Bug#1010706: E1187: Failed to source defaults.vim
Package: vim-tiny Version: 2:8.2.4793-1 Severity: normal X-Debbugs-Cc: bts.to.frankeng...@spamgourmet.com Dear Maintainer, calling /usr/bin/editor, /usr/bin/vim.tiny or /usr/bin/vi --clean I get the message E1187: Failed to source defaults.vim Press ENTER or type command to continue If I start vim-tiny just with /usr/bin/vi, no error is shown. /etc/vim/vimrc and /etc/vim/vimrc.tiny are unchanged, the user does not have a .vimrc, no defaults.vim could be found anywhere. -- Package-specific info: --- real paths of main Vim binaries --- /usr/bin/vi is /usr/bin/vim.tiny /usr/bin/editor is /usr/bin/vim.tiny Versions of packages vim-tiny depends on: ii libacl1 2.3.1-1 ii libc62.33-7 ii libselinux1 3.3-1+b2 ii libtinfo66.3+20220423-1 ii vim-common 2:8.2.4793-1 vim-tiny recommends no packages. Versions of packages vim-tiny suggests: pn indent
Bug#1010699: linux: Please touch /run/reboot-required in postinst
Source: linux Version: 5.17.3-1 Severity: wishlist X-Debbugs-Cc: bts.to.frankeng...@spamgourmet.com Dear Maintainer, in #919507 Debian Policy Manual was amended with a signal facility that a reboot is required. For kernel images this signal had been in unattended-upgrades and was kept there. This decision isn't suitable for environments without the unattended-upgrades package. As this signal is the result of each image install, the postinst scripts of image packages seem the right place to implement this functionality: diff --git a/debian/templates/image.postinst.in b/debian/templates/image.postinst.in index 25e7dd6..1c606ee 100755 --- a/debian/templates/image.postinst.in +++ b/debian/templates/image.postinst.in @@ -22,4 +22,11 @@ if [ -d /etc/kernel/postinst.d ]; then --arg=$image_path /etc/kernel/postinst.d fi +if [ -d /run ]; then +touch /run/reboot-required +if ! grep -q "^$DPKG_MAINTSCRIPT_PACKAGE$" /run/reboot-required.pkgs 2> /dev/null ; then +echo "$DPKG_MAINTSCRIPT_PACKAGE" >> /run/reboot-required.pkgs +fi +fi + exit 0 Thanks
Bug#798821: dovecot-core: changed to systemd without documentation
Package: dovecot-core Version: 1:2.2.13-12~deb8u1 Severity: serious Dear Maintainer, last update introduced /lib/systemd/system/dovecot.socket and /lib/systemd/system/dovecot.service to handle startup. Despite the fact customized configuration - especially /etc/init.d/dovecot - might get ignored and these changes are within a /stable/ release these changes are not documented at all.
Bug#798821: dovecot-core: changed to systemd without documentation
severity 798821 normal tags 798821 unreproducible -- Am Sonntag, 13. September 2015, 09:38:04 schrieb Jaldhar H. Vyas: > On Sun, 13 Sep 2015, Frank Engler wrote: > > Package: dovecot-core > > Version: 1:2.2.13-12~deb8u1 > > Severity: serious > > > > Dear Maintainer, > > > > last update introduced /lib/systemd/system/dovecot.socket > > and /lib/systemd/system/dovecot.service to handle startup. > > Despite the fact customized configuration - especially > > /etc/init.d/dovecot - might get ignored and these changes > > are within a /stable/ release these changes are not > > documented at all. > > I'm curious as to which version you upgraded from and could you have > installed anything else which would trigger the use of systemd? systemd > support was added way back in 1:2.1.7 (May-June 2012) and hasn't been > touched since then. That may be the reason the issue didn't show up on a test system. > Certainly there is nothing in the latest update which > involves it? In your last upgrade did you lose systemd-shim perhaps? I just installed the 8.1 -> 8.2 update at once. So any package of https://www.debian.org/News/2015/20150905 may be the cause. But most likely there are: # tail -50 /var/log/aptitude | grep dovecot [AKTUALISIERUNG] dovecot-core:amd64 1:2.2.13-11 -> 1:2.2.13-12~deb8u1 [AKTUALISIERUNG] dovecot-imapd:amd64 1:2.2.13-11 -> 1:2.2.13-12~deb8u1 [AKTUALISIERUNG] dovecot-ldap:amd64 1:2.2.13-11 -> 1:2.2.13-12~deb8u1 [AKTUALISIERUNG] dovecot-lmtpd:amd64 1:2.2.13-11 -> 1:2.2.13-12~deb8u1 # tail -50 /var/log/aptitude | grep systemd [AKTUALISIERUNG] libsystemd0:amd64 215-17+deb8u1 -> 215-17+deb8u2 [AKTUALISIERUNG] systemd:amd64 215-17+deb8u1 -> 215-17+deb8u2 [AKTUALISIERUNG] systemd-sysv:amd64 215-17+deb8u1 -> 215-17+deb8u2 I got to see it, because etckeeper told of two new symlinks: /etc/systemd/system/multi-user.target.wants/dovecot.service /etc/systemd/system/sockets.target.wants/dovecot.socket Your postinst does some systemd stuff: |if deb-systemd-helper --quiet was-enabled dovecot.socket; then |# Enables the unit on first installation, creates new |# symlinks on upgrades if the unit file has changed. |deb-systemd-helper enable dovecot.socket >/dev/null || true| |else |# Update the statefile to add new symlinks (if any), which need to be |# cleaned up on purge. Also remove old symlinks. |deb-systemd-helper update-state dovecot.socket >/dev/null || true| |fi But that should not raise this issue. I tried to reproduce the issue on a test system. But as last time, it doesn't occur there.
Bug#795583: /usr/bin/uic-qt4: missing man page
Package: libqt4-dev-bin Version: 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 Severity: normal File: /usr/bin/uic-qt4 The man page for /usr/bin/uic-qt4 is missing.
Bug#741202: Include default.accept_redirects and default.send_redirects in sysctl.conf
Package: procps Version: 1:3.3.9-2 Severity: wishlist File: /etc/sysctl.conf Please add net.*.conf.default.accept_redirects and net.*.conf.default.send_redirects to the examples. According to https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/ip-sysctl.txt?id=v3.13#n809 and https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/ip-sysctl.txt?id=v3.13#n882 smtp redirects need to be disabled in net.*.conf.all AND net.*.conf.interface for non-routers. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#680875: wine-bin-unstable: Missing icons
Package: wine-bin-unstable Version: 1.5.6-1 Severity: minor Dear Maintainer, according to /usr/share/applications/winecfg.desktop and /usr/share/applications/uninstaller.desktop there should be an icon at /usr/share/pixmaps/wine.xpm, which is not there. The icon defined in wine.desktop is wine which seems odd, too. Thanks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#666748: postgrey: lookup-by-subnet does not work with IPv6 queries
Package: postgrey Version: 1.34-1.1 Severity: normal Tags: ipv6 Hello, according to man page --lookup-by-subnet is default. It should strip the last 8 bits from IP addresses. This isn't true querying IPv6 addresses. Greylisting with IPv6 client addresses works: $ nc ::1 10023 request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=example.com queue_id=0 sender=f...@example.com recipient=b...@example.com client_address=2001:db8::1 client_name= reverse_client_name= instance= action=DEFER_IF_PERMIT Greylisted, see http://postgrey.schweikert.ch/help/example.com.html $ nc ::1 10023 request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=example.com queue_id=0 sender=f...@example.com recipient=b...@example.com client_address=2001:db8::1 client_name= reverse_client_name= instance= action=PREPEND X-Greylist: delayed 327 seconds by postgrey-1.34 at example.com; TIME But a query with client address 2001:db8::2 still fails: $ nc ::1 10023 request=smtpd_access_policy protocol_state=RCPT protocol_name=SMTP helo_name=example.com queue_id=0 sender=f...@example.com recipient=b...@example.com client_address=2001:db8::2 client_name= reverse_client_name= instance= action=DEFER_IF_PERMIT Greylisted, see http://postgrey.schweikert.ch/help/example.com.html If lookup-by-subnet works right the answer should be: action=DUNNO Since stripping the last 8 bits is no sensible default on IPv6 addresses documentation should state loopup-by-subnet won't work with IPv6 client addresses. -- cat /etc/default/postgrey | grep -v -e # -e ^$: POSTGREY_OPTS=--inet=10023 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#666751: postgrey: please include support for configurable subnet size and support for IPv6 subnets
Package: postgrey Version: 1.34-1.1 Severity: wishlist Tags: ipv6 Hello, please include support for configurable IPv6 subnets like http://lists.ee.ethz.ch/postgrey/msg02429.html Thanks considering -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#656046: postgrey: listening on IPv6 does not work, gives connection refused to postfix
Package: postgrey Version: 1.34-1.1 Followup-For: Bug #656046 Are you sure postfix tries to connect to IPv6? If you are using check_policy_service inet:127.0.0.1:10023 as suggested in README.Debian postfix will not use IPv6. The examples in README.Debian should cover IPv6. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#630887: libchipcard6: please use SCardEstablishContext() before SCardListReaders()
Package: libchipcard6 Version: 5.0.2-1 Severity: important Tags: upstream Hi, since pcsc-lite-1.6.0 pcscd deamon would not be started by default. Instead, libpcsclite will try to start it on SCardEstablishContext(). LC_Client_Start() tries to find chipcard readers invoking LC_Client_UpdateReaderStates(). Neither LC_Client_Start() nor LC_Client_UpdateReaderStates() create a communication context before looking for readers with SCardListReaders(). As a result, no reader would be found using default configuration. I recommend creating a context before SCardListReaders() as suggested by http://pcsclite.alioth.debian.org/pcsc-lite/node10.html. Thanks -- System Information: Versions of packages libchipcard6 depends on: ii libc6 2.13-4 Embedded GNU C Library: Shared lib ii libchipcard-data5.0.2-1 configuration files for libchipcar ii libgwenhywfar60 4.1.0-1 OS abstraction layer ii libpcsclite11.7.2-2 Middleware to access a smart card ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#630887: libchipcard6: please use SCardEstablishContext() before SCardListReaders()
Martin Preuss mar...@aqbanking.de writes: I recommend creating a context before SCardListReaders() as suggested by http://pcsclite.alioth.debian.org/pcsc-lite/node10.html. [...] SCardEstablishContext is already called by LC_Client_Init(), which is the first function called before trying to list readers... But SCardListReaders() does not require cl-scardContext being a valid context. E.g. geldkarte call LC_Client_Init() and LC_Client_free() before calling LC_Client_Start(). So I suppose, the context has already gone before looking for readers. So geldkarte only works, if I run pcscd in daemon mode. Otherwise, I'll get a client.c: 827: No readers available-error. Frank -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#620788: /etc/network/if-up.d/mountnfs: Not fixed in 2.88dsf-13.5
Package: initscripts Version: 2.88dsf-13.5 Followup-For: Bug #620788 reopen 620788 This bug is still not fixed in 2.88dsf-13.5. Thanks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#612383: upgrade 1.7.4p4-2.squeeze.1 - 1.7.4p4-6 overwrites /etc/sudoers
Package: sudo Version: 1.7.4p4-6 Severity: minor File: /etc/sudoers sudo's postinst asks if it should overwrite /etc/sudoers/README. But it doesn't ask if it should overwrite /etc/sudoers. If sudo is the sole root access, root account is completely locked. postinst should probably ask before overwriting /etc/sudoers. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593853: mutter version 2.29.0-3 stops working without damage extension
Package: mutter Version: 2.29.0-3 Severity: important Mutter used to work without damage extension. This is not the case since version 2.29.0-3. After logging in at gdm I'll get a black screen with only a mouse cursor on it. .xsession-errors: /etc/gdm/Xsession: Beginning session setup... GNOME_KEYRING_CONTROL=/tmp/keyring-AABP0l SSH_AUTH_SOCK=/tmp/keyring-AABP0l/ssh GNOME_KEYRING_PID=7303 GNOME_KEYRING_CONTROL=/tmp/keyring-AABP0l SSH_AUTH_SOCK=/tmp/keyring-AABP0l/ssh GNOME_KEYRING_CONTROL=/tmp/keyring-AABP0l SSH_AUTH_SOCK=/tmp/keyring-AABP0l/ssh Window manager warning: Missing damage extension required for compositing--sm-config-prefix: unknown option Usage: gnubiff [OPTION...] General command line options: -c, --config=file Configuration file to use -n, --noconfigure Skip the configuration process --nogui Start gnubiff without GUI --systemtray Put gnubiff's icon into the system tray -v, --version Print version information and exit Help options: -?, --helpShow this help message --usage Display brief usage message (polkit-gnome-authentication-agent-1:7335): GLib-GObject-WARNING **: cannot register existing type `_PolkitError' (polkit-gnome-authentication-agent-1:7335): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed Daemon already running, exiting... Unable to open desktop file epiphany.desktop for panel launcher Unable to open desktop file evolution.desktop for panel launcher ** (nautilus:7322): WARNING **: Can not get _NET_WORKAREA ** (nautilus:7322): WARNING **: Can not determine workarea, guessing at layout Versions of packages mutter depends on: ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra ii libclutter-1.0-01.2.12-3 Open GL based interactive canvas l ii libffi5 3.0.9-2 Foreign Function Interface library ii libfontconfig1 2.8.0-2.1generic font configuration library ii libfreetype62.4.2-1 FreeType 2 font engine, shared lib ii libgconf2-4 2.28.1-3 GNOME configuration database syste ii libgirepository1.0-00.6.14-1+b1 Library for handling GObject intro ii libgl1-mesa-glx [libgl1 7.7.1-4 A free implementation of the OpenG ii libglib2.0-02.24.1-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface ii libice6 2:1.0.6-1X11 Inter-Client Exchange library ii libjson-glib-1.0-0 0.10.2-2 GLib JSON manipulation library ii libmutter-private0 2.29.0-3 library for the Mutter window mana ii libpango1.0-0 1.28.1-1 Layout and rendering of internatio ii libsm6 2:1.1.1-1X11 Session Management library ii libstartup-notification 0.10-1 library for program launch feedbac ii libx11-62:1.3.3-3X11 client-side library ii libxcomposite1 1:0.4.2-1X11 Composite extension library ii libxcursor1 1:1.1.10-2 X cursor management library ii libxdamage1 1:1.1.3-1X11 damaged region extension libra ii libxext62:1.1.2-1X11 miscellaneous extension librar ii libxfixes3 1:4.0.5-1X11 miscellaneous 'fixes' extensio ii libxinerama12:1.1-3 X11 Xinerama extension library ii libxrandr2 2:1.3.0-3X11 RandR extension library ii libxrender1 1:0.9.6-1X Rendering Extension client libra ii mutter-common 2.29.0-3 shared files for the Mutter window ii zenity 2.30.0-1 Display graphical dialog boxes fro ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages mutter recommends: ii gnome-session [x-session-mana 2.30.2-1 The GNOME Session Manager - GNOME Versions of packages mutter suggests: ii gnome-control-center 1:2.30.1-2 utilities to configure the GNOME d ii gnome-themes 2.30.2-1 official themes for the GNOME desk pn xdg-user-dirs none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#569698: /etc/init.d/selinux-basics should not umount -a
Package: selinux-basics Version: 0.3.5+nmu1 Severity: important Tags: patch An umount -a is invoked in selinux-complete-relable() of /etc/init.d/selinux-basics. This was ok in prior versions because a reboot -f followed. Today, only a reboot without option -f is invoked which amounts to a shutdown -r now. As a result, file systems are unmounted later in shutdown process. Therefore, a umount is not necessary in this script. My server failed to change into runlevel 6 after unmounting file systems. -- /var/log/boot (relevant part) Sun Feb 7 22:57:20 2010: Checking SELinux contexts: selinux-basics Sun Feb 7 22:57:20 2010: Relabeling your filesystems for SELinux..Cleaning out /tmp Sun Feb 7 22:57:21 2010: * Sun Feb 7 22:57:37 2010: Relabeled, now reboot Sun Feb 7 22:57:37 2010: umount: /var: device is busy Sun Feb 7 22:57:37 2010: umount: /dev: device is busy Sun Feb 7 22:57:38 2010: Checking minimum space in /tmp...done. Sun Feb 7 22:57:38 2010: Setting up networking Sun Feb 7 22:57:38 2010: Configuring network interfaces...done. Sun Feb 7 22:57:39 2010: /etc/rcS.d/S55bootmisc.sh: line 50: savelog: command not found Sun Feb 7 22:57:39 2010: rm: cannot remove `/tmp/.clean': Read-only file system Sun Feb 7 22:57:39 2010: Initializing random number generator.../etc/rcS.d/S55urandom: line 31: find: command not found Sun Feb 7 22:57:39 2010: /etc/rcS.d/S55urandom: line 32: [: : integer expression expected Sun Feb 7 22:57:39 2010: done. Sun Feb 7 22:57:39 2010: /etc/rcS.d/S70screen-cleanup: line 27: find: command not found Sun Feb 7 22:57:39 2010: /etc/rcS.d/S70screen-cleanup: line 27: xargs: command not found Sun Feb 7 22:57:39 2010: INIT: Entering runlevel: 2 Sun Feb 7 22:57:39 2010: Running local boot scripts (/etc/rc.local). Sun Feb 7 22:57:40 2010: -- end /var/log/boot Though I am not abled to reproduce the error in a test environment, I suggest to remove the umount -a because it is redundant in most cases and fatal on maybe some more machines. After removing it the relabeling worked fine. -- /var/log/boot (relevant part) Sat Feb 13 14:29:16 2010: Checking SELinux contexts: selinux-basics Sat Feb 13 14:29:16 2010: Relabeling your filesystems for SELinux..Cleaning out /tmp Sat Feb 13 14:29:17 2010: * Sat Feb 13 14:29:30 2010: Relabeled, now reboot Sat Feb 13 14:29:31 2010: INIT: Switching to runlevel: 6 -- end /var/log/boot diff -urN a/etc/init.d/selinux-basics b/etc/init.d/selinux-basics --- a/etc/init.d/selinux-basics 2010-02-13 14:52:39.0 +0100 +++ b/etc/init.d/selinux-basics 2010-02-13 14:53:02.0 +0100 @@ -61,7 +61,6 @@ # re-enable SELinux if enabled before if [ ! -f /.autorelabel ]; then echo Relabeled, now reboot - umount -a || true sync reboot fi
Bug#547887: [gnome-session] shutdown no longer in menu
Hello, having the same problem the installation of gnome-power-manager resolved it. Probably, gnome-session should suggest or recommend gnome-power-manger? Frank -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#528123: openct contains no bundle files for pcscd
Package: openct Version: 0.6.16-1 Severity: minor Tags: patch Hi, openct delivers pcsc support but contains no bundle files for pcscd. So pcscd can't use openct, it stops with an error: No bundle files in pcsc drivers directory: /usr/lib/pcsc/drivers. To solve this, 2 things have to be done: 1st: to create the bundle files add --with-bundle=/usr/lib/pcsc/drivers to DEB_CONFIGURE_EXTRA_FLAGS in debian/rules 2nd: to install the bundle files add a line debian/tmp/usr/lib/pcsc/drivers/* to debian/openct.install Thanks Frank -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openct depends on: ii adduser 3.110 add and remove users and groups ii dpkg 1.14.26Debian package management system ii libc6 2.9-4 GNU C Library: Shared libraries ii libltdl3 1.5.26-4 A system independent dlopen wrappe ii libopenct10.6.16-1local1 middleware framework for smart car ii libpcsclite1 1.5.3-1Middleware to access a smart card ii libusb-0.1-4 2:0.1.12-13userspace USB programming library Versions of packages openct recommends: ii udev 0.141-1/dev/ and hotplug management daemo openct suggests no packages. -- no debconf information diff -urN openct-0.6.16/debian/openct.install openct-0.6.16.fix/debian/openct.install --- openct-0.6.16/debian/openct.install 2009-05-10 23:52:46.0 +0200 +++ openct-0.6.16.fix/debian/openct.install 2009-05-10 23:26:53.726284238 +0200 @@ -6,6 +6,7 @@ debian/tmp/usr/lib/openct-ifd.so debian/tmp/usr/lib/openct-ifd.la debian/tmp/usr/lib/openct-ifd.a +debian/tmp/usr/lib/pcsc/drivers/* etc/openct.conf etc/ debian/tmp/lib/udev lib/ diff -urN openct-0.6.16/debian/rules openct-0.6.16.fix/debian/rules --- openct-0.6.16/debian/rules 2009-05-10 23:52:46.0 +0200 +++ openct-0.6.16.fix/debian/rules 2009-05-10 23:26:33.229411165 +0200 @@ -3,7 +3,7 @@ include /usr/share/cdbs/1/class/autotools.mk include /usr/share/cdbs/1/rules/debhelper.mk -DEB_CONFIGURE_EXTRA_FLAGS = --enable-pcsc --enable-usb --with-udev=/lib/udev +DEB_CONFIGURE_EXTRA_FLAGS = --enable-pcsc --enable-usb --with-udev=/lib/udev --with-bundle=/usr/lib/pcsc/drivers DEB_INSTALL_DOCS_ALL := NEWS TODO
Bug#517709: refpolicy: dovecot-deliver won't work because files are in unexpected locations
Package: refpolicy Version: 2:0.0.20080702-14 Severity: normal Tags: patch Hello, dovecot's LDA /usr/lib/dovecot/deliver does not work because its context lib_t does not allow execution without a transition. As it is called by the MTA it is required to run deliver in the context of the MTA. Alternatively a transition might work as well. In the attached patch it will be labeled bin_t to allow the execution. Thanks Frank diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.fc refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc --- refpolicy-0.0.20080702/policy/modules/services/dovecot.fc 2008-02-25 20:31:03.0 +0100 +++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc 2009-03-01 16:59:39.0 +0100 @@ -16,7 +16,11 @@ /usr/share/ssl/private/dovecot\.pem -- gen_context(system_u:object_r:dovecot_cert_t,s0) ifdef(`distro_debian', ` +# in Debian these files are in /usr/lib/dovecot which is lib_t +# to execute without transition they should be bin_t - as /usr/libexec is +/usr/lib/dovecot(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/dovecot/dovecot-auth -- gen_context(system_u:object_r:dovecot_auth_exec_t,s0) +/usr/lib/dovecot/modules(/.*)? gen_context(system_u:object_r:lib_t,s0) ') ifdef(`distro_redhat', `
Bug#517712: refpolicy: dovecot's etc files are in unexpected location
Package: refpolicy Version: 2:0.0.20080702-14 Severity: normal Tags: patch Hi, the policy expects the etc files in the /etc/ directory. In fact these files are in the /etc/dovecot sub-directory. As a result of this dovecot_t and dovecot_auth_t require permission search_dir_perm. See the attached patch. Thanks Frank diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.fc refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc --- refpolicy-0.0.20080702/policy/modules/services/dovecot.fc 2009-03-01 16:59:39.0 +0100 +++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc 2009-03-01 17:31:47.0 +0100 @@ -7,6 +7,12 @@ /etc/pki/dovecot(/.*)? gen_context(system_u:object_r:dovecot_cert_t,s0) +# Debian uses /etc/dovecot/ +ifdef(`distro_debian', ` +/etc/dovecot(/.*)? gen_context(system_u:object_r:dovecot_etc_t,s0) +/etc/dovecot/passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0) +') + # # /usr # diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.te refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te --- refpolicy-0.0.20080702/policy/modules/services/dovecot.te 2008-07-02 16:07:57.0 +0200 +++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te 2009-03-01 17:31:47.0 +0100 @@ -1,5 +1,5 @@ -policy_module(dovecot, 1.9.0) +policy_module(dovecot, 1.9.1) # @@ -54,6 +54,10 @@ read_lnk_files_pattern(dovecot_t,dovecot_cert_t,dovecot_cert_t) allow dovecot_t dovecot_etc_t:file read_file_perms; +# Debian uses /etc/dovecot/ +ifdef(`distro_debian', ` +allow dovecot_t dovecot_etc_t:dir search_dir_perms; +') files_search_etc(dovecot_t) can_exec(dovecot_t, dovecot_exec_t) @@ -164,6 +168,10 @@ auth_domtrans_chk_passwd(dovecot_auth_t) auth_use_nsswitch(dovecot_auth_t) +# Debian uses /etc/dovecot/ +ifdef(`distro_debian', ` + allow dovecot_auth_t dovecot_etc_t:dir search_dir_perms; +') files_read_etc_files(dovecot_auth_t) files_read_etc_runtime_files(dovecot_auth_t) files_search_pids(dovecot_auth_t)
Bug#517721: refpolicy: dovecot-deliver requires read access to /etc/dovecot.conf
Package: refpolicy Version: 2:0.0.20080702-14 Severity: normal Tags: patch Hello, /usr/lib/dovecot/deliver, the LDA of dovecot, requires access to /etc/dovecot.conf. After applying the patch in #517709 deliver runs in the domain of the MTA. As it is recommended to run postfix as MTA together with SELinux, this will be the domain postfix_local_t. After applying the patch in #517712 /etc/dovecot.conf is dovecot_etc_t. Domain postfix_local_t has no access to type dovecot_etc_t. The attached patch will fix it. Thanks Frank diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.te refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te --- refpolicy-0.0.20080702/policy/modules/services/dovecot.te 2009-03-01 17:31:47.0 +0100 +++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te 2009-03-01 18:11:25.0 +0100 @@ -1,5 +1,5 @@ -policy_module(dovecot, 1.9.1) +policy_module(dovecot, 1.9.2) # @@ -58,6 +58,18 @@ ifdef(`distro_debian', ` allow dovecot_t dovecot_etc_t:dir search_dir_perms; ') +# deliver runs in the domain of the caller but needs read access +# to config files. If deliver ist used by postfix it will run in +# domain postfix_local_t +optional_policy(` + require { + type postfix_local_t; + }; + allow postfix_local_t dovecot_etc_t:file read_file_perms; + ifdef(`distro_debian', ` + allow postfix_local_t dovecot_etc_t:dir search_dir_perms; + ') +') files_search_etc(dovecot_t) can_exec(dovecot_t, dovecot_exec_t)
Bug#513021: openct: new upstream version available
Package: openct Severity: wishlist Hello, a new upstream version (0.6.15) of openct is available. It would be nice, if there will be a package of it in debian. Thanks Frank -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508084: libchipcard-tools: Missing manual page for chipcard-tool
Package: libchipcard-tools Version: 4.2.3-1 Severity: normal Hello Micha, there is no manual page for the chipcard-tool command. Thanks Frank -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#432436: icedove: misleading package description
Package: icedove Severity: normal The package description of icedove contains what its predecessors are and how it works. The average user would like to know what this package can do for her. Therefore the description could start in this way: Icedove is a graphical mail client formerly known as Thunderbird. Its features are: * POP3/IMAP * spam filter * news reader * graphical customizable configuration * I don't know, because I don't use it The code of Thunderbird was unbranded for free distribution. The goal of Thunderbird is to produce a cross platform stand- alone mail application using the XUL user interface language. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408616: sun-java5-bin: README.Debian points to wrong url for the Unlimited Strength JCE
Package: sun-java5-bin Version: 1.5.0-10-3 Severity: normal README.Debian points to URL:http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=22PartDetailId=7503-jce-1.4.2-oth-JPRSiteId=JSCTransactionId=noreg for the Unlimited Strength Jurisdiction Policy Files but it should point to URL:http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=22PartDetailId=jce_policy-1.5.0-oth-JPRSiteId=JSCTransactionId=noreg -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages sun-java5-bin depends on: ii debconf [debconf-2.0]1.5.11 Debian configuration management sy ii libc62.3.6.ds1-8 GNU C Library: Shared libraries ii sun-java5-jre1.5.0-10-3 Sun Java(TM) Runtime Environment ( ii unixodbc 2.2.11-13 ODBC tools libraries Versions of packages sun-java5-bin recommends: ii libasound21.0.13-1 ALSA library ii libx11-6 2:1.0.3-4 X11 client-side library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxi61:1.0.1-4 X11 Input extension library ii libxp61:1.0.0.xsf1-1 X Printing Extension (Xprint) clie ii libxt61:1.0.2-2 X11 toolkit intrinsics library ii libxtst6 1:1.0.1-5 X11 Testing -- Resource extension -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408620: sun-java6: JCE files should be in their own package or conffiles
Package: sun-java6 Severity: wishlist For legal reasons JCE key size is limited in this release. If the user wants unlimited strength he or she has to replace binary files of the package. Perhaps the jce files should be in their own package. So the user could replace this packages with his or her own unlimited strength package. Maybe its easier to place the jce policy files in /etc/java-6-sun and symlink to them as they are like configuration files. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406837: cryptsetup: Misleading description of checkscript swap in man 5 crypttab
Package: cryptsetup Version: 2:1.0.4-8 Severity: normal The manpage of crypttab(5) says to the checkscripts: swap Checks for partition type swap. Only useful as precheck. But the script in /lib/cryptsetup/checks/swap checks for a valid swap signature. Because checking for partition type is a bad idea (#342079) an there is no solution for good precheck available (#350922) perhaps /lib/cryptsetup/checks/swap should be removed completely. There is no sense to use it as precheck. Encrypting the raw device, the signature has gone away. There is also no sense to use it as check. Swapon will do it itself. At least the manual should be corrected: swap Check for swap signature. This is not very useful. In creating an encrypted swap device you destroy any swap signature on raw device. Hence you cannot check for it. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages cryptsetup depends on: ii dmsetup 2:1.02.08-1 The Linux Kernel Device Mapper use ii libc62.3.6.ds1-8 GNU C Library: Shared libraries ii libdevma 2:1.02.08-1 The Linux Kernel Device Mapper use ii libgcryp 1.2.3-2 LGPL Crypto library - runtime libr ii libgpg-e 1.4-1 library for common error values an ii libpopt0 1.10-3 lib for parsing cmdline parameters ii libuuid1 1.39+1.40-WIP-2006.11.14+dfsg-1 universally unique id library cryptsetup recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#364817: mixer_applet2: no mute function
Package: gnome-applets Version: 2.8.2-3 Severity: normal If I mute the sound device (AC'97 with alsa driver) using the mixer_applet2 volume is set to the lowest level instead of muting the sound device. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.15 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gnome-applets depends on: ii gnome-applets-data 2.8.2-3 Various applets for GNOME 2 panel ii gnome-panel2.8.3-1 launcher and docking facility for ii gstreamer0.8-alsa 0.8.8-2 ALSA plugin for GStreamer ii libapm13.2.2-3 Library for interacting with APM d ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libatk1.0-01.8.0-4 The ATK accessibility toolkit ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library ii libbonoboui2-0 2.8.1-2 The Bonobo UI library ii libc6 2.3.2.ds1-22sarge3GNU C Library: Shared libraries an ii libgail-common 1.8.4-1 GNOME Accessibility Implementation ii libgail17 1.8.4-1 GNOME Accessibility Implementation ii libgconf2-42.8.1-6 GNOME configuration database syste ii libgcrypt111.2.0-11.1LGPL Crypto library - runtime libr ii libglade2-01:2.4.2-2 library to load .glade files at ru ii libglib2.0-0 2.6.4-1 The GLib library of C routines ii libgnome2-02.8.1-2 The GNOME 2 library - runtime file ii libgnomecanvas2-0 2.8.0-1 A powerful object-oriented display ii libgnomeui-0 2.8.1-3 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.8.4-4 The GNOME virtual file-system libr ii libgnutls111.0.16-13.2 GNU TLS library - runtime library ii libgstreamer-plugi 0.8.8-2 Various GStreamer libraries and li ii libgstreamer0.8-0 0.8.9-2 Core GStreamer libraries, plugins, ii libgtk2.0-02.6.4-3.1 The GTK+ graphical user interface ii libgtop2-2 2.6.0-4 Libraries for gtop system monitori ii libice64.3.0.dfsg.1-14sarge1 Inter-Client Exchange library ii liborbit2 1:2.12.2-1libraries for ORBit2 - a CORBA ORB ii libpanel-applet2-0 2.8.3-1 library for GNOME 2 panel applets ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 4.3.0.dfsg.1-14sarge1 X Window System Session Management ii libx11-6 4.3.0.dfsg.1-14sarge1 X Window System protocol client li ii libxklavier8 1.03-1X Keyboard Extension high-level AP ii libxml22.6.16-7 GNOME XML library ii xlibs 4.3.0.dfsg.1-14sarge1 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- lsmod | grep snd snd_intel8x0 29980 2 snd_pcm_oss46560 0 snd_mixer_oss 16576 1 snd_pcm_oss snd_intel8x0m 16268 2 snd_ac97_codec 83488 2 snd_intel8x0,snd_intel8x0m snd_ac97_bus2304 1 snd_ac97_codec snd_pcm78920 4 snd_intel8x0,snd_pcm_oss,snd_intel8x0m,snd_ac97_codec snd_timer 22148 1 snd_pcm snd50468 15 snd_intel8x0,snd_pcm_oss,snd_mixer_oss,snd_intel8x0m,snd_ac97_codec,snd_pcm,snd_timer soundcore 9312 1 snd snd_page_alloc 10440 3 snd_intel8x0,snd_intel8x0m,snd_pcm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]