Bug#600065: ruser buffer too small

[Piotr Wadas]

Package: libpam-ldapd
Version: 0.7.10
Severity: normal
Tags: upstream




Hello,
In nslcd/pam.c ( nslcd_pam_authz ), about line 277

char ruser[32];

is too small - if username contains domain name, which is rather common 
practice,
the limit is reached, should be at least 128 I guess ( or configurable ).
E.g. johnny.mnemo...@enterprisegalaxy.com - and nslcd rejects pam-client 
message, which causes session to fail.
Must've rebuild with procol debugging to find it, thanks for -DDEBUG_PROT 
-DDEBUG_PROT_DUMP
switches.

Regards,
DT



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598014: There is 1.6 version available since 19 Sept 2010 in Oracle Linux 5

[Piotr Wadas]

Package: ocfs2-tools
Version: 1.4.4-3
Severity: wishlist
Tags: experimental



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.33-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to 
pl_PL)
Shell: /bin/sh linked to /bin/bash


http://oss.oracle.com/projects/ocfs2/

WHAT'S NEW? 

OCFS2 1.6 is now available with the Oracle Linux 5. It is bundled with Oracle's 
Unbreakable Enterprise Kernel.

With this release, there are three supported releases of the file system, viz., 
OCFS2 1.2, OCFS2 1.4 and OCFS2 1.6.

OCFS2 1.6 RELEASE 

OCFS2 1.6.3-1 and OCFS2 Tools 1.6.3-1 are the latest versions. The new features 
available in this release include Extended Attributes, POSIX ACLs, 
REFLINK, Indexed Directories, Allocation Reservation, Metadata Checksums and 
User/Group Quotas.

OCFS2 1.6 is only available with the Unbreakable Enterprise Kernel. Users 
wishing to upgrade to the new release must logon to the Unbreakable Linux 
Network (ULN) and subscribe to the Oracle Linux 5 Latest channel.

[..]

The source code for the OCFS2 file system and its tools is available under the 
GNU General Public License (GPL), version 2.

..?

Regards,
DT Piotr Wadas



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#580929: Proxy mode by default does not resolve proxy hostname to IP, numeric IP is required

[Piotr Wadas]

Package: dovecot-common
Version: 1:1.2.11-1
Severity: wishlist
Tags: upstream patch



The patch is created by Martin F. Foster , I took it from 

http://www.mail-archive.com/dove...@dovecot.org/msg26781.html

and tested it against 1.2.11-1 . This functionality requires
login_chroot = no, anyway with proxying mode I bet it's acceptable.

Regards,
DT

--- dovecot-1.2.11/src/login-common/login-proxy.c.orig  2010-05-09 
23:07:09.0 +0200
+++ dovecot-1.2.11/src/login-common/login-proxy.c   2010-05-09 
23:10:24.0 +0200
@@ -194,18 +194,36 @@
 {
struct login_proxy *proxy;
struct login_proxy_record *rec;
-   struct ip_addr ip;
-   int fd;
+  struct ip_addr ip, *ip_list;
+  char *host_ip;
+  int fd, ret;
+  unsigned int ip_count;
 
if (host == NULL) {
i_error(proxy(%s): host not given, client-virtual_user);
return NULL;
}
 
-   if (net_addr2ip(host, ip)  0) {
-   i_error(proxy(%s): %s is not a valid IP,
+  host_ip = t_strdup(host);
+  ret = net_gethostbyname(host, ip_list, ip_count);
+ if (ret != 0) {
+   i_error(proxy(%s): cannot resolve %s. 
+   If name resolution is working outside dovecot, it may be a 
chroot issue. 
+   See LoginProcess on wiki, and login_dir  login_chroot in 
config.,
+   client-virtual_user, host);
+   return NULL;
+   } else if (ip_count  1) {
+   i_error(proxy(%s): succesfully resolved host %s, got no IPs., 
client-virtual_user, host);
return NULL;
+   } else {
+   host_ip = t_strdup(net_ip2addr(ip_list[0]));
+   }
+
+   if (net_addr2ip(host_ip, ip)  0) {
+   i_error(proxy(%s): %s is not a valid IP,
+   client-virtual_user, host_ip);
+   return NULL;
}
 
rec = login_proxy_state_get(proxy_state, ip, port);
@@ -218,13 +236,13 @@
fd = net_connect_ip(ip, port, NULL);
if (fd  0) {
i_error(proxy(%s): connect(%s, %u) failed: %m,
-   client-virtual_user, host, port);
+   client-virtual_user, host_ip, port);
return NULL;
}
 
proxy = i_new(struct login_proxy, 1);
proxy-created = ioloop_timeval;
-   proxy-host = i_strdup(host);
+   proxy-host = i_strdup(host_ip);
proxy-user = i_strdup(client-virtual_user);
proxy-port = port;
proxy-ssl_flags = ssl_flags;

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.33-2-686 (SMP w/2 CPU cores)
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to 
pl_PL)
Shell: /bin/sh linked to /bin/bash

Versions of packages dovecot-common depends on:
ii  adduser 3.112add and remove users and groups
ii  libbz2-1.0  1.0.5-4  high-quality block-sorting file co
ii  libc6   2.11-0exp4   Embedded GNU C Library: Shared lib
ii  libcomerr2  1.41.11-1common error description library
ii  libdb4.84.8.26-3 Berkeley v4.8 Database Libraries [
ii  libgssapi-krb5-21.8.1+dfsg-2 MIT Kerberos runtime libraries - k
ii  libk5crypto31.8.1+dfsg-2 MIT Kerberos runtime libraries - C
ii  libkrb5-3   1.8.1+dfsg-2 MIT Kerberos runtime libraries
ii  libldap-2.4-2   2.4.21-pw2   OpenLDAP libraries
ii  libmysqlclient165.1.45-3 MySQL database client library
ii  libpam-runtime  1.1.1-3  Runtime support for the PAM librar
ii  libpam0g1.1.1-3  Pluggable Authentication Modules l
ii  libpq5  8.4.3-1  PostgreSQL C client library
ii  libsqlite3-03.6.23.1-2   SQLite 3 shared library
ii  libssl0.9.8 0.9.8n-1 SSL shared libraries
ii  openssl 0.9.8n-1 Secure Socket Layer (SSL) binary a
ii  ucf 3.0025   Update Configuration File: preserv
ii  zlib1g  1:1.2.3.5.dfsg-1 compression library - runtime

dovecot-common recommends no packages.

Versions of packages dovecot-common suggests:
ii  ntp   1:4.2.6+dfsg-1 Network Time Protocol daemon and u

-- Configuration Files:
/etc/pam.d/dovecot changed [not included]

-- no debconf information
--- dovecot-1.2.11/src/login-common/login-proxy.c.orig	2010-05-09 23:07:09.0 +0200
+++ dovecot-1.2.11/src/login-common/login-proxy.c	2010-05-09 23:10:24.0 +0200
@@ -194,18 +194,36 @@
 {
 	struct login_proxy *proxy;
 	struct login_proxy_record *rec;
-	struct ip_addr ip;
-	int fd;
+  struct ip_addr ip, *ip_list;
+  char *host_ip;
+  int fd, ret;
+  unsigned int ip_count;
 
 	if (host == NULL) {
 		

Bug#551479: adding some capability-related code probably originating from drbd8 upstream, successful build but drbdadm up resources returns CAP_SYS_ADMIN necessary error while selinux is completely di

[Piotr Wadas]

Package: drbd8-source
Version: 2:8.3.4-1
Severity: grave


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux left 2.6.27.23-0.1_lustre.1.8.1-default #1 SMP 2009-05-26 
17:02:05 -0400 i686 GNU/Linux
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to 
pl_PL)
Shell: /bin/sh linked to /bin/bash

Boot command line: 
BOOT_IMAGE=/boot/vmlinuz-2.6.27.23-0.1_lustre.1.8.1-default 
root=/dev/mapper/left-root ro enforcing=0 selinux=0

This did not appear in 8.3.3rc3. Guess it's regarding capability/selinux 
include issue, because
comparing recursive diff of drbd8-source between 8.3.3rc3 and 8.3.4. Not 
attaching a fix
patch, because this capability include is probably considered a feature in 
upstream version,
so, a patch will actually revert it back to 8.3.3rc3 (?). Selinux is actually 
not build/included at all
with this kernel, enforcing and disable in boot cmdline is added just-for-sake

This appears while attaching previously created resources, or initializing 
newly-created resources.

0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary
Command 'drbdsetup 0 disk /dev/drbdvg/lvmdt0 /dev/drbdvg/lvmdt0 internal 
--set-defaults --create-device --on-io-error=detach' terminated with exit code 
10
0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary
Command 'drbdsetup 0 syncer --set-defaults --create-device --verify-alg=crc32c 
--rate=10M' terminated with exit code 10
0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary
Command 'drbdsetup 0 net 192.168.57.101:7789 192.168.57.102:7789 C 
--set-defaults --create-device --cram-hmac-alg=sha1 
--shared-secret=di9AM0Wae5ge' terminated with exit code 10
0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary
Command 'drbdsetup 0 disk /dev/drbdvg/lvmdt0 /dev/drbdvg/lvmdt0 internal 
--set-defaults --create-device --on-io-error=detach' terminated with exit code 
10



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#551479: Acknowledgement (adding some capability-related code probably originating from drbd8 upstream, successful build but drbdadm up resources returns CAP_SYS_ADMIN necessary error while selin

[Piotr Wadas]

Well, this fixes it. But this is not a solution, rather a workaround,
I guess the whole thing is to allow using drbd with selinux/lids enabled,
while removal still does not.. Not, #ifdef that KERNEL_HAS_CN_SKB_PARMS
was in drbd_nl.c - I tried simply adding the same ifdef in connector.c, 
but it did not help, so I decided to comment the whole thing.

Regards,
Piotr Wadas pwa...@dtpw.pl


left:~/DRBDSRC/834# diff -uNr modules.before modules.after
diff -uNr modules.before/drbd8/drbd/connector.c 
modules.after/drbd8/drbd/connector.c
--- modules.before/drbd8/drbd/connector.c   2009-10-06 13:32:41.0 
+0200
+++ modules.after/drbd8/drbd/connector.c2009-10-18 16:58:42.0 
+0200
@@ -211,8 +211,6 @@
msg = NLMSG_DATA(nlh);

/* DRBD specific change: Only allow packets from ROOT */
-   if (!capable(CAP_SYS_ADMIN))
-   return -EPERM;

return cn_call_callback(msg, (void (*)(void *))kfree_skb, skb);
 }
diff -uNr modules.before/drbd8/drbd/drbd_nl.c 
modules.after/drbd8/drbd/drbd_nl.c
--- modules.before/drbd8/drbd/drbd_nl.c 2009-10-05 14:52:03.0 +0200
+++ modules.after/drbd8/drbd/drbd_nl.c  2009-10-18 16:58:59.0 +0200
@@ -2063,13 +2063,6 @@
return;
}

-#ifdef KERNEL_HAS_CN_SKB_PARMS
-   if (!cap_raised(nsp-eff_cap, CAP_SYS_ADMIN)) {
-   retcode = ERR_PERM;
-   goto fail;
-   }
-#endif
-   
mdev = ensure_mdev(nlp);
if (!mdev) {
retcode = ERR_MINOR_INVALID;
left:~/DRBDSRC/834#




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#508078: lustre kernel module uses obsolete blk_put_queue instead of blk_cleanup_queue

[Piotr Wadas]

Package: lustre-source
Version: 1.6.5.1-4

File  /usr/src/modules/lustre/lustre/llite/lloop.c
has the same bug as described with drbd8-source,
it uses old blk_put_queue instead of blk_cleanup_queue,
module builds, but cannot be loaded 

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481992

this and rebuild solved it.

 //blk_put_queue(loop_dev[i].lo_queue);
 blk_cleanup_queue(loop_dev[i].lo_queue);

(lines 726 and 748)

Regards,
Piotr Wadas [EMAIL PROTECTED]




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#407099: If group option is not set in arguments, autodir module create group directory owned as root instead of owning group GID

[Piotr Wadas]

Package: autodir
Version: 0.99.8-1
Severity: important
Tags: patch

the patch works with debian package source
and original source (doesn't interfere with debian patches)
Regards,
P.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.8keh01
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to 
pl_PL.ISO-8859-2)
--- autodir-0.99.8/src/modules/autogroup.c  2007-01-16 07:14:18.0 
+0100
+++ autodir-0.99.8/src/modules/autogroup.c  2007-01-16 07:17:05.0 
+0100
@@ -292,6 +292,7 @@
ag_conf.nocheck = 0;
ag_conf.owner = 0;
ag_conf.fastmode = 0;
+   ag_conf.group = -1;
 
option_process( opts );
 

Bug#403136: mkinitrd

[Piotr Wadas]

Hello,
I've read carefully this report, as I got
the same thing after some upgrades lately,
on different machines with/without lvm,
but with system on software-raid (raid 1),
debian testing/unstable.

Even after downgrading udev, and with different
kernel versions (debian kernels and original kernels),
I tested with 2.6.18.1 and 2.6.19.2
Finally, it workd with initrd created 
with mkinitrd instead of mkinitrd.yaird.
Please let me know if this helped in your case.
Regards,
Piotr Wadas


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]