[00:02] zul: were you able to link openldap upstream bugs in LP ? [00:41] mathiaz: no I havent tried === chmac7 is now known as chmac === folke_ is now known as folke === chmac7 is now known as chmac [08:28] moin === mindframe is now known as Guest62006 === chmac7 is now known as chmac === eht is now known as Weasel[DK] === nop is now known as nop_ === nop_ is now known as nop__ [13:28] zul: I have a little time to play with samba bug #241448 [13:28] Launchpad bug 241448 in totem "Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade)." [Undecided,Confirmed] https://launchpad.net/bugs/241448 [13:28] jdstrand: and? [13:29] zul: I was wondering what your findings were [13:29] inconclusive for me [13:29] ok [13:29] what are your findings? ;) [13:29] maybe I'll get lucky [13:29] nothing yet-- I only just now found the time :) [13:29] heh [13:30] zul: ruby update was pretty time consuming [13:30] jdstrand: I bet, another mysql like? [13:31] zul: no, the patches were straightforward enough. upstream was not forthcoming publically on the disclosure, and there was a regression in their updates, so it was trying to make heads or tails of all that, and then all the testing [13:32] *loads* of testing [13:32] jdstrand: sounds like fun :) [13:32] im in the middle of iso testing, I can do this without looking now [13:32] zul: in the end, upstream was quite helpful and things turned out well [13:32] jdstrand: good to hear [13:33] re iso testing> yeah, I hear you [13:58] zul: did you get host's nautilus Network/Windows Networking to see your samba server that was in a vm? [14:00] jdstrand: no it was with real hardware [14:00] ok [14:01] vms can see each other fine... [14:01] oh well, I'll just use vms for now [14:03] wild stuff- watching a flash video in a vm (no sound mind you, but still) [14:03] soren: ^ [14:04] jdstrand: you should cut on isolation. I know flash is bad, but to use a vm to watch a video.... ;) [14:05] nijaba: I'm *very* careful [14:05] ;) [15:17] jdstrand: for what its worth I still havent been able to reproduce that bug from hardy server to hardy client [15:32] does anyone know why dhclient wouldn't be setting the hostname provided by the dhcp server? [15:41] New bug: #243525 in openldap2.3 (main) "slapd needs apparmor changes for cn=config" [Undecided,New] https://launchpad.net/bugs/243525 [15:46] mathiaz: im going to get jcastro to add openldap its to the list as well [15:51] jdstrand: ping [15:53] zul: pong [15:53] :( [15:56] zul: pong [15:56] zul: ack apparmor-- I'll fix it [16:00] jdstrand: are you refering to bug 243525 ? [16:00] Launchpad bug 243525 in openldap2.3 "slapd needs apparmor changes for cn=config" [Medium,Triaged] https://launchpad.net/bugs/243525 [16:04] mathiaz: I was-- but if you are working on, feel free to take it :) [16:04] jdstrand: well - I'm working on the cnconfig migration spec for intrepid [16:05] jdstrand: so I'll fix it while doing it [16:05] jdstrand: however, it may be worth for an SRU [16:05] mathiaz: SRU for hardy? we have cnconfig in there? [16:06] mathiaz: cool on you fixing it in intrepid though ;) [16:07] jdstrand: yes - you can setup cnconfig in hardy - but it's done by default [16:07] reading the forum does suggest people are using it there as well [16:07] jdstrand: cnconfig has been available since 2.3 [16:07] mathiaz: ok [16:07] jdstrand: there is just nothing in the debian scripts to support cnconfig [16:07] are you saying you'd like me to process the SRU? [16:08] jdstrand: well - I don't know if it would qualify for an SRU [16:08] (I can, though it won't probably be today) [16:08] jdstrand: oh - I don't think it has to be done so quickly [16:08] mathiaz: oh it is a totally minimal change with virtually no regression potential-- I think it might be [16:08] jdstrand: for hardy, I'd like to get 2.4.10 as an sru [16:08] jdstrand: and then we can add support for slapd.d in the apparmor profile at the same time [16:09] mathiaz: ah right. we can fix it in there then, with a little line saying 'cnconfig now works' [16:09] * jdstrand nods [16:09] jdstrand: I aggree that the potential for regression is minimal [17:11] * delcoyote hi [17:26] Greetings [17:27] I need a hand with postfix [17:27] I don't want to have local mailboxes... I want all usermail for *@localhost to be redirected to *@domain.com [17:27] ... without having to enter in an alias for each and every user [17:46] New bug: #239184 in openldap2.3 (main) "evolution-exchange-storage crash in e2k_global_catalog_lookup and ber_flush2" [Undecided,New] https://launchpad.net/bugs/239184 [18:04] jdstrand: ping [18:05] zul: pong [18:05] jdstrand: i setup a samba under dapper with one of the configuration files found in the bug and I wasnt able to copy a file over [18:06] this is with a hardy client [18:08] zul: well, that sounds like a different bug entirely, or possiobly misconfiguration? [18:09] zul: I haven't played with dapper yet, though seb128 was able to definitively show it was the -security update [18:09] could be misconfiguration but running it through testparm says it ok [18:09] CVE-2008-1105 [18:09] jdstrand: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105) [18:10] zul: the question is, is the update wrong or is it right with clients misbehaving [18:10] zul: I have some leads though [18:10] jdstrand: coolio [19:03] Fenix|work ought to have more patience. [19:06] true [19:06] sommer: I was working with a DD on getting your php-clamavlib fix uploaded to Debian yesterday and he pointed out that even with the patch, there is still clamav.maxratio in the package. I know it builds with your change, but do you know if it will actually successfully scan files. [19:12] ScottK: yep, it did... but I think there was another bug about php-clamavlib, and when I was checking for a new upstream version the project was unavailable [19:12] ScottK: I guess my question was is there still an upstream? [19:16] Dunno. It seems pretty dead. [19:17] Maybe removal is the best option then. There's a pending removal bug in Debian. [19:20] ScottK: I agree with that. I don't think a PHP virus scanner is all that useful, but then again someone went through the trouble to write it... for a time [19:20] ScottK: here's that bug I was thikning of Bug #234927 [19:20] Launchpad bug 234927 in php5 "delay php script execution on cli" [Low,Triaged] https://launchpad.net/bugs/234927 [19:22] Ah. OTOH it obviously has users. [19:22] sommer: Since you've already invested effort in fixing it up, how would you feel about finishing the work to get it in shape and then we leave it for the next time it's broken to remove it? === leonel_ is now known as leonel [19:40] ScottK: sure, what all needs to be done? [19:46] ScottK: oh ya, the max ratio thing... I'll whip something up this weekend probably [19:49] zul: at what loglevel and which logs are most interesting for samba [19:49] zul: I haven't been able to reproduce it (still) [19:51] * jdstrand goes to try on real hardware [19:55] sommer: Great. [19:58] jdstrand: debug level 9 and /varr/log/log.smbd [19:58] or log.workstation [19:58] zul: that is what I thought (though wasn't sure if 10 is useful) [19:58] zul: thanks [19:59] jdstrand: np [20:06] New bug: #243610 in samba (main) "Can't connect to Windows Servers in Ubuntu 8" [Undecided,New] https://launchpad.net/bugs/243610 [20:36] http://pastie.org/223607 This is the end of my apache access.log. The 85.190.0.3, port 80 is open, and I checked it out, and it said "If you see portscans/abuse from 85.190.0.3 Please read http://freenode.net/policy.shtml#proxies" [20:36] My entire system has frozen at the times in my logs. [20:38] FuRom: isn't ::1 the loopback for ipv6? [20:38] hmm [20:39] jpds, I have no idea what ipv6 is, I was completely confused by this stuff in my log =/ [20:39] FuRom: And if your question is a Freenode question I suggest trying #freenode [20:39] "Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.1 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.6(2007-09-24) (internal dummy connection)" [20:39] being the useragent [20:40] * jpds points FuRom to http://en.wikipedia.org/wiki/IPv6 . [20:40] the bit in brackets suggests you have something running locally thats doing that [20:40] o_o [20:40] Oh, really?! [20:40] ::1 is the ipv6 equivilant of 127.0.0.1 [20:40] given that ubuntu supports ipv6 out of the box now, as do many packages, chances are something's just connecting to localhost, and hitting ::1 instead of 127.0.0.1 [20:41] Oh [20:42] but you have something running locally that's doing that [20:43] Any idea what 85.190.0.3 - - [27/Jun/2008:14:55:51 -0400] "CONNECT 213.92.8.7:31204 HTTP/1.0" 405 391 "-" "-" is? I've never seen "CONNECT" there before. I'mma read about ipv6 in a min [20:45] someone trying to use your webserver as a proxy [20:45] The internal dummy connection doesn't seem to be the issue, because it's accured before with no problem. [20:45] and failing [20:45] Oh [20:45] Could that cause problems? O_o [20:45] not really [20:45] Like, being iced? [20:45] unless you get a massive storm of them [20:45] I only got a couple. [20:46] Hmm [20:46] the occasional one here and there isn't anything to worry about though, it's similar to portscans [20:46] Ah, I see. [20:46] It only bothered me, because I can only assume 85.190.0.3 is the IP of a proxy server. [20:47] could be, if the person trying to find new proxies is using an existing one, [20:51] Ah [20:57] Thanks guys, I appreciate the info. Hopefully, it'll all go well.