[Bug 1410195] Re: Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE
Try replacing pam-ldap/nss-ldap with nslcd and/or nssov and see if the problem persists. I'd bet it doesn't. See here https://bugs.launchpad.net/debian/+source/sudo/+bug/423252/comments/84 for reasons why you should have abandoned pam-ldap/nss-ldap years ago. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1410195 Title: Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/1410195/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1410195] Re: Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE
As I noted in our ITS#8025, this has nothing to do with upstream OpenLDAP. It may be specific to the particular way you built OpenLDAP in your distro, or it may be due to pam_ldap itself, but neither of these are in the purview of the OpenLDAP Project. Certainly there is nothing in vanilla OpenLDAP source code that operates at a low enough system level to interfere with screen blanking or locking. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1410195 Title: Ctrl+Alt+F7 bypasses the light-locker lock-screen under XFCE To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/1410195/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1004775] Re: NetworkManager restarts dnsmasq and adds host route on every IPv6 route lookup
I just now discovered this was finally fixed. It only took 5 years for someone to reinvent my patch... https://mail.gnome.org/archives /networkmanager-list/2008-September/msg00042.html Hopefully upstream will take this soon. Thanks for your work integrating this much-needed feature. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1004775 Title: NetworkManager restarts dnsmasq and adds host route on every IPv6 route lookup To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1004775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
Oops. The attachment in comment#166 includes the patch in #73, it is not incremental. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
This additional patch fixes the crash in bug#1013798. ** Attachment added: "Addition to the patch in comment#73" https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/423252/+attachment/3328846/+files/dif.txt -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
Forcing use of nscd is a non-starter at many sites. Aside from cache staleness issues, and nscd's well known instability, there's also the issue that nscd doesn't intercept get*ent enumerations so things will still crash depending on which nsswitch functions an app calls. It would make sense to use nettle on the newer releases that support it, but keep the patch in place otherwise. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
My point being, if you want to accommodate multiple TLS libraries simultaneously with only a single libldap, that code is still available in the OpenLDAP git repo. The relevant changes are between a225b02f17fe79f6680d5d31db37320981e24774..4dff3e6807fb3451405373c2b85e02ccf27b882f -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
3 sets of LDAP client libraries? That sounds like a terrible solution. Fwiw, I wrote a version of OpenLDAP's TLS support that could use any/all of OpenSSL, GnuTLS, and MozillaNSS simultaneously, and never released it, because it seemed that would be too confusing if separate apps had different expectations of TLS config options. But it would certainly be possible to add libltdl support in, and make libldap dynamically load a single TLS implementation. I still don't see any technical merit in supporting anything besides OpenSSL. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 478827] Re: openldap database backend back_perl has undefined symbols (aka slapd-perl back-perl)
Seems like exactly the same as bug #90812. And the workaround shown there https://bugs.launchpad.net/openldap/+bug/90812/comments/31 still works. If this is something we should be handling upstream, please submit an ITS. For the moment it doesn't seem like it. The discussion of libltdl implies there may be something we can do to avoid this, I just haven't looked into it any further. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/478827 Title: openldap database backend back_perl has undefined symbols (aka slapd- perl back-perl) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/478827/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
For completeness' sake, another bug tracker with the same issue https://bugs.g10code.com/gnupg/issue1181 ** Bug watch added: GnuPG Bugs #1181 https://bugs.g10code.com/gnupg/issue1181 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su and sudo
http://www.openldap.org/devel/cvsweb.cgi/~checkout~/contrib/slapd- modules/nssov/README?rev=1.11 It's an overlay for OpenLDAP slapd which implements all of the nss and pam calls, replacing Arthur deJong's nslcd. -- NSS using LDAP+SSL breaks setuid applications like su and sudo https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su and sudo
That's unfortunate, I didn't realize libpam-ldapd was so incomplete. You can still use nssov for full pam support. Your best option for an immediate fix is still the libgcrypt patch I posted. Without that basically all Karmic and Lucid nss-ldap+SSL installations are dead in the water. As a longer term step, the design of libgcrypt and gnutls needs revisiting. Midterm, migrate everyone to nssov. -- NSS using LDAP+SSL breaks setuid applications like su and sudo https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
Rune: just google for nscd problems, it has a long history of stability issues. But on top of the issues caused by poor implementation, it also has problems due to an inherently inadequate design. Some of these issues are outlined in my LDAPCon presentation linked above. All of this is well documented, I don't think it bears repeating in this already- too-long bug report. (Just bringing this report up on my Seamonkey browser drags the browser to its knees.) -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
Potential gnutls fix: do gcrypt initialization as long it isn't already finished. probably a bad idea. ** Attachment added: "potential gnutls fix" http://launchpadlibrarian.net/45701794/dif2.txt -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
Probably the best fix: don't call global_init when setting the thread callbacks. ** Attachment added: "potential libgcrypt fix" http://launchpadlibrarian.net/45701569/dif1.txt -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
I read all of the diffs between 1.4.1 and 1.4.4 but didn't find any likely suspects. However, tracing the library initialization in gdb, I found the specific problem. Ordinarily gnutls will initialize the gcrypt library, if no app has done so already. In the gnutls initialization, it specifically turns gcrypt's secure malloc off, and everything works fine. However, in my trace on Lucid, libnss-ldap is linked to libldap_r, not libldap. And because libldap_r has to support threads, it is required to initialize libgcrypt's thread callbacks, and it must do this before doing anything else with libgcrypt or gnutls. http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html#Multi_002dThreading The problem with that is, once we do this thread initialization, libgcrypt considers itself fully initialized. When we next call gnutls's init function, it checks to see if gcrypt is init'd or not, sees that it is, and skips any further init'ing. So the secure malloc stuff remains enabled. I guess in this case we could do the initialization that gnutls skips, but that's rather ugly, libldap shouldn't have to know or duplicate the initialization steps inside gnutls_global_init(). Alternatively, libgcrypt could be changed to not call its global_init() right after setting the thread callbacks, since it's obvious that the caller still has other initialization calls that it needs to make. (Frankly I think this is the correct option.) Finally, gnutls_global_init() could be changed to check for initialization_finished, instead of initialization_started. (i.e., check for GCRYCTL_INITIALIZATION_FINISHED_P, instead of GCRYCTL_ANY_INITIALIZATION_P). But this latter is pretty dicey, gnutls really has no way to know if it should be meddling in a half-initialized libgcrypt or not. I'm trying really hard not to say "I told you so" again, but I just can't stop myself. -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
Looking at the gcrypt code, it seems this bug should be reported against that; this whole secmem implementation (1) requires a program to be started as root (setuid) and (2) always drops the root priv when it has initialized its secure memory. These behaviors would certainly interfere with any setuid programs normal behavior. Seems like a design flaw in libgcrypt, as the docs http://www.gnupg.org/documentation/manuals/gcrypt /Initializing-the-library.html#Initializing-the-library state that the application is responsible for controlling this behavior. Apps that are unaware that they are using gcrypt (because it came in implicitly through gnutls, thru libldap, thru nss) are SOL. -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
Right, given the timing for the Lucid release it's probably way too late. I can't comment on your experience with nslcd as I have never used its code or read it in depth. The stub library and nssov have been pretty well tested internally in Symas; since the stub library is almost entirely cookie-cutter code it's known to be bug-free. At the risk of sounding like a commercial, I should note that Symas is offering standalone packages for free evaluation (our SUUMv4 product, based on nssov). A number of our customers have migrated successfully, it's an easy transition. In the meantime, for this bug, it looks like gcrypt uses its internal secure malloc function if the app didn't set any overrides. I'm not sure that making libldap override the secure malloc is a good idea, since some apps may still want that secure malloc behavior. And any app that explicitly uses gnutls or libgcrypt may get its preference silently overridden by libldap, or vice versa. Again, the only safe way to address this bug is by taking libldap/nss_ldap out of the application's address space. -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
I'd be happy to write a patch for the documentation. And given all of the problems with the design (and implementation) of libnss-ldap, I'd say any analysis will show that libnss-ldapd is still the path of lowest risk and greatest stability. (In particular, when used with OpenLDAP nssov.) -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
You can find detailed design docs at its home page http://arthurdejong.org/nss-pam-ldapd/ You can also find my LDAPCon2009 presentation on the subject here http://www.symas.com/ldapcon2009/papers/hyc1.shtml -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
Regardless of what the root cause turns out to be, you guys really need to switch to libnss-ldapd, which will reliably isolate the user apps from whatever junk is going on inside libldap / gnutls / whatever. (And if you're not using the latest version, which also handles pam_ldap, then you need to update.) -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'
Great find, Andreas. So gnutls is calling gcrypt's secure memory functions. And yet, the gnutls docs say these functions are not used by default, and certainly OpenLDAP does not configure gnutls to use them. Something else in the stack must be setting that behavior. -- NSS using LDAP on Karmic breaks 'su' and 'sudo' https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 485026] Re: [karmic] slapd hangs at 100% cpu and is unkillable
Fixed in CVS slapd/bconfig.c 1.402 -- [karmic] slapd hangs at 100% cpu and is unkillable https://bugs.launchpad.net/bugs/485026 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 305264] Re: gnutls regression: failure in certificate chain validation
Just noting for posterity, as of GnuTLS 2.8.0 (released 2009-05-27) you can use %VERIFY_ALLOW_X509_V1_CA_CRT in the TLSCipherSuite options to enable V1 CA certs. I will probably #ifdef the current OpenLDAP patch to turn it off for GnuTLS >= 2.8.0. (Haven't decided on best course of action yet, given http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=541256 ) ** Bug watch added: Debian Bug tracker #541256 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256 -- gnutls regression: failure in certificate chain validation https://bugs.launchpad.net/bugs/305264 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 305264] Re: gnutls regression: failure in certificate chain validation
Doug Engert wrote: >The real fix is to get the gnutls people to support certificate >directories, like OpenSSL. Why the rush to convert to gnutls >when it has so many issues. (Licencing issues are low on my list of >reasons.) Indeed, for a security tool you want a package written by experienced security developers, not a science project. This isn't a game after all. GnuTLS doesn't even merit a version number greater than 0.5, IMO. http://www.openldap.org/lists/openldap-devel/200802/msg00072.html -- gnutls regression: failure in certificate chain validation https://bugs.launchpad.net/bugs/305264 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 305264] Re: gnutls regression: failure in certificate chain validation
Mathias, in regards to the wiki you linked above, my preference when debugging these issues is to recommend debug level 7, which includes packet traces, instead of debug 1. It's much better (to me) to be able to see all the traffic, which includes the raw transfer of certificates and their DER DNs, when tracking down TLS problems. -- gnutls regression: failure in certificate chain validation https://bugs.launchpad.net/bugs/305264 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 305264] Re: gnutls regression: failure in certificate chain validation
libldap is now patched in OpenLDAP cvs HEAD. We anticipate releasing a bugfix-only 2.4.16 release very soon, with this fix included. -- gnutls regression: failure in certificate chain validation https://bugs.launchpad.net/bugs/305264 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 280982] [NEW] SEGV in threaded SASL apps
Public bug reported: Cyrus SASL's sasl_set_mutex() API will allows multiple callers to reset its state, so mutexes created earlier may not be usable after a subsequent call. This problem is discussed here http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus- sasl&msg=8954 and a fix is available in the current Cyrus CVS. https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c revision 1.117... The bug is still present on Ubuntu 8.10beta. ** Affects: cyrus-sasl2 (Ubuntu) Importance: Undecided Status: New -- SEGV in threaded SASL apps https://bugs.launchpad.net/bugs/280982 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cyrus-sasl2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 192643] Re: dnsmasq with enable-dbus doesn't work properly with NetworkManager
If you're referring to Gnome bug 551747, yes, I submitted that bug report and patch, but it appears to have received no attention upstream yet. For the reasons I already listed in my previous comment, resolvconf is a poor solution. I already tried using it here; it still rewrites the disk too frequently. That's what convinced me to write the DBUS patch. -- dnsmasq with enable-dbus doesn't work properly with NetworkManager https://bugs.launchpad.net/bugs/192643 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 192643] Re: dnsmasq with enable-dbus doesn't work properly with NetworkManager
Just a few comments on prioritizing this wishlist item - I think using this feature should be the default on any desktop install; using dnsmasq improves all name resolver lookup response times, and by eliminating rewrites to /etc/resolv.conf it makes it a lot easier to run a secure system with a read-only root partition. Also, it has a power savings benefit on laptops by avoiding the churn of rewriting the file. The whole notion of rewriting any config files in /etc as a normal matter- of-course is completely wrong-headed to begin with... -- dnsmasq with enable-dbus doesn't work properly with NetworkManager https://bugs.launchpad.net/bugs/192643 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 192643] Re: dnsmasq with enable-dbus doesn't work properly with NetworkManager
** Bug watch added: Email to [EMAIL PROTECTED] # mailto:[EMAIL PROTECTED] ** Also affects: network-manager via mailto:[EMAIL PROTECTED] Importance: Undecided Status: New -- dnsmasq with enable-dbus doesn't work properly with NetworkManager https://bugs.launchpad.net/bugs/192643 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 192643] Re: dnsmasq with enable-dbus doesn't work properly with NetworkManager
This missing feature in NetworkManager was really annoying me so I wrote a patch for it, which you can find here http://mail.gnome.org/archives/networkmanager-list/2008-September/msg00042.html -- dnsmasq with enable-dbus doesn't work properly with NetworkManager https://bugs.launchpad.net/bugs/192643 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 74754] Re: debuglevels are not defined in ldap-utils man pages
This should probably be filed upstream so it can be handled as a Documentation bug there. Note that there are only 3 main debug flags used in the libraries and command line tools - 1, 2, and 16. The rest are only used by slapd. 16 isn't all that useful if you already have 2 set. -- debuglevels are not defined in ldap-utils man pages https://bugs.launchpad.net/bugs/74754 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 215904] Re: [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2
Actually Paul, your last comment regarding the bug status here was that you'd be testing, but you hadn't actually posted a confirmation that your problem was resolved. And MikMak still hasn't provided any further details on whatever crash he's still seeing. So while I'm certain that the patch is correct, there are some loose ends left on this bug report. -- [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2 https://bugs.launchpad.net/bugs/215904 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 215904] Re: [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2
What "these kind" ? Provide a stack trace. -- [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2 https://bugs.launchpad.net/bugs/215904 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218734] Re: (ITS#5527) slapd segfaults when using dynlist
Thanks for this. I see it crashing in 2.4.7 but not in 2.4.9. -- (ITS#5527) slapd segfaults when using dynlist https://bugs.launchpad.net/bugs/218734 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 234196] Re: dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.
Thanks for catching that. Should also be fixed in OpenLDAP CVS now. -- dnPrettyNormal: Assertion `pretty != ((void *)0)' failed. https://bugs.launchpad.net/bugs/234196 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218734] Re: slapd segfaults when using dynlist
I don't see a crash with stock 2.4.7 or 2.4.9. Please provide the actual slapd.conf used to reproduce this bug, and the stack trace for the crash. ** Summary changed: - slapd segfaults when using dynlist + (ITS#5527) slapd segfaults when using dynlist -- (ITS#5527) slapd segfaults when using dynlist https://bugs.launchpad.net/bugs/218734 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 234196] Re: dnPrettyNormal: Assertion `pretty != ((void *)0)' failed.
Thanks for the report, a patch for this (ITS#5526) is now in OpenLDAP's CVS HEAD for testing. -- dnPrettyNormal: Assertion `pretty != ((void *)0)' failed. https://bugs.launchpad.net/bugs/234196 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 215904] Re: (ITS#5518) Assertion error in io.c:234: ber_flush2
Please test this patch and let me know if you can still reproduce this failure. http://www.openldap.org/lists/openldap-commit/200805/msg00112.html -- (ITS#5518) Assertion error in io.c:234: ber_flush2 https://bugs.launchpad.net/bugs/215904 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 215904] Re: (ITS#5518) Assertion error in io.c:234: ber_flush2
Hmmm, *lc is completely bogus. 7f3a11313ab0 is clearly in the text segment of the process, and the values starting from lconn_sasl_sockctx are ASCII: 00: 6d 70 2f 6f 70 65 6e 6c 64 61 70 32 2e 34 2e 37 mp/openldap2.4.7 01: 2f 6c 69 62 72 61 72 69 65 73 2f 6c 69 62 6c 62 /libraries/liblb 02: 6f 2e 63 3a 32 33 34 3a 20 62 65 72 73 68 32 3a o.c:234: bersh2: 03: 20 41 73 73 65 72 74 69 6f 6e 20 60 28 20 28 73 Assertion `( (s 04: 62 29 2d 3e 00 00 b)-> I.e., lc's contents are a copy of the actual text location where the assert message was stored. This would have made more sense if it was random data. Hard to see how a data or stack overwrite could cause pieces of the text segment to get copied into the heap, and ordinarily an assert/abort call doesn't trash the stack like this. Can you reproduce this bug when libldap, liblber, and nss_ldap are compiled without any optimization? -- (ITS#5518) Assertion error in io.c:234: ber_flush2 https://bugs.launchpad.net/bugs/215904 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 215904] Re: (ITS#5518) Assertion error in io.c:234: ber_flush2
Yes, that helps. Please also print *lc from frame 4, thanks. -- (ITS#5518) Assertion error in io.c:234: ber_flush2 https://bugs.launchpad.net/bugs/215904 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 215904] Re: Assertion error in io.c:234: ber_flush2
In frame 3, can you please print *sb, and in frame 4, print *ld, print *lr and attach the info here, thanks. ** Summary changed: - Assertion error in io.c:234: ber_flush2 + (ITS#5519) Assertion error in io.c:234: ber_flush2 ** Summary changed: - (ITS#5519) Assertion error in io.c:234: ber_flush2 + (ITS#5518) Assertion error in io.c:234: ber_flush2 -- (ITS#5518) Assertion error in io.c:234: ber_flush2 https://bugs.launchpad.net/bugs/215904 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs