, gtop using my new libesd-alsa0. John On Fri, Feb 02, 2001 at 09:26:50PM -0500, John Kuhn wrote: I have a mostly potato system with a few newer packages installed. In particular I have installed newer ALSA packages including libesd-alsa0_0.2.22-3. The control info for this package indicates that it Provides: libesd0. Now when I run apt-get upgrade I get the following error messages: Sorry, but the following packages have unmet dependencies: gedit: Depends: libesd0 (= 0.2.14-0.2) gtop: Depends: libesd0 (= 0.2.14-0.2) E: Unmet dependencies. Try using -f. apt-get -f upgrade - wants to remove gedit and gtop. Why doesn't libesd-alsa0 meet this dependency? Does it need version info in the Provides line? Both gtop and gedit run and even emit an occasional annoying noise. How can I make apt-get happy? John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian on newer kernel
On Fri, Apr 14, 2000 at 08:18:33AM +0200, Vitux wrote: John Kuhn wrote: My experiance was that 2.2.13 is the latest stable kernel that you can run on slink without updating any other packages. Kernel 2.2.14 would require installing a newer procps (2.0.3 or later). John -- Not in my experience. I got the kernel-source for 2.2.14 from kernel.org and did a manual compile/install (if that makes any difference, I can't say). I've had no trouble whatsoever and the system is rock stable (except from occasional hardware-related stuff ;-) Vitux I did a manual compile/install of 2.2.14. The kernel itself did work fine. I found that ps, top and friends from procps 1.2.9-3 did not work correctly with the new kernel. Checking /usr/src/linux/Documentation/Changes I found that procps 2.0.3 or newer is required for kernel 2.2.14. The Changes file for 2.2.13 indicated that procps 1.2.9 would work with this version. Since I consider procps an essential package, I had two choices at this point. I could have compiled a new version of procps or moved back to kernel 2.2.13. Neither is difficult, but for now I chose to use kernel 2.2.13. John
Re: debian on newer kernel
On Thu, Apr 13, 2000 at 08:52:34PM +0200, Meinolf Sander wrote: On Thu, Apr 13, 2000, Sunil Pandey wrote: I am trying to install debian 2.1r5(slink) on my comp. One question that I want to ask is.. is it possible to get debian for a newer version of kernel (say like kernel 2.2.1). You can run 2.1r5 with a e.g. 2.2.14 kernel without any problem. Just download the kernel sources and compile one customized to your system. Or you get yourself Debian Potato 2.2 (frozen), which is delivered with this kernel. My experiance was that 2.2.13 is the latest stable kernel that you can run on slink without updating any other packages. Kernel 2.2.14 would require installing a newer procps (2.0.3 or later). John
Re: slink and /usr/share/man/
I made the following changes in /etc/manpath.conf MANDATORY_MANPATH /usr/share/man MANDB_MAP /usr/share/man /var/catman/share I did not add a MANPATH_MAP for this. This has worked for me. John Kuhn On Sat, Apr 08, 2000 at 10:20:08AM -0700, Pann McCuaig wrote: My RTFM-ing would seem to indicate that /etc/manpath.config is the proper place. The MANDATORY_MANPATH mapping is obvious, but I'm concerned about the MANPATH_MAP mapping. There are no many-to-one mappings in the current file. Is it proper to have both the following lines? MANPATH_MAP /usr/bin/usr/man MANPATH_MAP /usr/bin/usr/share/man And what to do about /var/catman/ ? Thanks, Pann -- geek by nature, Linux by choice L I N U X .~. The Choice /V\ http://www.ourmanpann.com/linux/ of a GNU /( )\ Generation ^^-^^
Re: eth0 timeout
On Fri, Mar 31, 2000 at 09:44:50AM -0600, Dave Sherohman wrote: I've got a 3Com 3c905 100BaseT4 NIC in this machine (running through a 10 Mbps hub, though) which is occasionally timing out when not in use. Here's the log of the first timeout from last night: I'm running kernel 2.2.9 with 3c590/3c900 series (592/595/597) Vortex/Boomerang support built-in. Try using the 3c90x driver available from 3Com http://support.3com.com/infodeli/tools/nic/linuxdownloading.htm John
Re: exim and spam relay
It took some time, but I finally found an answer to the question I posted. If anyone else is having the same problem, the solution is to set receiver_verify = true in /etc/exim.conf. Exim will then return a 550 status to the RCPT TO command in the following example. John Kuhn wrote: telnet badhost.corp.com 25 Trying... Connected to badhost.corp.com. Escape character is '^]'. 220 badhost.corp.com ESMTP Exim 3.12 #1 Thu, 09 Mar 2000 14:45:18 -0500 MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED] is syntactically correct RCPT TO:[EMAIL PROTECTED]@[192.1.1.1] 250 [EMAIL PROTECTED]@[192.1.1.1] is syntactically correct
debian-user@lists.debian.org
Jonathan, Thanks for your response. I checked my exim.conf again and did not find anything wrong in it. I have included a few of the values below. Assume: my true IP address: 192.1.1.1 my true machine name: badhost.corp.com /etc/exim.conf === qualify_domain = badhost.corp.com local_domains = local_domains_include_host = true local_domains_include_host_literals = true #relay_domains = #relay_domains_include_local_mx = true You commented that you were running exim 3, so I downloaded the source, compiled and installed it. That did not resolve my problem. Below is a sample session that shows my problem. For this session, I was on xxx.dialup.erols.com telnetting into badhost.corp.com and attempting to relay mail to remote.com. If you attempt to duplicate these results be sure to replace 192.1.1.1 with the actual IP address of the machine you are attempting to relay through. telnet badhost.corp.com 25 Trying... Connected to badhost.corp.com. Escape character is '^]'. 220 badhost.corp.com ESMTP Exim 3.12 #1 Thu, 09 Mar 2000 14:45:18 -0500 MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED] is syntactically correct RCPT TO:[EMAIL PROTECTED]@[192.1.1.1] 250 [EMAIL PROTECTED]@[192.1.1.1] is syntactically correct I expect the following result here instead of 250: 550 relaying to [EMAIL PROTECTED]@[192.1.1.1] prohibited by administrator If this test is run to localhost (telnet localhost 25, 192.1.1.1-127.0.0.1) I do get the results that I expect - 550 relaying prohibited. As I mentioned in my first message, even if you complete this SMTP session with DATA, exim will not relay the message. Exim will accept and queue the message 250 OK id=12RaPH-0003Zq-00 Then will discover [EMAIL PROTECTED] is not a valid local user. It will then send an error message to spamtest which is not valid either. It will then freeze the error message. My concern is that exim does not return a 5xx error status at any point in the session. John
Re: exim and spam relay
Sorry for the duplicate message. This one has a useful Subject. Jonathan, Thanks for your response. I checked my exim.conf again and did not find anything wrong in it. I have included a few of the values below. Assume: my true IP address: 192.1.1.1 my true machine name: badhost.corp.com /etc/exim.conf === qualify_domain = badhost.corp.com local_domains = local_domains_include_host = true local_domains_include_host_literals = true #relay_domains = #relay_domains_include_local_mx = true You commented that you were running exim 3, so I downloaded the source, compiled and installed it. That did not resolve my problem. Below is a sample session that shows my problem. For this session, I was on xxx.dialup.erols.com telnetting into badhost.corp.com and attempting to relay mail to remote.com. If you attempt to duplicate these results be sure to replace 192.1.1.1 with the actual IP address of the machine you are attempting to relay through. telnet badhost.corp.com 25 Trying... Connected to badhost.corp.com. Escape character is '^]'. 220 badhost.corp.com ESMTP Exim 3.12 #1 Thu, 09 Mar 2000 14:45:18 -0500 MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED] is syntactically correct RCPT TO:[EMAIL PROTECTED]@[192.1.1.1] 250 [EMAIL PROTECTED]@[192.1.1.1] is syntactically correct I expect the following result here instead of 250: 550 relaying to [EMAIL PROTECTED]@[192.1.1.1] prohibited by administrator If this test is run to localhost (telnet localhost 25, 192.1.1.1-127.0.0.1) I do get the results that I expect - 550 relaying prohibited. As I mentioned in my first message, even if you complete this SMTP session with DATA, exim will not relay the message. Exim will accept and queue the message 250 OK id=12RaPH-0003Zq-00 Then will discover [EMAIL PROTECTED] is not a valid local user. It will then send an error message to spamtest which is not valid either. It will then freeze the error message. My concern is that exim does not return a 5xx error status at any point in the session. John
exim and spam relay
This story begins on an ancient R3000 based SGI Indigo running IRIX 5.3. Due to my own negligence, this machine had open mail relaying. One night recently a spammer discovered this machine and used it to send spam. The following morning, I had a few e-mails addressed to me kindly pointing out my oversight. I immediately removed the machine from the network until the relaying and other problems were fixed. Shortly after this incident, this machine was retired and replaced with a PC running Debian. It is currently running Debian 2.1r5 with exim 2.05-2. This was a planned transition that was unrelated to the mail relaying. Since the name and IP address remained the same as the old machine, the Debian machine inherited the history as a known spam relayer. Today it remains on at least one list of insecure mailservers - The MAPS Relay Spam Stopper (RSS) http://maps.vix.com/rss/. Below is a portion of the relay test log for this machine which indicates why it is still blacklisted. Note that I have changed my machine name and IP address to protect the guilty - that would be me. Assume: my true IP address: 192.1.1.1 my true machine name: badhost.corp.com * BEGIN relay test log * Sun Mar 5 04:44:58 PST 2000 Connecting to 192.1.1.1 ... 220 badhost.corp.com ESMTP Exim 2.05 #1 Sun, 5 Mar 2000 07:45:09 -0500 HELO maps1.pa.vix.com 250 badhost.corp.com Hello dante.mail-abuse.org [204.152.184.35] several unsuccessful relay attempts deleted RSET 250 Reset OK MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED] is syntactically correct RCPT TO:[EMAIL PROTECTED]@[192.1.1.1] 250 [EMAIL PROTECTED]@[192.1.1.1] is syntactically correct DATA 354 Enter message, ending with . on a line by itself (message body) 250 OK id=12RaPH-0003Zq-00 /var/local/maps/rss/bin/rly: relay accepted - final response code 250 * END relay test log * This log ends with a response code indicating that a relay attempt succeeded, but the exim log shows that although the message was initially accepted, it was not delivered. * BEGIN /var/log/exim/mainlog * 2000-03-05 07:45:12 12RaPH-0003Zq-00 = [EMAIL PROTECTED] H=dante.mail-abuse.org (maps1.pa.vix.com) [204.152.184.35] P=smtp S=982 [EMAIL PROTECTED] 2000-03-05 07:45:12 12RaPH-0003Zq-00 ** [EMAIL PROTECTED]@[192.1.1.1]: unknown local-part [EMAIL PROTECTED] in domain [192.1.1.1] 2000-03-05 07:45:12 12RaPI-0003Zs-00 = R=12RaPH-0003Zq-00 U=mail P=local S=1848 2000-03-05 07:45:12 12RaPH-0003Zq-00 Error message sent to [EMAIL PROTECTED] 2000-03-05 07:45:12 12RaPH-0003Zq-00 Completed 2000-03-05 07:45:12 12RaPI-0003Zs-00 ** [EMAIL PROTECTED]: unknown local-part spamtest in domain [192.1.1.1] 2000-03-05 07:45:12 12RaPI-0003Zs-00 Frozen (delivery error message) * END /var/log/exim/mainlog * Is there a way to configure exim to return a 5xx response code to this form of relay attempt instead of returning a 250 then later rejecting it? Any assistance you can give to help me shed my image as a friend to spammers would be appreciated. John
Re: Extreme Security Suggestions?
Timothy, There are a few encrypted filesystems for Linux. Ones aimed at distributed filesystems (NFS replacements): - CFS, which has been packaged and is available from non-us.debian.org. - TCFS, http://tcfs.dia.unisa.it/ I used CFS several years ago and it seemed to work well. My only complaint was that triple DES was a bit slow on my 486/33. Another approach which I am currently using involves patching the kernel to provide kernel level encrypted filesystems. I have updated a patch for kernel 2.0.36 which was originally released in 1996 for kernel 2.0.11. I have gotten good results with this using IDEA encryption on systems ranging from a 486/33 to PII-350. There are now encryption patches available for the new 2.2.x kernels. ftp://ftp.kerneli.org/pub/linux/kerneli/v2.2/patch-int-2.2.1.1.gz will add encryption to linux 2.2.1. I have not used this patch yet, but I will give it a try as soon as I update to slink and have a 2.2.x compatible system. When unmounted, the ability to scan the raw partition will not give your cracker any useful information. If they are really determined, they could scan raw /tmp and swap partitions for traces of sensitive data. Whether this is an issue depends on your required security level. When mounted, a root cracker would be able to read the all files on the partition. Mounting the partition requires a passphrase. The kernel approach will require patching and building custom versions of the kernel and mount programs. If you want more detail on these, let me know, John On Fri, Feb 05, 1999 at 12:56:56AM -0400, Timothy Hospedales wrote: Hi, I am wondering what is the recommended way to secure a sizeable volume (0.5-2GB ) of confidential data such that it is non-retreivable/unusable even in the event that a hacker has gained user level or shudder root access?
Adaptec 2842
I am trying to install the latest stable version of Debian on a machine with an Adaptec AHA-2842VL SCSI adapter. The system has a SCSI hard disk, CD-ROM and Exabyte tape drive. I have tried the rescue disks with the 2.0.29 and 2.0.30 versions of the kernel. The machine hangs while booting from the resue disk. At the boot prompt I enter linux aic7xxx=no_reset. The error messages follow: scsi0: Scanning channel A for devices. scsi: aborting command due to timeout: pid 0, scsi0, channel 0, id 0, lun0 Test Unit Ready 00 00 00 00 00 aic7xxx: (abort) Aborting scb 0, TCL 0/0/0 (many lines deleted) aic7xxx: (done_aborted_scbs) Aborting scb 0, TCL=0/0/0 scsi0: BRKADRINT error (0x1): Illegal Host Access Kernel panic: scsi0: BRKADRINT, error 0x1, seqaddr 0x0 In swapper task - not syncing Does anyone have any ideas for installing Debian on this machine? John Kuhn [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: crypting a whole filesystem or directory?
On Thu, 27 Nov 1997, Kevin Traas wrote: Is there a way to crypt a whole e2-filesystem or at least a whole directories? Or is there any other way to overcome this? Yes there is. Whether or not Debian has a package for this yet I do not know, however here is an address that should answer some questions: http://www.aoy.com/Linux/Security/Linux-Security-FAQ/CFS-Doc.html There's also: http://edu-gw.dia.unisa.it/tcfs/ The Transparent CryptoGraphic File System Later, Kevin Traas For a kernel level encryption system check out: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/filesystems/linux It looks like this is no longer supported by the authors since the patches are for linux-2.0.11. I have created a set of patches for 2.0.27 - 2.0.32. I did some testing for 27-30 but I have not even compiled 2.0.31 or 2.0.32. At the moment I am having some reliability problems with my motherboard and I don't want to mess with encrypted filesystems until I resolve my hardware problems. John Kuhn -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: Linux FS Question
On Wed, 18 Jun 1997 [EMAIL PROTECTED] wrote: Date: Wed, 18 Jun 1997 09:01:23 -0500 To:debian-user@lists.debian.org From: Tim O'Brien [EMAIL PROTECTED] Subject: Re: Linux FS Question Is there a way to securely delete a file? Or do I need to study the e2fs and develop a program to do it? I'm sure there's lots of people out there who'd like the ability to know that when something's been deleted, it's gone; no line, no waiting.. Right now. Ideas? You could write a small c prog, that stats the file to get the size, then open the file, write 0's to the whole file, close it and unlink. Most of this is standard library calls. Stephen. One example of a program to do this is can be found on sunsite.unc.edu in /pub/Linux/utils/file/wipe.tgz Also note that the chattr(1) program claims to set a file attribute that will cause a file to be overwritten with zeros before it is deleted from an ext2 file system. This will not work because the required code was removed from the Linux kernel in version 1.3.36 (Oct 95) and has not been added back. See the following comment from /usr/src/linux/fs/ext2/truncate.c: /* * Secure deletion currently doesn't work. It interacts very badly * with buffers shared with memory mappings, and for that reason * can't be done in the truncate() routines. It should instead be * done separately in release() before calling the truncate routines * that will release the actual file blocks. * * Linus */ Anyone looking for a kernel hacking project? John Kuhn [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .