Just for your information: I set up KMail to access the server and it
works fine. So following OpenSSL s_client this is another MUA, which
works nicely with my certificates.
Package: icedove
Version: 38.7.0-1~deb8u1
Severity: normal
Tags: upstream
Dear Maintainer,
I'm running icedove for years as MUA via IMAP for my Cyrus2 mail
server. Access has been encrypted using TLS on port 143 for many
years. Recently, it suddenly ceased working. In the relevant time
frame I up
I have a similar issue, but in my case the invalid mapping does not go
away. I'm running Jessie with nscld to authenticate against samba4 AD
and have a NAS configured as member server. To Linux clients it serves
NFS4 sec=krb5p. Actually I have 2 machines, which I think are configured
identicall
I ran into this issue recently and filed this bug to nslcd: #787020 and
#766606. So it persists for more than 2 years and made it across Debian
release. I use k5start / nslcd to authenticate to samba4 AD. I'm
surprised that it should be such a rare scenario.
The situation actually looks quite
With the script shown it regularly happens that 2 instances of nslcd are
running, but of course no k5start. Shouldn't restart terminate the prior
instance?
I now use a stop, killall nslcd, start sequence. Again it works fine
when started by root immediately after boot, but it fails if run from
I tried to mitigate the bug by adding the following to /etc/rc.local:
if [ ! -f /var/run/nslcd/nslcd.tkt ]; then
systemctl restart nslcd
systemctl restart kdm
fi
When I run this script as root after log in everything runs fine. I get
a valid ticket nslcd:nslcd 600 /var/run/nslcd/nslcd.tkt
Package: nslcd
Version: 0.9.4-3
Severity: important
Dear Maintainer,
the behaviour reported for Wheezy in #766606 still persists with Jessie. I see
it now on a fresh install: k5start doesn't come up on boot. Issuing
/etc/init.d/nslcd restart after boot works perfectly.
Situation after boot:
roo
Package: lvm2
Version: 2.02.111-2.1
Severity: normal
Dear Maintainer,
following the latest upgrade, which included a systemd and kernel upgrade, I
get
warnings in vgdisplay like:
WARNING: lvmetad is running but disabled. Restart lvmetad before enabling it!
Also troubling:
# systemctl status
Package: korganizer
Version: 4:4.4.11.1+l10n-3+b1
Severity: normal
Dear Maintainer,
we observed that KOrganizer loses data and gets out of sync with what is stored
on the hard disk.
We run KOrganizer with many different calendars, which meanwhile are all stored
on the local hard disk. We use Bac
The bug persists with 1:9.9.5.dfsg-8.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: bind9
Version: 1:9.9.5.dfsg-7
Severity: normal
Dear Maintainer,
following the upgrade to 1:9.9.5.dfsg-7 on Dec. 22nd named fails to load the
DLZ
zones from Samba:
Dec 29 10:43:07 verdandi named[2763]: Loading 'AD Zones' using driver dlopen
Dec 29 10:43:07 verdandi named[2763]: samba_d
Package: browser-plugin-gnash
Version: 0.8.11~git20140319+dfsg-1~bpo70+1
Severity: normal
Dear Maintainer,
trying to watch any youtube video I saw my firewall logging connections
to external systems on port 443. The port is blocked, since all traffic
is expected to pass through a proxy. Icewease
I'm not sure I understood the state of this bug report.
I'm seeing the same issue and can reproduce the behaviour shown by
Niechta. This is a plain Jessie install, so apt is 1.0.9.3; not the
experimental one.
Do you consider the bug fixed in 1.1 and we wait until it trickles down
into Jessie
The problem is that obviously network configuration takes time and the
init script starts too early. I mitigated this by adding the following
to /etc/defaults/nslcd:
# wait for DNS
wait_for_dns(){
log_action_begin_msg "Check for KDC"
local HOST=/usr/bin/host
local RETRY=5
while [ $RETRY
Package: nslcd
Version: 0.8.10-4
Severity: important
Dear Maintainer,
I just switched from libnss-ldap / OpenLDAP with TLS auth to
libnssd-ldap / Samba4 AD DC with Kerberos auth. So the issue might have
existed for some time.
During boot k5start fails:
Fri Oct 24 12:34:55 2014: [FAIL] Starting
Package: gcr
Version: 3.4.1-3
Severity: normal
Dear Maintainer,
on an amd64 system installing gcr:i386 - apparently used by acroread - fails.
The reason is that libgcr-3-1:i386 requires libgcr-3-common:i386, which is not
available:
$ apt-cache policy libgcr-3-common:i386
libgcr-3-common:i386:
I worked a little more on the issue and it seems to be a user error,
respectively a cryptic error message.
The new Kontact does not automatically import the old calendars since it
apparently uses a new storage model. It however starts wit some default
calendar, which is marked read only by def
I see the same situation here. Just updated from Squeeze to Wheezy.
Any progress on this since May?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: linux-2.6
Version: 2.6.32-48squeeze1
Severity: normal
I'm not sure what actually caused the issue. I did disconnect my WD-Book (sdd)
from the USB. I re-attached it after the error using eSATA. This is what you
see in the kernel log. However, the kernel source points to a buffer overflo
Package: libpam-krb5
Version: 4.3-1
Severity: normal
Tags: patch
Using the configuration files as produced by this package fails to login to the
system using kerberos.
A typical auth.log for a kerberos login looks like this:
Jan 14 21:12:56 nfs4 login[5265]: pam_krb5(login:auth): user xxx authen
Package: krb5-user
Version: 1.8.3+dfsg-4squeeze1
Severity: normal
Tags: patch
kpasswd without setting of the kpasswd_server property in the [realms] section
connects to the KDC on UDP port 454.
Specifying the port 464 explicitly for the kpasswd_server property fixes the
problem, but this behav
My bind9 simply stopped working all of a sudden. It worked perfectly and
then following a reboot of the VZ container it would segfault on start.
The first event coincided with the latetst security update. I installed
the update and it did start again. However, now using still the same
code, it
My bind9 simply stopped working all of a sudden. It worked perfectly and
then following a reboot of the VZ container it would segfault on start.
The first event coincided with the latetst security update. I installed
the update and it did start again. However, now using still the same
code, it se
I have a similar issue with a "NAS" RAID attached via eSATA, which I use
for backup. It has XFS on LUKS. While it worked well in the beginning,
the last 3 backups messed it all up and required xfs repairs. Two times
it kicked the server into kernel crashes. This was in /var/log/messages
for the
I encountered the same issue today, when my backup script attempted to
rsync -aHAXx --stats --numeric-ids --inplace --delete '/'
'/media/backup/repository/sda5'
which produced
rsync: writefd_unbuffered failed to write 4092 bytes [sender]: Broken
pipe (32)
rsync: connection unexpectedly clo
Sorry, as the patch comments say, the bug has already been filed as
#405495, I myself have sent the patch then, and it circles somewhere in
unstable.
As we say in German: Reading educates!
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe".
Package: libsasl2-2
Version: 2.1.22.dfsg1-23+lenny1
Severity: important
Tags: patch
Using the ldapdb auxprop with cyrus-imap fails because the authentication
process crashes due to a double init of a mutex (cause briefly explained by
Eric Leblond in Bug #499770). This makes any kind of login int
I recompiled the kernel from the current official security update
sources. These sources contain the patch and work flawlessly, although I
did not see any mention of this fix in changelog.
So this bug can be closed.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
Hi there,
is there a reason, why this fix did not make it into the last Release.
After reading the changelog I set my Kernel on hold before the update,
which locks me out of security updates, which is a least desirable
situation.
Regards,
- lars.
--
To UNSUBSCRIBE, email to debian-bugs-d
At first - the bug persists with current Lenny. I have not checked,
whether this bug is related to HTML context, but I'll keep an eye on it
in future.
Icedove does retrieve the contents from the IMAP server. It is there for
replies or when displaying the message source. It's just not displayed
Vitaliy Gusev wrote:
It seem like bug #1091 (http://bugzilla.openvz.org/show_bug.cgi?id=1091)
Pavel, please apply fix patch to 2.6.26
Yes, this does it. For the Debian openvz-amd64 sources the above patch
translated to quilt results in what's attached.
Regards,
- lars.
Index: build_amd64
First, for all users trying to apply the patch, the recipe for building
the kernel given in the last post does not work. The following succeeded:
* rm -Rf linux-2.6-2.6.26; apt-get source -t testing linux-2.6
* cd linux-2.6-2.6.26/; fakeroot debian/rules debian/build
debian/stamps
Hi there,
I'm now ready set to compile a kernel and patch it with the upstream
patches. However, last time I compiled a kernel myself, was before the
days of make-kpkg - and it's not to compile any kernel, but the official
one.
This is the best guess I tried after stress-testing google for s
I'm using apt-proxy since Sarge and problems like these had always been
there. I actually had a cron job restarting apt-proxy every two hours.
However, with the current Lenny it happens quite often. I observed the
following:
1) It does only happen during apt-get update; never during the upgra
Hi Russ,
I think that Kerberos library functions must all return krb5_error_code,
which should be 0 if there is no error. So:
Probably this is something to discuss with the upstream. My personal
conviction is that functions with boolean semantic, shall be boolean
valued. The function has b
Hi Russ,
this solves the LDAP problem. Since it changes some core code, it should
be tested in other set-ups.
ad...@valhalla:~/packages/krb5-kdc/krb5-1.6.dfsg.4~beta1$ cat
patches/krb5_db_inited-fix
Index: krb5-1.6.dfsg.4~beta1/src/include/kdb.h
==
> (I personally have no idea on the krb524d problems, unfortunately.)
I just produced a strace. I do not post it here, it's got 3111 syscalls
for a single call to kadm_flush() according to ltrace. But from small
portions it's clear that something wicked is happening:
hel:/# grep shutdown /tmp
The problem is that this is a catch-22.
KDC first. There's no good ordering that works for all cases.
Well, probably not for all cases, but we might do better as we do now:
Kerberos is unlikely to retrieve any authentication info from any other
database. It may require DNS - e.g. to resolv
Ah, forgot to add some logs:
/var/log/syslog | grep krb5 (for the time writing the bug report):
Jan 9 20:34:56 hel krb5kdc[354]: Unable to access Kerberos database -
while initializing database for realm MGR
Jan 9 20:34:56 hel krb5kdc[354]: Unable to access Kerberos database -
while initiali
Package: krb5-kdc-ldap
Version: 1.6.dfsg.4~beta1-5
Severity: important
After restarting krb524d opens 5 connections to ldap on my system. Some
minutes later, i.e. now, it has already 56 connections - all from the
same PID. Since the KDC is not productive yet, I'm not aware of any
requests han
Package: squid3
Version: 3.0.STABLE8-1
Severity: minor
The config option --enable-poll is listed as deprecated, since squid3 is
said to do some fancy things to determine the best I/O method. I did a
test compile w/o the option, and according to powertop it wakes up the
CPU 10-20 times less pe
I tried to further locate when the bug appears. As it turned out the
command line ftp client does not cause the kernel panic, neither in
passive nor in standard mode. I also ran the ftpsync Perl script without
problems.
In order to allow the systems to access ftp, I added the following rule
t
So thanks to all of you,
adding the following dpatch as indicated by Eric resolves the SEGFAULT
and I can resume troubleshooting my configuration issues :(
ad...@valhalla:~/packages/cyrus-sasl2$ cat 0021_fix_sasl_mutex.dpatch
8<-
#! /bin/sh /usr/share/dpatch/dpatch-run
## 0021_
During writing my last reply, the following reached me from Howard Chu:
Based on your backtrace, pretty sure you're running into the bug that
was discussed here
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=8954
I reported this to the Ubuntu folks
https://bug
Hi there,
the bug persists in current Lenny. I'm currently discussing it on the
SASL list (thread: ldapdb auxprop configuration)
I'm running cyrus-imap to authenticate users using the ldapdb auxprop
against a remote ldaps: host. During the DIGEST-MD5 or CRAM-MD5
authentication of the user us
Hi Vitaliy,
Hi Debian Team,
the issue is more severe than it seemed. Actually, the kernel crashes
every time the container is restarted. The first start after initial
boot is flawless and the container works nicely.
I'm setting up intermediate start scripts and a container with a
compiler to
Package: linux-image-2.6-openvz-amd64
Severity: normal
Tags: patch
I had Kernel oops every (3) time, when reconfiguring properties of eth3,
mapped
to a container by vzctl --netdev_add. The kernel oops leads to blocking the
entire machine from inputs. In two cases I managed to issue "sync && hal
Package: smbldap-tools
Version: 0.9.4-1
Severity: important
smbldap-useradd does strange things. The following line:
smbldap-useradd -a -c "Dr. Lars Hanke" -u 1001 -A -G 100 -N "Hanke" -P -S
"Lars" -M mgr mgr
added uid=100 (instead of mgr) and reported that -N
Package: libqt4-sql
Version: 4.2.1-2+etch1
Severity: normal
Reading from MySQL columns of type TEXT to QString, e.g.
query.value(col).toString(), produces trailing garbage characters to be
included in the string. The same compiled code works flawless, if the column
type is changed to VARCHAR, e.g
I struggled with the same kind of bug, but it was not the call to
removeDatabase(), but the return from main(), which died on a futex,
when a second database connection was opened.
I solved the issue by backporting Qt 4.3.3 from the lenny sources.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
h to a DN
[ .. and so on for the standard slapd processing of the request ]
Quitting slapd (^C interactively, kill -TERM, or /etc/init.d/slapd stop) can
take arbitrary long time to complete, then. Interactively slapd reports that
it's waiting for a thread.
If you need more info, do not hesitate to a
51 matches
Mail list logo
