[Bug 217137] Re: [SRU] Hardy Heron: Nautilus fails to open directory with more than 140 subfolders
For those who were having problems can you enable hardy-proposed and please give a whirl thanks. I would like to get this fixed for the next point release (8.04.1). Thanks chuck -- [SRU] Hardy Heron: Nautilus fails to open directory with more than 140 subfolders https://bugs.launchpad.net/bugs/217137 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 119295] No luck with the patch
That patch applies to openssl as shipped in Hardy, but doesn't appear to have any effect. After patching openssl, rebuilding the packages and installing them, `openssl engine padlock' reports: (padlock) VIA PadLock (no-RNG, ACE) on my C3 thin clients. That should get me at least accelerated aes-128, but yet: openssl speed aes-128-cbc -engine padlock loads the padlock engine successfully but does NOT appear to be using its crypto facilities. Performance remains miserable, around 10MB/s of aes-128-cbc throughput. SSH gets ~5 MB/s throughput, which seems reasonable given the other overheads it faces. If I build openssl-0.9.8h upstream and test with that I also see no performance change. The processor DOES report ACE support. CPUinfo: flags : fpu vme de pse tsc msr cx8 sep mtrr pge cmov pat mmx fxsr sse up rng rng_en ace ace_en There's no change when the padlock-aes module is loaded (but it shouldn't be needed for openssl/openssh anyway, as padlock is done in userspace with CPU instruction extensions). It's like OpenSSL is silently falling back to software crypto at some level. I haven't dug into it deeply yet, but I thought it important to mention that the proposed fix does NOT appear to work on my hardware. This support is *REALLY* important for use of C3/C7 machines as LTSP thin clients, because currently the X server and network (via ssh) fight for CPU, severely limiting performance. Using the hardware crypto should massively reduce SSH's CPU demands and dramatically boost performance. Full CPUInfo: processor : 0 vendor_id : CentaurHauls cpu family : 6 model : 9 model name : VIA Nehemiah stepping: 8 cpu MHz : 666.577 cache size : 64 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr cx8 sep mtrr pge cmov pat mmx fxsr sse up rng rng_en ace ace_en bogomips: 1334.91 clflush size: 32 -- OpenSSH should support VIA PadLock https://bugs.launchpad.net/bugs/119295 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217137] Re: [SRU] Hardy Heron: Nautilus fails to open directory with more than 140 subfolders
This fix resolves the issue. I canot now find a share which won't display correctly in Nautilus. As stated above by undfind, the only small issues remining is when I put in smb://mywinservername/ I still get an empty window. None of the shares, printers, etc are listed. This is not a show-stopper though. -- [SRU] Hardy Heron: Nautilus fails to open directory with more than 140 subfolders https://bugs.launchpad.net/bugs/217137 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 215904] Re: [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2
We are noticing this when running django development server and unit tests. We're also eagerly awaiting fix to hit hardy. -- [SRU] (ITS#5518) Assertion error in io.c:234: ber_flush2 https://bugs.launchpad.net/bugs/215904 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 119295] Re: OpenSSH should support VIA PadLock
Confirmed: openssl is using x86 crypto even with -engine padlock, both in latest upstream and in the current hardy packages. If I interrupt a debug build of openssl while running openssl speed aes-128-cbc -engnie padlock on a C3 gdb generally reports that it's been interrupted in: _x86_AES_encrypt () at ax86-elf.s:55 The engine loads fine, and openssl engine padlock confirms it's detecting hardware support, but for some reason it's not actually using it. -- OpenSSH should support VIA PadLock https://bugs.launchpad.net/bugs/119295 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 235912] Re: [CVE-2008-1105] Samba: boundary failure when parsing SMB responses
** Changed in: samba (Arch Linux) Status: New = Fix Released -- [CVE-2008-1105] Samba: boundary failure when parsing SMB responses https://bugs.launchpad.net/bugs/235912 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 236830] Re: cifs does not support kerberos authentication
This is a MASSIVE showstopper for many people. cifs doesn't mount things that smbfs used to, and smbfs is now just a pointer to cifs. So now there is no way to mount network shares if they are kerberos-auth only. This, in effect, renders previously perfectly-working Linux machines on a corporate network *completely* *useless*. It's very frustrating. ** Changed in: samba (Ubuntu) Status: New = Confirmed -- cifs does not support kerberos authentication https://bugs.launchpad.net/bugs/236830 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 119295] Re: OpenSSH should support VIA PadLock
** These bugs are fixed upstream in OpenSSH 4.9 and OpenSSL 0.9.8h ** You can apply the fix to OpenSSH 4.7 from Ubuntu just fine: https://bugzilla.mindrot.org/attachment.cgi?id=1458 . It applies cleanly except for two rejects at points where the changes have already been applied, so the rejects can be safely ignored. With the patch I get 100Mbit wire speed with the aes128-cbc cipher. You will also need to apply Ian Lister's OpenSSL patch above. PLEASE merge both these patches (the openssl cache logic fix and the openssh engine init fix) for the next hardy update. I can confirm that with both patches OpenSSH performs vastly better and with much lower CPU use. As for why the tests I was doing weren't working: It's necessary to specify -evp aes-128-cbc instead of just aes-128-cbc to get an engine to work; just passing -engine padlock is insufficient. The engine argument requests loading of a given engine, but doesn't tell openssl speed to use the engine system; it still calls the AES code directly. -evp tells openssl speed to use the engine system, but doesn't say anything about which engine. /usr/bin/openssl speed -evp aes-128-cbc -engine padlock: aes-128-cbc 30934.33k 102451.76k 251594.56k 391449.69k 468731.35k /usr/bin/openssl speed aes-128-cbc -engine padlock: aes-128 cbc 6827.95k 9055.61k 9926.85k10172.77k10244.14k -- OpenSSH should support VIA PadLock https://bugs.launchpad.net/bugs/119295 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 119295] Re: OpenSSH should support VIA PadLock
Quick instructions on rebuilding openssh and openssl to include the fix, for those not used to patching Debian packages: pre mkdir wrk cd wrk sudo apt-get install build-essential fakeroot wget sudo apt-get build-dep openssl openssh apt-get source openssl openssh cd openssl-0.9.8g wget --quiet -O - http://launchpadlibrarian.net/13798833/bug119295.patch | patch -p1 fakeroot debian/rules binary cd ../openssh-4.7p1 wget --quiet --no-check-certificate -O - https://bugzilla.mindrot.org/attachment.cgi?id=1458 | patch -p0 -N fakeroot debian/rules binary /pre ... then install the generated debs, or at least openssh- client_4.7p1-8ubuntu1.2_i386.deb and libssl0.9.8_0.9.8g- 4ubuntu3.1_i386.deb . You'll find them in the `wrk' directory. If you're doing this for LTSP thin clients remember to install the debs in the /opt/ltsp/i386 chroot then re-run ltsp-build-image . -- OpenSSH should support VIA PadLock https://bugs.launchpad.net/bugs/119295 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
If you need a fix for these bugs in previous versions of Ubuntu, you should request a backport of the package by following the instructions for How to request new packages at https://help.ubuntu.com/community/UbuntuBackports#request-new-packages -- Please Backport PHP 5.2.6 -- fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237391] [NEW] ssh-keygen should default to dsa not rsa
Public bug reported: Binary package hint: openssh-client Currently ssh-keygen generates RSA keys by default. It's probably time for these to be depreciated in favor of DSA keys. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- ssh-keygen should default to dsa not rsa https://bugs.launchpad.net/bugs/237391 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217137] Re: [SRU] Hardy Heron: Nautilus fails to open directory with more than 140 subfolders
** Tags added: verification-done ** Tags removed: verification-needed -- [SRU] Hardy Heron: Nautilus fails to open directory with more than 140 subfolders https://bugs.launchpad.net/bugs/217137 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237391] Re: ssh-keygen should default to dsa not rsa
Confirmed. I think this would be a good change. :-Dustin ** Changed in: openssh (Ubuntu) Status: New = Confirmed -- ssh-keygen should default to dsa not rsa https://bugs.launchpad.net/bugs/237391 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237391] Re: ssh-keygen should default to dsa not rsa
Sorry, what am I thinking ... I misread the bug report title. I prefer RSA keys to DSA keys. An interesting analysis lies in this thread: * http://www.linuxforums.org/forum/linux-security/3515-rsa-versus-dsa.html :-Dustin ** Changed in: openssh (Ubuntu) Status: Confirmed = New -- ssh-keygen should default to dsa not rsa https://bugs.launchpad.net/bugs/237391 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237391] New connections not made that often
@Neal: That's a valid critique of debian's SSL implementation not related to DSA vs RSA. DSA is faster for signing and RSA is faster for verification. http://neubia.com/archives/000191.html ftp://ftp.rfc-editor.org/in-notes/rfc2536.txt http://home.pacbell.net/tpanero/crypto/dsa.html RSA is weaker than a DSA key of the same length, so to get the same effect, one must use a longer key. I'm not sure that the neubia link above takes that into account. So if the default stays as RSA, it might be an idea to increase the default RSA key length. These are signature algorithms anyway and only used at the beginning anyway. After the client and server authenticate, the rest is done with ciphers like Blowfish or IDEA. So for SSH it's not a problem to use DSA at all, new connections are not made that often. -- ssh-keygen should default to dsa not rsa https://bugs.launchpad.net/bugs/237391 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 120375] Re: cannot boot raid1 with only one disk
didn't a previous poster say that this works fine in the current Debian? So maybe the place to start is to identify what was changed from the 'base' Debian scripts, and why. -- cannot boot raid1 with only one disk https://bugs.launchpad.net/bugs/120375 You received this bug notification because you are a member of Ubuntu Server Team, which is a subscriber of a duplicate bug. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237391] Re: ssh-keygen should default to dsa not rsa
I expect that someone someday will again make a bad random number generator. Maybe some proprietary box that I am pressured to use. I don't want my keys to be vulnerable just because I use them on a machine that doesn't get RNGs right. DSA is vulnerable to that problem, and RSA is not. I agree that using a longer default key length in RSA (and in DSA also) is a good idea at this point. E.g. jdstrand points out that in the openssl file /etc/ssl/openssl.cnf default_bits is still 1024. That should be fixed, via a different bug report. -- ssh-keygen should default to dsa not rsa https://bugs.launchpad.net/bugs/237391 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237391] Re: ssh-keygen should default to dsa not rsa
From one of your links I also reminded that: 'It is possible to implement the DSA algorithm such that a subliminal channel is created that can expose key data and lead to forgable signatures so one is warned not to used unexamined code.' - another strike against it. -- ssh-keygen should default to dsa not rsa https://bugs.launchpad.net/bugs/237391 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 129789] Re: sshd seems to be run multiple times at startup
@xbx: There are two separate issues. First, the default setup is noisy : both ipv4 and ipv6 are configured on the network interface, and without a ListenAddress sshd will try to bind both, resulting in the Address already in use message. Second, everytime the network interface goes up (say, you finally get your ipv4 address from your DHCP server), if-up restarts sshd (the SIGHUP message) to let it pick up that new interface. Are you using DHCP ? -- sshd seems to be run multiple times at startup https://bugs.launchpad.net/bugs/129789 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: Please Backport PHP 5.2.6 -- fixes important security bugs
Mathias, shouldn't all security fixes go as SRU in hardy-security (or hardy-updates) and not in backports? Backports are for new features. -- Please Backport PHP 5.2.6 -- fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Blueprint intrepid-server-guide] Server Guide Additions/Updates
You are now subscribed to the blueprint intrepid-server-guide - Server Guide Additions/Updates. -- https://blueprints.launchpad.net/ubuntu-doc/+spec/intrepid-server-guide -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 176015] Re: BGP MD5 support regression
I've finally found time to test it, looks good so far. I'll be testing on 5 machines in lab environment for a bit longer, then updating the live machines. -- BGP MD5 support regression https://bugs.launchpad.net/bugs/176015 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to quagga in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218734] Re: (ITS#5527) slapd segfaults when using dynlist
Justed tested openldap2.3 - 2.4.9-1ubuntu1~ppa1 from Chuck's PPA, and adding the dynlist configuration didn't cause slapd to segfault. Everything worked fine. -- (ITS#5527) slapd segfaults when using dynlist https://bugs.launchpad.net/bugs/218734 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227178] Re: Slave slapd crashes when doing syncrepl
Ran the test routine above using openldap2.3 - 2.4.9-1ubuntu1~ppa1 from Chuck's PPA, and there was no segfault when using syncrepl. Everything worked as advertised. -- Slave slapd crashes when doing syncrepl https://bugs.launchpad.net/bugs/227178 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 227464] Re: Please Backport PHP 5.2.6 -- fixes important security bugs
On Wed, Jun 4, 2008 at 3:58 PM, Tormod Volden [EMAIL PROTECTED] wrote: Mathias, shouldn't all security fixes go as SRU in hardy-security (or hardy-updates) and not in backports? Backports are for new features. A complete merge of 5.2.6 would constitute a backport, as the version has been bumped and new features have been added in addition to security fixes. Regarding SRU, see this comment: https://bugs.edge.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/8 I painstakingly collected url's to each of the PHP commit messages of every security fix committed to PHP 5.2.6. We're going to work on applying each of those patches to PHP and proposing an SRU. It's just taking some time to get around to it ;-) If someone else can prepare a debdiff and attach to this bug, I'll be happy to review it. :-Dustin -- Please Backport PHP 5.2.6 -- fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 203169] Re: status function for init scripts
This bug was fixed in the package lsb - 3.2-12ubuntu1 --- lsb (3.2-12ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - init-functions: + Debian has a return 0 that should be return 3 per LSB spec + Make pidof call set -e safe, LP: #204594 + Add status_of_proc() function, LP: #203169 - debian/control: + Remove python from conflicts + Keep Ubuntu's Depends and Suggests -- Dustin Kirkland [EMAIL PROTECTED] Wed, 04 Jun 2008 13:18:56 -0500 ** Changed in: lsb (Ubuntu) Status: In Progress = Fix Released -- status function for init scripts https://bugs.launchpad.net/bugs/203169 You received this bug notification because you are a member of Ubuntu Server Team, which is a direct subscriber. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs