It looks like upstream FreeBSD is going to enable (UFS) quotas in GENERIC:
http://lists.freebsd.org/pipermail/freebsd-hackers/2011-February/034513.html
kib writes:
I promise to enable UFS quotas in GENERIC in one week unless anybody
objects now.
-Ben Kaduk
--
To UNSUBSCRIBE, email to
On Sun, 12 Jun 2011, Robert Millan wrote:
2011/6/12 Guillem Jover guil...@debian.org:
The problem is an ABI change as can be seen from:
http://svnweb.freebsd.org/base/head/lib/libgeom/libgeom.h?r1=182843r2=202454
So the library needs the SOVERSION bumped. I'll do that and use the
On Fri, 17 Jun 2011, Robert Millan wrote:
I'm wondering if it'd make sense to stop providing kfreebsd-source-*
packages. Unlike linux-source-*, figuring out how to properly use
this build system is very complicated (e.g. export PATH so that
`awk' is /usr/lib/freebsd/awk).
Stock FreeBSD has a
On Sat, 4 Jun 2011, Robert Millan wrote:
I propose this patch.
--- /usr/include/sys/mount.h2011-01-30 16:26:51.0 +0100
+++ mount.h 2011-06-04 22:37:11.0 +0200
@@ -26,6 +26,7 @@
#include sys/stat.h
#include sys/statfs.h
+#include sys/types.h
#include sys/ucred.h
On Sat, 25 Jun 2011, Robert Millan wrote:
Package: kfreebsd-image-8.2-1-amd64
Version: 8.2-3
Severity: wishlist
I don't know what kgssapi and kgssapi_krb5 modules are good for, but they've
been recently enabled in 9-CURRENT.
They appear to be what allows for kerberized NFS mounts.
-Ben
On Mon, 27 Jun 2011, Timo Juhani Lindfors wrote:
Robert Millan r...@debian.org writes:
set kFreeBSD.kern.cam.scsi_delay=15000
Unfortunately this does not seem to help. I tried also 3 but it
clearly does not wait.
Where/how are you setting the value? My understanding is that if that
On Mon, 27 Jun 2011, Timo Juhani Lindfors wrote:
Benjamin Kaduk ka...@mit.edu writes:
Where/how are you setting the value?
I hit e in grub to get the menu entries. Then I added it as a new
line.
Hmm, I am not very familiar with the kFreeBSD boot process, but this value
is normally set
since the 1.9.0 upstream release,
+as reported in #619031.
+
+ -- Benjamin Kaduk ka...@mit.edu Sun, 21 Aug 2011 16:56:11 -0400
+
scriptaculous (1.9.0-2) unstable; urgency=low
* push package to unstable
diff -ruN scriptaculous-1.9.0.orig/debian/control
scriptaculous-1.9.0/debian/control
)
% +
% + -- Benjamin Kaduk ka...@mit.edu Tue, 23 Aug 2011 19:22:19 -0400
% +
% uni2ascii (4.18-1) unstable; urgency=low
%
%* New upstream release:diff -ruN uni2ascii-4.18.orig//ascii2uni.c uni2ascii-4.18/ascii2uni.c
--- uni2ascii-4.18.orig//ascii2uni.c2011-05-14 22:15:20.0 -0400
+++ uni2ascii
Package: syslinux
Version: 2:4.04+dfsg-4
Bug #265275 reported that syslinux(1) does not work at all in the absence
of the mtools package, but a strict dependency was rejected at that time
due to fear of bloat given that the syslinux package at that time
installed shared data files. Current
On Thu, 26 May 2011, Michael Meskes wrote:
On Mon, May 02, 2011 at 11:35:54PM +0200, Robert Millan wrote:
A set of patches is available at:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/virtualbox-ose/files/
If you want to have them included into the vbox packages please send them
On Mon, 7 May 2012, Benjamin Kaduk wrote:
On Mon, 7 May 2012, Robert Millan wrote:
Package: xserver-xorg-video-intel
Severity: wishlist
User: debian-...@lists.debian.org
Usertags: kfreebsd
It seems that KMS support is being integrated into kFreeBSD in upstream:
http://www.phoronix.com
On Wed, 12 Oct 2011, Debian Bug Tracking System wrote:
From daniel.baum...@progress-technologies.net Wed Oct 12 13:33:09 2011
Date: Wed, 12 Oct 2011 19:29:46 +0200
From: Daniel Baumann daniel.baum...@progress-technologies.net
To: 644462-d...@bugs.debian.org
Subject: Re: [syslinux] split out
On Sat, 29 Oct 2011, Robert Millan wrote:
2011/10/29 Aurelien Jarno aurel...@aurel32.net:
Which seems to be kfreebsd-9 related, not busybox related.
This is very likely to be the same bug than the one fixed in kfreebsd-8
by 107_mount_update.diff. This patch has been disabled in kfreebsd-9
On Sun, 30 Oct 2011, Aurelien Jarno wrote:
On Sat, Oct 29, 2011 at 02:27:53PM -0400, Benjamin Kaduk wrote:
On Sat, 29 Oct 2011, Robert Millan wrote:
2011/10/29 Aurelien Jarno aurel...@aurel32.net:
Which seems to be kfreebsd-9 related, not busybox related.
This is very likely to be the same
On Tue, 20 Nov 2012, Steven Chamberlain wrote:
Hi Arno!
Sorry, I somehow didn't have 651...@bugs.debian.org copied on my
previous mail so I'm inlining your mail for the benefit of the BTS:
On 20/11/12 23:19, Arno Töll wrote:
I am not sure if checking for / being ZFS is good enough then.
On Thu, 5 Jan 2012, Christoph Egger wrote:
Package: libc0.1-dev
Version: 2.13-23
Severity: normal
Hi!
Compiling
/-
| #include net/if.h
|
| int main() {
| }
\-
with gcc -ansi
results in a
/usr/include/net/if.h:94:17: error: field ‘ifi_lastchange’ has incomplete type
Seen in tcos
On Sun, 15 Jan 2012, Guillem Jover wrote:
On Sun, 2012-01-15 at 13:41:12 +, Robert Millan wrote:
El 14 de gener de 2012 19:17, Guillem Jover guil...@debian.org ha escrit:
This is a problem with the newer kfreebsd-kernel-headers, reassigning.
Actually it's not. Upstream considers that
On Thu, 16 Feb 2012, Daniel Kahn Gillmor wrote:
On 02/16/2012 04:58 PM, Dominic Hargreaves wrote:
Given the way the thread's gone so far, I think I'd prefer to see an
upstream commit/release first, unless the issue is particularly urgent?
Well, it appears to be related to a couple other
On Sun, 5 Feb 2012, Nicolas Bourdaud wrote:
On 04/02/2012 21:07, Robert Millan wrote:
Can you reproduce this with upstream kernel? (apt-get install
kfreebsd-downloader)
Yes it is reproducible with upstream kernel
If it affects upstream, for this kind of reports it's much better to
report
On Thu, 9 Feb 2012, Hannes wrote:
I was under the impression that the ZFS kernel code in FreeBSD is original
work under the 2C-BSDL . At least the headers in
/usr/src/sys/cddl/compat/opensolaris/kern
give this impression.
So only the userland code (lib and tools) is under CDDL.
My
On Fri, 26 Jul 2013, Matthias Klose wrote:
Am 25.07.2013 20:49, schrieb Benjamin Kaduk:
It seems like this could go to upstream, first.
https://github.com/krb5/krb5/commits/master/src/config/config.guess makes it
seem like I am supposed to just copy files from
http://git.savannah.gnu.org
On Wed, 14 Aug 2013, Mike Gabriel wrote:
Package: krb5-user
Version: 1.10.1+dfsg-5+deb7u1
Severity: normal
Tags: upstream
Dear Maintainer,
on my server I run Kerberos. For some reasons, I have to SSH to it to simply
call kinit
and then I can use the server in other contexts. So what I do
Package: krb5-admin-server
Version: 1.10.1+dfsg-5
Owner: ka...@mit.edu
Upstream has fixed CVE-2002-2443 in their git master, with the following
commit message:
Fix kpasswd UDP ping-pong [CVE-2002-2443]
The kpasswd service provided by kadmind was vulnerable to a UDP
ping-pong
I have a patch staged in my local checkout of the packaging, but need to
settle out some (apparent) multiarch issues on my jessie machine before I
can install the resulting binaries for testing.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
On Tue, 14 May 2013, Sam Hartman wrote:
Sorry, I missed this. and had already done an upload.
No worries, it is a trivial patch to apply.
Please push the packaging to alioth at your convenience.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
On Wed, 22 May 2013, Guillem Jover wrote:
The /proc/PID/exe and other native equivalent implementations on
BSDs do not give anything meaningful when the inode has been removed,
and as it stands s-s-d uses the Linux method on kFreeBSD. We noticed
this last year (see #652575, CCed to debian-bsd),
On Wed, 22 May 2013, Sam Hartman wrote:
As it turns out krb5 upstream has abandoned texinfo as their doc system.
Ben kaduk has done most of the work of moving to the new upstream
version so i'll do that.
https://github.com/kaduk/krb5/commits/debian-1.11 is where my current
version lives.
On Wed, 22 May 2013, Sam Hartman wrote:
As I recall 1.11 includes a verto update.
how critical is that?
do I need to update debian libverto befor krb5?
I'm not entirely sure.
I think that the libverto update addressed some issues with respect to
dladdr() dependencies which made building
Source: krb5
Version: 1.11.2+dfsg-1
Owner: ka...@mit.edu
The buildds report that krb5-1.11.2+dfsg-1 FTBFS on kfreebsd-*, due to
-Werror=variadic-macros. Upstream's portability assumptions include the
presence of support for variadic macros, so this check is erroneous (and
has just been
On Sat, 25 May 2013, Benjamin Kaduk wrote:
Owner: ka...@mit.edu
Patch is now on the experimental branch of debian-krb5-2013.git on alioth.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Sun, 26 May 2013, Christoph Anton Mitterer wrote:
$ kinit mitte...@cern.ch
Password for mitte...@cern.ch:
$ klist -e
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: mitte...@cern.ch
Valid starting Expires Service principal
2013-05-26 12:04:33 2013-05-27 12:04:19
Per #708711 (and #707195), the 1.10.1+dfsg-6 source package is not
buildable due to the texinfo package in sid.
The 1.10.1+dfsg-5 packages are still available for jessie; I don't see why
that downgrade is impossible for you.
A new upstream version is available in experimental, BTW.
-Ben Kaduk
fixed 698534 1.11.2+dfsg-1
thanks
On Sun, 26 May 2013, Christoph Anton Mitterer wrote:
See the attachments (kinit for what happened with plain kinit, kutil for
what happened with the keytab).
Thanks for these. It looks like the salt that the KDC is sending back
with the AS_REP is
On Tue, 28 May 2013, Christoph Anton Mitterer wrote:
ktutil is not smart enough to allow the user to specify a non-default
salt
Given that this seems to be quite widespread then (I mean AD is evil,
but used in many places)... do you seen any chances upstream, to extend
ktutil accordingly?
I
On Wed, 18 Apr 2012, Anton Zinoviev wrote:
I have made no tests but from what I've read in order to turn on the
UTF-8 mode on the console one has to compile the kernel with options
TEKEN_XTERM and TEKEN_UTF8. Doesn't this mean there are different
kernels for UTF-8 and for 8-bit encodings? Or
Cloned to 704647 to track the rdns issue, 697662 remains open to track the
update request. (Fixes to both are in the works.)
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Thu, 4 Apr 2013, Michael Gilbert wrote:
control: tag -1 patch
control: tag -1 pending
Hi, I've uploaded an nmu fixing this issue to delayed/5. Please see
attached patch.
There is a patch staged in the pkg-k5-afs/debian-krb5.git repository on
alioth which addresses this bug and also
On Thu, 4 Apr 2013, Benjamin Kaduk wrote:
On Thu, 4 Apr 2013, Michael Gilbert wrote:
control: tag -1 patch
control: tag -1 pending
Hi, I've uploaded an nmu fixing this issue to delayed/5. Please see
attached patch.
There is a patch staged in the pkg-k5-afs/debian-krb5.git repository
Package: krb5-kdc
Version: 1.10.1+dfsg-4+nmu1
Severity: serious
Upstream has patched against CVE-2013-1416; Debian should as well.
By sending an unusual but valid TGS-REQ, an authenticated remote attacker
can cause the KDC process to crash by dereferencing a null pointer.
Only krb5 releases
The patch is now available in the pkg-k5-afs/debian.git repository on
alioth.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Sat, 6 Apr 2013, Michael Gilbert wrote:
I'm not seeing any new kerberos releases:
http://web.mit.edu/kerberos/krb5-1.10
Current Kerberos Security Team policy is to not issue security advisories
for null pointer dereference crashes. We assign CVE numbers for tracking,
but do not delay
On Mon, 15 Apr 2013, Sam Hartman wrote:
Tom == Tom Yu t...@mit.edu writes:
Tom Sam Hartman hartm...@debian.org writes:
My recommendation is that this is not worth a DSA or stable fix
for squeeze unless some Debian user comes forward and says that
they're seeing crashes in the
reopen 702633
thanks
The changelog entry for krb5 1.10.1+dfsg-4+nmu1 mentions the CVE number
2013-1016; this vulnerability is actually cve-2012-1016 (note 2012 instead
of 2013).
I don't see a debian-security-announce mail yet, so hopefully the typo
will not be promulgated there.
-Ben
On Tue, 19 Mar 2013, Adam D. Barratt wrote:
On Tue, 2013-03-19 at 15:47 -0400, Benjamin Kaduk wrote:
reopen 702633
Why? Do you believe that the 1.10.1+dfsg-4+nmu1 package does not contain
a fix for this bug?
The changelog entry for 1.10.1+dfsg-4+nmu1 mentions the wrong CVE number
On Mon, 7 May 2012, Robert Millan wrote:
Package: xserver-xorg-video-intel
Severity: wishlist
User: debian-...@lists.debian.org
Usertags: kfreebsd
It seems that KMS support is being integrated into kFreeBSD in upstream:
http://www.phoronix.com/scan.php?page=news_itempx=MTA5MTc
and will be
On Fri, 12 Jul 2013, sergio wrote:
Package: krb5-user
Version: 1.11.3+dfsg-2
Severity: normal
Hello.
After upgrading krb5-user to 1.11.3+dfsg-2
(sudo apt-get -t experimental install krb5-user)
it's no longer possible to use kadmin
% kadmin -r REALM -p sergio/admin@REALM
Authenticating as
On Sat, 13 Jul 2013, sergio wrote:
On 12/07/13 23:27, Benjamin Kaduk wrote:
libkadm4clnt-mit8
Do you mean libkadm5clnt-mit8? After upgrading it from sit to
experimental (1.10.1+dfsg-6.1 - 1.11.3+dfsg-2) kadmin works fine.
Yes, sorry for the typo.
-Ben
--
To UNSUBSCRIBE, email to debian
On Wed, 6 Nov 2013, Salvatore Bonaccorso wrote:
Package: krb5
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for krb5.
CVE-2013-1418[0]:
multi-realm KDC null dereference leads to crash
[Puts on upstream hat]
Note that we believe it to be very
I think we are interested in pulling in the patch for this bug into
stable. I'm not sure whether it can go in along with the fix for 728845
or not, which might introduce yet more delay.
-Ben Kaduk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
It looks like this is a dupe of 642229, which was closed in 1.10.1+dfsg-1.
I'd like confirmation that I'm reading things correctly from Russ or Sam
before merging the bugs, though.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe.
On Tue, 26 Nov 2013, CSights wrote:
Package: krb5-admin-server
Version: 1.10.1+dfsg-5+deb7u1
Severity: normal
Dear Maintainer,
MIT documentation for version 1.10 of kdc.conf states that
The string DEFAULT can be used to refer to the default set of types for the
variable
in question. Types
The check which introduced the bug for cve-2012-1016 was brought in when
pkinit agility was introduced, upstream's commit
3725d22140c23a376dd79b69d130be8e2b91005f on 19 Sept 2011. The first
release to include this code was krb5-1.10; the 1.8 version in squeeze is
too old for this bug.
-Ben
On Tue, 16 Apr 2013, Benjamin Kaduk wrote:
Having seen the reproducer, I am of the opinion that this bug should get
fixed in stable.
I am planning to prepare a candidate stable upload (which may include another
bugfix if it seems appropriate) later this week for consideration.
The attached
On Thu, 2 May 2013, Troy Telford wrote:
Package: krb5-kdc
Version: 1.10.1+dfsg-5
Severity: normal
Dear Kerberos Maintainer,
I now have two entirely unrelated systems with this behavior. It cropped up
about 3-4 weeks ago.
I doubt it's the KDC; I only know it's kerberos related. I honestly
On Mon, 11 Nov 2013, Timo Aaltonen wrote:
Package: krb5
Version: 1.11.3+dfsg-3
Severity: wishlist
Hi
I'm working on FreeIPA server, but the current version needs OTP
support in krb5 in order to build, and it's available upstream in 1.12.
In case it'll take some time to reach to
Sam, were you planning to work on fixing this in krb5-multidev or should I
add it to my list?
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Wed, 29 Jan 2014, Roberto C. Sánchez wrote:
On Tue, Jan 28, 2014 at 12:39:08PM -0800, Russ Allbery wrote:
I think this needs to be fixed within the cyrus-sasl2 package. Exposing
this as a function would mean adding a new function just to make the
Autoconf probe work, which doesn't seem
From just the description it sounds an awful lot like
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7454
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: krb5-config
Version: 2.3
The /etc/krb5.conf that is produced by krb5-config has a lot of things
which are no longer useful. A few examples in particular:
It contains settings that were only used for krb4, but krb4 is no longer
supported.
It specifies a port number for kdc entries
Whoops, sent a little sooner that I intended to.
I should clarify about the domain_realm section that in MIT krb5, the
version with leading dots are redundant. I did not check Heimdal as
closely, but it looks like they may *only* use the form with the leading
dot. In any case, krb5-config
On Mon, 21 Apr 2014, Jelmer Vernooij wrote:
On Mon, Apr 21, 2014 at 09:20:59AM -0400, Sam Hartman wrote:
Jelmer == Jelmer Vernooij jel...@debian.org writes:
Jelmer Package: krb5-multidev
Jelmer Version: 1.12.1+dfsg-1.1
Jelmer Severity: wishlist
Jelmer Tags: patch
Jelmer
On Fri, 25 Apr 2014, Laurent Bigonville wrote:
Source: krb5
Version: 1.12.1+dfsg-1
Severity: wishlist
Hello,
krb5 has apparently an audit plugin that can insert logs related to
different envents in the audit subsystem on linux architectures.
I guess it migh be a good idea to enable it.
The
Advocates:
https://lists.debian.org/debian-newmaint/2014/08/msg00025.html
https://lists.debian.org/debian-newmaint/2014/08/msg00026.html
Comment: Add Benjamin Kaduk ka...@mit.edu as a Debian Maintainer
Date: Wed, 20 Aug 2014 02:17:40 -0400
Action: import
Data:
-BEGIN PGP PUBLIC KEY
I should also note that the email address used for packaging work,
ka...@mit.edu, is not the primary uid of the key.
Sorry for not mentioning that in the original message.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
We added a debian-local change to never unload GSS mechanisms back in
krb5-1.10.1+dfsg-3; I am curious if this is issue is worked around by that
patch.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Package: autoconf
Version: 2.69-7
Severity: wishlist
Upstream autoconf has introduced the ability to set runstatedir with an
argument to configure, for the 2.70 release.
I would like to use this feature for krb5, to put a socket used at runtime
in /run instead of /etc/.
-- System Information:
On Sat, 16 Aug 2014, Tim Connors wrote:
Package: libkrb5support0
Version: 1.12.1+dfsg-7
Severity: normal
Dear Maintainer,
On a somewhat unstable system with pinning back to stable (yes I know,
sue me), with libkrb5support0 from unstable, libk5crypto3 from
stable/updates and
On Sun, 1 Jun 2014, Jelmer Vernooij wrote:
FWIW, Heimdal now uses alternatives for kinit and klist.
If we'd like to be able to use alternatives, we would also need to use
them (in addition to kinit and klist) for the following binaries and
their manpages:
/usr/bin/kswitch
/usr/bin/kdestroy
On Sun, 1 Jun 2014, Russ Allbery wrote:
Jelmer Vernooij jel...@debian.org writes:
I should also note that the usefulness of alternatives for these
(kadmin, ktutil) is less clear to me. The kadmin and ktutil command-line
interfaces are quite but not exactly similar.
(MIT's k5srvutil is a
Package: libgssapi-krb5-2
Version: 1.8.3+dfsg-4squeeze7
Upstream has committed a fix for CVE-2014-4341 to their git repo; we
should take it as well, and probably push it back into the -security repos
for stable and co.
I'm still digging out from an email backlog from my vacation, but should
Package: libgssapi-krb5-2
Version: 1.8.3+dfsg-4squeeze7
Upstream has committed a fix for CVE-2014-4342 to their git repo; we
should take it as well, and probably push it back into the -security repos
for stable and co.
I'm still digging out from an email backlog from my vacation, but should
On Mon, 23 Jun 2014, Peter Pentchev wrote:
As part of this year's Bootstrappable Debian Google Summer of Code
project I took a look at krb5 to break a circular build dependency as
noted in the Feedback Arc Set section of
http://bootstrap.debian.net/amd64/ and, more specifically, at
On Sun, 1 Jun 2014, Jelmer Vernooij wrote:
On Sun, Jun 01, 2014 at 01:18:13PM -0700, Russ Allbery wrote:
It would be really nice to be able to co-install the basic clients,
though, which makes me think that the more administrator-oriented tools
(kadmin and ktutil) might make sense to split
Package: libgssapi-krb5-2
Version: 1.10.1+dfsg-5+deb7u1
Upstream has committed a fix for CVE-2014-4343 to their git repo; we
should take it as well, and probably push it back into the -security repos
for stable.
It's a double-free in clients, but not the default configuration.
I should be
Package: libgssapi-krb5-2
Version: 1.8.3+dfsg-4squeeze7
Upstream has committed a fix for CVE-2014-4344 to their git repo; we
should take it as well, and probably push it back into the -security repos
for stable and co.
I plan to get this patch in along with the CVE-2014-4343 patch.
From
Package: krb5-kdc-ldap
Version: 1.8.3+dfsg-4squeeze7
Tags: security
Upstream has committed a fix for CVE-2014-4345 to their git repo; we
should take it as well, and probably push it back into the -security repos
for stable and co.
I am preparing uploads.
-Ben
--
To UNSUBSCRIBE, email to
tags 759954 pending
thanks
On Sat, 30 Aug 2014, Lucas Nussbaum wrote:
During a rebuild of all packages in sid, your package failed to build on
amd64.
Relevant part (hopefully):
make[1]: Entering directory '/«BUILDDIR»/krb5-1.12.1+dfsg/build/doc'
sed -e 's|@SRC@|../../src|g' \
-e
On Sun, 31 Aug 2014, Kuklin István wrote:
There is a network with central LDAP+Kerberos+AFS users.
If a central user tries to access an afs share, shutting down the client
is going to take about 3 minutes. It can be done using PAM modules, or
with a local (non-central) user using kinit
On Tue, 2 Sep 2014, Kuklin Istv=C3=A1n wrote:
Thank you for your answer. Unfortunately, I'll not be able to answer so
quick, but I'll do my best.
=20
I think I found something in /var/log/messages, this line appears 4
times:
Sep 2 08:06:17 client1 kernel: [ 113.230480] afs: byte-range
tags 760149 pending
thanks
On Mon, 1 Sep 2014, Ondřej Surý wrote:
the libkrb5support0 version 1.12.1 has dropped several symbols,
breaking at least some libsasl2-modules, see:
http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/2014-August/002653.html
There is a bug in
On Tue, 2 Sep 2014, Kuklin István wrote:
Okay, here is a complete one from the booting to shutting down:
http://pastebin.com/tApVAfM1
Thanks for this. On first glance, I don't see anything that looks
suspicious or particularly relevant. It looks like the syslog has stopped
when the shutdown
On Sun, 31 Aug 2014, Ben Pfaff wrote:
On Fri, Aug 29, 2014 at 12:25:33AM -0400, Benjamin Kaduk wrote:
Package: autoconf
Version: 2.69-7
Severity: wishlist
Upstream autoconf has introduced the ability to set runstatedir with an
argument to configure, for the 2.70 release.
I would
On Thu, 4 Sep 2014, Kuklin István wrote:
I've found another clue:
The shutdown problem initializes itself only if I cd to the afs share
(after kinit and aklog). Without that, shutdown is quick.
Here are some links to some pictures I took:
I see this on shutdown if I mount the share from a
On Fri, 5 Sep 2014, Kuklin István wrote:
Last time the console wrote:
[ *** ] A stop job is running for User Manager for 5000
Does that mean something?
I don't know what it means, offhand.
At this point, I feel like the best step forward is going to be to use a
proper systemd unit
On Tue, 9 Sep 2014, James McCoy wrote:
The problem here is two-fold. krb5-multidev's krb5-config recently
changed to emit “-isystem /usr/include/mit-krb5” for CFLAGS:
krb5 (1.12.1+dfsg-9) unstable; urgency=high
[ Jelmer Vernooij ]
…
* Use -isystem for include paths, to
On Tue, 9 Sep 2014, Russ Allbery wrote:
I suspect Ben's hope was that, if using pkgconfig, scons would not make an
attempt to parse the flags and split them apart, and would instead just
use them as-is in the compiler invocation.
Right. krb5-config is stuck with some legacy behavior that
Package: open-vm-tools
Version: 2:9.4.6-1770165-2
Severity: important
Updating my sid machine today gives me:
run-parts: executing /etc/kernel/header_postinst.d/dkms 3.16-1-amd64
Error! Bad return status for module build on kernel: 3.16-1-amd64 (x86_64)
Consult
Hmm, I missed my chance to add an attachment in reportbug, sorry.
Here's the log.
-Ben
DKMS make.log for open-vm-tools-9.4.6 for kernel 3.16-1-amd64 (x86_64)
Tue Sep 16 16:45:41 EDT 2014
make: Entering directory '/var/lib/dkms/open-vm-tools/9.4.6/build/vmhgfs'
Using 2.6.x kernel build system.
Package: heimdal-multidev
Version: 1.6~rc2+dfsg-8
Severity: wishlist
OpenAFS is starting the process of creating a new stable release branch,
and the new branch will have dependencies on libroken and libhcrypto
(hcrypto will be covered separately). Upstream OpenAFS bundles copies
of roken and
This is due to passing too short a buffer to the realpath() routine.
Upstream's master branch has been fixed with
http://gerrit.openafs.org/9986 and http://gerrit.openafs.org/11453 , which
have not yet been pulled into a release branch.
I will try to see if they can be pulled in as debian
I have submitted a pullup of that patch for upstream's 1.6 branch as
http://gerrit.openafs.org/11553
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
I think that the approach in fix-princ-name.diff is kind of a hackish
workaround and the problem would ideally be solved elsewhere.
The comment about disparity between /tmp/user/ and /tmp/krb5cc_blah seems
quite relevant, though. Perhaps the /tmp/krb5cc_blah location is
stab()able but not
On Fri, 24 Oct 2014, JHU ACM Administrators wrote:
Package: openafs-krb5
Version: 1.6.10~pre1-1
Severity: important
As built and packaged, aklog aborts with longjmp causes uninitialized stack
frame. (This also applies to the 1.6.9 package.) Curiously, aklog built from
OpenAFS head with a
found 766703 1.6.9-2
tags 766703 moreinfo
thanks
[marking as found in the version in jessie, since this also applies to
the 1.6.9 package. I don't see a way to tag it as sparc-only in the
BTS...]
On Fri, 24 Oct 2014, Benjamin Kaduk wrote:
On Fri, 24 Oct 2014, JHU ACM Administrators wrote
forcemerge 767079 767056
tags 767079 pending
thanks
On Tue, 28 Oct 2014, Joachim Breitner wrote:
afsd is already running?
Well, the intent is that that was helpful. I concede the overall result
isn't terribly good.
I raised the severity because this leaves dpkg in an unhappy state, I
hope
On Sat, 6 Sep 2014, Kuklin István wrote:
Okay, if the bug has gone, I'll report it.
The 1.6.10-1 in unstable has a unit file for the client. (It also has a
RC bug against it; stopping the client before taking the upgrade should be
a valid workaround.)
However, before you take the upgrade, I
On Thu, 9 Oct 2014, Mike Gabriel wrote:
the behaviour of kinit changed after an upgrade from Debian wheezy to Debian
jessie (around 2014-10-10).
Previously it was possible to simply say
$ kinit
on the command line and kinit then would assume my current user as username
for obtaining a
Package: krb5-admin-server
Version: 1.8.3+dfsg-4squeeze7
Tags: security fixed_upstream pending
CVE-2014-5351:
An authenticated remote attacker can retrieve the current keys for a
service principal when generating a new set of keys for that
principal. The attacker needs to be
Hi all,
It seems this saga never ends.
With the current state of affairs in sid, MIT krb5's krb5-config and/or
pkg-config are always emitting -isystem stanzas to find the krb5 headers.
My understanding (which is not completely field tested, but I'm fairly
confident) is that if there are MIT
1 - 100 of 308 matches
Mail list logo