Bug#629589: segfault gone, but problems remain
$ ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context $ ldapwhoami SASL/GSSAPI authentication started SASL username: cowboy@REALM SASL SSF: 56 SASL data security layer installed. dn:uid=cowboy,ou=users,dc=... $ ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80) additional info: SASL(-1): generic failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible. (unknown mech-code 0 for mech unknown) A tad bit unreliable ... and those were back-to-back queries :( -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#629589: segfault gone, but problems remain
On Sat, 11 Jun 2011, Dan White wrote: Do you have libsasl2-modules-gssapi-mit or libsasl2-modules-gssapi-heimdal installed, and what version? ii libsasl2-modules-gssapi-heimdal 2.1.24~rc1.dfsg1+cvs2011-05-23-4 Is your slapd running on a separate host? No, 'tis using ldapi:// If so, is it using the same version of libsasl2-modules-gssapi-*? I have not upgraded my master servers until this is cleared, but the laptop (sacraficial testsite) has its own copy of ldap/kdc/etc. Do you see anything useful in your /var/log/auth.log on the server or client? Yes, interestingly, this shows up for both failure modes: Jun 11 15:37:02 sparks-ave ldapwhoami: canonuserfunc error -7 Jun 11 15:37:02 sparks-ave ldapwhoami: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb This one for the succes case: Jun 11 15:37:02 sparks-ave ldapwhoami: DIGEST-MD5 common mech free What kerberos server are you using, ii heimdal-kdc1.4.0-6 and do you see anything in it's syslog output? No, just the expected: AS-REQ host/... from IPv4:127.0.0.1 for krbtgt/... Would you mind sharing an anonymized copy of your /etc/ldap.conf and ~/.ldaprc? Not at all :) /etc/ldap/ldap.conf: BASEdc=... URI ldapi:/// TLS_CACERT /etc/ssl/certs/ca-certificates.crt TLS_CACERTDIR /etc/ssl/certs TLS_CRLCHECK none TLS_REQCERT allow ~/.ldaprc: SASL_MECH gssapi -- Rick Nelson Connection reset by some moron with a backhoeb -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#629589: segfault gone, but problems remain
On Sat, 11 Jun 2011, Dan White wrote: Yes, interestingly, this shows up for both failure modes: Jun 11 15:37:02 sparks-ave ldapwhoami: canonuserfunc error -7 Jun 11 15:37:02 sparks-ave ldapwhoami: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb The ldapdb error probably isn't related. You should be able to add: ldapdb_uri: ldapi:/// to /etc/sasl2/slapd.conf or /usr/lib/sasl2/slapd.conf to stop it from complaining. Doesn't help - /etc/sasl2/slapd.conf: allowanonymouslogin: 1 allowplaintext: 1 ldapdb_uri: ldapi:/// and even after the below info, and restarting slapd saslauthd I'm still getting this in /var/log/auth.log: Jun 11 18:40:36 sparks-ave ldapwhoami: canonuserfunc error -7 Jun 11 18:40:36 sparks-ave ldapwhoami: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb Jun 11 18:40:36 sparks-ave ldapwhoami: DIGEST-MD5 common mech free This one for the succes case: Jun 11 15:37:02 sparks-ave ldapwhoami: DIGEST-MD5 common mech free /etc/ldap/ldap.conf: BASEdc=... URI ldapi:/// TLS_CACERT /etc/ssl/certs/ca-certificates.crt TLS_CACERTDIR /etc/ssl/certs TLS_CRLCHECK none TLS_REQCERT allow ~/.ldaprc: SASL_MECH gssapi I haven't done gssapi over ldapi:/// before - how does your (client) gssapi mech know which kerberos service ticket to submit to the server (ldap/hostname@REALM) for authentication? Maybe it just uses the local hostname? Good question ! It apparently does use the canonical host name - I have a ticket for: krbtgt/realm@REALM ldap/sparks-ave.domain@REALM Does it make any difference if you use ldap://hostname instead? Actually, I think you fixed it by mistake :) intermittent reverse resolution issues (I got an error saying couldn't find a ticket for 192.168.1.12@REALM ... instead of sparks-ave ! When there's a failure, are you getting the ldap/hostname@REALM service ticket from your kerberos server? Does klist look the same between failures and successes? The testing has all been done under the same session, after login in, and not resetting krbt credentials: krbtgt/ ldap/sparks-ave host/sparks-ave imap/sparks-ave smtp/sparks-ave I think we can chock this up to operator error due to flaky DNS - why it worked ~25% of the time is a mystery... krb is pretty sensitive to forward, reverse, and cononical host names. Thanks... looks like 'tis time to update more machines now :) -- Rick Nelson ...you might as well skip the Xmas celebration completely, and instead sit in front of your linux computer playing with the all-new-and-improved linux kernel version. (By Linus Torvalds) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#591147: libsasl2-modules-gssapi-heimdal: needs rebuilding against new Heimdal
Package: libsasl2-modules-gssapi-heimdal Version: 2.1.23.dfsg1-5 Severity: grave Tags: sid Justification: renders package unusable /var/log/auth.log is being flooded by these: Aug 1 00:00:01 sparks-ave svn: unable to dlopen /usr/lib/sasl2/libgssapiv2.so.2: /usr/lib/libgssapi.so.2: version `HEIMDAL_GSS_1.0' not found (required by /usr/lib/sasl2/libgssapiv2.so.2) The recent Heimdal update bumped the API to 2.0 As a result of this, kerberos based SSO is completely broken -- System Information: Debian Release: squeeze/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libsasl2-modules-gssapi-heimdal depends on: ii libasn1-8-hei 1.4.0~git20100726.dfsg.1-1 Heimdal Kerberos - ASN.1 library ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libcomerr21.41.12-2 common error description library ii libgssapi2-he 1.4.0~git20100726.dfsg.1-1 Heimdal Kerberos - GSSAPI support ii libkrb5-26-he 1.4.0~git20100726.dfsg.1-1 Heimdal Kerberos - libraries ii libroken18-he 1.4.0~git20100726.dfsg.1-1 Heimdal Kerberos - roken support l ii libsasl2-modu 2.1.23.dfsg1-5 Cyrus SASL - pluggable authenticat ii libssl0.9.8 0.9.8o-1 SSL shared libraries libsasl2-modules-gssapi-heimdal recommends no packages. libsasl2-modules-gssapi-heimdal suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#561900: libsasl2-modules-gssapi-heimdal: Please rebuild against the new heimdal libraries, or everything is broken :(
Package: libsasl2-modules-gssapi-heimdal Version: 2.1.23.dfsg1-3 Severity: critical Justification: breaks unrelated software My /var/log/auth.log are now (that libpam-heimdal has been upgrade) filled with this: 05:28:37 ultima-thule slapd[4238]: SASL [conn=7464] Failure: Couldn't find mech GSSAPI This'll be due to the .so bump, and ABI change in recent heimdal packages :( As it stands, I do all my auth via krb5 - even for ldap - I can't change passwords, or auth, or ... -- System Information: Debian Release: squeeze/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libsasl2-modules-gssapi-heimdal depends on: ii libasn1-8-heimdal 1.3.1.dfsg.1-6 Heimdal Kerberos - ASN.1 library ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libcomerr21.41.9-1 common error description library ii libgssapi2-heimdal1.3.1.dfsg.1-6 Heimdal Kerberos - GSSAPI support ii libkrb5-25-heimdal1.3.1.dfsg.1-4 Heimdal Kerberos - libraries ii libroken18-heimdal1.3.1.dfsg.1-6 Heimdal Kerberos - roken support l ii libsasl2-modules 2.1.23.dfsg1-3 Cyrus SASL - pluggable authenticat ii libssl0.9.8 0.9.8k-7 SSL shared libraries libsasl2-modules-gssapi-heimdal recommends no packages. libsasl2-modules-gssapi-heimdal suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#559779: libpam-heimdal: Needs to be rebuilt against current heimdal libraries
Package: libpam-heimdal Version: 3.15-2 Severity: critical Justification: breaks the whole system After updating to the current Heimdal packages, at the next boot, everything broke - su, login, cron, etc regressing to the testing level of heimdal packages makes everything work again. The missing piece in the upgrade is libpam-heimdal -- System Information: Debian Release: squeeze/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.30 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-heimdal depends on: ii libc62.10.2-2GNU C Library: Shared libraries ii libkrb5-25-heimdal 1.2.e1.dfsg.1-4 Heimdal Kerberos - libraries ii libpam0g 1.1.0-4 Pluggable Authentication Modules l libpam-heimdal recommends no packages. libpam-heimdal suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#553135: sendmail-base: maintainer-script-calls-init-script-directly prerm:67 than using invoke-rc.d. The use of invoke-rc.d to invoke the /etc/init.d/* initscripts instead of calling them directly
That would be this section: sendmail-base.prerm:if [ -x /usr/etc/init.d/sendmail ]; then sendmail-base.prerm:/usr/etc/init.d/sendmail clean; Since every other call to /etc/init.d/sendmail is guarded by a test for invoke-rc.d. The invoke-rc.d manpage says: INIT SCRIPT ACTIONS The standard actions are: start, stop, force-stop, restart, reload, force-reload, and status. Other actions are accepted, but they can cause prob‐ lems to policy-rc.d (see the INIT SCRIPT POLICY section), so warnings are gener‐ ated if the policy layer is active. ... If an action must be carried out regardless of any local policies, use the --force switch. ... --force Tries to run the init script regardless of policy and init script subsys‐ tem errors. Use of this option in Debian maintainer scripts is severely discouraged. So, I'd have to use --force, or suffer the user with a warning due the fact that I'm passing a non-standard action (clean). The intent of all this was, that upon removal of sendmail base, it would not destroy anything in the queues, but would clean out stale, or erroneous files. Sigh, I guess I'll just forgo the idea altogether -- Rick Nelson Iambe conning the most intellegent people on the planet is not easy
Bug#553293: sendmail-bin: read-in-maintainer-script (postinst:78, postinst:95)
On Thu, 29 Oct 2009, Manoj Srivastava wrote: This maintainer script appears to use read to get information from the user. Prompting in maintainer scripts must be done by communicating through a program such as debconf which conforms to the Debian Configuration management specification, version 2 or higher. Refer to Debian Policy Manual section 3.9.1 (Prompting in maintainer scripts) for details. Too bad lintian doesn't do control flow analysis - this is left over code that was left for a potential conversion to debconf that never happened... It is *not* executed -- Rick Nelson ...very few phenomena can pull someone out of Deep Hack Mode, with two noted exceptions: being struck by lightning, or worse, your *computer* being struck by lightning. (By Matt Welsh) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#516695: libpam-heimdal: new version (3.13) fixing two security issues
Package: libpam-heimdal Version: 3.10-2.1 Severity: critical Tags: security Justification: root security hole libpam-heimdal needs to be braought upto curent libpam-krb5 I know this was all stalled by the freeze, but 'tis time now Date: Tue, 17 Feb 2009 16:32:07 + ... libpam-krb5 (3.13-2) unstable; urgency=low . * Upload to unstable. . libpam-krb5 (3.13-1) experimental; urgency=high . * New upstream release. - SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore user environment variables that specify the local keytab and Kerberos configuration. Protects against a privilege escalation vulnerability. - SECURITY (CVE-2009-0361): Protect against applications calling pam_setcred with PAM_REINITIALIZE_CREDS as root in a setuid context. This API call is designed to reinitialize an existing Kerberos ticket cache and therefore trusts the KRB5CCNAME environment variable, but in a setuid context, this may allow overwriting arbitrary files. - -- System Information: Debian Release: 5.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27.15 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-heimdal depends on: ii libc6 2.9-3 GNU C Library: Shared libraries ii libkrb5-25-heimdal1.2.dfsg.1-2.1 Heimdal Kerberos - libraries ii libpam0g 1.0.1-5Pluggable Authentication Modules l libpam-heimdal recommends no packages. libpam-heimdal suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510678: libnss-ldap: ldap entry on nsswitch.conf causes gdm hang
On Sun, 4 Jan 2009, root wrote: Package: libnss-ldap Version: 261-2.1 Severity: critical Justification: breaks the whole system You very likely are simply misconfigured, but I'll not yet drop the severity to a more apropriate value. The ldap entry on nsswitch.conf for ldap authentication like: passwd: compat ldap Why compat ... if you aren't using NIS/NIS+, that should be 'files ldap' group: compat ldap shadow: compat ldap cause the whole system hang. The system loaded til gdm, but I just got an X mouse pointer. The system doesn't response any keyboard command, so that I can't kill the Xserver through ctrl+alt+backspace. I can't go to the terminal with ctrl+alt+f1-f6 too. Over SSH there is no connection to the system, because the system is hanging. There should be informatitve messages in /var/log/auth.log, and possibly /var/log/syslog... I can't be of much use without seeing some of them. If I remove the ldap entry on nsswitch.conf, the system works normally. 1) boot up without LDAP auth 2) add ldap to nsswitch.conf 3) getent passwd some valid user in ldap 4) tweak /etc/libnss-ldap.conf until 3 works Once that all is working, the next cause of hang is based upon installed package set - and their daemon user entries in /etc/passwd. You will need to add and tweak the following line in libnss-ldap.conf: nss_initgroups_ignoreusers root,openldap, IE: if gdm hangs, and there is a system userid for the gdm daemon, add its name to the ignoreusers line. Why isn't the line already there and correct ? It would require going through the entire archive and scanning init.d files for anything that might possibly start before nscd (if installed), or the local slapd daemon (if installed) and adding those daemon users to the line... That is necessary, but not sufficient in that the sysadmin may change start order :( I'd actually recommend you do what I have done - install libnss-ldapd instead. -- Rick Nelson Intel engineering seem to have misheard Intel marketing strategy. The phrase was Divide and conquer not Divide and cock up (By iia...@www.linux.org.uk, Alan Cox) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510678: libnss-ldap: ldap entry on nsswitch.conf causes gdm hang
On Sun, 4 Jan 2009, Daniel Haryo Sugondo wrote: There should be informatitve messages in /var/log/auth.log, and possibly /var/log/syslog... I can't be of much use without seeing some of them. syslog [snip] auth.log [snip] uhm, neither of the log snips appear to be related to your hangs :( As I written on my 1st post. I can log on with my LDAP Account if I change the nsswitch.conf after booting. So this all works. not necessarily (is pam-ldap also installed and in use ?) does `getent passwd` show all system and ldap users ? I've already insert it, but my system still hang after reboot. ??? -- Confused. # Just assume that there are no supplemental groups for these named users nss_initgroups_ignoreusers root,avahi,haldaemon,gdm Looks like a good start, but since your auth.log/syslog fragments weren't from a hang - there's no way to see what is going on Why isn't the line already there and correct ? It would require going through the entire archive and scanning init.d files for anything that might possibly start before nscd (if installed), or the local slapd daemon (if installed) and adding those daemon users to the line... That is necessary, but not sufficient in that the sysadmin may change start order :( You may need to do part of this, or simply add all system users to the line I'd actually recommend you do what I have done - install libnss-ldapd instead. already installed, you can see it on auth.log. So you're up and running now ? -- Rick Nelson Endy taniwha: Quote material :) taniwha Endy: :) knghtbrd Endy: I already snipped it -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#502760: Processed: Re: Re: Is this really in ldapscripts?
On Thu, 30 Oct 2008, Debian Bug Tracking System wrote: reassign 502760 libnss-ldap Bug#502760: ldapscripts: piuparts test fails: invoke-rc.d: unknown initscript, /etc/init.d/nscd not found. Bug reassigned from package `ldapscripts' to `libnss-ldap'. retitle 502760 libnss-ldap calls nscd init script w/o checking its existance Bug#502760: ldapscripts: piuparts test fails: invoke-rc.d: unknown initscript, /etc/init.d/nscd not found. Changed Bug title to `libnss-ldap calls nscd init script w/o checking its existance' from `ldapscripts: piuparts test fails: invoke-rc.d: unknown initscript, /etc/init.d/nscd not found.'. Interesting... the postinst does not check for /etc/init.d/nscd, but *does* check for /usr/sbin/nscd How did the system wind up in a state where the binary exists, but the initscript doesn't ? -- Rick Nelson Knghtbrd This font is starting to come out very nicely stu Knghtbrd: oh dear, are you hacking up another quake font in vi? :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482439: cfengine2: There are still a ton of segfaults
On Thu, 9 Oct 2008, Morten Werner Forsbring wrote: They are back again (was gone due to change of server for people.debian.org). Are you able to test this package again now? cool, downloaded and installed - hopefully there is debugging info in the package... I'll do some runs and see that happens. I definitely notice a difference due to the FD leak patch that was in the earlier update; it made a big difference ;) Here is one such failure - this one is repeatable on one machine: Thanks a lot, I'll try to look at them asap. great, as I think I mentioned in a follow-up, that particular bug was repeatable on several machines In the bugreport [1], you wrote 25th of August that the 2.2.8-upload seems to have reduced the frequency of segfaults, but do still see them. I think the severity of the bug is not grave after that upload, but more important. Do you agree in lowering the severity? Yes, I do agree - you weren't on IRC, but there I mentioned that while I am (now less so) worried about the issue, I can, in no way, do without cfengine. That said, we should definitively try to fix this bug for lenny! That'd be great... I had hoped v3 would be out in time, but that isn't going to happen soon, if ever (and I'm really anxious for some of the proposed features - like proper imbed handling) -- Rick Nelson | |-sshd---tcsh-+-dpkg-buildpacka---rules---sh---make---make---sh---make---sh---make---sh---make---sh---make---sh---make -- While packaging XFree86 for Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482439: cfengine2: There are still a ton of segfaults
Further testing shows this same failure hitting on most of my x86 boxen I'm not yet sure it is the only one, but is deffinitely common. -- Rick Nelson Linux was made by foreign terrorists to take money from true US companies like Microsoft. - Some AOL'er. To this end we dedicate ourselves... -Don -- From the sig of Don, [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482439: cfengine2: There are still a ton of segfaults
I was, fortunately, just prodded about this issue on IRC ;) The current state (for me), is my amd64 servers (also clients) are running fine... some of my x86 machines are still experiencing a plethora of segfaults daily The private builds you did were gone, so I rebuilt the current package sans the strip (to get meaningful data from cfagent) Here is one such failure - this one is repeatable on one machine: --- * Main Tree Sched: editfiles pass 3 @ Mon Oct 6 19:47:32 2008 * Checking for potential rule:: Tidy /var/lib/cfengine2/ppkeys * ==13134== ==13134== Invalid read of size 4 ==13134==at 0x80619DD: CheckFriendReliability (instrument.c:719) ==13134==by 0x8077264: HandleFriendStatus (functions.c:1847) ==13134==by 0x807AF73: EvaluateFunction (functions.c:177) ==13134==by 0x805B3F7: DoAlerts (alerts.c:64) ==13134==by 0x804F1C6: main (cfagent.c:242) ==13134== Address 0x463c8fc is 332 bytes inside a block of size 636 free'd ==13134==at 0x4022B8A: free (vg_replace_malloc.c:323) ==13134==by 0x41406CF: __os_free (in /usr/lib/libdb-4.6.so) ==13134==by 0x40E48A3: __db_close (in /usr/lib/libdb-4.6.so) ==13134==by 0x40F8E21: __db_close_pp (in /usr/lib/libdb-4.6.so) ==13134==by 0x80617CA: CheckFriendReliability (instrument.c:676) ==13134==by 0x8077264: HandleFriendStatus (functions.c:1847) ==13134==by 0x807AF73: EvaluateFunction (functions.c:177) ==13134==by 0x805B3F7: DoAlerts (alerts.c:64) ==13134==by 0x804F1C6: main (cfagent.c:242) ==13134== ==13134== Jump to the invalid address stated on the next line ==13134==at 0xDBDBDBDB: ??? ==13134==by 0x8077264: HandleFriendStatus (functions.c:1847) ==13134==by 0x807AF73: EvaluateFunction (functions.c:177) ==13134==by 0x805B3F7: DoAlerts (alerts.c:64) ==13134==by 0x804F1C6: main (cfagent.c:242) ==13134== Address 0xdbdbdbdb is not stack'd, malloc'd or (recently) free'd ==13134== ==13134== Process terminating with default action of signal 11 (SIGSEGV) ==13134== Bad permissions for mapped region at address 0xDBDBDBDB ==13134==at 0xDBDBDBDB: ??? ==13134==by 0x8077264: HandleFriendStatus (functions.c:1847) ==13134==by 0x807AF73: EvaluateFunction (functions.c:177) ==13134==by 0x805B3F7: DoAlerts (alerts.c:64) ==13134==by 0x804F1C6: main (cfagent.c:242) Main Tree Sched: shellcommands pass 3 @ Mon Oct 6 19:47:32 2008 * --- -- Rick Nelson _Anarchy_ Argh.. who's handing out the paper bags 8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482439: cfengine2: There are still a ton of segfaults
On Fri, 5 Sep 2008, Morten Werner Forsbring wrote:
Sure, but not until Tuesday ... the home machines seem to be doing
ok after the last round of updates - and the office is powered down
this 3day weekdend
Hi, have you been able to test the new package on your other machines?
Or any other results from your home machines?
Thanks for the prod !
With the current packages (in Debian), I still see the failures
on *all* 32bit systems, but none on the amd64 system (which are
also the cfengine servers). All (3264bit) are running cfservd
and cron scheduled cfagent (every 30min).
I've just installed your updated package on the 32bit systems -
fortunately my problem your build match :)
I'll let it run a while and watch the logs...
In case it helps, here's what I have been seeing with the
stock packages (I'm not sure exactly what the kernel segfault message is
telling me) - but there are some unique patterns:
$zgrep -e 'cfagent.* segfault' /var/log/syslog* | grep -v 'error 4'
/var/log/syslog.5.gz:Aug 30 16:39:27 sparks-ave kernel: cfagent[14488]:
segfault at dbdbdbdb ip dbdbdbdb sp bfaa0a7c error 15
/var/log/syslog.3.gz:Aug 27 16:32:22 bandit-hall kernel: cfagent[21515]:
segfault at dbdbdbdb ip dbdbdbdb sp bfb1994c error 5
/var/log/syslog.2.gz:Aug 28 21:31:49 corkscrew kernel: cfagent[30815]:
segfault at 1166c548 ip 08b3561e sp bfb169ac error 6
This error, however is ~ 99% of them - and should be trackable
to the actual source (with linkmap listings):
$zgrep -e 'cfagent.* segfault' /var/log/syslog*
/var/log/syslog.3.gz:Aug 27 07:31:52 bandit-hall kernel: cfagent[21610]:
segfault at 1e03e ip 0001e03e sp bfc3e26c error 4 in cfagent[8048000+a3000]
/var/log/syslog:Sep 4 07:01:46 corkscrew kernel: cfagent[1523]:
segfault at 0 ip sp bfed556c error 4 in cfagent[8048000+a3000]
/var/log/syslog:Sep 4 07:01:35 gothic-ave kernel: cfagent[15879]:
segfault at 1f201 ip 0001f201 sp bfea7d2c error 4 in cfagent[8048000+a3000]
--
Rick Nelson
* Dry-ice can't code his way out of a paper bag
Coderjoe dry-ice: int main() { ExitPaperBag(); return 0; }
Knghtbrd Is that how that's done then? *takes notes*
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482439: cfengine2: There are still a ton of segfaults
On Fri, 29 Aug 2008, Morten Werner Forsbring wrote: Hi, Howdy I've fetched a patch from upstream which fixes a leaking file descriptor, can you test the packages on my homepage [1]? Sure, but not until Tuesday ... the home machines seem to be doing ok after the last round of updates - and the office is powered down this 3day weekdend -- Rick Nelson SomeLamer what's the difference between chattr and chmod? SomeGuru SomeLamer: man chattr 1; man chmod 2; diff -u 1 2 | less -- Seen on #linux on irc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482439: cfengine2: There are still a ton of segfaults
On Mon, 25 Aug 2008, Morten Werner Forsbring wrote: Cfengine2 2.2.8-1 was uploaded to unstable a few days ago, are you able to test this version as well? Upstream claims that they have been fixing an important threading error that has become apparent with the influx of multicore processors. It seems to have reduced the frequency of segfaults, but do still see them, I'll be happy to run more tests - if they provide anything of value Aug 25 13:31:39 gothic-ave kernel: cfagent[17766]: segfault at 1f201 ip 0001f201 sp bfe5d4dc error 4 in cfagent[8048000+a3000] Aug 25 07:33:01 corkscrew kernel: cfagent[30723]: segfault at 0 ip sp bfa660fc error 4 in cfagent[8048000+a3000] Aug 25 16:33:45 bandit-hall kernel: cfagent[14429]: segfault at 1e03e ip 0001e03e sp bf94277c error 4 in cfagent[8048000+a3000] -- Rick Nelson Well, since MS cant be sure of the username of someone downloading things, they are going to play it safe and have everything dowloaded and executed by Explorer as suid root. That way, it will run on ANY system anywhere. :) -- George Bonser [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492427: heimdal: Library symbol version information is missing again
Package: heimdal Version: 1.2.dfsg.1-1 Severity: critical Justification: breaks unrelated software After Heimdal 1.1 went in, and libpam-heimdal was compiled against it - I lost ssh access to local and remote machines due to sshd segfaulting. The problem was traced down and the culprit was missing library version symbols on libkrb5.so - because openssh is linked against MIT, and when pam calls libpam-heimdal, which uses Heimdal libs... bad stuff happens :( Heimdal was rebuilt to have the symbol versions: $ readelf -s /usr/lib/libkrb5.so.24 | grep HEIMD | head -n 3 6: 97 FUNCGLOBAL DEFAULT UND [EMAIL PROTECTED] (5) 11: 19 FUNCGLOBAL DEFAULT UND [EMAIL PROTECTED] (5) 18: 220 FUNCGLOBAL DEFAULT UND [EMAIL PROTECTED] (5) Unfortunately, libpam-heimdal was never rebuilt - so I did my own packages to allow remote access again. Then comes Heimdal 1.2, and a re-build of rdeps was schedule to help clean things up for the freeze... I installed the new libpam-heimdal and am once again screwed. Can we get * the library version symbols re-instated * rdeps rebuilt * impliment some checking for this in the package build scripts Thanks, -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489317: pymsnt: Will not start
On Tue, 15 Jul 2008, Sam Morris wrote: I also see the problem in #488769, but see this, so far, unreported issue: sh-3.2# /etc/init.d/pymsnt start Starting MSN transport for Jabber: Traceback (most recent call last): File /usr/share/pymsnt/PyMSNt.py, line 13, in module import main File /usr/share/pymsnt/src/main.py, line 75, in module del sys.modules[twisted.internet.reactor] KeyError: 'twisted.internet.reactor' It looks like this happens if you have specified a particular reactor in the config file--is this the case? If so, can you try commenting out the reactor element and see what happens? It now starts, but doesn't contact msn - the transport says: (22:34:41) msn.cavein.org: Failed to connect to MSN servers: [Failure instance: Traceback (failure with no frames): exceptions.Exception: Timeout] and the log file has the familar error: exceptions.AttributeError: 'module' object has no attribute 'removePID' -- Rick Nelson Never trust an operating system you don't have sources for. ;-) -- Unknown source -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489308: pyaimt: Does not work with python2.5/python-twisted... no twistd.removePID
Package: pyaimt Version: 0.8a-6 Severity: grave Justification: renders package unusable [2008-07-04 21:16:13] Traceback (most recent call last): File /usr/lib/python2.5/site-packages/twisted/internet/base.py, line 105 self.runUntilCurrent() File /usr/lib/python2.5/site-packages/twisted/internet/base.py, line 705 call.func(*call.args, **call.kw) File /usr/lib/python2.5/site-packages/twisted/internet/defer.py, line 24 self._startRunCallbacks(result) File /usr/lib/python2.5/site-packages/twisted/internet/defer.py, line 31 self._runCallbacks() --- exception caught here --- File /usr/lib/python2.5/site-packages/twisted/internet/defer.py, line 32 self.result = callback(self.result, *args, **kw) File /usr/share/pyaimt/src/main.py, line 443, in cb twistd.removePID(config.pid) exceptions.AttributeError: 'module' object has no attribute 'removePID' -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25.10 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pyaimt depends on: ii adduser 3.108 add and remove users and groups ii lsb-base 3.2-12 Linux Standard Base 3.2 init scrip ii python-central 0.6.7 register and build utility for Pyt ii python-crypto2.0.1+dfsg1-2.1 cryptographic algorithms and proto ii python-openssl 0.7-2 Python wrapper around the OpenSSL ii python-twisted 8.1.0-1 Event-based framework for internet ii python-twisted-web 8.1.0-1 An HTTP protocol implementation to ii python-twisted-words 8.1.0-1 Chat and Instant Messaging Versions of packages pyaimt recommends: ii python-imaging1.1.6-3Python Imaging Library ii python-mysqldb1.2.2-7A Python interface to MySQL ii python-nevow 0.9.31-2 Web application templating system -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489311: pyicqt: Broken on current unstable
Package: pyicqt Version: 0.8b-4 Severity: grave Justification: renders package unusable [2008-07-04 21:32:16] Traceback (most recent call last): File /usr/lib/python2.5/site-packages/twisted/internet/base.py, line 105 self.runUntilCurrent() File /usr/lib/python2.5/site-packages/twisted/internet/base.py, line 705 call.func(*call.args, **call.kw) File /usr/lib/python2.5/site-packages/twisted/internet/defer.py, line 24 self._startRunCallbacks(result) File /usr/lib/python2.5/site-packages/twisted/internet/defer.py, line 31 self._runCallbacks() --- exception caught here --- File /usr/lib/python2.5/site-packages/twisted/internet/defer.py, line 32 self.result = callback(self.result, *args, **kw) File /usr/share/pyicqt/src/main.py, line 437, in cb twistd.removePID(config.pid) exceptions.AttributeError: 'module' object has no attribute 'removePID' -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25.10 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pyicqt depends on: ii adduser 3.108 add and remove users and groups ii lsb-base 3.2-12 Linux Standard Base 3.2 init scrip ii python 2.5.2-1 An interactive high-level object-o ii python-crypto2.0.1+dfsg1-2.1 cryptographic algorithms and proto ii python-openssl 0.7-2 Python wrapper around the OpenSSL ii python-support 0.8.4 automated rebuilding support for P ii python-twisted 8.1.0-1 Event-based framework for internet ii python-twisted-web 8.1.0-1 An HTTP protocol implementation to ii python-twisted-words 8.1.0-1 Chat and Instant Messaging Versions of packages pyicqt recommends: ii python-imaging1.1.6-3Python Imaging Library ii python-mysqldb1.2.2-7A Python interface to MySQL ii python-nevow 0.9.31-2 Web application templating system -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489317: pymsnt: Will not start
Package: pymsnt Version: 0.11.3-1.1 Severity: grave Justification: renders package unusable I also see the problem in #488769, but see this, so far, unreported issue: # /etc/init.d/pymsnt stop Stopping MSN transport for Jabber: No python found running; none killed. sh-3.2# cp /dev/null * sh-3.2# /etc/init.d/pymsnt start Starting MSN transport for Jabber: Traceback (most recent call last): File /usr/share/pymsnt/PyMSNt.py, line 13, in module import main File /usr/share/pymsnt/src/main.py, line 75, in module del sys.modules[twisted.internet.reactor] KeyError: 'twisted.internet.reactor' -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25.10 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pymsnt depends on: ii adduser 3.108 add and remove users and groups ii python 2.5.2-1 An interactive high-level object-o ii python-central 0.6.7 register and build utility for Pyt ii python-crypto2.0.1+dfsg1-2.1 cryptographic algorithms and proto ii python-openssl [python-p 0.7-2 Python wrapper around the OpenSSL ii python-pyopenssl 0.7-2 transitional dummy package ii python-twisted 8.1.0-1 Event-based framework for internet Versions of packages pymsnt recommends: ii python-imaging1.1.6-3Python Imaging Library -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482439: cfengine2: There are still a ton of segfaults
On Wed, 25 Jun 2008, Morten Werner Forsbring wrote: ==12662== Invalid read of size 1 ==12662==at 0x80778C8: (within /usr/sbin/cfagent) ==12662==by 0x8077A8A: (within /usr/sbin/cfagent) ==12662==by 0x807A48E: (within /usr/sbin/cfagent) ==12662==by 0x8053AC0: (within /usr/sbin/cfagent) ==12662==by 0x8053ECC: (within /usr/sbin/cfagent) ==12662==by 0x431A44F: (below main) (libc-start.c:222) ==12662== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==12662== ==12662== Process terminating with default action of signal 11 (SIGSEGV) ==12662== Access not within mapped region at address 0x0 Hi, and sorry for this late reply. Have you tested if this is improved with 2.2.7-1 of cfengine? I don't see it on the servers (amd64), but it persists on the client (x86-32) boxen - now with about the same regularity (ie, not every single run, but a couple times a day) - so much better than before :) The work clients get this: Jun 26 00:31:37 corkscrew kernel: cfagent[18939]: segfault at 0 ip sp bff455bc error 4 in cfagent[8048000+b3000] Jun 26 01:01:46 corkscrew kernel: cfagent[24563]: segfault at 0 ip sp bfd19b8c error 4 in cfagent[8048000+b3000] and Jun 25 17:31:21 gothic-ave kernel: cfagent[8895]: segfault at 1f201 ip 0001f201 sp bfe524ac error 4 in cfagent[8048000+b3000] Jun 25 18:01:37 gothic-ave kernel: cfagent[15938]: segfault at 1f201 ip 0001f201 sp bfb0a16c error 4 in cfagent[8048000+b3000] At home, I see this instead: Jun 26 00:31:21 sparks-ave kernel: cfagent[24499]: segfault at dbdbdbdb ip dbdbdbdb sp bfa5c0cc error 15 Jun 26 01:01:28 sparks-ave kernel: cfagent[27125]: segfault at dbdbdbdb ip dbdbdbdb sp bf830eac error 15 The shining light, if there is one is that they problems look to be always the same failure (address/ip) - looks to be a bad branch ? I can run a bit via valgrind if it'll help -- Rick Nelson * |Rain| prepares for polygon soup |Rain| sweet merciful crap, it works? * |Rain| faints -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482919: svnmailer: Broken with python 2.5
Package: svnmailer Version: 1.0.8-8 Severity: grave Justification: renders package unusable After thinking my mail-news gateway was mis-behaving, I found the real culprit... svnmailer /srv/repos/svn/config/hooks/post-commit /srv/repos/svn/config 181 One or more notifiers crashed. You may want to send the following traceback(s) to the author: -- Notifier: svnmailer.util.URLTruncatingDecorator Revision: 181 Groups: [u'config'] Traceback (most recent call last): File /var/lib/python-support/python2.5/svnmailer/main.py, line 101, in run notifier.run() File /var/lib/python-support/python2.5/svnmailer/notifier/_mail.py, line 62, in run for mail in self.getMails(): File /var/lib/python-support/python2.5/svnmailer/notifier/_mail.py, line 83, in getMails for mail in self.composeMail(): File /var/lib/python-support/python2.5/svnmailer/notifier/_multimail.py, line 163, in composeMail self.writeNotification() File /var/lib/python-support/python2.5/svnmailer/notifier/_mail.py, line 96, in writeNotification self.writeDiffList() File /var/lib/python-support/python2.5/svnmailer/notifier/_multimail.py, line 221, in writeDiffList super(MultiMailNotifier, self).writeDiffList() File /var/lib/python-support/python2.5/svnmailer/notifier/_text.py, line 183, in writeDiffList self.writeContentDiff(change) File /var/lib/python-support/python2.5/svnmailer/notifier/_multimail.py, line 520, in writeContentDiff self.__super.writeContentDiff(change) File /var/lib/python-support/python2.5/svnmailer/notifier/_multimail.py, line 240, in writeContentDiff self.diff_file_list.append(DiffDescriptor(self, tmpfile, change)) File /var/lib/python-support/python2.5/svnmailer/notifier/_multimail.py, line 629, in __init__ enc1, enc2 = notifier.getContentEncodings(change, None) File /var/lib/python-support/python2.5/svnmailer/notifier/_base.py, line 348, in getContentEncodings from encodings import exceptions ImportError: cannot import name exceptions -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24.4 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages svnmailer depends on: ii python 2.5.2-1 An interactive high-level object-o ii python-subversion 1.4.6dfsg1-4 Python bindings for Subversion ii python-support 0.8.1automated rebuilding support for P svnmailer recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#482439: cfengine2: There are still a ton of segfaults
Package: cfengine2 Version: 2.2.6-1 Severity: grave Justification: renders package unusable + possible data loss ==12662== Invalid read of size 1 ==12662==at 0x80778C8: (within /usr/sbin/cfagent) ==12662==by 0x8077A8A: (within /usr/sbin/cfagent) ==12662==by 0x807A48E: (within /usr/sbin/cfagent) ==12662==by 0x8053AC0: (within /usr/sbin/cfagent) ==12662==by 0x8053ECC: (within /usr/sbin/cfagent) ==12662==by 0x431A44F: (below main) (libc-start.c:222) ==12662== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==12662== ==12662== Process terminating with default action of signal 11 (SIGSEGV) ==12662== Access not within mapped region at address 0x0 This happens on all (or most all) of my cf files - and nearly every cron cfagent run It also creates output like this on a few systems: sparks-ave: Running process command /bin/ps auxw - Alerts -Ãyð¿^R: Successful return: 0 Ãyð¿^R: Successful return: 0 -- System Information: Debian Release: 4.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.25.3 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages cfengine2 depends on: ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii debianutils 2.28.6 Miscellaneous utilities specific t ii libc6 2.7-11 GNU C Library: Shared libraries ii libdb4.6 4.6.21-8 Berkeley v4.6 Database Libraries [ ii libssl0.9.8 0.9.8g-10 SSL shared libraries ii lsb-base 3.2-12 Linux Standard Base 3.2 init scrip ii perl 5.8.8-12 Larry Wall's Practical Extraction cfengine2 recommends no packages. -- debconf information: * cfengine2/run_cfservd: true * cfengine2/run_cfenvd: false * cfengine2/run_cfexecd: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#481955: libpam-heimdal: Linked against version of heimdal without library symbols
Package: libpam-heimdal Version: 3.10-1 Severity: serious Justification: unknown - library versioning symbols This package just needs to be re-built on all non x86-32 arch's against the recent Heimdal libraries that correctly have symbol versioning A private build shows that this is the only issue -- System Information: Debian Release: 4.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-heimdal depends on: ii libc6 2.7-11 GNU C Library: Shared libraries ii libkrb5-24-heimdal1.1-3 Heimdal Kerberos - libraries ii libpam0g 0.99.7.1-6 Pluggable Authentication Modules l libpam-heimdal recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453241: still broken (and partly openssh's fault)
On Mon, 28 Apr 2008, Russ Allbery wrote: Brian May [EMAIL PROTECTED] writes: Can I please confirm what version of Heimdal you are using? The initial bug report seemed to quote the old version in testing, but here you seem to indicate the latest version in unstable. I just want to make sure. As far as I can tell, all exported symbols from libkrb5.24.0.0 use HEIMDAL_KRB5_1.0 for the versioned symbol name. ii heimdal-client 1.1-2 I'll check again tonight on amd64. The problem is specifically on amd64; if you're checking on i386, you may not see it. I wasn't seeing any symbol versioning in readelf. Indeed, I have no issues on i368, only amd64... though even on i386, I see a few @HEIMDAL_X509_1.0, $readelf -s /usr/lib/libkrb5.so.24 | grep HEIMDAL_ $readelf -s /usr/lib/libheimntlm.so.0 | grep HEIMDAL_ $readelf -s /usr/lib/libhx509.so.3 | grepp HEIMDAL_ Whereas on i386, I see HEIMDAL_KRB5_1.0, and HEIMDAL_X509_1.0 If OpenSSH is linked against MIT Kerberos, like you say, then simply proving that the segfault occurs inside MIT Kerberos is insufficient, unfortunately, because we have to expect OpenSSH may call MIT Kerberos functions at some point. In which case, the issue should show up on i386 as well, no? According to valgrind, the backtrace showed the segfaults definitely in functions called by libpam-heimdal, not by openssh itself. I'll include the backtrace when I get home and can reproduce it. gdb doesn't produce a usable backtrace (probably because of the library confusion). Only valgrind would work for me, and only with a rebuilt libpam-heimdal with debugging information. yes, I recompiled libpam-heimdal and ssh with debugging - gdb gave no helpful information at all, and I never thought to try valgrind -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453241: still broken (and partly openssh's fault)
On Mon, 21 Apr 2008, Russ Allbery wrote: I spent an hour this evening tracking this down. The problem is that Heimdal isn't using symbol versioning in its shared libraries. libpam-heimdal therefore binds to unversioned symbols, which works fine if the calling program doesn't load any other Kerberos library. However, OpenSSH is linked with MIT Kerberos, and therefore at run time the unversioned libpam-heimdal symbols are bound to the MIT Kerberos version of libkrb5 which is already loaded in memory and chaos ensues. valgrind was the debugging tool that finally gave me the necessary clue. The segfault kept showing up with backtraces inside libkrb5.3.3 instead of libkrb5.24.0.0. Thanks for the effort - and the education, I've used valgrind, but never for something like this This is a bug in the Debian Heimdal packages, I believe. They used to use symbol versioning precisely because of this problem; see Bug#205592 which was closed in 0.6-4. It looks like that was lost or dropped somewhere along the way. Most likely with the recent bump to the 1.x series - looks like a big source and packaging change; I ran into another fallout of the packaging change (already fixed) I'm copying Brian May on this. I think the bug should probably be reassigned to the heimdal source package. Reassigned... Fortunately, there aren't that many packages that depend upon Heimdal, as they'll all need rebuilding after Heimdal is updated. -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453241: still broken (and partly openssh's fault)
On Sun, 13 Apr 2008, Matthijs Mohlmann wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Can you try with ssh and debugging symbols on ? Probably you get more information with gdb then. Being that there are no debug packages for openssh, I rebuilt it on a current Sid machine (with debugging enabled). I'll ask also the upstream maintainer. Russ: Can you take a look at this bug report. It seems that sshd is segfaulting on AMD64 when using the libpam-heimdal module. I do not have a AMD64 box, so it's almost impossible for me to test. I found some odd news! After building openssh on a recent Sid box, the pam account module now works as expected - no segv :) This, along with the fact that there's a new openssh version (with supposed changes in this area), makes it seem like getting ssh rebuilt soon is a good idea ! However, the session module still blows chunks, and since it is called by the subordinate (unpriviledged) thread, I don't know how to trap it: Accepted publickey for renegade from 9.30.102.134 port 53147 ssh2 debug1: monitor_child_preauth: renegade has been authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 25 debug3: mm_request_receive entering debug3: mm_newkeys_from_blob: 0x7fee6df93ed0(128) debug2: mac_setup: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 0x7fee6df93ed0(128) debug2: mac_setup: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug1: temporarily_use_uid: 2007/2000 (e=0/2000) debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism debug1: restore_uid: 0/2000 debug3: PAM: opening session debug2: User child is on pid 30175 debug3: mm_request_receive entering debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering Program exited with code 0377. Note that it also fails if I do use GSSAPI (instead of ssh key, like the example shown above). Regards, Matthijs Mohlmann Richard Nelson wrote: Ah, a little more information - this segv only happens when using password authentication (ssh keys work fine) sshd_config has UsePAM yes PubkeyAuthentication yes PasswordAuthentication yes ChallengeResponseAuthentication no Richard Nelson wrote: # /usr/sbin/sshd -Dddd ~/log 21 Segmentation fault The last lines of log: debug3: mm_auth_password entering debug3: mm_request_send entering: type 11 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 12 debug3: mm_request_receive entering debug3: monitor_read: checking request 11 debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering gdb isn't very helpful Program received signal SIGSEGV, Segmentation fault. 0x2acda6fe7af2 in ?? () (gdb) bt #0 0x2acda6fe7af2 in ?? () #1 0x2acda692ad86 in ?? () #2 0x0050 in ?? () #3 0x0001 in ?? () #4 0x7fff05c7cf10 in ?? () #5 0x in ?? () (gdb) quit The program is running. Exit anyway? (y or n) y debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering I installed libpam-dbg, but still didn't get any information removing pam_krb5 from /etc/pam.d/common-auth fixes the problem -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIAb1n2n1ROIkXqbARAuG7AJ9glEncS6jvQie2UhnY4ya5Tk91HACbBKEp sgyobGhwwaO6vxCDg4TQb0U= =9KMZ -END PGP SIGNATURE- -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453241: After recent NMU, my amd64 box is inaccessable (pam_session/account)
Somehow, I didn't get a copy of your note, sorry it has taken so long :( Anyway, I downloaded and rebuilt for amd64 the package and ssh still segfaults :( libpam-krb, however works fine. -- Rick Nelson Oh, I've seen copies [of Linux Journal] around the terminal room at The Labs. -- Dennis Ritchie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453241: After recent NMU, my amd64 box is inaccessable (pam_session/account)
On Mon, 24 Dec 2007, Richard A Nelson wrote: libpam-krb, however works fine. For various (and poor) values of works fine - no segfault, but it does not obtain tokens: Dec 24 20:14:54 el-ghor sshd[27171]: (pam_krb5): none: bad time value for renew_lifetime: Invalid format of Kerberos lifetime or clock skew string Dec 24 20:14:54 el-ghor sshd[27171]: (pam_krb5): none: bad time value for ticket_lifetime: Invalid format of Kerberos lifetime or clock skew string -- Rick Nelson Check it out, send me comments, and dance joyously in the streets, -- Linus Torvalds announcing 2.0.27 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#453241: libpam-heimdal: After recent NMU, my amd64 box is inaccessable (pam_session/account)
Package: libpam-heimdal Version: 2.6-1+b1 Severity: critical Justification: breaks unrelated software The amd64 box is also the KDC, i386 box running as slave KDC, and i386 client boxen all are working fine with the same pam configuration. removing pam_krb5 from both the account and session stacks allows further ssh/etc access (auth works, and I've not yet tried password). The lines were: ... account [success=done default=ignore] pam_krb5.so minimum_uid=999 debug ... session optionalpam_krb5.so minimum_uid=999 debug ... I note that ssh always fails, telnet succeeds (but is only on a few of the boxes), I'm not sure about other remote access methods. Dropping back to 2.6-1 makes things work... Interestingly, there is an unexplained difference in ldd output: 2.6-1: linux-vdso.so.1 = (0x7fffc35fd000) libpam.so.0 = /lib/libpam.so.0 (0x2b60e75f) libkrb5.so.17 = /usr/lib/libkrb5.so.17 (0x2b60e77fa000) libcom_err.so.2 = /lib/libcom_err.so.2 (0x2b60e7952000) libc.so.6 = /lib/libc.so.6 (0x2b60e7b54000) libdl.so.2 = /lib/libdl.so.2 (0x2b60e7eb2000) libcrypto.so.0.9.8 = /usr/lib/libcrypto.so.0.9.8 (0x2b60e80b7000) libasn1.so.6 = /usr/lib/libasn1.so.6 (0x2b60e8444000) libroken.so.16 = /usr/lib/libroken.so.16 (0x2b60e8578000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x2b60e868c000) libresolv.so.2 = /lib/libresolv.so.2 (0x2b60e88c4000) libpthread.so.0 = /lib/libpthread.so.0 (0x2b60e8ad9000) /lib64/ld-linux-x86-64.so.2 (0x4000) libz.so.1 = /usr/lib/libz.so.1 (0x2b60e8cf5000) libdb-4.2.so = /usr/lib/libdb-4.2.so (0x2b60e8f0c000) 2.6-1+b1: linux-vdso.so.1 = (0x7fff26ffd000) libpam.so.0 = /lib/libpam.so.0 (0x2baa83d87000) libkrb5.so.22 = /usr/lib/libkrb5.so.22 (0x2baa83f91000) libcom_err.so.2 = /lib/libcom_err.so.2 (0x2baa8420) libc.so.6 = /lib/libc.so.6 (0x2baa84402000) libdl.so.2 = /lib/libdl.so.2 (0x2baa8476) libhx509.so.1 = /usr/lib/libhx509.so.1 (0x2baa84965000) libcrypto.so.0.9.8 = /usr/lib/libcrypto.so.0.9.8 (0x2baa84ba4000) libasn1.so.8 = /usr/lib/libasn1.so.8 (0x2baa84f31000) libroken.so.18 = /usr/lib/libroken.so.18 (0x2baa851b4000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x2baa853c8000) libresolv.so.2 = /lib/libresolv.so.2 (0x2baa8560) libpthread.so.0 = /lib/libpthread.so.0 (0x2baa85816000) /lib64/ld-linux-x86-64.so.2 (0x4000) libz.so.1 = /usr/lib/libz.so.1 (0x2baa85a31000) Th differences in libkrb5, libasn1, libroken are explainable by building against the newer heimdal-dev packages The missing libdb-4.2, however seems odd. -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-heimdal depends on: ii libc6 2.7-2 GNU C Library: Shared libraries ii libcomerr21.40.2-1 common error description library ii libkrb5-22-heimdal1.0.1-4Heimdal Kerberos - libraries ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l libpam-heimdal recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#445579: libpam-krb5-migrate-heimdal: Fails with recent heimdal packages (sid)
On Wed, 10 Oct 2007, Jelmer Vernooij wrote: Severity: grave Justification: renders package unusable /var/log/syslog is full of these: dovecot-auth: PAM unable to dlopen(/lib/security/pam_krb5_migrate.so) dovecot-auth: PAM [error: /lib/security/pam_krb5_migrate.so: undefined symbol: kadm5_get_policy] dovecot-auth: PAM adding faulty module: /lib/security/pam_krb5_migrate.so Thanks for the bugreport - I can reproduce this. Will hopefully upload a fixed version in the next ocuple of weeks. Any updates on this ? I know ftp-master is dead at the moment, but if you've built packages, I'd be happy to test them... I can test amd64 or i386 (my ppc box is not functional at the moment) -- Rick Nelson After watching my newly-retired dad spend two weeks learning how to make a new folder, it became obvious that intuitive mostly means what the writer or speaker of intuitive likes. (Bruce Ediger, [EMAIL PROTECTED], in comp.os.linux.misc, on X the intuitiveness of a Mac interface.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#443937: openafs-modules-source: Bizzare failures when building on a newer cc/glibc
On Mon, 15 Oct 2007, Chris Hanson wrote: From: Russ Allbery [EMAIL PROTECTED] We think we've tracked this down to not a kernel revision but the upgrade from gcc to 4.2, and specifically its treatment of signed integer overflow as undefined. Could you try this patch and see if it fixes the problem for you? I'm not the original reporter, but I experienced the same symptoms. I can confirm that the patch fixes the bug. Sorry, family health issues kept me offline for a while. However, the problem is indeed solved (and now I can build that .23 kernel as well) - thanks ! -- Rick Nelson Operating Systems Installed: * Debian GNU/Linux 2.1 4 CD Set ($20 from www.chguy.net; price includes taxes, shipping, and a $3 donation to FSF). 2 CDs are binaries, 2 CDs complete source code; * Windows 98 Second Edition Upgrade Version ($136 through Megadepot.com, price does not include taxes/shipping). Surprisingly, no source code is included. -- Bill Stilwell, http://linuxtoday.com/stories/8794.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#445579: libpam-krb5-migrate-heimdal: Fails with recent heimdal packages (sid)
Package: libpam-krb5-migrate-heimdal Version: 0.0.7-1 Severity: grave Justification: renders package unusable /var/log/syslog is full of these: dovecot-auth: PAM unable to dlopen(/lib/security/pam_krb5_migrate.so) dovecot-auth: PAM [error: /lib/security/pam_krb5_migrate.so: undefined symbol: kadm5_get_policy] dovecot-auth: PAM adding faulty module: /lib/security/pam_krb5_migrate.so And, of course, migration is not happening :( -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22.9 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-krb5-migrate-heimdal depends on: ii libc62.6.1-5 GNU C Library: Shared libraries ii libkadm5clnt4-heimdal0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos ii libkrb5-17-heimdal 0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l libpam-krb5-migrate-heimdal recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#443937: openafs-modules-source: Bizzare failures when building on a newer cc/glibc
On Mon, 24 Sep 2007, Russ Allbery wrote: Ah, okay, this, where you see some stuff and not others. Yeah, this was reported on the list as well, so with the additional details you gave, it means something broke in 2.6.22.6 on x86 and possibly in 2.6.22.5 on x86_64. that could be, I didn't have time to do earlier kernel releases before I left this evening - at the time I kinda thought the recent kernel-header issues might've been at fault, but since I build most kernels locally - I guess that doens't really make sense... but it has been a long month so far this week :) I'll follow up to the current mailing list discussion about this and see if we can get to the bottom of it. Cool, I'm relieved I'm not just hallucinating the whole thing Does the current Debian unstable kernel work? Good question ! I'll hopefully be back in the office a few hours tomorrow and will see if I can get that installed. -- Rick Nelson LackOfKan What are 'bots'? ``Erik rsg is a bot, not a human, not a human usable client, just a bot. ``Erik about the same as a quake bot, except irc bots are (usually) built to help, not shoot your ass full of holes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#443937: openafs-modules-source: Bizzare failures when building on a newer cc/glibc
Package: openafs-modules-source Version: 1.4.4.dfsg1-7 Severity: grave Justification: renders package unusable I just built a new x86_64 machine to bridge AFS/NFS/CIFS and after logging in to an AFS id, I found this: ls -l /u1/cobdev/cobbuild/ total 21 ?- ? ?? ?? /u1/cobdev/cobbuild/bin.tar ?- ? ?? ?? /u1/cobdev/cobbuild/cobol ?- ? ?? ?? /u1/cobdev/cobbuild/cobolw3 ?- ? ?? ?? /u1/cobdev/cobbuild/cobolw4 ?- ? ?? ?? /u1/cobdev/cobbuild/cobolw5 ?- ? ?? ?? /u1/cobdev/cobbuild/cobolwp ?- ? ?? ?? /u1/cobdev/cobbuild/nohup.out ?- ? ?? ?? /u1/cobdev/cobbuild/private ?- ? ?? ?? /u1/cobdev/cobbuild/scheduled ?- ? ?? ?? /u1/cobdev/cobbuild/windows drwxr-xr-x 2 cobbuild cobdev 2048 2007-09-06 14:34 AIX I thought it might be a 64bit, or new kernel issue, as 2.6.22.5 on my x86_32 box worked fine... However, using 2.6.22.5 on the _64 box still showed the error :( So I compiled 2.6.22.7 on the _32 box and see the exact same failure ! This likely coincides with the kernel-headers sharing 32bit and 64bit headers for portions - and I'm guessing is 32bit vs 64bit alignment and/or size issue. -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22.7 (SMP w/1 CPU core; PREEMPT) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openafs-modules-source depends on: ii bison 1:2.3.dfsg-5 A parser generator that is compati ii debhelper 5.0.56 helper programs for debian/rules ii flex2.5.33-12A fast lexical analyzer generator. ii kernel-package 11.001 A utility for building Linux kerne ii module-assistant0.10.11 tool to make module package creati openafs-modules-source recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#443937: openafs-modules-source: Bizzare failures when building on a newer cc/glibc
On Mon, 24 Sep 2007, Russ Allbery wrote: That output looks like you don't have a token. It's the output I'd expect from listing a directory that's listable but not readable. Do you actually have a token? What is the output from the tokens command and what are the ACLs on that directory? I thought about tokens initially - but some of the files are corrrect and readable, some (files and directories) completely unavailable. Here is a fresh attempt, to a _32 system: $ tokens Tokens held by the Cache Manager: User's (AFS ID 6976) tokens for [EMAIL PROTECTED] [Expires Sep 26 05:19] --End of list-- $ id uid=6976(cobbuild) gid=210(cobdev) groups=100(users),210(cobdev),666(ssh-user) === this is kerberos 4... thought they're working on moving the server from transarc to openafs === $ fs la Access list for . is Normal rights: system:anyuser rl cowboy rla === that'd be my primary id cobbuild rlidwka === the ID logged onto $ls -la ... -rw--- 1 cobbuild cobdev 2778 Jun 27 16:47 .bash_history ?- ? ?? ?? .bashrc-old -rw--- 1 cobbuild cobdev22 May 1 19:06 .dbxhist ?- ? ?? ?? .envfile -rw-r--r-- 1 cobbuild cobdev20 Jul 14 2005 .forward ?- ? ?? ?? .lesshst -rwxr-xr-x 1 cobbuild cobdev 302 Feb 14 2007 .logout ?- ? ?? ?? .netrc ?- ? ?? ?? .plan ... If I reboot back to the 2.6.22.5 kernel/afs modules, things work just fine: $ls -la ... -rw--- 1 cobbuild cobdev 2778 2007-06-27 16:47 .bash_history -rw-r--r-- 1 cobbuild cobdev 3165 2007-02-20 23:04 .bashrc-old -rw--- 1 cobbuild cobdev22 2007-05-01 19:06 .dbxhist -rwxr-xr-- 1 cobbuild cobdev 2103 2007-02-05 17:49 .envfile -rw-r--r-- 1 cobbuild cobdev20 2005-07-14 10:42 .forward -rw--- 1 cobbuild cobdev77 2007-06-26 23:00 .lesshst -rwxr-xr-x 1 cobbuild cobdev 302 2007-02-14 17:14 .logout lrwxr-xr-x 1 cobbuild cobdev14 2007-07-10 13:21 .netrc - private/.netrc -rwxrwxrwx 1 cobbuild cobdev 1470 2007-09-24 00:40 .plan ... This likely coincides with the kernel-headers sharing 32bit and 64bit headers for portions - and I'm guessing is 32bit vs 64bit alignment and/or size issue. This is unlikely given that AFS has worked fine on x86_64 and x86 for years and nothing changed about this in the latest AFS release. I expect it's something else. The x86_64 kernel is rather different from the x86 kernel. Yes, I run both - and haven't had any problems for years - until now... and istr issues on the lists/irc relating to problems due to using _64 headers on _32 systems... I hadn't actually rebuilt a kernel/module in a while... since 2.6.22.5, so I'm not sure when it exactly started. Anyway, this is fairly new, and totally repeatable, here, on _32 and _64 systems: 2.6.22.5 = kernel = 2.6.22.7, libc6 2.6.1-5, gcc 4.2.1-5 -- Rick Nelson I did this 'cause Linux gives me a woody. It doesn't generate revenue. (Dave '-ddt-` Taylor, announcing DOOM for Linux) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427549: sendmail-bin: Sendmail 8.14.1-4 and 8.14.1-2 don't start: Segmentation fault
On Wed, 6 Jun 2007, Wolfgang Pfeiffer wrote: changed. Now /etc/nsswitch.conf looks like this: passwd: files group: compat shadow: files Sorry, I should've said replace all compat by files having compat in group: will still cause the db mixup So I'll go back to where I was to get a running sendmail again ... :) The price of living on testing... especially when the primary build machine is out of comission. I find unstable to often be more stable that testing; but then I need to be on the bleeding edge. The real problem here is that libdb4.5 on ppc is downlevel - it has no ELF symbol versioning. And since sendmail was built with libdb4.5, it will cause the problem you see when libnss-db later loads db4.3 :( So we might have a missing dependency on a special version of libdb4.5 for the latest sendmail packages ? no, sendmail has a dependancy on: libdb-4.5.so = /usr/lib/libdb-4.5.so (0x0feb7000) it is just that the version of libdb currently on powerpc is broke - and sendmail was built against that broken libdb. Unless you happen to be using compat, you wouldn't see the issue. My setup is 'files ldap', so I never saw the problem see ... I'm too tired by now to even consider a stock Debian kernel install ... :) No need, it *is* the library issue - we already had the issue on i386, and removing compat fixed the problem; and the strace matches yours. I just saw they're at 2.6.22 already at kernel.org .. :) 2.6.21 stable, 2.6.22-rc4 -- Rick Nelson Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427549: sendmail-bin: Sendmail 8.14.1-4 and 8.14.1-2 don't start: Segmentation fault
Can you send another strace -f ? -- Rick Nelson Knghtbrd I really don't want much at all... Just a kind word, an attractive woman, and UNLIMITED BANDWIDTH!! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427549: sendmail-bin: Sendmail 8.14.1-4 and 8.14.1-2 don't start: Segmentation fault
On Tue, 5 Jun 2007, Wolfgang Pfeiffer wrote:
Not very helpful, can you provide a strace of the failing command ?
Strace is attached.
Eep, can you redo that with strace -f (to follow the child)?
the only help this gives is:
waitpid(-1, [{WIFSIGNALED(s) WTERMSIG(s) == SIGSEGV}], WNOHANG) = 10626
but we already knew that was the failure mode :)
No problems with 8.13.8-3, except the one that annoys all
latest sendmail versions, when running 'sendmailconfig':
makemap: /etc/mail/authinfo.new.db: line 4: key authinfo:mail.[removed].de:
duplicate key
And which of those duplicate keys is getting use for your authentication
information? I hope they are the same - in which case, why is it
duplicated ?
No, they're not the same: 2 different mailboxes: 2 different user
names, and both have their own authentication passwds. But these accounts
are using the same smtp server, so that's probably why sendmail is
complaining about a duplicate key.
Exactly
Here's how the relevant lines in
/etc/mail/authinfo currently look like - sort of (after changing mail ..
(in my first message) to smtp ... server name, as mail .. was
wrong ...) :
AuthInfo:smtp.[sameserver].de U:userone P:passwordone M:PLAIN LOGIN
AuthInfo:smtp.[sameserver].de U:usertwo P:passwordtwo M:PLAIN LOGIN
Wrong syntax?
No, I think it is just an misunderstanding of how the feature works.
Please peruse /usr/share/doc/sendmail/cf.README.gz, especially the
section 'Providing SMTP AUTH Data when sendmail acts as Client'
That info, coupled with the fact that access/authinfo are keyed by
name/IP means that will only ever actually use one of those entries.
Sendmail does not save the credentials from server mode (receiving
mail) and re-use them when in client mode (sending mail) - that would
make coattailing, connection caching, etc. worthless.
So you really only have one client-server authentication ID - ie, for
my systems, I do user based authentication for receipt and relaying,
and use authinfo to verify one sendmail server to another - which also
then allows relaying (since the server is trusted).
I also wonder why there are several authinfo.db in here:
/etc/mail/authinfo.db and /etc/mail/authinfo.new.db
Right, had the update worked (no makemap errors), you would only see the
one 'authinfo.db' file... To make sure files don't get trashed, the
makefile always creates a new file, and once convinced it is good, moves
the new file to the old (proper) name.
Not a (to me) known problem, but please make sure you are upto date
maintenance wise (my machines are all running sid, not testing).
I'm running unstable. With the usual procedure: some packages can't be
updated at times, for missing dependencies. Which will then be done
later when dependencies are fine. But now most of the packages on this
machine should be relatively fresh ...
Unstable, interesting - my ppc box is also running unstable, but with a
64bit kernel; the libraries and binaries are the same on both our boxes -
32bit for the most part.
So I'm kinda at a loss as to why you see the failure and I don't :(
Still anything that comes to mind that might be missing here for this
new sendmail-version?
Not yet, the trace will hopefully help alot... though, iirc, you are
running a custom built kernel; can you possibly try with a stock Debian
kernel (they come in 32/64 bit UNI/SMP, and even a Prep).
Failing trying another kernel, what Debian kernel would get me the
closest to your setup?
It is possible that sendmail's use of timers, or other assumed Linux
features could cause breakage on a kernel that doesn't support that
feature.
--
Rick Nelson
edLin LWE?
edLin Linux W?? E??
seeS will eatyou
JHM World Expo?
edLin i see
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427549: sendmail-bin: Sendmail 8.14.1-4 and 8.14.1-2 don't start: Segmentation fault
On Tue, 5 Jun 2007, Wolfgang Pfeiffer wrote:
Eep, can you redo that with strace -f (to follow the child)?
Yes. I've attached the output.
Ah, much better...
3943 open(/usr/lib/libnss_db.so.2, O_RDONLY) = 4
3943 read(4,
\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\24\0\0\0\1\0\0\23...,
512) = 512
3943 fstat64(4, {st_mode=S_IFREG|0644, st_size=23000, ...}) = 0
3943 mmap(0xf6f9000, 88012, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE,
4, 0) = 0xf6f9000
3943 mprotect(0xf6ff000, 61440, PROT_NONE) = 0
3943 mmap(0xf70e000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x5000) = 0xf70e000
3943 close(4) = 0
3943 access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or
directory)
3943 open(/usr/lib/libdb-4.3.so, O_RDONLY) = 4
3943 read(4,
\177ELF\1\2\1\0\0\0\0\0\0\0\0\0\0\3\0\24\0\0\0\1\0\1\274...,
512) = 512
3943 fstat64(4, {st_mode=S_IFREG|0644, st_size=1022832, ...}) = 0
3943 mmap(0xf5dc000, 1099776, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xf5dc000
3943 mprotect(0xf6d2000, 65536, PROT_NONE) = 0
3943 mmap(0xf6e2000, 16384, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xf6000) = 0xf6e2000
3943 mmap(0xf6e6000, 10240, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6e6000
3943 close(4) = 0
3943 munmap(0x3003, 65926) = 0
3943 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
I'm guessing you have compat for passwd/shadow in /etc/nsswitch.conf
If so, can you replace compat with files (or do you actually make use of
NIS/NIS+ groups)?
The real problem here is that libdb4.5 on ppc is downlevel - it has no
ELF symbol versioning. And since sendmail was built with libdb4.5, it
will cause the problem you see when libnss-db later loads db4.3 :(
Unfortunately, the powerpc build daemon is current not quite upto snuff,
and things are lagging.
I've got someone building a new libdb4.5, and then I might be able to
get sendmail built on my box.
This'll likely be a few days, however - so do try changing compat to
files if you can.
Not yet, the trace will hopefully help alot... though, iirc, you are
running a custom built kernel; can you possibly try with a stock Debian
kernel (they come in 32/64 bit UNI/SMP, and even a Prep).
If nothings else helps: Yes. I don't like the stock Debian kernels.
Yeah, I tend to not use them myself - Though I always have the latest
one 'in case of emergency' :)
However, I just got the ppc box up, so haven't as yet built my own.
But I booted the machine with various self-built other kernel images:
All versions being around 2.6.17/2.6.18, IIRC: I always got an error
similar to the one already reported, i.e. Segmentation fault, IIRC,
of sendmail when trying to get up while booting.
Right, it is a library issue
Is there a special config option needed to be enabled in recent
kernels for this new sendmail version? If yes I'd prefer to compile my
own kernel, with the needed switch on - I intend to do this anyway
since quite some time, since 2.6.18 is really getting old now, perhaps
2.6.21 is in unstable (I'm running it now).
PS:
I just removed the second authinfo line that let sendmail complain
about it, did a
# makemap hash /etc/mail/authinfo /etc/mail/authinfo
# sendmailconfig
and the latter ended with a second crash, like that:
Yes, the two issues are completely unrelated.
--
Rick Nelson
* athener calls Amnesty International House of Pancakes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427549: sendmail-bin: Sendmail 8.14.1-4 and 8.14.1-2 don't start: Segmentation fault
tag 427549 moreinfo thanks, On Mon, 4 Jun 2007, Wolfgang Pfeiffer wrote: Package: sendmail-bin Version: 8.14.1-4 Severity: grave Justification: renders package unusable Hi Hello I get this with 8.14.1-4: # /etc/init.d/sendmail start Starting Mail Transport Agent (MTA): sendmail/etc/init.d/sendmail: line 224: 24144 Segmentation fault $CMD Not very helpful, can you provide a strace of the failing command ? No problems with 8.13.8-3, except the one that annoys all latest sendmail versions, when running 'sendmailconfig': makemap: /etc/mail/authinfo.new.db: line 4: key authinfo:mail.[removed].de: duplicate key And which of those duplicate keys is getting use for your authentication information? I hope they are the same - in which case, why is it duplicated ? Architecture: powerpc (ppc) This code is running fine for me on: x86-i686 x86-amd64 powerpc64 Kernel: Linux 2.6.18-rc4-060811-dirty Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages sendmail-bin depends on: ii libc62.5-9 GNU C Library: Shared libraries ii libdb4.5 4.5.20-1Berkeley v4.5 Database Libraries [ ii libldap2 2.1.30-13.4 OpenLDAP libraries ii liblockfile1 1.06.1 NFS-safe locking library, includes ii libsasl2-2 2.1.22.dfsg1-10 Authentication abstraction library ii libssl0.9.8 0.9.8e-5SSL shared libraries ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra Not a (to me) known problem, but please make sure you are upto date maintenance wise (my machines are all running sid, not testing). If the problem persists, I'll need to see the strace output. -- Rick Nelson #if _FP_W_TYPE_SIZE 32 #error Here's a nickel kid. Go buy yourself a real computer. #endif -- linux/arch/sparc64/double.h -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427555: openafs-modules-source: FTFBS on powerpc64 (2.6.18 and 2.6.21)
On Mon, 4 Jun 2007, Russ Allbery wrote:
Could you try the following patch and see if that resolves the build
problem for you?
Indeed it does (once I remembered to tell m-a to not re-unpack the
tarball :) - I've not got my own kernel builds on ppc (just got the box
going).
Thanks for the quick update - I've now got AFS tokens, and am able to
edit files on /afs/...
--- src/libafs/make_kbuild_makefile.pl 2006-11-02 19:37:59.0 -05
+++ src/libafs/make_kbuild_makefile.pl.ppc 2007-06-04 17:56:41.0
@ -79,7 +79,7 @
foreach (@objects) {
die No source known for $_\n unless exists $deps{$_};
if($deps{$_} =~ /\.s$/) {
- ($src = $_) =~ s/\.o$/.s/;
+ ($src = $_) =~ s/\.o$/.S/;
} else {
($src = $_) =~ s/\.o$/.c/;
}
--
Rick Nelson
Not me, guy. I read the Bash man page each day like a Jehovah's Witness reads
the Bible. No wait, the Bash man page IS the bible. Excuse me...
-- More on confusing aliases, taken from comp.os.linux.misc
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#425700: sendmail_8.14.1-4(ia64/unstable): FBTFS: = has no left operand
On Wed, 23 May 2007, Martin Michlmayr wrote: * [EMAIL PROTECTED] [EMAIL PROTECTED] [2007-05-23 06:48]: from editmap.c:41: ../../include/sm/conf.h:1478:27: error: operator '=' has no left operand ../../include/sm/conf.h:1527:27: error: operator '=' has no left operand This is because of headers, see #425595 Yes, a user reported this, so I added (and it is in -4) Build-Depends: make ( 3.79.1-14), m4, patch, debhelper (= 4.1.68), linux-kernel-headers Ah Package: linux-libc-dev Source: linux-2.6 Version: 2.6.21-2 Replaces: linux-kernel-headers, linux-libc-headers Provides: linux-kernel-headers Conflicts: linux-kernel-headers, linux-libc-headers So, the mess gets worse - postfix, sendmail, gcj, and a plethor of other packages :( In general, I agree with Steve's comment about user code and the linux/* header space. However, I don't see a workaround for sendmail/postfix - who are looking not at the running kernel, but for a working feature set indication... And there is not current API that I am aware of that provides this, other than the headers :( Yes, I understand that the linux/* header set may not match the extant kernel :( Worse, some of the items tested for (does flock() work) aren't exactly the kinds of things you *would* have in capabilities string - even if we actually had one. A few examples from sendmail, with annotations: # if (LINUX_VERSION_CODE = KERNEL_VERSION(2,2,19)) # define SM_CONF_SHM 1 /* Shared memory broke before this */ # if LINUX_VERSION_CODE 66399 #define HASFLOCK0 /* flock(2) is broken after 0.99.13 */ # if (LINUX_VERSION_CODE KERNEL_VERSION(2,4,0)) # define HASFLOCK 1 /* flock(2) fixed after 1.3.95 */ # else /* (LINUX_VERSION_CODE KERNEL_VERSION(2,4,0)) */ # define HASFLOCK 0 /* flock(2) is broken (again) after 2.4.0 */ # if (LINUX_VERSION_CODE = KERNEL_VERSION(2,0,0)) # ifndef HASURANDOMDEV #define HASURANDOMDEV 1 /* 2.0 (at least) has linux/drivers/char/random.c */ The list goes on, but the idea is that, however unfortunate, sometimes a system application needs to know what it can expect from the kernel, and the library: #else /* (GLIBC_VERSION = 0x201) */ # include linux/in6.h /* IPv6 support */ #if (GLIBC_VERSION = 0x201 !defined(NEEDSGETIPNODE)) /* Have APIs in netdb.h, but no support in glibc */ # define NEEDSGETIPNODE 1 I have a few possible fixes: Can we get linux-libc-dev to *NOT* provide linux-kernel-headers ? Although, I think the *BEST* idea would be for linux-libc-dev to actually define LINUX_VERSION_CODE to the lowest level of kernel that is supported (now, what - 2.6.18?). For sendmail, postfix, and I'm sure some of the others, the only remaining alternative (and I've not yet tried it) is for the maintainer to add -DLINUX_VERSION_CODE=2.6.18 in decimal format This alternative is going to bite us in the future, if we again have an issue like flock() breaking on certain kernels. -- Rick Nelson Manoj shaleh: I am not, despite your implication, God -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405917: sendmail: FTBFS: Doesn't build anything.
On Sun, 7 Jan 2007, Kurt Roeckx wrote:
Your package is failing to build. It doesn't seem to be trying to build
anything after this:
# which, if any of the dependant libraries each component needs)
for subdir in editmap libmilter mail.local mailstats makemap praliases rmail
sendmail smrsh vacation; do \
if [ -d build-tree/sendmail-8.14.0~Beta4/${subdir} ]; then \
(cd build-tree/sendmail-8.14.0~Beta4/${subdir}
./Build -S;); \
fi; \
What shell is this being run in ? I'm wondering if the ~ in the path is
causing problems for whatever shell is active... if it can't stat the
directory, then nothing will be built.
I probably should not have let the ~Beta4 show through the path, I'll
try locall to see if things work if I leave that out.
--
Rick Nelson
JHM Somehow I have more respect for 14 year old Debian developers than
14 year old Certified Microsoft Serfs.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404489: sendmail-bin: Fails to upgrade, not starting now
On Tue, 26 Dec 2006, Fourat Zouari wrote: Package: sendmail-bin Version: 8.13.8-3 Severity: critical Justification: breaks unrelated software Eh? and how did it manage to break unrelated software ?!?! I meant to say that other unrelated software breaks like subversion, trac, hylafax .. Maybe the term 'unrelated' isnt where it should be. The only thing broken is, apparently, sending mail - so anything that tries to send mail will get connection refused. I tryed to upgrade with apt-get dist-upgrade An indication of from whence you started would be of help here... dev:~# uname -a Linux dev.tritux.com 2.6.8-3-386 #1 Thu Sep 7 05:39:52 UTC 2006 i686 GNU/Linux That tells me nothing about where you started wrt sendmail and dpkg ! dev:~# dpkg -l|grep dpkg ii apt0.6.46.4Advanced front-end for dpkg ii dpkg 1.13.24 package maintenance system for Debian ii dpkg-dev 1.13.24 package building tools for Debian Odd, I have the same versions of apt and dpkg - and those seem to be the only two involved in this issue: $dpkg -S `which start-stop-daemon` dpkg: /sbin/start-stop-daemon Can you apt-get --reinstall install sendmail-bin and see if it now works ? Ok, so you're still seenig the same start-stop-daemon error :( what is the output of: $ls -l `which start-stop-daemon` here, I see -rwxr-xr-x 1 root root 18504 Oct 13 06:41 /sbin/start-stop-daemon Also, I'd like to see the output of: sh -x /etc/init.d/sendmail start -- Rick Nelson Teller where am I and what am I doing in this handbasket? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404489: sendmail-bin: Fails to upgrade, not starting now
On Tue, 26 Dec 2006, Fourat Zouari wrote: Ok, so you're still seenig the same start-stop-daemon error :( what is the output of: $ls -l `which start-stop-daemon` here, I see -rwxr-xr-x 1 root root 18504 Oct 13 06:41 /sbin/start-stop-daemon dev:~# which start-stop-daemon /usr/local/sbin/start-stop-daemon dev:~# dpkg -S `which start-stop-daemon` dpkg: /usr/local/sbin/start-stop-daemon introuvable. It's in frensh, it says that the file doesn't exist, strange !! see : dev:~# ls -l `which start-stop-daemon` -rwxr-xr-x 1 root staff 29991 2006-12-21 23:07 /usr/local/sbin/start-stop-daemon the file does exist ! dev:~# whereis start-stop-daemon start-stop-daemon: /sbin/start-stop-daemon /usr/local/sbin/start-stop-daemon /usr/share/man/man8/start-stop-daemon.8.gz so, you have somehow managed to have a localized start-stop-daemon Do things work ok if you remove /usr/local/sbin from your path ? sh -x /etc/init.d/sendmail start [...] + START_MTAL_CMD='start-stop-daemon --pidfile /var/run/sendmail/mta/sendmail.pid--exec /usr/sbin/sendmail-mta --startas /usr/sbin/sendmail-mta --start' + STOP_MTAL_CMD='start-stop-daemon --pidfile /var/run/sendmail/mta/sendmail.pid--name sendmail-mta --stop' + SIGNAL_MTAL_CMD='start-stop-daemon--pidfile /var/run/sendmail/mta/sendmail.pid--name sendmail-mta --stop' + START_MTAQ_CMD='start-stop-daemon --pidfile /var/run/sendmail/mta/queue.pid --make-pidfile --exec /usr/sbin/sendmail-mta --startas /usr/sbin/sendmail-mta--start' + STOP_MTAQ_CMD='start-stop-daemon --pidfile /var/run/sendmail/mta/queue.pid --name sendmail-mta --stop' + SIGNAL_MTAQ_CMD='start-stop-daemon--pidfile /var/run/sendmail/mta/queue.pid --name sendmail-mta --stop' + START_MSP_CMD='start-stop-daemon --pidfile /var/run/sendmail/msp/sendmail.pid--exec /usr/sbin/sendmail-msp --startas /usr/sbin/sendmail-msp --chuid smmsp --start' + STOP_MSP_CMD='start-stop-daemon --pidfile /var/run/sendmail/msp/sendmail.pid--name sendmail-msp --stop' + SIGNAL_MSP_CMD='start-stop-daemon --pidfile /var/run/sendmail/msp/sendmail.pid--name sendmail-msp --stop' [...] Ok, these clearly indicate that both --pidfile *and* --exec are being passed to start-stop-daemon. [...] ++ tail -n 1 /var/run/sendmail/mta/sendmail.pid + COMMAND='/usr/sbin/sendmail-mta -Am -L sm-mta -bd -q10m' ++ ps --no-heading 25156 + '[' '!' -z '25156 ?Ss 0:00 sendmail: MTA: accepting connections ' ']' This says you already have an instance of sendmail running !?! Something seems broken on your end... -- Rick Nelson Microsoft Corp., concerned by the growing popularity of the free 32-bit operating system for Intel systems, Linux, has employed a number of top programmers from the underground world of virus development. Bill Gates stated yesterday: World domination, fast -- it's either us or Linus. Mr. Torvalds was unavailable for comment ... -- Robert Manners, [EMAIL PROTECTED], in comp.os.linux.setup -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404489: sendmail-bin: Fails to upgrade, not starting now
On Mon, 25 Dec 2006, Fourat Zouari wrote: Package: sendmail-bin Version: 8.13.8-3 Severity: critical Justification: breaks unrelated software Eh? and how did it manage to break unrelated software ?!?! I tryed to upgrade with apt-get dist-upgrade An indication of from whence you started would be of help here... All things went wright, except sendmail, it's throwing this error: Saving old /etc/mail/sendmail.cf as /etc/mail/sendmail.cf.old ... start-stop-daemon: need at least one of --exec, --pidfile or --user Try `start-stop-daemon --help' for more information. Looks like it might need to depend on a fairly modern dpkg - but we probably can't see what you were at, since dpkg was probably upgraded after sendmail. Can you apt-get --reinstall install sendmail-bin and see if it now works ? -- Rick Nelson This code passes Torvalds test grades 0, 1 and 2 (it looks ok, it compiles and it booted). -- Alan Cox -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#399659: backing off corrects the issue
On Tue, 21 Nov 2006, Sergei Golovan wrote: Change between 1.1.2-2 and 1.1.2-3 didn't touch LDAP support at all. Well, that is odd then Could you upgrade only ejabberd to 1.1.2-3 (and erlang-base and erlang-nox to 1:11.b.2-1 as well)? I didn't notice erlang being upgraded, but it is indeed at 11.b.2-1 Just to make sure that it's not erlang/ejabberd fault (after that the bug may be closed or reassigned). I've not yet had my first cup of coffee, so I'll blame this on just getting up and not being up to snuff... but I'm not sure what you are asking. it seems like I have shown: * erlang* 11.b.2-1 and ejabberd 1.1.2-2 work * erlang* 11.b.2-1 and ejabberd 1.1.2-3 fail however, I do have a non-server machine I can replicate the database to for testing (I've forgotten how to create a db dump, will have to look that up again) All machines are current as of yesterday. just let me know combinations you would like to see tested. Thanks, -- Rick Nelson darkangel I generally don't use anything that has experimental and warning pasted all over it darkangel no, I'm not that dumb... hehe Knghtbrd ... * darkangel considers downloading the latest unstable kernel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#390940: openafs-kpasswd: SIGSEGV on klog since recent package upgrade
Package: openafs-kpasswd Version: 1.4.2~fc4-2 Severity: grave Justification: renders package unusable Every Debian box here, with a variety of kernels is now failing the klog command with: __ctype_tolower_loc()= 0xb7df06ac strcpy(0xbfad6c64, STLLP.SANJOSE.IBM.COM) = 0xbfad6c64 strcmp(krbtgt, krbtgt) = 0 strcmp(STLLP.SANJOSE.IBM.COM, STLLP.SANJOSE.IBM.COM) = 0 strcmp(stllp.sanjose.ibm.com, stllp.sanjose.ibm.com) = 0 memcpy(0xbfad6a24, cowboy, 192)= 0xbfad6a24 __ctype_b_loc() = 0xb7df06a4 strlen(\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377... unfinished ... --- SIGSEGV (Segmentation fault) --- +++ killed by SIGSEGV +++ I tried rebooting (to make sure the libs/commands were in sync), and even rebuilt the kernel so the AFS kernel side and klog command/libs were in agreement. The server is TransArc AFS on an AIX box, using (obviously) kaserv. -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages openafs-kpasswd depends on: ii libc62.3.6.ds1-5 GNU C Library: Shared libraries ii openafs-client 1.4.2~fc4-2 AFS distributed filesystem client openafs-kpasswd recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#373801: sendmail: malformed MIME message leads to potential denial of service (CVE-2006-1173)
On Thu, 15 Jun 2006, Joost van Baal wrote: Package: sendmail Version: 8.13.6-1 Severity: critical Tags: security Hi, Hello CVE-2006-1173 / VU#146718 applies to sendmail 8.13.7. Upstream released a fix in 8.13.7, as well as patches for 8.13.6 and 8.12.11. Yeah, I uploaded 8.13.7 yesterday before it had a CVE, and at the time, I didn't find patches for the back level systems... thanks for the update. I'll see if I can find someone in the security group... -- Rick Nelson theoddone33 What's this message on my screen, theoddone33 so blue, so blue, what could it mean? theoddone33 Could you, would you press Delete, theoddone33 Ctrl and Alt and then repeat. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368420: ftpd-ssl: RC abuse of /etc/ssl/certs
On Mon, 29 May 2006, Cai Qian wrote: As there is no upstream support anymore, can you provide a simple patch for it? Unfortunately not, some time ago I moved to using vsfptd. The certificate was still about, which caused my problem. Sorry, -- Rick Nelson Joy wow... simple maths show that Debian developers have closed more than *31* *thousand* bug reports since our BTS exists! Joy that is about 30999 more than Microsoft ;) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368416: telnet-ssl: RC abuse of /etc/ssl/certs
On Tue, 30 May 2006, Ian Beckwith wrote: I'm currently trying to get an answer from the debian openssl people as to the right place to put the key (/etc/ssl/private/? /etc/telnetd-ssl/?). Dovecot uses /etc/ssl/private, it looks like most of the other packages on my boxen use their own directories - which doesn't really cut it for your package... barring other gripes, it seems like /etc/ssl/private would be a decent choice. I was about to suggest you file a bug against gnutls, but I see you already have :) Yeah, it is the real culprit here. -- Rick Nelson I'm not a level-headed person...-- Bruce Perens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368414: ejabberd: RC abuse of /etc/ssl/certs
Package: ejabberd Version: 1.0.0-2 Severity: critical Justification: breaks unrelated software RC abuse of /etc/ssl/certs, rendering certificate validation inoperable. There are two problems with this packages use of /etc/ssl/certs: * Files in /etc/ssl/certs must be a+r - GNUTLS reads files in /etc/ssl/certs, and will not verify a remote certificate once it encounters an unreadable file in /etc/ssl/certs. - OPENSSL also must read files in /etc/ssl/certs, but seems to be more forgiving of errors incurred in the process. * This packages combines the key and cert into one file - which of course means it can't be world readable... and there for should not be in /etc/ssl/certs. At least the key file should be in some package private /etc/ directory - with the appropriate permissions. You can still use a combined file, but it just needs to be elsewhere. I noticed this when I couldn't connect to my corporate LDAP servers using ldaps://, but the breakage is going to be further spread (likely any GNUTLS client app needing to lookup certificate chains). -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages ejabberd depends on: ii erlang-base-hipe [erlang-runt 1:10.b.9-4 Erlang base system (virtual machin ii erlang-nox1:10.b.9-4 Concurrent, real-time, distributed ii libc6 2.3.6-9GNU C Library: Shared libraries ii libexpat1 1.95.8-3.2 XML parsing C library - runtime li ii libssl0.9.7 0.9.7i-1 SSL shared libraries ii openssl 0.9.8b-2 Secure Socket Layer (SSL) binary a ejabberd recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368416: telnet-ssl: RC abuse of /etc/ssl/certs
Package: telnet-ssl Version: 0.17.24+0.1-10 Severity: critical Justification: breaks unrelated software RC abuse of /etc/ssl/certs, rendering certificate validation inoperable. There are two problems with this packages use of /etc/ssl/certs: * Files in /etc/ssl/certs must be a+r - GNUTLS reads files in /etc/ssl/certs, and will not verify a remote certificate once it encounters an unreadable file in /etc/ssl/certs. - OPENSSL also must read files in /etc/ssl/certs, but seems to be more forgiving of errors incurred in the process. * This packages combines the key and cert into one file - which of course means it can't be world readable... and there for should not be in /etc/ssl/certs. At least the key file should be in some package private /etc/ directory - with the appropriate permissions. You can still use a combined file, but it just needs to be elsewhere. I noticed this when I couldn't connect to my corporate LDAP servers using ldaps://, but the breakage is going to be further spread (likely any GNUTLS client app needing to lookup certificate chains). -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages telnet-ssl depends on: ii libc6 2.3.6-9GNU C Library: Shared libraries ii libgcc1 1:4.1.0-4 GCC support library ii libncurses5 5.5-2 Shared libraries for terminal hand ii libssl0.9.8 0.9.8b-2 SSL shared libraries ii libstdc++64.1.0-4The GNU Standard C++ Library v3 telnet-ssl recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368420: ftpd-ssl: RC abuse of /etc/ssl/certs
Package: ftpd-ssl Version: 0.17.18+0.3-5 Severity: critical Justification: breaks unrelated software RC abuse of /etc/ssl/certs, rendering certificate validation inoperable. There are two problems with this packages use of /etc/ssl/certs: * Files in /etc/ssl/certs must be a+r - GNUTLS reads files in /etc/ssl/certs, and will not verify a remote certificate once it encounters an unreadable file in /etc/ssl/certs. - OPENSSL also must read files in /etc/ssl/certs, but seems to be more forgiving of errors incurred in the process. * This packages combines the key and cert into one file - which of course means it can't be world readable... and there for should not be in /etc/ssl/certs. At least the key file should be in some package private /etc/ directory - with the appropriate permissions. You can still use a combined file, but it just needs to be elsewhere. I noticed this when I couldn't connect to my corporate LDAP servers using ldaps://, but the breakage is going to be further spread (likely any GNUTLS client app needing to lookup certificate chains) -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ftpd-ssl depends on: ii libc6 2.3.6-9GNU C Library: Shared libraries ii libpam-modules0.79-3.1 Pluggable Authentication Modules f ii libpam0g 0.79-3.1 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8b-2 SSL shared libraries ii netbase 4.25 Basic TCP/IP networking system ii openssl 0.9.8b-2 Secure Socket Layer (SSL) binary a ftpd-ssl recommends no packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#362966: Acknowledgement (nscd aborts)
severity 362966 normal thanks, On Sun, 16 Apr 2006, Debian Bug Tracking System wrote: it to [EMAIL PROTECTED] (and *not* to [EMAIL PROTECTED]). I've not yet pulled the source, but I may've found the problem... the administrator id (from Samba) was somehow assigned a low uid, one that was in use by an id with a shorter name. moving administrator to an unused uid seems to have solved the issue Since things are still going after the change, this probably shouldn't be that high a priority issue... it shouldn't abort - a syslog note would be much nicer :) -- Rick Nelson innovate /IN no vait/ vb.: 1. To appropriate third-party technology through purchase, imitation, or theft and to integrate it into a de-facto, monopoly-position product. 2. To increase in size or complexity but not in utility; to reduce compatibility or interoperability. 3. To lock-out competitors or to lock-in users. 4. To charge more money; to increase prices or costs. 5. To acquire profits from investments in other companies but not from direct product or service sales. 6. To stifle or manipulate a free market; to extend monopoly powers into new markets. 7. To evade liability for wrong-doings; to get off. 8. To purchase legislation, legislators, legislatures, or chiefs of state. 9. To mediate all transactions in a global economy; to embezzle; to co-opt power (coup d'?tat). Cf. innovate, English usage (antonym). -- csbruce, in a Slashdot post
Bug#359754: openafs-client: OpenAFS fails to build with 2.6.16
Package: openafs-client Version: 1.4.0-4 Severity: serious Justification: no longer builds from source /usr/src/modules/openafs/src/afs/LINUX/osi_machdep.h:55:2: error: #error Not sure what to do about rlim (should be in the Linux task struct somewhere) In file included from /usr/src/modules/openafs/src/afs/afsincludes.h:44, from /usr/src/modules/openafs/src/libafs/MODLOAD-2.6.16-SP/afs_analyze.c:36: /usr/src/modules/openafs/src/afs/afs.h:901:5: warning: AFS_USEBUFFERS is not defined -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openafs-client depends on: ii debconf [debconf-2.0] 1.4.72 Debian configuration management sy ii libc6 2.3.6-4GNU C Library: Shared libraries an ii libncurses5 5.5-1 Shared libraries for terminal hand Versions of packages openafs-client recommends: ii openafs-modules-2.6.1 1.4.0-3+custom.1.0 AFS distributed filesystem kernel ii openafs-modules-sourc 1.4.0-4AFS distributed filesystem kernel -- debconf information: * openafs-client/run-client: true * openafs-client/crypt: true * openafs-client/cachesize: 5 * openafs-client/cell-info: afsdb1.svl.ibm.com afsdb2.svl.ibm.com afsdb3.svl.ibm.com * openafs-client/fakestat: true * openafs-client/afsdb: true * openafs-client/dynroot: true * openafs-client/thiscell: stllp.sanjose.ibm.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#332545: X error prevents wine startup
Package: wine Version: 0.0.20050830-1 Severity: grave Justification: renders package unusable Prior to this version, I was (un)happily running Lotus-Notes under wine. Now, every start gets this: X Error of failed request: BadAlloc (insufficient resources for operation) Major opcode of failed request: 53 (X_CreatePixmap) Serial number of failed request: 12792 Current serial number in output stream: 12794 I even recycled xdm and tried again - to no avail :( I reverted back to 0.0.20050628-2 and all the old familiar problems are back again - can't minimize, or shadow the window... but things run :) In case it matters/helps, here is xdpyinfo: name of display::0.0 version number:11.0 vendor string:The X.Org Foundation vendor release number:60802000 X.Org version: 6.8.2 maximum request size: 16777212 bytes motion buffer size: 256 bitmap unit, bit order, padding:32, LSBFirst, 32 image byte order:LSBFirst number of supported pixmap formats:7 supported pixmap formats: depth 1, bits_per_pixel 1, scanline_pad 32 depth 4, bits_per_pixel 8, scanline_pad 32 depth 8, bits_per_pixel 8, scanline_pad 32 depth 15, bits_per_pixel 16, scanline_pad 32 depth 16, bits_per_pixel 16, scanline_pad 32 depth 24, bits_per_pixel 32, scanline_pad 32 depth 32, bits_per_pixel 32, scanline_pad 32 keycode range:minimum 8, maximum 255 focus: window 0x1e00012, revert to Parent number of extensions:32 BIG-REQUESTS DAMAGE DOUBLE-BUFFER DPMS Extended-Visual-Information FontCache GLX LBX MIT-SCREEN-SAVER MIT-SHM MIT-SUNDRY-NONSTANDARD RANDR RECORD RENDER SECURITY SGI-GLX SHAPE SYNC TOG-CUP X-Resource XC-APPGROUP XC-MISC XFIXES XFree86-Bigfont XFree86-DGA XFree86-Misc XFree86-VidModeExtension XInputExtension XKEYBOARD XTEST XVideo default screen number:0 number of screens:1 screen #0: print screen:no dimensions:1280x1024 pixels (325x260 millimeters) resolution:100x100 dots per inch depths (7):24, 1, 4, 8, 15, 16, 32 root window id:0x48 depth of root window:24 planes number of colormaps:minimum 1, maximum 1 default colormap:0x20 default number of colormap cells:256 preallocated pixels:black 0, white 16777215 options:backing-store NO, save-unders NO largest cursor:64x64 current input event mask:0x5a007f KeyPressMask KeyReleaseMask ButtonPressMask ButtonReleaseMaskEnterWindowMask LeaveWindowMask PointerMotionMaskStructureNotifyMask SubstructureNotifyMask SubstructureRedirectMask PropertyChangeMask number of visuals:16 default visual id: 0x23 visual: visual id:0x23 class:TrueColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color specification:8 bits visual: visual id:0x24 class:TrueColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color specification:8 bits visual: visual id:0x25 class:TrueColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color specification:8 bits visual: visual id:0x26 class:TrueColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color specification:8 bits visual: visual id:0x27 class:TrueColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color specification:8 bits visual: visual id:0x28 class:TrueColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color specification:8 bits visual: visual id:0x29 class:TrueColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color specification:8 bits visual: visual id:0x2a class:TrueColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color specification:8 bits visual: visual id:0x2b class:DirectColor depth:24 planes available colormap entries:256 per subfield red, green, blue masks:0xff, 0xff00, 0xff significant bits in color
Bug#316094: sendmail: Enabling IPv6 breaks submit.mc (Deferred:Connection refused by [127.0.0.1])
severity 316094 normal thanks, On Tue, 28 Jun 2005, Benoit Panizzon wrote: Package: sendmail Version: 8.13.4-3 Severity: grave Justification: causes non-serious data loss The messages (below) indicate no loss of data, just a delay in sending Hi Cowboy Hello ! I did desperately try to track down this error I saw on different systems: Jun 28 13:53:41 go sendmail[18911]: j5SBrfKk018911: [EMAIL PROTECTED], ctladdr=benoit (1024/100), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31826, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred:Connection refused by [127.0.0.1] Did you specify bind address for sendmail and forget to include 127.0.0.1 ? If things are kosher, you should have some message in the logs about not being able to bind to a port. Usualy after purging the config and re-installing sendmail everything was fine until I enabled IPv6 according to the advice in sendmail.mc file which reads: dnl # If you want to support IPv6, switch the commented/uncommentd lines FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, Addr=::1')dnl dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, Addr=127.0.0.1')dnl I have: FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, M=')dnl DAEMON_OPTIONS(`Family=inet6, Name=MSA-v6, Port=587, M=Ea')dnl DAEMON_OPTIONS(`Family=inet6, Name=SMTA-v6, Port=smtps, M=s')dnl DAEMON_OPTIONS(`Family=local, Name=MTA-Unix, Addr=/var/run/sendmail/mta/smsocket')dnl If you do this, sendmail only binds to the IPv6 Localhost and is not able to transmit emails from the MTA to the queue runner (or vice versa?). What kernel are you using ? # lsof -i | grep sendmail sendmail- 6462 root4u IPv6 72288 TCP *:smtp (LISTEN) sendmail- 6462 root5u IPv6 72396 TCP *:submission (LISTEN) sendmail- 6462 root6u IPv6 72450 TCP *:ssmtp (LISTEN) You have to twitch submit.mc too: FEATURE(`msp', `[IPv6:::1]', `MSA')dnl Nope... I have FEATURE(`msp', `[127.0.0.1]', `MSA')dnl I remember that older versions of sendmail didn't habe that problem, because listening on IPv6 did mean you also opened the IPv4 socket. Yes, there were problems with older sendmails - mostly related to the fact that early 2.4 kernels did not support both ipv4 and ipv6 on the same port. Probably this has changes somewhen either in the Kernel or in sendmail itself. Something odd is happening on your box, as this is working fine on several local boxen - running various 2.6 kernels. -- Rick Nelson Joy that's a Kludge(TM) knghtbrd It Works(tm) Joy AIX works(TM) knghtbrd no it doesn't knghtbrd = -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#302629: slapd: Unstable upgrade (2.1 - 2.2) failures
Package: slapd Version: 2.2.23-1 Severity: grave Justification: renders package unusable 1) use of ldapi:/// fails: ldap_url_parse_ext(ldapi:///x-mod=0777) daemon: bind(10) failed errno=2 (No such file or directory) slap_open_listener: failed on ldapi:///x-mod=0777 The cause seems to be that the ./configure script had bad settings - the binary expects /var/run/run/ldapi instead of the proper /var/run/ldapi 2) error in parsing the saved ldif file: Setting up slapd (2.2.23-1) ... Enabling LDAPv2 support... already enabled. Updating config access directives... done. Moving old database directories to /var/backups: Loading from /var/backups/slapd-2.1.30-3: - directory dc=cavein,dc=org... slapadd: could not parse entry (line=316) failed. Well, that was a helpful message (I know, not your fault) :) The issue seems to be that slapcat created the root entry like this: uidNumber: gidNumber: but slapadd barfs on that, saying it is an invalid number! Changing the to 0 for the user and group settings worked fine -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages slapd depends on: ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii debconf 1.4.47 Debian configuration management sy ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libdb4.24.2.52-18Berkeley v4.2 Database Libraries [ ii libiodbc2 3.52.2-3 iODBC Driver Manager ii libldap-2.2-7 2.2.23-1 OpenLDAP libraries ii libltdl31.5.6-6 A system independent dlopen wrappe ii libperl5.8 5.8.4-8 Shared Perl library ii libsasl22.1.19-1.5 Authentication abstraction library ii libslp1 1.0.11a-2OpenSLP libraries ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii libwrap07.6.dbs-8Wietse Venema's TCP wrappers libra ii perl [libmime-base64-perl] 5.8.4-8 Larry Wall's Practical Extraction ii psmisc 21.6-1 Utilities that use the proc filesy -- debconf information: slapd/fix_directory: true * shared/organization: dc=cavein, dc=org slapd/upgrade_slapcat_failure: slapd/backend: BDB * slapd/allow_ldap_v2: true slapd/no_configuration: false slapd/move_old_database: true slapd/suffix_change: false slapd/slave_databases_require_updateref: * slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/autoconf_modules: true * slapd/domain: cavein.org slapd/password_mismatch: * slapd/invalid_config: true slapd/upgrade_slapadd_failure: * slapd/dump_database: when needed slapd/purge_database: false slapd/admin: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#302629: slapd: Unstable upgrade (2.1 - 2.2) failures
On Sat, 2 Apr 2005, Torsten Landschoff wrote: Justification: renders package unusable Come on... well, since I did manage to get it going, I'll grant that the package isn't unusable... but it was upon 1st install ! 1) use of ldapi:/// fails: ldap_url_parse_ext(ldapi:///x-mod=0777) daemon: bind(10) failed errno=2 (No such file or directory) slap_open_listener: failed on ldapi:///x-mod=0777 The cause seems to be that the ./configure script had bad settings - the binary expects /var/run/run/ldapi instead of the proper /var/run/ldapi Very interesting. I got reports by a tester that this is the case and some workaround but forgot about it. I've not heard of many people using ldapi: - always wondered why... seems like a much lower overhead (if your server happens to be on the same box) 2) error in parsing the saved ldif file: Setting up slapd (2.2.23-1) ... Enabling LDAPv2 support... already enabled. Updating config access directives... done. Moving old database directories to /var/backups: Loading from /var/backups/slapd-2.1.30-3: - directory dc=cavein,dc=org... slapadd: could not parse entry (line=316) failed. That's quite known an issue. If you consider this grave, we can't put slapd 2.2 in Debian as 2.2 fails on a lot of 2.1 and even more of 2.0 directories. I am working on a README type upgrade document which tells the user. Ah... 'twasn't known by me - and took a bit of digging to find it, but as long as it is documented, I'm fine with setting this to whatever priority you are happy with. Well, that was a helpful message (I know, not your fault) :) I think it is - at least you got the line number... ah, but the line number is the last line of the stanza... it gave me relatively little clue upon what the real issue was (some several lines above the reported line) uidNumber: gidNumber: but slapadd barfs on that, saying it is an invalid number! Changing the to 0 for the user and group settings worked fine ... and another incompatibility. Cool - I'm not trying to be a prick about this - I just wanted to make sure that we wind up with something that wont break people out of the box. If we can tell people they might have to edit the ldif file and rerun the install, then I'm happy... Oh, and by the way - editing the ldif file and re-running the install did work just fine... thanks :) -- Rick Nelson xtifr direct brain implants :) knghtbrd xtifr - yah, then using computers would actually require some of these idiots to think! knghtbrd ; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#297781: openafs: OpenAFS 1.3.79 release, supposedly fixes many Linux 2.6 bugs, 1.3.75 doesn't compile under 2.6.11
Package: openafs Severity: serious Justification: no longer builds from source Mon, 21 Feb 2005 04:57:58 -0500 [snip] The UNIX client includes a number of updates, including many for Linux 2.6, and support for Solaris 10 running on Opteron processors. The current versions in testing, and experimental fail on 2.6.11: usr/src/modules/openafs/src/libafs/MODLOAD-2.6.11-SP/osi_misc.c:177: error: structure has no member named `rlim' There are other errors, some I worked around, but kinda gave up here and looked for a more recent version... -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11-rc4 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293914: isoqlog: postinstall loops forever after selecting sendmail as mta
Package: isoqlog Version: 2.2-0.2 Severity: grave Justification: renders package unusable the recent isoqlog upgrade is uninstallable on my system. I get as far as answering the debconf questions, then it enters an infinite loop. I purged the package and tried a fresh install, with the same problem. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.9-mm1 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages isoqlog depends on: ii debconf [debconf-2.0] 1.4.45 Debian configuration management sy ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
