Public bug reported:
It would be helpful if hardning-check could also report a yes/no for
repoline mitigations similar to the existing output:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Per the suggestion from Mathias, I am working on a source branch and
PPA. I have a round 1 of the code and associated packages that I need
to do more testing on before proceeding. Subscribers that care can find
the PPA at https://launchpad.net/~jcpunk/+archive/squid-fix-497790
I should get some
Per the suggestion from Mathias, I am working on a source branch and
PPA. I have a round 1 of the code and associated packages that I need
to do more testing on before proceeding. Subscribers that care can find
the PPA at https://launchpad.net/~jcpunk/+archive/squid-fix-497790
I should get some
Thanks for your research into the kernel source, it was most helpful in
determining what INVALID does (as you mentioned the man pages are a bit
vague there).
--
block invalid combinations of TCP flags
https://bugs.launchpad.net/bugs/323950
You received this bug notification because you are a
xfs_fsr has moved to xfsdump (or I picked the wrong package on initial
report)
** Package changed: xfsdump (Ubuntu) = xfsprogs (Ubuntu)
--
xfs_fsr should run automatically if on xfs volumes if it is installed
https://bugs.launchpad.net/bugs/307625
You received this bug notification because you
Public bug reported:
Binary package hint: squid
There is a sample squid apparmor profile at
http://apparmor.opensuse.org/profiles/list. I have modified the sample
profile to meet Ubuntu standards and updated the packaging scripts to
install and active the profile. It has been tested on my
** Attachment added: adds apparmor profile and installation
http://launchpadlibrarian.net/36907869/squid_apparmor.patch
--
squid should provide an apparmor profile
https://bugs.launchpad.net/bugs/497790
You received this bug notification because you are a member of Ubuntu
Server Team, which
*** This bug is a duplicate of bug 497790 ***
https://bugs.launchpad.net/bugs/497790
The Ubuntu side of this can be obsoleted by bug 497790 where I have
attached a patch giving an apparmor profile to squid. Debian may wish
to pursue this further to have a more flexible solution.
** This bug
Public bug reported:
Binary package hint: squid
There is a sample squid apparmor profile at
http://apparmor.opensuse.org/profiles/list. I have modified the sample
profile to meet Ubuntu standards and updated the packaging scripts to
install and active the profile. It has been tested on my
** Attachment added: adds apparmor profile and installation
http://launchpadlibrarian.net/36907869/squid_apparmor.patch
--
squid should provide an apparmor profile
https://bugs.launchpad.net/bugs/497790
You received this bug notification because you are a member of Ubuntu
Bugs, which is
*** This bug is a duplicate of bug 497790 ***
https://bugs.launchpad.net/bugs/497790
The Ubuntu side of this can be obsoleted by bug 497790 where I have
attached a patch giving an apparmor profile to squid. Debian may wish
to pursue this further to have a more flexible solution.
** This bug
I believe I built the patch to update both rule sets I may have
botched it (and it wouldn't be the first time I've done that), but my
intent was for the first section to update IPv6 and the second to do v4.
--
block invalid combinations of TCP flags
https://bugs.launchpad.net/bugs/323950
You
I figured I would put forth a patch to implement the simplest starting
ground. Established connections aren't overly protected by this (there
are some easy things to do), but a basic bad flags scan will be blocked.
** Attachment added: Basic bad flags block
Public bug reported:
Binary package hint: slapd
UFW has a location for applications to drop in their ports for easy
access. I have attached a patch that, when applied to the build diff,
will generate and deploy a ufw profile for slapd.
** Affects: openldap (Ubuntu)
Importance: Undecided
** Attachment added: patch to create ufw profile
http://launchpadlibrarian.net/31247590/slapd_ufw.patch
--
slapd should have a ufw profile
https://bugs.launchpad.net/bugs/423246
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap
Public bug reported:
Binary package hint: slapd
UFW has a location for applications to drop in their ports for easy
access. I have attached a patch that, when applied to the build diff,
will generate and deploy a ufw profile for slapd.
** Affects: openldap (Ubuntu)
Importance: Undecided
** Attachment added: patch to create ufw profile
http://launchpadlibrarian.net/31247590/slapd_ufw.patch
--
slapd should have a ufw profile
https://bugs.launchpad.net/bugs/423246
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
*** This bug is a duplicate of bug 321045 ***
https://bugs.launchpad.net/bugs/321045
** This bug has been marked a duplicate of bug 321045
glxinfo crashed with SIGSEGV in glXGetFBConfigs()
--
glxinfo crashed with SIGSEGV in glXGetFBConfigs()
https://bugs.launchpad.net/bugs/323744
You
Public bug reported:
Binary package hint: ufw
I would like to petition for adding the following rules to the default
UFW. These rules drop all packets that make no earthly sense. These
packets only exist from scanners (or really, really, really broken TCP
stacks), and as such are safely
Public bug reported:
Binary package hint: xfsdump
xfs has a program that can incrementally defrag mounted xfs volumes. If
someone goes and gets the utility (xfs_fsr) it would be nice to run it
for them automatically. This eats up a few cpu cycles if there are no
xfs volumes (like 3) and is a
At the time it was 6.10, but I can confirm the same text is in 8.10.
--
wording on openssl csr request very poor
https://bugs.launchpad.net/bugs/117978
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
I can confirm it is fixed in Intrepid. My Hardy box has a custom build
in production so that may be a ways before testing can be done.
--
slapd reports wrong ssf using gnutls
https://bugs.launchpad.net/bugs/244925
You received this bug notification because you are a member of Ubuntu
Server
I can confirm it is fixed in Intrepid. My Hardy box has a custom build
in production so that may be a ways before testing can be done.
--
slapd reports wrong ssf using gnutls
https://bugs.launchpad.net/bugs/244925
You received this bug notification because you are a member of Ubuntu
Bugs, which
Getting back to the root of the issue, ssl linkage.
To double check my assumptions before going forward:
1) Debian holds that GPL software must make some exception for it to be
correctly linked with openssl
2) JYL does not note an exception nor believe it to make any sense to do such
3) Without
Public bug reported:
Binary package hint: slapd
When adding another database (like accesslog, which is provided with the
package) there must be a place to store the corresponding bdb files.
Traditionally the place is /var/lib/ldap/dbname but the apparmor
profile prevents these from being used.
Public bug reported:
Binary package hint: slapd
When adding another database (like accesslog, which is provided with the
package) there must be a place to store the corresponding bdb files.
Traditionally the place is /var/lib/ldap/dbname but the apparmor
profile prevents these from being used.
Public bug reported:
Currently I have freeradius running on an old solaris box. I was
planning to move it to an ubuntu system, but discovered that hardy is
missing eap-ttls (and eap-tls and eap-peap). As such I cannot use it to
replace my existing system. The features are available in free
*** This bug is a security vulnerability ***
Public security bug reported:
This is more of an enhancement request than a bug per say, but I was
uncertain how to file it exactly given the large number of packages are
effected by this observation. This is without a doubt a wish list item
and more
Public bug reported:
Binary package hint: slapd
More information in this thread : http://www.openldap.org/lists
/openldap-software/200806/msg00065.html
The ssf matching is broken on gnutls with openldap 2.4
(http://www.openldap.org/lists/openldap-devel/200802/msg00072.html). At
the highest
** Attachment added: Patch to switch the configure.options to use openssl
http://launchpadlibrarian.net/15762784/enable_openssl.diff
--
slapd reports wrong ssf using gnutls
https://bugs.launchpad.net/bugs/244925
You received this bug notification because you are a member of Ubuntu
Server
Public bug reported:
Binary package hint: slapd
More information in this thread : http://www.openldap.org/lists
/openldap-software/200806/msg00065.html
The ssf matching is broken on gnutls with openldap 2.4
(http://www.openldap.org/lists/openldap-devel/200802/msg00072.html). At
the highest
** Attachment added: Patch to switch the configure.options to use openssl
http://launchpadlibrarian.net/15762784/enable_openssl.diff
--
slapd reports wrong ssf using gnutls
https://bugs.launchpad.net/bugs/244925
You received this bug notification because you are a member of Ubuntu
Bugs,
seems to work now!
--
ldapsearch + TLS fails
https://bugs.launchpad.net/bugs/234348
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Public bug reported:
Binary package hint: ldap-utils
I have a 7.10 box that is able to ldapsearch my ldap server just fine
(ldapsearch -x -ZZ -H ldap://192.168.132.45) but my brand new 8.04
system cannot - even with the weaker -Z rather than -ZZ. Each box has
the same ldap.conf with all my
** Attachment added: 8.04 haning ldapsearch
http://launchpadlibrarian.net/14674894/ldapsearch_debug.txt
--
ldapsearch + TLS fails
https://bugs.launchpad.net/bugs/234348
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
Public bug reported:
Binary package hint: zend-framework
When installing the zend-framework package I expected it to add itself
to php's include_path so that the classes within the framework could be
accessed instantly after installation or at least included trivially.
That does not appear to be
Seems fixed in 7.10 and later
--
/bin/sh: can't access tty: job control turned off
https://bugs.launchpad.net/bugs/109394
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
This got fixed somewhere along the 7.10 release, if I could figure out
how to close this I would
--
Install Software Raid Inactive after boot
https://bugs.launchpad.net/bugs/94806
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
Public bug reported:
Binary package hint: thunderbird
The default options for the outbound mailserver set Use Secure
Connection to No. A much better choice would be TLS, if available
This will help keep the email encrypted by default when it can be
without causing any problems for sites that
Mockup of changes to make this package.
The attached all works with the new 2.4.7 debs in Debian.
The only thing you need to do to make this work is append control.append
to the debian control file (making sure to leave the blank line).
Install the heimdal-dev package (1.0.1-5 please). Apply
Debian bug 443073
--
Add support for the smbk5pwd overlay
https://bugs.launchpad.net/bugs/82853
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
I built this today off of the Gutsy source (so it should have all of the
goodies from the patch tree). It works in my test ldap, YMMV
Rick, any luck with the packaging?
** Attachment added: smbk5pwd.la for openldap2.3-2.3.35 (ubuntu 7.10)
http://launchpadlibrarian.net/10867838/smbk5pwd.la
Here is a good set of instructions for making your own package to work
around this:
http://www.howtoforge.com/repackage_deb_packages_debian_ubuntu
--
IMAP+SSL/TLS are disabled
https://bugs.launchpad.net/bugs/44335
You received this bug notification because you are a member of Ubuntu
Bugs, which
I am sure I speak for everyone here when I say THANKS!
However, the spirit of the bug remains. the pcitutils database
quickly falls out of date and there is no approved way of updating it.
Running update-pciids works perfectly, and voids
/var/lib/dpkg/info/pciutils.md5sums .
Is there hope
Public bug reported:
This is in progress at debian (
http://www.debian.org/devel/wnpp/being_packaged Debian Bug 390130) and
has a sample package up at http://pkg-nav.alioth.debian.org/
NAV contains the following functionality:
* A topology database modeling the running network. The
Public bug reported:
Stager is a generic tool for storage, aggregation and presentation of
network statistics. Stager consist of a web application for data
presentation, and a perl back-end for data storage and aggregation.
The current version of Stager include backend modules to collect and
Public bug reported:
Several printers print in a way that puts the first page printed at the
bottom of the stack. In the Windows GUI there is a way to set reverse
print order Such an option exists in Cups (to the savvy only). See
forums post
Public bug reported:
Binary package hint: sysklogd
In order to better handle chroot environments that utilize syslog an
exportable interface to the sockets option would be required.
Currently to create a bind9 chroot the user must edit
/etc/init.d/sysklogd and add -a /mychroot/dev/log to the
*** This bug is a duplicate of bug 32978 ***
https://bugs.launchpad.net/bugs/32978
** This bug has been marked a duplicate of bug 32978
policyvers value 0 not in range 15-20
--
does not install properly
https://bugs.launchpad.net/bugs/69708
You received this bug notification because you
Public bug reported:
OpenLDAP supports running in a chroot, it would be very nice to install
it running in a chroot jail.
** Affects: openldap2 (Ubuntu)
Importance: Undecided
Status: New
--
OpenLDAP chroot by default
https://bugs.launchpad.net/bugs/130238
You received this bug
Public bug reported:
Binary package hint: squid
There really aren't a whole lot of things squid could want outside of a
chroot environment. Is there any chance for making it install into one
by default - or at least asking about doing so...
** Affects: squid (Ubuntu)
Importance: Undecided
Public bug reported:
Binary package hint: bind9
Bind doesn't have the best track record for security and doesn't really
access anything outside of itself. Is there any chance for getting it
to install into a chroot environment?
Steps to make this possible:
vi /etc/default/bind9 and change
Looks like that last evolution update fixed it... I have been trying and
am unable to replicate the behavior... Call this one closed
--
evolution filters do not support è
https://bugs.launchpad.net/bugs/115037
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I cannot believe I forgot to mention that I upgraded evolution to
Gutsy (hurray for apt pinning). Completely slipped my mind Sorry
about that
--
evolution filters do not support è
https://bugs.launchpad.net/bugs/115037
You received this bug notification because you are a member of
*** This bug is a duplicate of bug 96114 ***
https://bugs.launchpad.net/bugs/96114
That should be easy enough (in theory), install the tar ball version
regardless and then at the end put this (or the equivalent for what the
post install script is written in should be sh)
ping -c1
Would it be possible as part of the postinst section of pciutils to run
update-pciids? This would be a nice interim database update for the end
user and shouldn't be very much fiddling to make possible...
--
outdated pciids in feisty
https://bugs.launchpad.net/bugs/109363
You received this bug
Any chance to see it in Edgy/Feisty backports?
--
new version of logwatch 7.3.4
https://bugs.launchpad.net/bugs/113372
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Public bug reported:
Binary package hint: postfix
In my mail.log I noticed
Jun 6 06:25:09 smtp2 postfix/smtp[6020]: certificate verification failed for
mailfilter.mysite.tld: num=20:unable to get local issuer certificate
Jun 6 06:25:09 smtp2 postfix/smtp[6020]: certificate verification
Public bug reported:
Binary package hint: openssl
when generating a new request you are prompted for
Common Name (eg, YOUR name) []:
I just had a junior admin fill this in with his name, this a mistake
that could be avoided by simply getting this changed to something like
Common Name (eg,
Public bug reported:
Binary package hint: john
From the homepage John the Ripper 1.7 offers significant performance
improvements over the 1.6 release.
My home compiled version holds this to be very very true.
** Affects: john (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
Public bug reported:
Binary package hint: iptables
This is a nifty module for performing actions at random. It is
generally used for being a bit of a jerk to people scanning you, ie:
iptables -A scan_chk -j REJECT --reject-with host-unreach -m random
--average 10;
iptables -A scan_chk
*** This bug is a duplicate of bug 116257 ***
https://bugs.launchpad.net/bugs/116257
Public bug reported:
Binary package hint: iptables
This is a nifty module for performing actions at random. It is
generally used for being a bit of a jerk to people scanning you, ie:
iptables -A
*** This bug is a duplicate of bug 116257 ***
https://bugs.launchpad.net/bugs/116257
somehow got submitted twice
** This bug has been marked a duplicate of bug 116257
Any chance for iptables random module?
--
Any chance for iptables random module?
https://bugs.launchpad.net/bugs/116259
Public bug reported:
Binary package hint: iptables
There is a really nifty module for iptables in patch-o-matic which
attempts (rather successfully) to detect port scans automatically. I
would love to see it in the default ubuntu server kernel.
** Affects: iptables (Ubuntu)
Importance:
Public bug reported:
Binary package hint: iptables
This is a table which makes building squid as an invisible acceleration
proxy possible. Currently you have to alter your network topology to
plug squid in like that, but with this module the squid box becomes an
invisible bridge (not even
I am using Filter by Subject where subject contains [Samba] and move it
to a folder.
I have attached a screenshot if that is helpful.
** Attachment added: Screenshot of the evolution settings..
http://librarian.launchpad.net/7686804/EvolutionFilter.png
--
evolution filters do not support è
Public bug reported:
Binary package hint: evolution
The samba users list has recently had a thread [SAMBA] Share's accès :
how to? but none of those messages are parsed by my filter. All the
other messages from the list are filtered and moved into another folder
(vai a filter on [SAMBA]) but
Here is what I found in the forum (faster lookups for people
methinks...)
sudo dpkg -i *.deb should get these installed for you
** Attachment added: Unofficial, unsigned edgy 0.7 NM packages
http://librarian.launchpad.net/7652460/nm0.7.0.cvs20061010.tar.bz2
--
Request: Update Feisty's
Public bug reported:
Binary package hint: mailman
The mailman source includes a copy of mmdsr in the contrib section.
This utility grabs all sorts of useful usage stats. Adding it to the
package would be very nice.
More data on it can be found at
Public bug reported:
Binary package hint: mailman
mm_cfg.py says that I should read
/usr/share/doc/mailman/README.{EXIM,...} and then later
/usr/share/doc/mailman/README.POSTFIX.
There is technically something that could be seen as matching the EXIM
one (README.Exim.Debian) but nothing for the
Public bug reported:
Binary package hint: libpam-keyring
Installing libpam-keyring requires adding@include common-pamkeyring
to the bottom of common-auth, but the package does not do this nor is
there documentation to guide you to this conclusion. It seems that
adding this line is a simple
Yet another vote, without the ability to select the stage two login type
this applet is useless to me at work.
--
Request: Update Feisty's Network Manager to 0.6.5
https://bugs.launchpad.net/bugs/108369
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug
Public bug reported:
Binary package hint: logwatch
Source at:
http://www2.logwatch.org:81/tabs/download/
Fixes several bugs including an error in archive detection which makes
the program nearly useless under certian conditions
** Affects: logwatch (Ubuntu)
Importance: Undecided
Public bug reported:
This is a wishlist item
The postfix main.cf file has the following line
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package
for
but there is no /usr/share/doc/postfix/TLS_README.gz
This isn't all that critical, but
** Affects: postfix (Ubuntu)
Good question!
I had MD5'd the image after the download. I kicked off the download and
md5 over night so that when I got up the next morning I could see how it
went. I already knew the image was good, so I went right past K3Bs pre-
burn MD5.
What you have said is true, but if I skip the auto
Public bug reported:
Binary package hint: pciutils
Output from lspci, see line two:
02:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5752M Gigabit
Ethernet PCI Express (rev 02)
03:00.0 Network controller: Atheros Communications, Inc. Unknown device 0024
(rev 01)
15:00.0 CardBus
Public bug reported:
Binary package hint: k3b
I clicked burn before letting the image auto md5, then when it came time
to verify it calculated the image md5sum and then the one of my newly
burned Feisty install DVD. It would be dramatically more efficient to
calculate both in parallel if the
Public bug reported:
Binary package hint: freeradius
The version of FreeRadius with Edgy and Feisty is unable to support
VIsta Clients. 1.1.4 is the first one to support this and 1.1.3 is
currently in the tree.
See Debian bug #415980
** Affects: freeradius (Ubuntu)
Importance: Undecided
My timing rocks!
According to the ChangeLog at FreeRadius 1.1.4 added the fix
(http://www.freeradius.org/radiusd/doc/ChangeLog), but that is neither
here nor there
--
PEAP Authentication Fix (Vista)
https://bugs.launchpad.net/bugs/105597
You received this bug notification because you are a
** Description changed:
Binary package hint: slapd
The smbk5pwd ldap overlay which can be found at [1] enables password
synchronization between pam und samba passwords, otherwise the
sambaNTPassword und sambaLMPassword hashes won't be updated when using
`passwd` to update your unix
Public bug reported:
The samba-vscan module allows for on-the-fly use of ClamAV to scan files
on access. It is available from
http://sourceforge.net/project/showfiles.php?group_id=10590package_id=29198
This adds a feature to Samba that makes it the ideal choice for a
cooperate SMB/CIFS share.
Crap, forgot about https://wiki.ubuntu.com/MOTU/Packages
--
[needs-packaging] Packaging request for samba-vscan
https://launchpad.net/bugs/99045
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Public bug reported:
Binary package hint: build-essential
It would be very nice if build-essential were to recommend the linux-
headers-generic or linux-headers-server package. Generally when I am
building things I need the kernel headers, but it would be ridiculous to
fetch and install those
Public bug reported:
Binary package hint: mdadm
During the install I created some software RAID volumes, but once I
booted the box for the first time the RAID volumes were not initialized.
After some googling I found that by adding auto=yes to the end of
the ARRAY lines and restarting
I would also like to vote for this, perhaps a slapd-smbk5overlay in
multiverse would be a good starting place
--
Add support for the smbk5pwd overlay
https://launchpad.net/bugs/82853
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Public bug reported:
Binary package hint: libpam-unix2
Followed guide in http://ubuntuforums.org/showthread.php?t=300208 and
was able to login and out fine, but when the screensaver password kicked
in I was unable to log back in.
See debian bug
86 matches
Mail list logo