From dam at opencsw.org Sun Mar 1 13:04:15 2015 From: dam at opencsw.org (Dagobert Michelsen) Date: Sun, 1 Mar 2015 13:04:15 +0100 Subject: wget 1.16.2 has been released fixing CVE-2014-4877 Message-ID: Hi, due to popular request I just pushed wget 1.16.2 fixing CVE-2014-4877: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877 There have been issues with the compilation on Solaris in versions 1.16 and 1.16.1. The compatilibity with Solaris is now tracked closely via continous builds at the OpenCSW buildfarm for the ease of future builds: https://buildfarm.opencsw.org/buildbot/waterfall?builder=wget-solaris10-i386&builder=wget-solaris10-sparc&reload=300 Best regards ? Dago -- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2418 bytes Desc: not available URL: From ludvigb at gmail.com Wed Mar 4 10:21:56 2015 From: ludvigb at gmail.com (=?UTF-8?Q?Nils_Ludvig_Brandtz=C3=A6g?=) Date: Wed, 4 Mar 2015 10:21:56 +0100 Subject: Missmatch between web site version and install version. In-Reply-To: <78E7C1BB-2F2B-48D0-9FFF-BFA48321BE45@opencsw.org> References: <78E7C1BB-2F2B-48D0-9FFF-BFA48321BE45@opencsw.org> Message-ID: On 25 February 2015 at 13:52, Dagobert Michelsen wrote: >> Am 25.02.2015 um 13:34 schrieb Sascha Ziemann : >> >> When I search for sudo the web site shows me the following package: >> >> http://www.opencsw.org/packages/CSWsudo/ >> >> Software: Name sudo >> Package: Name CSWsudo >> Description: Provides limited super user privileges >> Version: 1.8.12,REV=2015.02.11 > > The version shown is the unstable version, after 14 days without bugs they are > promoted to testing. Regarding sudo there is one day left: > http://buildfarm.opencsw.org/package-promotions/promote-packages.html#sudo I cannot see any updates in testing (munich) since 11-Dec-2014 (catalog/descriptions) and 25-Nov-2014 for packages (libstdc++6-4.9.2,REV=2014.11.07-SunOS5.10-sparc-CSW.pkg.gz etc). Me wrong? -- Nils Ludvig From nathan at nathanpeters.com Wed Mar 4 20:41:13 2015 From: nathan at nathanpeters.com (nathan at nathanpeters.com) Date: Wed, 4 Mar 2015 11:41:13 -0800 Subject: Need help configuring cswopenldap client Message-ID: I have a Solaris 10 system on which I have installed the CSWopenldap packages because I am trying to get sudo working through ldap (to a FreeIPA server). The problem I am having is that I can't figure out how to configure the thing. I have read everything I can find on http://www.opencsw.org/manual/ but the documentation is pretty much nonexistent. Here is the list of packages I have installed from CSW : CSWbdb4, CSWcommon, CSWlibnet, CSWosslutils, CSWsasl, CSWsudoldap, CSWsudo-ldap, CSWsudo-common, CSWopenldap-back-bdb, CSWopenldap-client, CSWopenldap I can't seem to figure out how to configure the CSW openldap client though. With the regular built-in solaris ldap client there is a command that I can use to auto-create the configuration files in /var/ldap. I just run : ldapclient -v init -a domainName=mydomain.net dc1.mydomain.net However, the CSW package apparently expects a different format of file, ldap.conf to be installed at /etc/opt/csw/ldap.conf. So my first question is ----------------------- How do I get that file autoconfigured? Is there a csw command similar to ldapclient init that will just connnect to the directory, download the default duaprofile and update ldap.conf for me the same way the default solaris client does it? The default Solaris client does not seem to be aware of the CSW packages so does not change anything other than /var/ldap when I run it My second question is : why does the CSW openldap client crash when I attempt to start it up? The manual I linked above gave exactly zero information on whether any sort of post-install configuration was necessary so I installed the packages, and then tried to do a 'svcadm enable cswopenldap' Here is what I've done to troubleshoot : # svcs -xv svc:/network/cswopenldap:default (?) State: maintenance since March 4, 2015 11:21:17 AM PST Reason: Start method failed repeatedly, last exited with status 1. See: http://sun.com/msg/SMF-8000-KS See: /var/svc/log/network-cswopenldap:default.log Impact: This service is not running. # tail /var/svc/log/network-cswopenldap:default.log [ Mar 4 10:51:09 Leaving maintenance because clear requested. ] [ Mar 4 10:51:09 Enabled. ] [ Mar 4 10:51:09 Executing start method ("/var/opt/csw/svc/method/svc-cswopenldap start") ] Starting openldap-slapd: [FAILED] [ Mar 4 10:51:09 Method "start" exited with status 1 ] [ Mar 4 11:21:17 Leaving maintenance because clear requested. ] [ Mar 4 11:21:17 Enabled. ] [ Mar 4 11:21:17 Executing start method ("/var/opt/csw/svc/method/svc-cswopenldap start") ] Starting openldap-slapd: [FAILED] [ Mar 4 11:21:17 Method "start" exited with status 1 ] Note that its the openldap-slapd that is not starting? Does anyonw know why slapd would try to start? I intend to use regular ldap, and not ldaps so I'm not sure why the slapd is trying to start. Also, why would it fail? that log entry is very non-verbose about what the cause of failure was. I had previously been getting an error about bdb not recognized but I solved that by uncommenting the following lines : modulepath /opt/csw/libexec/amd64/openldap moduleload back_bdb.la However, now the server is just not starting, and as you can see from the logs above, not giving a bdb error, but still failing to start or tell me why it didn't start. From maciej at opencsw.org Thu Mar 5 02:41:45 2015 From: maciej at opencsw.org (=?UTF-8?Q?Maciej_=28Matchek=29_Blizi=C5=84ski?=) Date: Thu, 5 Mar 2015 01:41:45 +0000 Subject: Missmatch between web site version and install version. In-Reply-To: References: <78E7C1BB-2F2B-48D0-9FFF-BFA48321BE45@opencsw.org> Message-ID: 2015-03-04 9:21 GMT+00:00 Nils Ludvig Brandtz?g : > I cannot see any updates in testing (munich) since 11-Dec-2014 > (catalog/descriptions) and 25-Nov-2014 for packages > (libstdc++6-4.9.2,REV=2014.11.07-SunOS5.10-sparc-CSW.pkg.gz etc). Me > wrong? You're right, munich updates are broken: 2015/03/05 02:39:29 Problem in the catalog: Package CSWgit declares dependency on CSWosshclient but CSWosshclient is missing from the {munich sparc SunOS5.10} catalog. From grzemba at contac-dt.de Thu Mar 5 09:03:10 2015 From: grzemba at contac-dt.de (Carsten Grzemba) Date: Thu, 05 Mar 2015 09:03:10 +0100 Subject: Need help configuring cswopenldap client In-Reply-To: References:

Message-ID: Do you don't need a ldap server (slapd) for connect Solaris to FreeIPA DS. I guess you also don't need a openldap client for sudo. This sould use the normal getpwent system calls, so you can configure the Solaris LDAP client. If the DS provides no DUAconfigprofiles, then you have to configure the LDAP client manually. There are how to's on the 389DS documentation. Am 04.03.15 schrieb nathan at nathanpeters.com: > I have a Solaris 10 system on which I have installed the CSWopenldap > packages because I am trying to get sudo working through ldap (to a > FreeIPA server). > > The problem I am having is that I can't figure out how to configure the > thing. I have read everything I can find on > http://www.opencsw.org/manual/ but the documentation is pretty much > nonexistent. > > Here is the list of packages I have installed from CSW : CSWbdb4, > CSWcommon, CSWlibnet, CSWosslutils, CSWsasl, CSWsudoldap, CSWsudo-ldap, > CSWsudo-common, CSWopenldap-back-bdb, CSWopenldap-client, CSWopenldap > > I can't seem to figure out how to configure the CSW openldap client > though. With the regular built-in solaris ldap client there is a command > that I can use to auto-create the configuration files in /var/ldap. I > just run : > ldapclient -v init -a domainName=mydomain.net dc1.mydomain.net > > However, the CSW package apparently expects a different format of file, > ldap.conf to be installed at /etc/opt/csw/ldap.conf. > > So my first question is > ----------------------- > How do I get that file autoconfigured? Is there a csw command similar to > ldapclient init that will just connnect to the directory, download the > default duaprofile and update ldap.conf for me the same way the default > solaris client does it? The default Solaris client does not seem to be > aware of the CSW packages so does not change anything other than /var/ldap > when I run it > > My second question is : why does the CSW openldap client crash when I > attempt to start it up? > > The manual I linked above gave exactly zero information on whether any > sort of post-install configuration was necessary so I installed the > packages, and then tried to do a 'svcadm enable cswopenldap' > > Here is what I've done to troubleshoot : > # svcs -xv > svc:/network/cswopenldap:default (?) > ?State: maintenance since March 4, 2015 11:21:17 AM PST > Reason: Start method failed repeatedly, last exited with status 1. > See: http://sun.com/msg/SMF-8000-KS > See: /var/svc/log/network-cswopenldap:default.log > Impact: This service is not running. > > # tail /var/svc/log/network-cswopenldap:default.log > [ Mar 4 10:51:09 Leaving maintenance because clear requested. ] > [ Mar 4 10:51:09 Enabled. ] > [ Mar 4 10:51:09 Executing start method > ("/var/opt/csw/svc/method/svc-cswopenldap start") ] > Starting openldap-slapd: [FAILED] > [ Mar 4 10:51:09 Method "start" exited with status 1 ] > [ Mar 4 11:21:17 Leaving maintenance because clear requested. ] > [ Mar 4 11:21:17 Enabled. ] > [ Mar 4 11:21:17 Executing start method > ("/var/opt/csw/svc/method/svc-cswopenldap start") ] > Starting openldap-slapd: [FAILED] > [ Mar 4 11:21:17 Method "start" exited with status 1 ] > > Note that its the openldap-slapd that is not starting? > > Does anyonw know why slapd would try to start? I intend to use regular > ldap, and not ldaps so I'm not sure why the slapd is trying to start. > Also, why would it fail? that log entry is very non-verbose about what > the cause of failure was. > > I had previously been getting an error about bdb not recognized but I > solved that by uncommenting the following lines : > modulepath /opt/csw/libexec/amd64/openldap > moduleload back_bdb.la > > However, now the server is just not starting, and as you can see from the > logs above, not giving a bdb error, but still failing to start or tell me > why it didn't start. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From testers1717 at gmail.com Fri Mar 6 00:45:33 2015 From: testers1717 at gmail.com (Ibraheem Saleh) Date: Thu, 5 Mar 2015 15:45:33 -0800 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 Message-ID: Hi, Could one of you compiling geniuses compile Mozilla Firefox ESR 24.8.1 or 31.5 for Solaris 10? I've been trying to do it for the past week and have failed miserably :( Any help would be tremendous. If you are able to figure it out, I would love to know how you did it! Thanks, Abraham -------------- next part -------------- An HTML attachment was scrubbed... URL: From opencsw at ernie.org Fri Mar 6 01:02:51 2015 From: opencsw at ernie.org (Ernie Hershey) Date: Thu, 5 Mar 2015 19:02:51 -0500 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References: Message-ID: Hi Abraham - I can try. Can you point me to the source? Ernie On Thu, Mar 5, 2015 at 6:45 PM, Ibraheem Saleh wrote: > Hi, > > Could one of you compiling geniuses compile Mozilla Firefox ESR 24.8.1 or > 31.5 for Solaris 10? > > I've been trying to do it for the past week and have failed miserably :( > > Any help would be tremendous. > > If you are able to figure it out, I would love to know how you did it! > > Thanks, > Abraham > -------------- next part -------------- An HTML attachment was scrubbed... URL: From testers1717 at gmail.com Fri Mar 6 04:57:22 2015 From: testers1717 at gmail.com (Ibraheem Saleh) Date: Thu, 5 Mar 2015 19:57:22 -0800 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References: Message-ID: Hi Ernie!! Awesome! I've been banging my head against this problem for the past week and everytime I make progress I feel like 4 more walls present themselves lol. The source tarball for 24.8.1ESR can be found here: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/source/firefox-24.8.1esr.source.tar.bz2 ... The root folders are here: 24.8.1:: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/ 31.5.0:: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/31.5.0esr/ I think I'd rather have 24.8.1 for now :). Thanks, Abraham On Thu, Mar 5, 2015 at 4:02 PM, Ernie Hershey wrote: > Hi Abraham - I can try. Can you point me to the source? > Ernie > > On Thu, Mar 5, 2015 at 6:45 PM, Ibraheem Saleh > wrote: > >> Hi, >> >> Could one of you compiling geniuses compile Mozilla Firefox ESR 24.8.1 or >> 31.5 for Solaris 10? >> >> I've been trying to do it for the past week and have failed miserably :( >> >> Any help would be tremendous. >> >> If you are able to figure it out, I would love to know how you did it! >> >> Thanks, >> Abraham >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jh at opencsw.org Fri Mar 6 10:05:04 2015 From: jh at opencsw.org (Jan Holzhueter) Date: Fri, 06 Mar 2015 10:05:04 +0100 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References:

Message-ID: <54F96DC0.2090201@opencsw.org> Hi, Am 06.03.15 um 04:57 schrieb Ibraheem Saleh: > Hi Ernie!! > > Awesome! I've been banging my head against this problem for the past > week and everytime I make progress I feel like 4 more walls present > themselves lol. > > The source tarball for 24.8.1ESR can be found here: > http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/source/firefox-24.8.1esr.source.tar.bz2 > ... > > The root folders are here: > 24.8.1:: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/ > 31.5.0:: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/31.5.0esr/ > > I think I'd rather have 24.8.1 for now :). I would go just with the package provided: https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/contrib/solaris_pkgadd/ as building it is extreme pain. This is why we stopped trying to build it a long time ago. Greetings Jan From chrisridd at mac.com Fri Mar 6 14:11:45 2015 From: chrisridd at mac.com (Chris Ridd) Date: Fri, 06 Mar 2015 13:11:45 +0000 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References:

Message-ID: <59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com> On 6 Mar 2015, at 03:57, Ibraheem Saleh wrote: > > Hi Ernie!! > > Awesome! I've been banging my head against this problem for the past week and everytime I make progress I feel like 4 more walls present themselves lol. > > The source tarball for 24.8.1ESR can be found here: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/source/firefox-24.8.1esr.source.tar.bz2 ... > > The root folders are here: > 24.8.1:: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/ > 31.5.0:: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/31.5.0esr/ > Mozilla has a potentially useful page to start from (NB I have no interest in doing this myself!) https://developer.mozilla.org/en-US/docs/Archive/Solaris_10_build_prerequisites It looks totally horrendous. Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From testers1717 at gmail.com Fri Mar 6 18:39:38 2015 From: testers1717 at gmail.com (Ibraheem Saleh) Date: Fri, 6 Mar 2015 09:39:38 -0800 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: <59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com> References:

<59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com> Message-ID: Hi Chris, There is a security scare at work where they don't trust precompiled packages which don't have the source used to compile them. Do you know if there is anyway to know who compiled those "Contrib" packages? I believe somebody was looking at it earlier and noticed that they were compiled in China, which US government agencies aren't allowed to have dealings with :( ... I wish it was just as easy as using them and being done with it haha... This task should definitely not have been assigned to me lol, I'm primarily just a tester! I figured I'd reach out before I gave up in any case. Thanks, Abraham On Fri, Mar 6, 2015 at 5:11 AM, Chris Ridd wrote: > On 6 Mar 2015, at 03:57, Ibraheem Saleh wrote: > > Hi Ernie!! > > Awesome! I've been banging my head against this problem for the past week > and everytime I make progress I feel like 4 more walls present themselves > lol. > > The source tarball for 24.8.1ESR can be found here: > http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/source/firefox-24.8.1esr.source.tar.bz2 > ... > > The root folders are here: > 24.8.1:: > http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/24.8.1esr/ > 31.5.0:: > http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/31.5.0esr/ > > > Mozilla has a potentially useful page to start from (NB I have no interest > in doing this myself!) > > > https://developer.mozilla.org/en-US/docs/Archive/Solaris_10_build_prerequisites > > It looks totally horrendous. > > Chris > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chrisridd at mac.com Fri Mar 6 18:47:56 2015 From: chrisridd at mac.com (Chris Ridd) Date: Fri, 06 Mar 2015 17:47:56 +0000 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References:

<59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com> Message-ID: > On 6 Mar 2015, at 17:39, Ibraheem Saleh wrote: > > Hi Chris, > > There is a security scare at work where they don't trust precompiled packages which don't have the source used to compile them. > > Do you know if there is anyway to know who compiled those "Contrib" packages? I believe somebody was looking at it earlier and noticed that they were compiled in China, which US government agencies aren't allowed to have dealings with :( ... They were built in Sun's Beijing offices by Sun employees. Why don't you ask Oracle for the sources to what they ship? An alternative idea might be to look into the work porting Chrome (Chromium?) to Solaris. Phil Brown restarted it last year, I believe. Chris From testers1717 at gmail.com Fri Mar 6 19:01:03 2015 From: testers1717 at gmail.com (Ibraheem Saleh) Date: Fri, 6 Mar 2015 10:01:03 -0800 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References:

<59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com>

Message-ID: I'm the 3rd person who has been assigned this project. I believe one of the first 2 tried that and the response they received was that Oracle wouldn't even admit that they had a Beijing office. It won't hurt to try and reach out to them again, I'll send some emails right now :) Anyways... Opencsw builders have built programs for Solaris, specifically Firefox dependencies, that I have not been able to get working myself. If anybody can do it, I believe you guys can. Please try :) If you get it working, maybe I can ask my boss to purchase the instructions for how you compiled it from you. It would be much cheaper than having me waste my time on it and fail! Thanks, Abraham On Fri, Mar 6, 2015 at 9:47 AM, Chris Ridd wrote: > > > On 6 Mar 2015, at 17:39, Ibraheem Saleh wrote: > > > > Hi Chris, > > > > There is a security scare at work where they don't trust precompiled > packages which don't have the source used to compile them. > > > > Do you know if there is anyway to know who compiled those "Contrib" > packages? I believe somebody was looking at it earlier and noticed that > they were compiled in China, which US government agencies aren't allowed to > have dealings with :( ... > > They were built in Sun's Beijing offices by Sun employees. > > Why don't you ask Oracle for the sources to what they ship? > > An alternative idea might be to look into the work porting Chrome > (Chromium?) to Solaris. Phil Brown restarted it last year, I believe. > > Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From delrio at mie.utoronto.ca Fri Mar 6 19:41:31 2015 From: delrio at mie.utoronto.ca (Oscar del Rio) Date: Fri, 06 Mar 2015 13:41:31 -0500 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References:

<59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com>

Message-ID: <54F9F4DB.50908@mie.utoronto.ca> On 03/ 6/15 01:01 PM, Ibraheem Saleh wrote: > Anyways... Opencsw builders have built programs for Solaris, specifically > Firefox dependencies, that I have not been able to get working myself. If > anybody can do it, I believe you guys can. Please try :) > > If you get it working, maybe I can ask my boss to purchase the instructions > for how you compiled it from you. It would be much cheaper than having me > waste my time on it and fail! Check recent posts in Openindiana: someone mentions that he has been able to compile it from pkgsrc. http://openindiana.org/pipermail/openindiana-discuss/2015-March/thread.html From jh at opencsw.org Fri Mar 6 20:25:05 2015 From: jh at opencsw.org (=?windows-1252?Q?Jan_Holzh=FCter?=) Date: Fri, 06 Mar 2015 20:25:05 +0100 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References:

<59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com>

Message-ID: <54F9FF11.7050804@opencsw.org> Am 06.03.15 um 18:47 schrieb Chris Ridd: > >> On 6 Mar 2015, at 17:39, Ibraheem Saleh wrote: >> >> Hi Chris, >> >> There is a security scare at work where they don't trust precompiled packages which don't have the source used to compile them. >> >> Do you know if there is anyway to know who compiled those "Contrib" packages? I believe somebody was looking at it earlier and noticed that they were compiled in China, which US government agencies aren't allowed to have dealings with :( ... > Well if you are a US goverment talk to the NSA to pull out the source from Oracle. :) Or pay Mozilla Foundation to build it for you. If you have this requirement to build your software. Why do you use Solaris anyway? Sorry for the harsh tune (must be the flu drugs :)) I don't think there will be much luck in getting this done in opencsw. Grettings Jan From testers1717 at gmail.com Fri Mar 6 20:47:11 2015 From: testers1717 at gmail.com (Ibraheem Saleh) Date: Fri, 6 Mar 2015 11:47:11 -0800 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: <54F9FF11.7050804@opencsw.org> References:

<59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com>

<54F9FF11.7050804@opencsw.org> Message-ID: I work for the US government and this is something that I have been asked to do. I do not work for the NSA :P ... Solaris has been used to host this divisions applications for decades so that probably won't be changing anytime soon, although, I did notice some newer teams moving to RHEL. Anyways, if you can't/won't do it... that's fine haha... I'm just hoping somebody else can. I'll probably bang my head against it for another week before I give up in any case. I still believe in you Ernie & anyone else trying! I'll look into that OpenIndiana thread in a bit Oscar, thanks! Thanks, Abraham On Fri, Mar 6, 2015 at 11:25 AM, Jan Holzh?ter wrote: > Am 06.03.15 um 18:47 schrieb Chris Ridd: > > > >> On 6 Mar 2015, at 17:39, Ibraheem Saleh wrote: > >> > >> Hi Chris, > >> > >> There is a security scare at work where they don't trust precompiled > packages which don't have the source used to compile them. > >> > >> Do you know if there is anyway to know who compiled those "Contrib" > packages? I believe somebody was looking at it earlier and noticed that > they were compiled in China, which US government agencies aren't allowed to > have dealings with :( ... > > > Well if you are a US goverment talk to the NSA to pull out the source > from Oracle. :) > > Or pay Mozilla Foundation to build it for you. > > If you have this requirement to build your software. Why do you use > Solaris anyway? > > Sorry for the harsh tune (must be the flu drugs :)) > > I don't think there will be much luck in getting this done in opencsw. > > Grettings > Jan > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From laurent at opencsw.org Fri Mar 6 21:03:37 2015 From: laurent at opencsw.org (Laurent Blume) Date: Fri, 06 Mar 2015 21:03:37 +0100 Subject: Software Compilation Request: Mozilla Firefox ESR 24 & 31 In-Reply-To: References:

<59A6A091-2F42-4DDF-95FB-794EBD8ED2F7@mac.com> Message-ID: <54FA0819.1020403@opencsw.org> Le 2015/03/06 18:39 +0100, Ibraheem Saleh a ?crit: > Do you know if there is anyway to know who compiled those "Contrib" > packages? I believe somebody was looking at it earlier and noticed > that they were compiled in China, which US government agencies aren't > allowed to have dealings with :( ... Why are you using Solaris then? Quite a lot of its development has been done in China for years. Drivers in particular, so deep inside the system, and, yes, desktop stuff, hence why they've been doing the Firefox builds. > I believe one of the first 2 tried that and the response they > received was that Oracle wouldn't even admit that they had a Beijing > office. It won't hurt to try and reach out to them again, I'll send > some emails right now :) Oh, they would not admit that, wouldn't they? Except, like, on their website? Where I count 5 offices in Beijing? Complete with addresses, phone numbers, and whatnot? I've seen secrets better kept... http://www.oracle.com/cn/corporate/contact/index.html I can tell you, if you look left when getting inside the building where they do Firefox, you see the Google building. And in your back, there's the Microsoft/Adobe one. There's Dell around, too, but it's a bit of a walk. And plenty of others. Good luck finding your Chinese-free software. Laurent From ras at acm.org Tue Mar 10 23:06:12 2015 From: ras at acm.org (Robert A. Schmied) Date: Tue, 10 Mar 2015 15:06:12 -0700 Subject: Minimum libc version is 1.22.5 Message-ID: <54FF6AD4.5000600@acm.org> aloha opencsw the home page shows the subject libc version at 1.22.5. can anyone identify the first solaris 10 sparc update release that supplies that libc version. thanks ras From dam at opencsw.org Wed Mar 11 09:07:04 2015 From: dam at opencsw.org (Dagobert Michelsen) Date: Wed, 11 Mar 2015 09:07:04 +0100 Subject: Minimum libc version is 1.22.5 In-Reply-To: <54FF6AD4.5000600@acm.org> References: <54FF6AD4.5000600@acm.org> Message-ID: Hi Robert, > Am 10.03.2015 um 23:06 schrieb Robert A. Schmied : > > aloha opencsw > > the home page shows the subject libc version at 1.22.5. > > can anyone identify the first solaris 10 sparc update release that supplies that libc version. That was Solaris 10 Update 8: https://github.com/illumos/illumos-gate/blob/20afa66e72e7c210ef1f9053d4bc8f5b60d1eeed/usr/src/lib/libc/port/mapfile-vers#L455 Best regards ? Dago -- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2418 bytes Desc: not available URL: From dam at opencsw.org Mon Mar 16 16:16:26 2015 From: dam at opencsw.org (Dagobert Michelsen) Date: Mon, 16 Mar 2015 16:16:26 +0100 Subject: OpenCSW question about package wdiff In-Reply-To: <201503161358.t2GDwdYh010160@www.opencsw.org> References: <201503161358.t2GDwdYh010160@www.opencsw.org> Message-ID: <704C7E4B-AA53-4E4F-AD0E-1E8265AAA744@opencsw.org> Hi, > Am 16.03.2015 um 14:58 schrieb kulkarniashish88 at gmailcom.opencsw.org: > > Hello sir, > I am interested in contributing to wdiff project.I have created a patch to add the feature to be able to specify what is a whitespace from command line.I am attaching the link herewith.Please guide me further on this, there has been no response on the savannah page so far. > Link to patch: http://savannah.gnu.org/patch/?8604 > Looking forward for further guidance from you. I am the maintainer of the Solaris package, you should better contact the wdiff-dev mailing list: https://savannah.gnu.org/mail/?group=wdiff Best regards ? Dago -- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2418 bytes Desc: not available URL: From dam at opencsw.org Tue Mar 17 10:49:30 2015 From: dam at opencsw.org (Dagobert Michelsen) Date: Tue, 17 Mar 2015 10:49:30 +0100 Subject: OpenCSW question about package CSWfreetds-dev In-Reply-To: <201503170947.t2H9lAJq013600@www.opencsw.org> References: <201503170947.t2H9lAJq013600@www.opencsw.org> Message-ID: <016AC723-200D-4642-A684-118482AF96BA@opencsw.org> Hi Aakash, > Am 17.03.2015 um 10:47 schrieb aakash_bkn at hotmail.com: > > I have installed unixODBC-2.2.14-sparcv9.pkg and freetds-dev.0.92.950.tar on my sun sparc 64 bit operating system, but I am unable to found libtdsodbc.so file after installation. > > ls -ltr /usr/local/lib/libt* > /usr/local/lib/libt*: No such file or directory > > PLEASE SUGGEST The names for the packages suggest that you are not using the OpenCSW packages at all. I suggest to use the ?Getting Started? guide: http://www.opencsw.org/manual/for-administrators/getting-started.html#getting-started Best regards ? Dago -- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2418 bytes Desc: not available URL: From bwalton at opencsw.org Wed Mar 18 20:14:51 2015 From: bwalton at opencsw.org (Ben Walton) Date: Wed, 18 Mar 2015 19:14:51 +0000 Subject: OpenCSW question about package php5 In-Reply-To: <201503181540.t2IFedDi023164@www.opencsw.org> References: <201503181540.t2IFedDi023164@www.opencsw.org> Message-ID: (Bcc: Oriol, To:user list) Hi Oriol, I no longer use php, or any Solaris, so I won't be updating the packages any time soon. I'd be happy to show you the ropes if your willing to do the update though. That goes for any CSW user that needs this update. I'll spend time teaching, but not doing as the personal cost/benefit ratio isn't high enough for me anymore. Thanks -Ben On Wed, Mar 18, 2015, 3:40 PM null < oriol at scrubbed > wrote: I wondering when is planned to prepare php5.5 for csw? Hello there, I am wondering when php5.5 will be ready in the csw-system. Otherwise, I wonder if there is a right way to install in solaris and get along with apache-csw. Many tyanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesse.carroll at cfl.rr.com Fri Mar 20 20:01:45 2015 From: jesse.carroll at cfl.rr.com (jesse.carroll at cfl.rr.com) Date: Fri, 20 Mar 2015 15:01:45 -0400 Subject: netsnmp Solaris 9 using v3 Message-ID: <20150320190145.TPIXH.267529.root@cdptpa-web02> So installing and configuring net-snmnp (netsnmp) v3 on Solaris 10 was actually quite easy. However on Solaris 9 I have two issues. First /etc/opt/csw/snmp/snmpd.conf in not included in the Solaris 9 package. It is in Solaris 10. Fairly trivial as I copied the file from a Solaris 10 server. The second issue is a bit more critical. When I create a v3 user via net-snmp-create-v3-user the information is not placed in /var/opt/csw/net-snmp/snmpd.conf after I start snmpd. The command with sensitive information redacted: net-snmp-create-v3-user -a SHA -x AES -A -X Before I start snmpd I see 'createUser NMSusr1 SHA "5hASnMP3nM5!" AES ae5SnMP3nM5!'. After I start snmpd the user information is missing from /var/opt/csw/net-snmp/snmpd.conf. Looking at my Solaris 10 I see information for the user that starts with 'usmUser'. Is there something I'm missing or is this a bug? I'm running 5.6.1.1 on both systems. One last question: The page for netsnmp list version 5.7.3,REV=2015.03.18 but I can't seem to find it in the mirrors I've searched. Is there a plan to release this version? Jesse Carroll From grzemba at contac-dt.de Sat Mar 21 21:08:01 2015 From: grzemba at contac-dt.de (Carsten Grzemba) Date: Sat, 21 Mar 2015 21:08:01 +0100 Subject: netsnmp Solaris 9 using v3 In-Reply-To: References: <20150320190145.TPIXH.267529.root@cdptpa-web02>

Message-ID: netsnmp is only in catalog unstable now, so for that you have to set mirror for unstable in /etc/opt/csw/pkgutil.conf There is no package 5.7.3 for Solaris9 Carsten > > One last question: The page for netsnmp list version 5.7.3,REV=2015.03.18 but I can't seem to find it in the mirrors I've searched. Is there a plan to release this version? > > > Jesse Carroll > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesse.carroll at cfl.rr.com Mon Mar 23 13:51:52 2015 From: jesse.carroll at cfl.rr.com (jesse.carroll at cfl.rr.com) Date: Mon, 23 Mar 2015 8:51:52 -0400 Subject: netsnmp Solaris 9 using v3 In-Reply-To: Message-ID: <20150323125153.1DGV8.83330.root@cdptpa-web26> Thanks for the version information. Now about my question concerning the v3 user information being deleted from /var/opt/csw/net-snmp/snmpd.conf when snmpd is started? Jesse Carroll ---- Carsten Grzemba wrote: > > netsnmp is only in catalog unstable now, so for that you have to set mirror for unstable in /etc/opt/csw/pkgutil.conf > There is no package 5.7.3 for Solaris9 > > Carsten > > > > > One last question: The page for netsnmp list version 5.7.3,REV=2015.03.18 but I can't seem to find it in the mirrors I've searched. Is there a plan to release this version? > > > > > > Jesse Carroll > > > > From jesse.carroll at cfl.rr.com Mon Mar 23 15:09:22 2015 From: jesse.carroll at cfl.rr.com (jesse.carroll at cfl.rr.com) Date: Mon, 23 Mar 2015 10:09:22 -0400 Subject: netsnmp Solaris 9 using v3 In-Reply-To: <20150323125153.1DGV8.83330.root@cdptpa-web26> Message-ID: <20150323140923.UHEV7.85464.root@cdptpa-web26> Another piece of the puzzle. I started snmpd with the '-DALL' debugging option. (Lots of output). Digging through the output I find '/var/opt/csw/net-snmp/snmpd.conf: line 52: Error: Unknown privacy protocol' when /var/opt/csw/net-snmp/snmpd.conf is parsed. This is apparently caused by the AES protocol being defined vi net-snmp-create-v3-user. Jesse Carroll ---- jesse.carroll at cfl.rr.com wrote: > Thanks for the version information. > > Now about my question concerning the v3 user information being deleted from /var/opt/csw/net-snmp/snmpd.conf when snmpd is started? > > Jesse Carroll > > ---- Carsten Grzemba wrote: > > > > netsnmp is only in catalog unstable now, so for that you have to set mirror for unstable in /etc/opt/csw/pkgutil.conf > > There is no package 5.7.3 for Solaris9 > > > > Carsten > > > > > > > > One last question: The page for netsnmp list version 5.7.3,REV=2015.03.18 but I can't seem to find it in the mirrors I've searched. Is there a plan to release this version? > > > > > > > > > Jesse Carroll > > > > > > From Andreas.Dvorak at baaderbank.de Tue Mar 24 09:37:45 2015 From: Andreas.Dvorak at baaderbank.de (Dvorak Andreas) Date: Tue, 24 Mar 2015 09:37:45 +0100 Subject: CSWrsyslog Warning: backward compatibility layer added Message-ID: Dear all I have rsyslog 5.8.13 installed. The messages file says it is running in compatibility mode but I do not know why. And imsolaris does not run. Can somebody please help me? When it starts I get the messages: Mar 24 09:02:21 sv2507 rsyslogd: [origin software="rsyslogd" swVersion="5.8.13" x-pid="21775" x-info="http://www.rsyslog.com"] exiting on signal 15. Mar 24 09:02:21 sv2507 rsyslogd: imuxsock does not run because we could not aquire any socket Mar 24 09:02:21 sv2507 rsyslogd: [origin software="rsyslogd" swVersion="5.8.13" x-pid="19031" x-info="http://www.rsyslog.com"] start Mar 24 09:02:21 sv2507 rsyslogd: WARNING: rsyslogd is running in compatibility mode. Automatically generated config directives may interfer with your rsyslog.conf settings. We suggest upgrading your c onfig and adding -c5 as the first rsyslogd option. Mar 24 09:02:21 sv2507 rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad immark Mar 24 09:02:21 sv2507 rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: MarkMessagePeriod 1200 Mar 24 09:02:21 sv2507 rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad imuxsock Mar 24 09:16:55 sv2507 dvoraka: [ID 702911 user.notice] UNIGW#PROBLEM#4#test#sv2507#Test von Andreas#PWCHANGE#test rsyslog.conf $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $ModLoad imsolaris $RepeatedMsgReduction on $IncludeConfig /etc/rsyslog.d/*.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log *.*;local5.none;local6.none @10.112.10.69 Best regards Andreas Dvorak -------------- next part -------------- An HTML attachment was scrubbed... URL: From john.thurston at alaska.gov Wed Mar 25 23:13:42 2015 From: john.thurston at alaska.gov (John Thurston) Date: Wed, 25 Mar 2015 14:13:42 -0800 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 Message-ID: <55133316.6090001@alaska.gov> I thought it might be time to update the openSSL on my BIND servers. I was using 1.0.1L. The update was to be to 1.0.1M. But when I do so, BIND refuses to start. When I turn up debugging on the named process, I see that it fails with > 25-Mar-2015 13:49:21.756 initializing DST: crypto failure > 25-Mar-2015 13:49:21.756 exiting (due to fatal error) Has anyone else seen similar problems with the most recent openssl? -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska :: Environment :: Solaris 10 on SPARC SunOS nstest 5.10 Generic_150400-17 sun4v sparc sun4v :: Packages prior to update :: package installed CSWbind 9.9.7,REV=2015.02.26 CSWbindutils 9.9.7,REV=2015.02.26 CSWcacertificates 20120511,REV=2012.05.11 CSWcas-cpsampleconf 1.50,REV=2015.01.17 CSWcas-cptemplates 1.49,REV=2013.03.13 CSWcas-crontab 1.48,REV=2012.09.02 CSWcas-etcservices 1.42,REV=2011.02.16 CSWcas-etcshells 1.45,REV=2011.07.12 CSWcas-inetd 1.42,REV=2010.11.26 CSWcas-initsmf 1.50,REV=2015.01.17 CSWcas-migrateconf 1.50,REV=2015.01.17 CSWcas-postmsg 1.42,REV=2010.11.26 CSWcas-preserveconf 1.50,REV=2015.01.17 CSWcas-pycompile 1.49,REV=2013.07.29 CSWcas-sslcert 1.48,REV=2012.10.17 CSWcas-texhash 1.49,REV=2013.02.19 CSWcas-texinfo 1.42,REV=2010.11.26 CSWcas-usergroup 1.50,REV=2015.01.17 CSWcommon 1.5,REV=2010.12.11 CSWcswclassutils 1.49,REV=2013.03.13 CSWcswpki 1.1,REV=2013.01.11 CSWggettext-data 0.18.1.1,p,REV=2011.03.15 CSWgnupg 1.4.12,REV=2012.01.30 CSWiconv 1.14,REV=2011.08.08 CSWisaexec 0.2,REV=2009.03.26 CSWlibbind 9.9.7,REV=2015.02.26 CSWlibbz2-1-0 1.0.6,REV=2011.08.18 CSWlibcharset1 1.14,REV=2011.08.07 CSWlibcom-err3 1.12.1,REV=2014.03.14 CSWlibcurl4 7.28.1,REV=2013.05.21 CSWlibexpat1 2.1.0,REV=2013.01.01 CSWlibgcc-s1 4.9.2,REV=2014.11.07 CSWlibgssapi-krb5-2 1.9.2,REV=2013.05.14 CSWlibiconv2 1.14,REV=2011.08.07 CSWlibidn11 1.26,REV=2013.01.01 CSWlibintl8 0.18.1.1,p,REV=2011.03.15 CSWlibk5crypto3 1.12.1,REV=2014.03.14 CSWlibkrb5-3 1.12.1,REV=2014.03.14 CSWlibkrb5support0 1.12.1,REV=2014.03.14 CSWliblber2-3-0 2.3_1,REV=2012.02.01 CSWliblber2-4-2 2.4.32,REV=2012.11.05 CSWlibldap-r2-3-0 2.3_1,REV=2012.02.01 CSWlibldap-r2-4-2 2.4.32,REV=2012.11.05 CSWlibldap2-3-0 2.3_1,REV=2012.02.01 CSWlibldap2-4-2 2.4.32,REV=2012.11.05 CSWliblzma5 5.0.5,REV=2013.07.05 CSWlibncurses5 5.9,REV=2011.11.21 CSWlibncursesw5 5.9,REV=2011.11.21 CSWlibnet 1.0.2a,REV=2011.09.29 CSWlibpanel5 5.9,REV=2011.11.21 CSWlibpanelw5 5.9,REV=2011.11.21 CSWlibreadline6 6.2,REV=2011.07.02 CSWlibsasl2-2 2.1.25,REV=2012.05.06 CSWlibsocks 1.2.1,REV=2010.08.31 CSWlibssl0-9-8 0.9.8ze,REV=2015.02.09 CSWlibssl1-0-0 1.0.1l,REV=2015.02.08 CSWlibverto0 1.12.1,REV=2014.03.14 CSWlibxml2-2 2.9.1,REV=2013.08.16 CSWlibz1 1.2.8,REV=2013.09.23 CSWnano 2.2.6,REV=2011.04.07 CSWncurses 5.9,REV=2011.11.21 CSWoldaprt 2.4.32,REV=2012.11.10 CSWopenssl-utils 1.0.1i,REV=2014.08.08 CSWpkgutil 2.6.5,REV=2012.08.15 CSWsudo 1.8.6p8,REV=2013.04.27 CSWterminfo 5.9,REV=2014.11.28 CSWterminfo-rxvt-unicode 9.20,REV=2014.10.31 CSWzlib 1.2.7,REV=2012.06.14 :: Packages changed during update :: package installed CSWlibssl1-0-0 1.0.1m,REV=2015.03.21 CSWopenssl-utils 1.0.1m,REV=2015.03.21 :: Result of launching named with -d 4 and -g :: > root at nstest:~> /opt/csw/sbin/named -u named -4 -U 32 -d 6 -c /etc/opt/csw/pkg/CSWbind/bind -g > 25-Mar-2015 13:49:21.683 starting BIND 9.9.7 -u named -4 -U 32 -d 6 -c /etc/opt/csw/pkg/CSWbind/bind -g > 25-Mar-2015 13:49:21.684 built with '--prefix=/opt/csw' '--exec_prefix=/opt/csw' '--bindir=/opt/csw/bin' '--sbindir=/opt/csw/sbin' '--libexecdir=/opt/csw/libexec' '--datadir=/opt/csw/share' '--sharedstatedir=/opt/csw/share' '--localstatedir=/var/opt/csw' '--libdir=/opt/csw/lib' '--infodir=/opt/csw/share/info' '--includedir=/opt/csw/include' '--mandir=/opt/csw/share/man' '--with-libtool' '--with-openssl=/opt/csw' '--enable-threads' '--enable-largefile' '--sysconfdir=/etc/opt/csw' '--localstatedir=/var/opt/csw/named' '--enable-rrl' 'CC=/opt/csw/bin/gcc-4.9' 'CFLAGS=-O2 -pipe -mcpu=v9 -Wa,-xarch=v8plus' 'LDFLAGS=-mcpu=v9 -Wa,-xarch=v8plus -L/opt/csw/lib' 'CPPFLAGS=-I/opt/csw/include' > 25-Mar-2015 13:49:21.684 ---------------------------------------------------- > 25-Mar-2015 13:49:21.684 BIND 9 is maintained by Internet Systems Consortium, > 25-Mar-2015 13:49:21.684 Inc. (ISC), a non-profit 501(c)(3) public-benefit > 25-Mar-2015 13:49:21.684 corporation. Support and training for BIND 9 are > 25-Mar-2015 13:49:21.684 available at https://www.isc.org/support > 25-Mar-2015 13:49:21.684 ---------------------------------------------------- > 25-Mar-2015 13:49:21.685 found 128 CPUs, using 128 worker threads > 25-Mar-2015 13:49:21.685 using 32 UDP listeners per interface > 25-Mar-2015 13:49:21.704 using up to 4096 sockets > 25-Mar-2015 13:49:21.704 Registering DLZ_dlopen driver > 25-Mar-2015 13:49:21.704 Registering SDLZ driver 'dlopen' > 25-Mar-2015 13:49:21.704 Registering DLZ driver 'dlopen' > 25-Mar-2015 13:49:21.709 decrement_reference: delete from rbt: b30f8 . > 25-Mar-2015 13:49:21.754 ENGINE_by_id failed (crypto failure) > 25-Mar-2015 13:49:21.754 error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:389:id=gost > 25-Mar-2015 13:49:21.756 initializing DST: crypto failure > 25-Mar-2015 13:49:21.756 exiting (due to fatal error) From laurent at opencsw.org Wed Mar 25 23:25:31 2015 From: laurent at opencsw.org (Laurent Blume) Date: Wed, 25 Mar 2015 23:25:31 +0100 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 In-Reply-To: <55133316.6090001@alaska.gov> References: <55133316.6090001@alaska.gov> Message-ID: <551335DB.7050200@opencsw.org> Le 2015/03/25 23:13 +0100, John Thurston a ?crit: > I thought it might be time to update the openSSL on my BIND servers. I > was using 1.0.1L. The update was to be to 1.0.1M. But when I do so, BIND > refuses to start. When I turn up debugging on the named process, I see > that it fails with >> 25-Mar-2015 13:49:21.756 initializing DST: crypto failure >> 25-Mar-2015 13:49:21.756 exiting (due to fatal error) > > Has anyone else seen similar problems with the most recent openssl? Yep, there's a bug opened for that: https://www.opencsw.org/mantis/view.php?id=5237 Laurent From maciej at opencsw.org Thu Mar 26 00:32:53 2015 From: maciej at opencsw.org (=?UTF-8?Q?Maciej_=28Matchek=29_Blizi=C5=84ski?=) Date: Wed, 25 Mar 2015 23:32:53 +0000 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 In-Reply-To: <551335DB.7050200@opencsw.org> References: <55133316.6090001@alaska.gov> <551335DB.7050200@opencsw.org> Message-ID: 2015-03-25 22:25 GMT+00:00 Laurent Blume : > Yep, there's a bug opened for that: > > https://www.opencsw.org/mantis/view.php?id=5237 If we want to stop OpenSSL from propagating to testing, we need to file a bug against openssl. From john.thurston at alaska.gov Thu Mar 26 00:46:52 2015 From: john.thurston at alaska.gov (John Thurston) Date: Wed, 25 Mar 2015 15:46:52 -0800 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 In-Reply-To: References: <55133316.6090001@alaska.gov> <551335DB.7050200@opencsw.org> Message-ID: <551348EC.500@alaska.gov> On 3/25/2015 3:32 PM, Maciej (Matchek) Blizi?ski wrote: > 2015-03-25 22:25 GMT+00:00 Laurent Blume : >> Yep, there's a bug opened for that: >> >> https://www.opencsw.org/mantis/view.php?id=5237 > > If we want to stop OpenSSL from propagating to testing, we need to > file a bug against openssl. I'm also fighting with an incompatibility with apache 2.2.29, openssl 1.0.1m, and ldaps authentication. Something in there now prevents ldaps from working in mod_auth. But I haven't done enough investigation yet to be able to point a finger at the errant component. My _hypothesis_ is openssl, but I'm still working on the test to demonstrate that. -- Do things because you should, not just because you can. John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska From laurent at opencsw.org Thu Mar 26 10:50:53 2015 From: laurent at opencsw.org (Laurent Blume) Date: Thu, 26 Mar 2015 10:50:53 +0100 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 In-Reply-To: <551348EC.500@alaska.gov> References: <55133316.6090001@alaska.gov> <551335DB.7050200@opencsw.org> <551348EC.500@alaska.gov> Message-ID: <5513D67D.5060705@opencsw.org> Le 2015/03/26 00:46 +0100, John Thurston a ?crit: > I'm also fighting with an incompatibility with apache 2.2.29, openssl > 1.0.1m, and ldaps authentication. Something in there now prevents ldaps > from working in mod_auth. But I haven't done enough investigation yet to > be able to point a finger at the errant component. My _hypothesis_ is > openssl, but I'm still working on the test to demonstrate that. It's an odd issue, and I can't reproduce it on my S10 x86. Is it sure there's not a configuration issue at play? Will named start with an empty configuration file? Laurent From jh at opencsw.org Thu Mar 26 11:02:38 2015 From: jh at opencsw.org (Jan Holzhueter) Date: Thu, 26 Mar 2015 11:02:38 +0100 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 In-Reply-To: <5513D67D.5060705@opencsw.org> References: <55133316.6090001@alaska.gov> <551335DB.7050200@opencsw.org> <551348EC.500@alaska.gov> <5513D67D.5060705@opencsw.org> Message-ID: <5513D93E.9050402@opencsw.org> Hi, Am 26.03.15 um 10:50 schrieb Laurent Blume: > Le 2015/03/26 00:46 +0100, John Thurston a ?crit: >> I'm also fighting with an incompatibility with apache 2.2.29, openssl >> 1.0.1m, and ldaps authentication. Something in there now prevents ldaps >> from working in mod_auth. But I haven't done enough investigation yet to >> be able to point a finger at the errant component. My _hypothesis_ is >> openssl, but I'm still working on the test to demonstrate that. > > It's an odd issue, and I can't reproduce it on my S10 x86. Is it sure > there's not a configuration issue at play? Will named start with an > empty configuration file? Seems to be an sparc only problem. At least the Bind stuff we have on sparc only too. I think openssl might have a problem on sparc. Greetings Jan From laurent at opencsw.org Thu Mar 26 11:09:47 2015 From: laurent at opencsw.org (Laurent Blume) Date: Thu, 26 Mar 2015 11:09:47 +0100 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 In-Reply-To: <5513D93E.9050402@opencsw.org> References: <55133316.6090001@alaska.gov> <551335DB.7050200@opencsw.org> <551348EC.500@alaska.gov> <5513D67D.5060705@opencsw.org> <5513D93E.9050402@opencsw.org> Message-ID: <5513DAEB.9090602@opencsw.org> Le 2015/03/26 11:02 +0100, Jan Holzhueter a ?crit: > Seems to be an sparc only problem. At least the Bind stuff we have on > sparc only too. > I think openssl might have a problem on sparc. Actually, Google returns plenty of hits on that error message, and it seems to be consistently caused by a misconfigured named chroot, missing libgost.so. I'm not using chroot, so I would not be impacted. Has that been checked? Laurent From bonivart at opencsw.org Thu Mar 26 13:12:42 2015 From: bonivart at opencsw.org (Peter Bonivart) Date: Thu, 26 Mar 2015 13:12:42 +0100 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 In-Reply-To: <5513DAEB.9090602@opencsw.org> References: <55133316.6090001@alaska.gov> <551335DB.7050200@opencsw.org> <551348EC.500@alaska.gov> <5513D67D.5060705@opencsw.org> <5513D93E.9050402@opencsw.org> <5513DAEB.9090602@opencsw.org> Message-ID: On Thu, Mar 26, 2015 at 11:09 AM, Laurent Blume wrote: > Le 2015/03/26 11:02 +0100, Jan Holzhueter a ?crit: >> Seems to be an sparc only problem. At least the Bind stuff we have on >> sparc only too. >> I think openssl might have a problem on sparc. > > > Actually, Google returns plenty of hits on that error message, and it > seems to be consistently caused by a misconfigured named chroot, missing > libgost.so. > I'm not using chroot, so I would not be impacted. > > Has that been checked? Yes, it only affects sparc, not i386 and it's the same before and after respinning Bind, it works with 1.0.1l but not with 1.0.1m. I have installed a sparc test box and will do some comparisons between the libssl versions. From dam at opencsw.org Fri Mar 27 10:53:37 2015 From: dam at opencsw.org (Dagobert Michelsen) Date: Fri, 27 Mar 2015 10:53:37 +0100 Subject: OpenSSL 1.0.1m problems with BIND 9.9.7 In-Reply-To: <5513DAEB.9090602@opencsw.org> References: <55133316.6090001@alaska.gov> <551335DB.7050200@opencsw.org> <551348EC.500@alaska.gov> <5513D67D.5060705@opencsw.org> <5513D93E.9050402@opencsw.org> <5513DAEB.9090602@opencsw.org> Message-ID: <1ED28D36-2A48-4886-8D03-42A8C6FF3DD5@opencsw.org> Hi Laurent, > Am 26.03.2015 um 11:09 schrieb Laurent Blume : > > Le 2015/03/26 11:02 +0100, Jan Holzhueter a ?crit: >> Seems to be an sparc only problem. At least the Bind stuff we have on >> sparc only too. >> I think openssl might have a problem on sparc. > > > Actually, Google returns plenty of hits on that error message, and it > seems to be consistently caused by a misconfigured named chroot, missing > libgost.so. > I'm not using chroot, so I would not be impacted. > > Has that been checked? Yes, there is no chroot. Best regards ? Dago -- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2418 bytes Desc: not available URL: