[Bug 1793028] Re: [SRU] NetBSD CVE Patch Regression
ipsec-tools and racoon are still being maintained by Debian (despite of some concerns), NetBSD and Apple. NetBSD has published the fix for this bug already in 2018 and since then published further improvements for setkey command. A subset of the upstream changes and some minor Debian changes have been packaged into a new version of PPA https://launchpad.net/~rdratlos/+archive/ubuntu/racoon (see changelog there) and published for the current Ubuntu LTS releases. The related source code is now maintained on Github (https://github.com/rdratlos/racoon-ipsec-tools/tree/develop). Ubuntu won't fix but there is at least a solution for Bionic and Focal that works well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: [SRU] NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793028] Re: NetBSD CVE Patch Regression
Upstream NetBSD has reviewed the proposed code fix and proposed a slight modification which is now committed in their repository as add-on patch. The first draft of the patch above has been updated with the proposed changes. In addition, some limited debugging has been added to support admins in their root cause analysis, if VPN clients are blackballed due to the stricter fragment checks introduced by NetBSD's CVE patch. Attached is the updated patch. PPA https://launchpad.net/~rdratlos/+archive/ubuntu/racoon has been updated accordingly and works fine. ** Patch added: "Updated patch for NetBSD CVE Patch" https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+attachment/5196686/+files/0001-Fix-isakmp-fragmentation-bug-in-CVE-2016-10396-patch.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793028] Re: NetBSD CVE Patch Regression
I performed some analysis and debugging of the isakmp fragmentaion error. The root cause seems to be a logical error in upstream CVE-2016-10396 patch. When applying this patch, racoon server prevents from DoS but does not recognize a completed reassembly of a isakmp fragemnt chain. This forces racoon clients like Apple iPhones that fragment isakmp messages to retransmit fragemnts which leads to a similar behaviour than the DoS attack, that developers wanted racoon servers to be protect from. So in turn, after a couple of retransmissions racoon server terminates pahse 1 negotiation. This prevents the fragmenting client from accessing the VPN. Attached is a patch that fixes the fragmentation bug in CVE-2016-10396 patch. The patch has been tested and it works fine with my limited set of VPN clients. Regression tests have not been performed. For your convenience I've updated the PPA (https://launchpad.net/~rdratlos/+archive/ubuntu/racoon) to allow further testing of the attached patch. The patch has been based on debian build 10 of racoon and should be easily applicable to bionic. Please review attached patch and include it into bionic. ** Patch added: "0001-Fix-isakmp-fragmentation-bug-in-CVE-2016-10396-patch.patch" https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+attachment/5195734/+files/0001-Fix-isakmp-fragmentation-bug-in-CVE-2016-10396-patch.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793028] Re: NetBSD CVE Patch Regression
I would offer some support to better analyse the bug. The new log messages plus debug in racoon do not help much. Maybe dumping network traffic with wireshark could help, but traffic is encrypted. so I need some guidance on this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793028] Re: NetBSD CVE Patch Regression
Quote from upstream bug report discussion: I agree there's something wrong with the code, although I would also like to have ways of reproducing this. Working on this bug right now is kind of a shot in the dark, and it seems numerous people here have worked on PoC or have real world conditions to reproduce those issues. It would be nice to share those so we can fix those issues properly. SuSE has also taken the upstream patch including the latest changes. But exactly the changes from Jan. 2017 introduce the regression. Changes afterwards seem to be more code clean-up. Fedora and ArchLinux seem not to apply the patch (yet). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793028] Re: NetBSD CVE Patch Regression
I've stored a "patched" package in Ubuntu launchpad that fixes this issue but again contains vulnerability CVE-2016-10396. https://launchpad.net/~rdratlos/+archive/ubuntu/racoon -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793028] Re: NetBSD CVE Patch Regression
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10396 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793028] [NEW] NetBSD CVE Patch Regression
Public bug reported: After upgrade racoon from 1:0.8.2+20140711-5 to 1:0.8.2+20140711-10build1 Apple iPhones, which use a racoon client cannot connect to the racoon VPN on the Ubuntu server. Following log entries outline the failure: Sep 14 06:42:28 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch Sep 14 06:42:28 vpnserver racoon[1775]: ERROR: Repeated last fragment index mismatch Sep 14 06:42:32 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch Sep 14 06:42:32 vpnserver racoon[1775]: ERROR: Repeated last fragment index mismatch Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated last fragment index mismatch Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated last fragment index mismatch Sep 14 06:42:39 vpnserver racoon[1775]: ERROR: phase1 negotiation failed due to time up. A brief check of the upstream activities shows, that maintainers switched to panic mode because of CVE-2016-10396 and provided a rough patch without support of the ipsec-tools project and without the ability to perform sufficient regression tests. As Debian as well as NetBSD maintainers already have expressed their general concerns about this patch, there really seems to be a severe issue. Further evidences can be provided but as the topic is pretty complicated detailed guidance is required. ** Affects: ipsec-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1081489] Re: autofs package is missing the lookup_sss.so module(!); negating autofs-enabled sssd functionality (automount fails)
For servers still hanging on Ubuntu 12.04 (Precise), you will find a backport of the above mentioned fix in Launchpad: https://launchpad.net/~rdratlos/+archive/ubuntu/autofs. --- autofs (5.0.7-3ubuntu3ppa1) precise; urgency=medium * Backport from Ubuntu 14.04 LTS (Trusty): - Integrate SSSD and autofs for looking up automounter data stored in centralized remote directories such as LDAP (LP: #1081489) - Replace sssd-common by sssd in build-depends -- Thomas ReimThu, 31 Jul 2014 00:26:53 +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1081489 Title: autofs package is missing the lookup_sss.so module(!); negating autofs-enabled sssd functionality (automount fails) To manage notifications about this bug go to: https://bugs.launchpad.net/linuxmint/+bug/1081489/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 955918] Re: sysfs settings not applied at boot
I can confirm that sysfs comes too late in Ubuntu 12.04.3. I need access to folder /sys/kernel/config to mount configfs. During boot Ubuntu prints an error notification that the configfs mount in /etc/fstab cannot be mounted due to missing destination directory. I have to manually skip the mount process by pressing "S". After first login /sys is available, but this is to late. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/955918 Title: sysfs settings not applied at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sysfsutils/+bug/955918/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1012900] Re: Using SSSD, PAM error when exiting su session
Verification passed on 12.04: Linux Mark-Aurel 3.2.0-37-generic #58-Ubuntu SMP Thu Jan 24 15:28:10 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux sssd Version: 1.8.6-0ubuntu0.2 libpam-sss Version: 1.8.6-0ubuntu0.2 Fixes pam error problem caused by libpam-sss and sssd (User not known to the underlying authentication module) for /etc/passwd users. Fixes also amavis-new cron job failure caused by su call in script in /usr/sbin /amavisd-new-cronjob. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1012900 Title: Using SSSD, PAM error when exiting su session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1012900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826677] Re: Toshiba Satellite L300D EDID Error Flooding Problem
There is a patch for this problem proposed for upstream kernel. See http://lists.freedesktop.org/archives/dri- devel/2011-August/013709.html I've backported the patch to Ubuntu Natty and it has been successfully tested by Routhy (see http://ubuntuforums.org/showthread.php?t=1607778). You will find the test kernel in https://launchpad.net/~rdratlos/+archive/ppa-asus-m2a-fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826677 Title: Toshiba Satellite L300D EDID Error Flooding Problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/826677/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826677] Re: Toshiba Satellite L300D EDID Error Flooding Problem
** Attachment added: "dmesg" https://bugs.launchpad.net/bugs/826677/+attachment/2279581/+files/toshiba-dmesg.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826677 Title: Toshiba Satellite L300D EDID Error Flooding Problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/826677/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826677] Re: Toshiba Satellite L300D EDID Error Flooding Problem
** Attachment added: "lspci -v" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/826677/+attachment/2279582/+files/toshiba-lspci.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826677 Title: Toshiba Satellite L300D EDID Error Flooding Problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/826677/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 826677] [NEW] Toshiba Satellite L300D EDID Error Flooding Problem
Public bug reported: There is a problem with Toshiba Satellite L300D with ATI Mobility Radeon X1100. Even though there is no monitor connected to the HDMI port the drm/radeon module dumps every ten seconds an EDID to the kernel logs and onto terminal sessions. This is valid since Ubuntu lucid and still exists in latest Ubuntu natty kernel. See also discussion in http://ubuntuforums.org/showthread.php?p=11121971#post11121971. ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/826677 Title: Toshiba Satellite L300D EDID Error Flooding Problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/826677/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 814898] Re: Fail to join Windows 7 or Windows 2008 Machine to Samba Domain
Sorry: uploaded the wrong file. Here's the correct patch: ** Patch added: "smbldap-useradd_flush_nscd_cache.patch" https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/814898/+attachment/2226951/+files/smbldap-useradd_flush_nscd_cache.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/814898 Title: Fail to join Windows 7 or Windows 2008 Machine to Samba Domain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/814898/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 814898] [NEW] Fail to join Windows 7 or Windows 2008 Machine to Samba Domain
Public bug reported: When joining a Windows 7 or Windows 2008 machine to a Samba domain using smbldap-useradd -w as 'add machine script', Windows fails with error message: 'The following error ocurred attempting to join the domain "MYDOMAIN": A device attached to the system is not functioning.' The reason for this is that smbldap tools are calling smbpasswd right after the ldap add of the machine, however, some nss dependent service is using a cached copy of ldap which does not contain the new machine entry. See e. g. http://lists.samba.org/archive/samba/2010-July/156930.html. When using nscd on the Samba server, smbldap -useradd should flush the nss cache. ** Affects: smbldap-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/814898 Title: Fail to join Windows 7 or Windows 2008 Machine to Samba Domain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/814898/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 814898] Re: Fail to join Windows 7 or Windows 2008 Machine to Samba Domain
** Patch added: "[PATCH] Flush NSS Cache after Adding a Machine Account" https://bugs.launchpad.net/bugs/814898/+attachment/2226897/+files/smbldap-useradd_flush_nscd_cache.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/814898 Title: Fail to join Windows 7 or Windows 2008 Machine to Samba Domain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/814898/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 810926] Re: ECS A740GM-M DVI-D EDID error flooding problem
There is a patch for this problem proposed for upstream kernel. See https://lkml.org/lkml/2011/7/20/38 I've backported the patch to Ubuntu Natty and it has been successfully tested by Stephen_m64 (see http://ubuntuforums.org/showthread.php?t=1607778). You will find the test kernel in https://launchpad.net/~rdratlos/+archive/ppa-asus-m2a-fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/810926 Title: ECS A740GM-M DVI-D EDID error flooding problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/810926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 810926] Re: ECS A740GM-M DVI-D EDID error flooding problem
** Attachment added: "lspci -v" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/810926/+attachment/2209309/+files/ECS_A740GM-M_DVI-D-lspci-v.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/810926 Title: ECS A740GM-M DVI-D EDID error flooding problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/810926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 810926] Re: ECS A740GM-M DVI-D EDID error flooding problem
** Attachment added: "dmesg" https://bugs.launchpad.net/bugs/810926/+attachment/2209308/+files/ECS_A740GM-M_DVI-D-dmesg.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/810926 Title: ECS A740GM-M DVI-D EDID error flooding problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/810926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 810926] [NEW] ECS A740GM-M DVI-D EDID error flooding problem
Public bug reported: There is a problem with ECS A740GM-M Motherboard (integrated radeon graphics). Even though there is no monitor connected to the DVI port the drm/radeon module dumps every teh seconds an EDID to the kernel logs and onto terminal sessions. This is valid since Ubuntu lucid and still exists in latest Ubuntu natty kernel. See also discussion in http://ubuntuforums.org/showthread.php?p=10289251. ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/810926 Title: ECS A740GM-M DVI-D EDID error flooding problem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/810926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 722806] Re: Asus M2A-VM: kernel demanding EDID for an unconnected monitor
** Also affects: linux Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/722806 Title: Asus M2A-VM: kernel demanding EDID for an unconnected monitor To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/722806/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 722806] Re: Asus M2A-VM: kernel demanding EDID for an unconnected monitor
There is now a patch for this bug proposed to upstream kernel. See https://lkml.org/lkml/2011/7/7/207 I've backported the patch to Ubuntu Natty. You will find the fixed kernel packages under "https://launchpad.net/~rdratlos/+archive/ppa- asus-m2a-fix". @Alex: Could you please test the fixed kernel on your system and provide me with the results? I'm especially interested in the dmesg output. Please take also care that under the testing kernel the poll option is set in /sys/module/drm_kms_helper/parameters/poll. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/722806 Title: Asus M2A-VM: kernel demanding EDID for an unconnected monitor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/722806/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 295266] Re: KDE doesn't honor root certs chosen by ca-certificates
After some testing using KDE 4.3 in Kubuntu karmic I can now confirm that Malte's fix works also for kmail. In fact, all kio slaves (like kio_http, kio_smtp) that use the KTcpSocket class correctly support with this fix self-signed certificates. Kmail correctly uses the certification list that is connected by the symbolic link fix. See extract of the debug log: kmail(20529) KMComposeWin::doSend: Plain text kmail(20529) KMComposeWin::doSend: Calling applyChanges() kmail(20529) KMComposeWin::applyChanges: Entering kmail(20529) MessageComposer::applyChanges: KMAIL_DEBUG_COMPOSER_CRYPTO = FALSE kmail(20529) MessageComposer::breakLinesAndApplyCodec: Added an on the last line kmail(20529) MessageComposer::breakLinesAndApplyCodec: Added an on the last line kmail(20529) MessageComposer::composeMessage: Starting to compose message kmail(20529) MessageComposer::composeMessage: mEarlyAddAttachments= false mAllAttachmentsAreInBody= false kmail(20529) MessageComposer::addBodyAndAttachments: Set top level Content-Type from originalContentTypeStr()= "Text/Plain; charset="us-ascii"" kmail(20529) KMComposeWin::slotContinueDoSend: true kmail(20529) KMFolderMaildir::addMsgInternal: FolderStorage::msgStatusChanged kmail(20529)/kmail (storage internals) KMFolderMaildir::getDwString: KDE_fopen(abs_file= "/home/solkraftwerk/.kde/share/apps/kmail/mail/outbox/cur/1264549308.20529.6aSVn" , "r") == stream == 0x289af80 kmail(20529)/kmail (storage internals) KMFolderMaildir::getDwString: fclose(mIndexStream = 0x289af80 ) kmail(20529)/kdepimlibs (mailtransport) MailTransport::Transport::Transport: "1254495839" kmail(20529)/kio (Slave) KIO::Slave::createSlave: createSlave "smtp" for KUrl("smtp://solkraftw...@mail.gas.de:25/send?headers=0&from=sen...@sol.de&to=re...@star.de&hostname=Mark-Aurel.gas.de&size=426") kmail(20529)/kio (KIOConnection) KIO::ConnectionServer::listenForRemote: Listening on "local:/tmp/ksocket-solkraftwerk/kmailw20529.slave-socket" klauncher(13962)/kio (KLauncher) KLauncher::requestSlave: KLauncher: launching new slave "kio_smtp" with protocol= "smtp" args= ("smtp", "local:/tmp/ksocket-solkraftwerk/klauncherT13962.slave-socket", "local:/tmp/ksocket-solkraftwerk/kmailw20529.slave-socket") klauncher(13962)/kio (KLauncher) KLauncher::processRequestReturn: "kio_smtp" (pid 20570) up and running. kmail(20529)/kdepimlibs (mailtransport) MailTransport::SmtpJob::startSmtpJob: Created new SMTP slave 0x28a4ae0 kmail(20529) KMComposeWin::cleanupAutoSave: deleting autosave file "1264549295.20529.CDuGd" kmail(20529) KMFolderMaildir::removeFile: Can't delete "/home/solkraftwerk/.kde/share/apps/kmail/autosave/new/1264549295.20529.CDuGd" "No such file or directory" kio_smtp(20570)/kio (TCPSlaveBase) KIO::TCPSlaveBase::disconnectFromHost: kio_smtp(20570)/kssl KSslCertificateManagerPrivate::loadDefaultCaCertificates: Loading 155 CA certificates from ("/usr/share/kde4/apps/kssl/ca-bundle.crt") kio_smtp(20570)/kssl KTcpSocket::showSslErrors: "The host name did not match any of the valid hosts for this certificate" kio_smtp(20570)/kssl KIO::TCPSlaveBase::startTLSInternal: Cipher info - advertised SSL protocol version 8 negotiated SSL protocol version 8 authenticationMethod: "RSA" encryptionMethod: "AES" keyExchangeMethod: "DH" name: "DHE-RSA-AES256-SHA" supportedBits: 256 usedBits: 256 kio_smtp(20570)/kio (kioslave) KIO::SlaveBase::canResume: offset= "0" kmail(20529) KMSender::cleanup: kmail(20529)/kmail (storage internals) KMFolderMaildir::reallyDoClose: fclose(mIndexStream = 0x28aba30 ) kmail(20529)/kmail (storage internals) KMFolderMaildir::reallyDoClose: fclose(mIndexStream = 0x2142120 ) kmail(20529)/kdepimlibs (mailtransport) MailTransport::SmtpJob::~SmtpJob: clearing SMTP slave pool 1 kio_smtp(20570)/kio (TCPSlaveBase) KIO::TCPSlaveBase::disconnectFromHost: kmail(20529)/kmail (storage internals) KMFolderMaildir::reallyDoClose: fclose(mIndexStream = 0x1d5fff0 ) kmail(20529) KMail::Vacation::~Vacation: ~Vacation() kmail(20529)/kmail (storage internals) KMFolderMaildir::reallyDoClose: fclose(mIndexStream = 0x144bb20 ) kmail(20529)/kmail (storage internals) KMFolderMaildir::reallyDoClose: fclose(mIndexStream = 0x14276f0 ) kmail(20529) KMKernel::~KMKernel: kio_http(20558)/kio (TCPSlaveBase) KIO::TCPSlaveBase::disconnectFromHost: kio_http(20558)/kio (TCPSlaveBase) KIO::TCPSlaveBase::disconnectFromHost: kio_http(20559)/kio (TCPSlaveBase) KIO::TCPSlaveBase::disconnectFromHost: kio_http(20559)/kio (TCPSlaveBase) KIO::TCPSlaveBase::disconnectFromHost: kio_http(20559)/kio (TCPSlaveBase) KIO::TCPSlaveBase::disconnectFromHost: kio_http(20558)/kio (TCPSlaveBase) KIO::TCPSlaveBase::disconnectFromHost: -- KDE doesn't honor root certs chosen by ca-certificates https://bugs.launchpad.net/bugs/295266 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdelibs in ubuntu. -- kubuntu-bugs mailing list ku
[Bug 295266] Re: KDE doesn't honor root certs chosen by ca-certificates
Even though the proposed fix will/may help to solve the Konqueror issue, it does not fix the Kmail part of [https://bugs.kde.org/show_bug.cgi?id=162485/ KDE bug 162485] (see comment #25). Kmail does not use the certification list that is connected by the symbolic link fix and therefore does not accept the self-signed mail server certificate of my postfix mail server. Maybe the patch that was attached to the bug report here can help but I haven't tried, yet. Has anyone here tested the patch in KDE4? ** Bug watch added: KDE Bug Tracking System #162485/ http://bugs.kde.org/show_bug.cgi?id=162485/ -- KDE doesn't honor root certs chosen by ca-certificates https://bugs.launchpad.net/bugs/295266 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdelibs in ubuntu. -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 494273] Re: LDAP directory contact attributes cannot be modified
Actually, this is not a bug of kdepim (kaddressbook) but kdepimlibs. The problem has been fixed by KDE (see problem report https://bugs.kde.org/show_bug.cgi?id=218353). The corrected code is already available in the beta release of KDE 4.4 (internal reference: KDE 4.3.85). ** Bug watch added: KDE Bug Tracking System #218353 http://bugs.kde.org/show_bug.cgi?id=218353 ** Also affects: kdepimlibs (Ubuntu) Importance: Undecided Status: New -- LDAP directory contact attributes cannot be modified https://bugs.launchpad.net/bugs/494273 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdepim in ubuntu. -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 494273] [NEW] LDAP directory contact attributes cannot be modified
Public bug reported: Binary package hint: kdepim This is a copy of a bug report to KDE (https://bugs.kde.org/show_bug.cgi?id=217946) which should be known to Ubuntu users: I tested kaddressbook (4.3) using KDE 4.3.2 in Ubuntu Karmic as front-end to manage contacts in a LDAP directory (addressbook). The server runs openldap 2.4. kaddressbook perfectly adds and deletes contacts. But it fails to modify attribute values of a contact within the LDAP directory. After changing e. g. the facsimile number of a contact, kaddressbook shows the updated number but the new number is not saved in the LDAP directory. OpenLDAP reports following failure: 'value #0 invalid per syntax'. According to other sources in the internet this is a sign for a missing objectClass. When checking further I found out that kaddressbook CAN modify contact information in the LDAP directory if following objectClasses are part of the contact entry: person, organizationalPerson, inetOrgPerson. If I add directly a contact to the LDAP directory (using ldapadd) with all mentioned objectClass values defined, kaddressbook can save the modifications to the directory. But during modification the objectClass values person and organizationalPerson disappear in the directory entry. objectClass inetOrgPerson is the only one left. It seems that kaddressbook can only handle this objectClass. As a work-around I set up an ACL (olcAccess: to attrs=objectClass value=organizationalPerson by dn="cn=admin,dc=gas,dc=de" write by dn="cn=AddrAdmin,dc=gas,dc=de" add by * read) that prohibits the addressbook admin (i. e. kaddressbook) from deleting the objectClass values person and organizationalPerson of a contact entry in LDAP. But this doesn't help. In fact, instead of modifying single attributes of a contact within the LDAP directory, kaddressbook completely deletes the contact from the LDAP directory and adds it again. But only with those LDAP attributes that kaddressbook can handle. As there are several Internet sources that recommend kaddressbook as a LDAP front-end for managing LDAP based addressbooks, this is a severe bug. kaddressbook should only be allowed to modify attribute values, but not deleting them. LDAP directories are a sensitive central network resource that are usually accessed and managed by several applications. ** Affects: kdepim (Ubuntu) Importance: Undecided Status: New -- LDAP directory contact attributes cannot be modified https://bugs.launchpad.net/bugs/494273 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 489597] [NEW] PMI Schema in slapd package can't be added to database
Public bug reported: The PMI scheme that is provided by Ubuntu karmic makes reference to syntax definitions, e.g.: olcLdapSyntaxes: {2}( 1.3.6.1.4.1.4203.666.11.10.2.6 DESC 'X.509 PMI role syntax' ...) which are not recognized by openldap. The utility splatest can convert the PMI scheme into a LDIF file but when trying to add the ldif content to the LDAP database we get an error. The same applies when adding the ldif file with slaptest to slapd.d configuration directory and then checking the database using slapcat. As an example the out put of the ldapadd command is shown: $ ldapadd -Y EXTERNAL -H ldapi:/// -f pmi.ldif adding new entry "cn={14}pmi,cn=schema,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info: olcAttributeTypes: Syntax not found: "" Finally, the content of the ldif file for completeness: dn: cn={14}pmi,cn=schema,cn=config objectClass: olcSchemaConfig cn: pmi olcObjectIdentifier: {0}id-oc-pmiUser 2.5.6.24 olcObjectIdentifier: {1}id-oc-pmiAA 2.5.6.25 olcObjectIdentifier: {2}id-oc-pmiSOA 2.5.6.26 olcObjectIdentifier: {3}id-oc-attCertCRLDistributionPts 2.5.6.27 olcObjectIdentifier: {4}id-oc-privilegePolicy 2.5.6.32 olcObjectIdentifier: {5}id-oc-pmiDelegationPath 2.5.6.33 olcObjectIdentifier: {6}id-oc-protectedPrivilegePolicy 2.5.6.34 olcObjectIdentifier: {7}id-at-attributeCertificate 2.5.4.58 olcObjectIdentifier: {8}id-at-attributeCertificateRevocationList 2.5.4.59 olcObjectIdentifier: {9}id-at-aACertificate 2.5.4.61 olcObjectIdentifier: {10}id-at-attributeDescriptorCertificate 2.5.4.62 olcObjectIdentifier: {11}id-at-attributeAuthorityRevocationList 2.5.4.63 olcObjectIdentifier: {12}id-at-privPolicy 2.5.4.71 olcObjectIdentifier: {13}id-at-role 2.5.4.72 olcObjectIdentifier: {14}id-at-delegationPath 2.5.4.73 olcObjectIdentifier: {15}id-at-protPrivPolicy 2.5.4.74 olcObjectIdentifier: {16}id-at-xMLPrivilegeInfo 2.5.4.75 olcObjectIdentifier: {17}id-at-xMLPprotPrivPolicy 2.5.4.76 olcObjectIdentifier: {18}id-mr 2.5.13 olcObjectIdentifier: {19}id-mr-attributeCertificateMatch id-mr:42 olcObjectIdentifier: {20}id-mr-attributeCertificateExactMatch id-mr:45 olcObjectIdentifier: {21}id-mr-holderIssuerMatch id-mr:46 olcObjectIdentifier: {22}id-mr-authAttIdMatch id-mr:53 olcObjectIdentifier: {23}id-mr-roleSpecCertIdMatch id-mr:54 olcObjectIdentifier: {24}id-mr-basicAttConstraintsMatch id-mr:55 olcObjectIdentifier: {25}id-mr-delegatedNameConstraintsMatch id-mr:56 olcObjectIdentifier: {26}id-mr-timeSpecMatch id-mr:57 olcObjectIdentifier: {27}id-mr-attDescriptorMatch id-mr:58 olcObjectIdentifier: {28}id-mr-acceptableCertPoliciesMatch id-mr:59 olcObjectIdentifier: {29}id-mr-delegationPathMatch id-mr:61 olcObjectIdentifier: {30}id-mr-sOAIdentifierMatch id-mr:66 olcObjectIdentifier: {31}id-mr-indirectIssuerMatch id-mr:67 olcObjectIdentifier: {32}AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1 olcObjectIdentifier: {33}CertificateList 1.3.6.1.4.1.1466.115.121.1.9 olcObjectIdentifier: {34}AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4 olcObjectIdentifier: {35}PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5 olcObjectIdentifier: {36}RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6 olcAttributeTypes: {0}( id-at-role NAME 'role' DESC 'X.509 Role attribute, use ;binary' SYNTAX RoleSyntax ) olcAttributeTypes: {1}( id-at-xMLPrivilegeInfo NAME 'xmlPrivilegeInfo' DESC 'X .509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 5 ) olcAttributeTypes: {2}( id-at-attributeCertificate NAME 'attributeCertificateA ttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertificate ) olcAttributeTypes: {3}( id-at-aACertificate NAME 'aACertificate' DESC 'X.509 A A certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertificate ) olcAttributeTypes: {4}( id-at-attributeDescriptorCertificate NAME 'attributeDe scriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertific ate ) olcAttributeTypes: {5}( id-at-attributeCertificateRevocationList NAME 'attribu teCertificateRevocationList' DESC 'X.509 Attribute certificate revocation lis t attribute, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListE xactMatch, not implemented yet' ) olcAttributeTypes: {6}( id-at-attributeAuthorityRevocationList NAME 'attribute AuthorityRevocationList' DESC 'X.509 AA certificate revocation list attribute , use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListExactMatch, not implemented yet' ) olcAttributeTypes: {7}( id-at-delegationPath NAME 'delegationPath' DESC 'X.509 Delegation path attribute, use ;binary' SYNTAX AttCertPath ) olcAttributeTypes: {8}( id-at-privPolicy NAME 'privPolicy' DESC 'X.509 Privile ge policy attribute, use ;binary' SYNTAX PolicySyntax ) olcAttributeTypes: {9}( id-at-protPrivPolicy NAME 'protPrivPolicy' DESC 'X.509 Protected privil
[Bug 418246] Re: it87 (sensors) module broken, needs automatic adding of a kernel line during installation
For owners of an Asus mainboard there is a better work-around than the dangerous "acpi_enforce_resources=lax" proposal described above: http://www.ubuntu-forum.de/artikel/47250/workaround-lm-sensors-auf-ubuntu-9-10-mit-it87-chip-driver.html (German) It recommends to compile and install lm-sensors 3.1.1 directly from Debian sources. This latest version of lm-sensors supports direct access to hwmon sensors in sysfs. For Asus boards all missing it87 sensors now appear as atk0110 sensors, when entering 'sensors' on the command line. After recompiling the ksensors package from Ubuntu karmic with libsensors4 support, the missing sensors can also be used and displayed by ksensors. Hopefully, the new versions of lm-sensors and ksensors will be part of Ubunut jaunty. -- it87 (sensors) module broken, needs automatic adding of a kernel line during installation https://bugs.launchpad.net/bugs/418246 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 283807] Re: freeradius with openssl support doesn't compile
Persio, I had the same liodbc bug in Ubuntu Jaunty: >dpkg-buildpackage -rfakeroot > >checking for SQLConnect in -liodbc... no >checking for isql.h... yes >configure: error: set --without-rlm_sql_iodbc to disable it explicitly. >configure: error: ./configure failed for ./drivers/rlm_sql_iodbc >configure: error: ./configure failed for src/modules/rlm_sql >make: *** [config.status] Error 1 >dpkg-buildpackage: failure: debian/rules build gave error exit status 2 Somehow the references seem to break. After removing and reinstalling the libiodbc2 packages configure went through without any problems and freeradius package was built fine. Best regards tom -- freeradius with openssl support doesn't compile https://bugs.launchpad.net/bugs/283807 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 189132] [NEW] Driver for AVM Fritz Card DSL v2.0 cannot be loaded
Public bug reported: Binary package hint: capiutils TIn configuration file /etc/isdn/capi.conf a wrong firmware file is mentioned for AVM Fritz DSL Card v2.0 (fcdsl2). At least in amd64 systems Ubuntu delivers only fcds2base.bin with package linux-restricted-modules. Also AVM's 64 bit source package contains only fcds2base.bin. After changing the entry for fcdsl2 to fcds2base.bin in capi.conf, the DSL card is correctly initialised and started. ** Affects: isdnutils (Ubuntu) Importance: Undecided Status: New -- Driver for AVM Fritz Card DSL v2.0 cannot be loaded https://bugs.launchpad.net/bugs/189132 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs