Bug#600065: ruser buffer too small
Package: libpam-ldapd Version: 0.7.10 Severity: normal Tags: upstream Hello, In nslcd/pam.c ( nslcd_pam_authz ), about line 277 char ruser[32]; is too small - if username contains domain name, which is rather common practice, the limit is reached, should be at least 128 I guess ( or configurable ). E.g. johnny.mnemo...@enterprisegalaxy.com - and nslcd rejects pam-client message, which causes session to fail. Must've rebuild with procol debugging to find it, thanks for -DDEBUG_PROT -DDEBUG_PROT_DUMP switches. Regards, DT -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#598014: There is 1.6 version available since 19 Sept 2010 in Oracle Linux 5
Package: ocfs2-tools Version: 1.4.4-3 Severity: wishlist Tags: experimental -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 2.6.33-2-amd64 (SMP w/4 CPU cores) Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to pl_PL) Shell: /bin/sh linked to /bin/bash http://oss.oracle.com/projects/ocfs2/ WHAT'S NEW? OCFS2 1.6 is now available with the Oracle Linux 5. It is bundled with Oracle's Unbreakable Enterprise Kernel. With this release, there are three supported releases of the file system, viz., OCFS2 1.2, OCFS2 1.4 and OCFS2 1.6. OCFS2 1.6 RELEASE OCFS2 1.6.3-1 and OCFS2 Tools 1.6.3-1 are the latest versions. The new features available in this release include Extended Attributes, POSIX ACLs, REFLINK, Indexed Directories, Allocation Reservation, Metadata Checksums and User/Group Quotas. OCFS2 1.6 is only available with the Unbreakable Enterprise Kernel. Users wishing to upgrade to the new release must logon to the Unbreakable Linux Network (ULN) and subscribe to the Oracle Linux 5 Latest channel. [..] The source code for the OCFS2 file system and its tools is available under the GNU General Public License (GPL), version 2. ..? Regards, DT Piotr Wadas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#580929: Proxy mode by default does not resolve proxy hostname to IP, numeric IP is required
Package: dovecot-common Version: 1:1.2.11-1 Severity: wishlist Tags: upstream patch The patch is created by Martin F. Foster , I took it from http://www.mail-archive.com/dove...@dovecot.org/msg26781.html and tested it against 1.2.11-1 . This functionality requires login_chroot = no, anyway with proxying mode I bet it's acceptable. Regards, DT --- dovecot-1.2.11/src/login-common/login-proxy.c.orig 2010-05-09 23:07:09.0 +0200 +++ dovecot-1.2.11/src/login-common/login-proxy.c 2010-05-09 23:10:24.0 +0200 @@ -194,18 +194,36 @@ { struct login_proxy *proxy; struct login_proxy_record *rec; - struct ip_addr ip; - int fd; + struct ip_addr ip, *ip_list; + char *host_ip; + int fd, ret; + unsigned int ip_count; if (host == NULL) { i_error(proxy(%s): host not given, client-virtual_user); return NULL; } - if (net_addr2ip(host, ip) 0) { - i_error(proxy(%s): %s is not a valid IP, + host_ip = t_strdup(host); + ret = net_gethostbyname(host, ip_list, ip_count); + if (ret != 0) { + i_error(proxy(%s): cannot resolve %s. + If name resolution is working outside dovecot, it may be a chroot issue. + See LoginProcess on wiki, and login_dir login_chroot in config., + client-virtual_user, host); + return NULL; + } else if (ip_count 1) { + i_error(proxy(%s): succesfully resolved host %s, got no IPs., client-virtual_user, host); return NULL; + } else { + host_ip = t_strdup(net_ip2addr(ip_list[0])); + } + + if (net_addr2ip(host_ip, ip) 0) { + i_error(proxy(%s): %s is not a valid IP, + client-virtual_user, host_ip); + return NULL; } rec = login_proxy_state_get(proxy_state, ip, port); @@ -218,13 +236,13 @@ fd = net_connect_ip(ip, port, NULL); if (fd 0) { i_error(proxy(%s): connect(%s, %u) failed: %m, - client-virtual_user, host, port); + client-virtual_user, host_ip, port); return NULL; } proxy = i_new(struct login_proxy, 1); proxy-created = ioloop_timeval; - proxy-host = i_strdup(host); + proxy-host = i_strdup(host_ip); proxy-user = i_strdup(client-virtual_user); proxy-port = port; proxy-ssl_flags = ssl_flags; -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.33-2-686 (SMP w/2 CPU cores) Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to pl_PL) Shell: /bin/sh linked to /bin/bash Versions of packages dovecot-common depends on: ii adduser 3.112add and remove users and groups ii libbz2-1.0 1.0.5-4 high-quality block-sorting file co ii libc6 2.11-0exp4 Embedded GNU C Library: Shared lib ii libcomerr2 1.41.11-1common error description library ii libdb4.84.8.26-3 Berkeley v4.8 Database Libraries [ ii libgssapi-krb5-21.8.1+dfsg-2 MIT Kerberos runtime libraries - k ii libk5crypto31.8.1+dfsg-2 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.1+dfsg-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.21-pw2 OpenLDAP libraries ii libmysqlclient165.1.45-3 MySQL database client library ii libpam-runtime 1.1.1-3 Runtime support for the PAM librar ii libpam0g1.1.1-3 Pluggable Authentication Modules l ii libpq5 8.4.3-1 PostgreSQL C client library ii libsqlite3-03.6.23.1-2 SQLite 3 shared library ii libssl0.9.8 0.9.8n-1 SSL shared libraries ii openssl 0.9.8n-1 Secure Socket Layer (SSL) binary a ii ucf 3.0025 Update Configuration File: preserv ii zlib1g 1:1.2.3.5.dfsg-1 compression library - runtime dovecot-common recommends no packages. Versions of packages dovecot-common suggests: ii ntp 1:4.2.6+dfsg-1 Network Time Protocol daemon and u -- Configuration Files: /etc/pam.d/dovecot changed [not included] -- no debconf information --- dovecot-1.2.11/src/login-common/login-proxy.c.orig 2010-05-09 23:07:09.0 +0200 +++ dovecot-1.2.11/src/login-common/login-proxy.c 2010-05-09 23:10:24.0 +0200 @@ -194,18 +194,36 @@ { struct login_proxy *proxy; struct login_proxy_record *rec; - struct ip_addr ip; - int fd; + struct ip_addr ip, *ip_list; + char *host_ip; + int fd, ret; + unsigned int ip_count; if (host == NULL) {
Bug#551479: adding some capability-related code probably originating from drbd8 upstream, successful build but drbdadm up resources returns CAP_SYS_ADMIN necessary error while selinux is completely di
Package: drbd8-source Version: 2:8.3.4-1 Severity: grave -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux left 2.6.27.23-0.1_lustre.1.8.1-default #1 SMP 2009-05-26 17:02:05 -0400 i686 GNU/Linux Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to pl_PL) Shell: /bin/sh linked to /bin/bash Boot command line: BOOT_IMAGE=/boot/vmlinuz-2.6.27.23-0.1_lustre.1.8.1-default root=/dev/mapper/left-root ro enforcing=0 selinux=0 This did not appear in 8.3.3rc3. Guess it's regarding capability/selinux include issue, because comparing recursive diff of drbd8-source between 8.3.3rc3 and 8.3.4. Not attaching a fix patch, because this capability include is probably considered a feature in upstream version, so, a patch will actually revert it back to 8.3.3rc3 (?). Selinux is actually not build/included at all with this kernel, enforcing and disable in boot cmdline is added just-for-sake This appears while attaching previously created resources, or initializing newly-created resources. 0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary Command 'drbdsetup 0 disk /dev/drbdvg/lvmdt0 /dev/drbdvg/lvmdt0 internal --set-defaults --create-device --on-io-error=detach' terminated with exit code 10 0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary Command 'drbdsetup 0 syncer --set-defaults --create-device --verify-alg=crc32c --rate=10M' terminated with exit code 10 0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary Command 'drbdsetup 0 net 192.168.57.101:7789 192.168.57.102:7789 C --set-defaults --create-device --cram-hmac-alg=sha1 --shared-secret=di9AM0Wae5ge' terminated with exit code 10 0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary Command 'drbdsetup 0 disk /dev/drbdvg/lvmdt0 /dev/drbdvg/lvmdt0 internal --set-defaults --create-device --on-io-error=detach' terminated with exit code 10 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#551479: Acknowledgement (adding some capability-related code probably originating from drbd8 upstream, successful build but drbdadm up resources returns CAP_SYS_ADMIN necessary error while selin
Well, this fixes it. But this is not a solution, rather a workaround, I guess the whole thing is to allow using drbd with selinux/lids enabled, while removal still does not.. Not, #ifdef that KERNEL_HAS_CN_SKB_PARMS was in drbd_nl.c - I tried simply adding the same ifdef in connector.c, but it did not help, so I decided to comment the whole thing. Regards, Piotr Wadas pwa...@dtpw.pl left:~/DRBDSRC/834# diff -uNr modules.before modules.after diff -uNr modules.before/drbd8/drbd/connector.c modules.after/drbd8/drbd/connector.c --- modules.before/drbd8/drbd/connector.c 2009-10-06 13:32:41.0 +0200 +++ modules.after/drbd8/drbd/connector.c2009-10-18 16:58:42.0 +0200 @@ -211,8 +211,6 @@ msg = NLMSG_DATA(nlh); /* DRBD specific change: Only allow packets from ROOT */ - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; return cn_call_callback(msg, (void (*)(void *))kfree_skb, skb); } diff -uNr modules.before/drbd8/drbd/drbd_nl.c modules.after/drbd8/drbd/drbd_nl.c --- modules.before/drbd8/drbd/drbd_nl.c 2009-10-05 14:52:03.0 +0200 +++ modules.after/drbd8/drbd/drbd_nl.c 2009-10-18 16:58:59.0 +0200 @@ -2063,13 +2063,6 @@ return; } -#ifdef KERNEL_HAS_CN_SKB_PARMS - if (!cap_raised(nsp-eff_cap, CAP_SYS_ADMIN)) { - retcode = ERR_PERM; - goto fail; - } -#endif - mdev = ensure_mdev(nlp); if (!mdev) { retcode = ERR_MINOR_INVALID; left:~/DRBDSRC/834# -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508078: lustre kernel module uses obsolete blk_put_queue instead of blk_cleanup_queue
Package: lustre-source Version: 1.6.5.1-4 File /usr/src/modules/lustre/lustre/llite/lloop.c has the same bug as described with drbd8-source, it uses old blk_put_queue instead of blk_cleanup_queue, module builds, but cannot be loaded http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481992 this and rebuild solved it. //blk_put_queue(loop_dev[i].lo_queue); blk_cleanup_queue(loop_dev[i].lo_queue); (lines 726 and 748) Regards, Piotr Wadas [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407099: If group option is not set in arguments, autodir module create group directory owned as root instead of owning group GID
Package: autodir Version: 0.99.8-1 Severity: important Tags: patch the patch works with debian package source and original source (doesn't interfere with debian patches) Regards, P. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.8keh01 Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to pl_PL.ISO-8859-2) --- autodir-0.99.8/src/modules/autogroup.c 2007-01-16 07:14:18.0 +0100 +++ autodir-0.99.8/src/modules/autogroup.c 2007-01-16 07:17:05.0 +0100 @@ -292,6 +292,7 @@ ag_conf.nocheck = 0; ag_conf.owner = 0; ag_conf.fastmode = 0; + ag_conf.group = -1; option_process( opts );
Bug#403136: mkinitrd
Hello, I've read carefully this report, as I got the same thing after some upgrades lately, on different machines with/without lvm, but with system on software-raid (raid 1), debian testing/unstable. Even after downgrading udev, and with different kernel versions (debian kernels and original kernels), I tested with 2.6.18.1 and 2.6.19.2 Finally, it workd with initrd created with mkinitrd instead of mkinitrd.yaird. Please let me know if this helped in your case. Regards, Piotr Wadas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]