Bug#1010706: E1187: Failed to source defaults.vim

[Frank Engler]

Package: vim-tiny
Version: 2:8.2.4793-1
Severity: normal
X-Debbugs-Cc: bts.to.frankeng...@spamgourmet.com

Dear Maintainer,

calling /usr/bin/editor, /usr/bin/vim.tiny or
/usr/bin/vi --clean I get the message

E1187: Failed to source defaults.vim
Press ENTER or type command to continue

If I start vim-tiny just with /usr/bin/vi, no error
is shown. /etc/vim/vimrc and /etc/vim/vimrc.tiny are
unchanged, the user does not have a .vimrc, no
defaults.vim could be found anywhere.

-- Package-specific info:

--- real paths of main Vim binaries ---
/usr/bin/vi is /usr/bin/vim.tiny
/usr/bin/editor is /usr/bin/vim.tiny

Versions of packages vim-tiny depends on:
ii  libacl1  2.3.1-1
ii  libc62.33-7
ii  libselinux1  3.3-1+b2
ii  libtinfo66.3+20220423-1
ii  vim-common   2:8.2.4793-1

vim-tiny recommends no packages.

Versions of packages vim-tiny suggests:
pn  indent  

Bug#1010699: linux: Please touch /run/reboot-required in postinst

[Frank Engler]

Source: linux
Version: 5.17.3-1
Severity: wishlist
X-Debbugs-Cc: bts.to.frankeng...@spamgourmet.com

Dear Maintainer,

in #919507 Debian Policy Manual was amended with a signal facility that a
reboot is required. For kernel images this signal had been in
unattended-upgrades and was kept there. This decision isn't suitable for
environments without the unattended-upgrades package. As this signal is
the result of each image install, the postinst scripts of image packages
seem the right place to implement this functionality:

diff --git a/debian/templates/image.postinst.in 
b/debian/templates/image.postinst.in
index 25e7dd6..1c606ee 100755
--- a/debian/templates/image.postinst.in
+++ b/debian/templates/image.postinst.in
@@ -22,4 +22,11 @@ if [ -d /etc/kernel/postinst.d ]; then
  --arg=$image_path /etc/kernel/postinst.d
 fi
 
+if [ -d /run ]; then
+touch /run/reboot-required
+if ! grep -q "^$DPKG_MAINTSCRIPT_PACKAGE$" /run/reboot-required.pkgs 2> 
/dev/null ; then
+echo "$DPKG_MAINTSCRIPT_PACKAGE" >> /run/reboot-required.pkgs
+fi
+fi
+
 exit 0


Thanks

Bug#798821: dovecot-core: changed to systemd without documentation

[Frank Engler]

Package: dovecot-core
Version: 1:2.2.13-12~deb8u1
Severity: serious

Dear Maintainer,

last update introduced /lib/systemd/system/dovecot.socket
and /lib/systemd/system/dovecot.service to handle startup.
Despite the fact customized configuration - especially
/etc/init.d/dovecot - might get ignored and these changes
are within a /stable/ release these changes are not
documented at all.

Bug#798821: dovecot-core: changed to systemd without documentation

[Frank Engler]

severity 798821 normal
tags 798821 unreproducible
--

Am Sonntag, 13. September 2015, 09:38:04 schrieb Jaldhar H. Vyas:
> On Sun, 13 Sep 2015, Frank Engler wrote:
> > Package: dovecot-core
> > Version: 1:2.2.13-12~deb8u1
> > Severity: serious
> > 
> > Dear Maintainer,
> > 
> > last update introduced /lib/systemd/system/dovecot.socket
> > and /lib/systemd/system/dovecot.service to handle startup.
> > Despite the fact customized configuration - especially
> > /etc/init.d/dovecot - might get ignored and these changes
> > are within a /stable/ release these changes are not
> > documented at all.
> 
> I'm curious as to which version you upgraded from and could you have
> installed anything else which would trigger the use of systemd?  systemd
> support was added way back in 1:2.1.7 (May-June 2012) and hasn't been
> touched since then.

That may be the reason the issue didn't show up on a test system.

> Certainly there is nothing in the latest update which
> involves it?  In your last upgrade did you lose systemd-shim perhaps?

I just installed the 8.1 -> 8.2 update at once. So any package of 
https://www.debian.org/News/2015/20150905 may be the cause. But most likely 
there are:
# tail -50 /var/log/aptitude | grep dovecot
[AKTUALISIERUNG] dovecot-core:amd64 1:2.2.13-11 -> 1:2.2.13-12~deb8u1
[AKTUALISIERUNG] dovecot-imapd:amd64 1:2.2.13-11 -> 1:2.2.13-12~deb8u1
[AKTUALISIERUNG] dovecot-ldap:amd64 1:2.2.13-11 -> 1:2.2.13-12~deb8u1
[AKTUALISIERUNG] dovecot-lmtpd:amd64 1:2.2.13-11 -> 1:2.2.13-12~deb8u1
# tail -50 /var/log/aptitude | grep systemd
[AKTUALISIERUNG] libsystemd0:amd64 215-17+deb8u1 -> 215-17+deb8u2
[AKTUALISIERUNG] systemd:amd64 215-17+deb8u1 -> 215-17+deb8u2
[AKTUALISIERUNG] systemd-sysv:amd64 215-17+deb8u1 -> 215-17+deb8u2

I got to see it, because etckeeper told of two new symlinks:
/etc/systemd/system/multi-user.target.wants/dovecot.service
/etc/systemd/system/sockets.target.wants/dovecot.socket

Your postinst does some systemd stuff:
|if deb-systemd-helper --quiet was-enabled dovecot.socket; then
|# Enables the unit on first installation, creates new
|# symlinks on upgrades if the unit file has changed.
|deb-systemd-helper enable dovecot.socket >/dev/null || true|
|else
|# Update the statefile to add new symlinks (if any), which need to be
|# cleaned up on purge. Also remove old symlinks.
|deb-systemd-helper update-state dovecot.socket >/dev/null || true|
|fi
But that should not raise this issue.

I tried to reproduce the issue on a test system. But as last time, it doesn't
occur there.

Bug#795583: /usr/bin/uic-qt4: missing man page

[Frank Engler]

Package: libqt4-dev-bin
Version: 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
Severity: normal
File: /usr/bin/uic-qt4

The man page for /usr/bin/uic-qt4 is missing.

Bug#741202: Include default.accept_redirects and default.send_redirects in sysctl.conf

[Frank Engler]

Package: procps
Version: 1:3.3.9-2
Severity: wishlist
File: /etc/sysctl.conf

Please add net.*.conf.default.accept_redirects and
net.*.conf.default.send_redirects to the examples.

According to 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/ip-sysctl.txt?id=v3.13#n809
and 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/ip-sysctl.txt?id=v3.13#n882
smtp redirects need to be disabled in net.*.conf.all
AND net.*.conf.interface for non-routers.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#680875: wine-bin-unstable: Missing icons

[Frank Engler]

Package: wine-bin-unstable
Version: 1.5.6-1
Severity: minor

Dear Maintainer,

according to /usr/share/applications/winecfg.desktop and 
/usr/share/applications/uninstaller.desktop there should
be an icon at /usr/share/pixmaps/wine.xpm, which is not there.

The icon defined in wine.desktop is wine which seems odd, too.


Thanks



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#666748: postgrey: lookup-by-subnet does not work with IPv6 queries

[Frank Engler]

Package: postgrey
Version: 1.34-1.1
Severity: normal
Tags: ipv6

Hello,

according to man page --lookup-by-subnet is default. It should
strip the last 8 bits from IP addresses. This isn't true querying 
IPv6 addresses.

Greylisting with IPv6 client addresses works:

$ nc ::1 10023
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=example.com
queue_id=0
sender=f...@example.com
recipient=b...@example.com
client_address=2001:db8::1
client_name=
reverse_client_name=
instance=

action=DEFER_IF_PERMIT Greylisted, see 
http://postgrey.schweikert.ch/help/example.com.html

$ nc ::1 10023
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=example.com
queue_id=0
sender=f...@example.com
recipient=b...@example.com
client_address=2001:db8::1
client_name=
reverse_client_name=
instance=

action=PREPEND X-Greylist: delayed 327 seconds by postgrey-1.34 at example.com; 
TIME

But a query with client address 2001:db8::2 still fails:

$ nc ::1 10023
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=example.com
queue_id=0
sender=f...@example.com
recipient=b...@example.com
client_address=2001:db8::2
client_name=
reverse_client_name=
instance=

action=DEFER_IF_PERMIT Greylisted, see 
http://postgrey.schweikert.ch/help/example.com.html

If lookup-by-subnet works right the answer should be:

action=DUNNO

Since stripping the last 8 bits is no sensible default on IPv6
addresses documentation should state loopup-by-subnet won't work
with IPv6 client addresses.



-- cat /etc/default/postgrey | grep -v -e # -e ^$:
POSTGREY_OPTS=--inet=10023



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#666751: postgrey: please include support for configurable subnet size and support for IPv6 subnets

[Frank Engler]

Package: postgrey
Version: 1.34-1.1
Severity: wishlist
Tags: ipv6

Hello,

please include support for configurable IPv6 subnets like

http://lists.ee.ethz.ch/postgrey/msg02429.html

Thanks considering



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656046: postgrey: listening on IPv6 does not work, gives connection refused to postfix

[Frank Engler]

Package: postgrey
Version: 1.34-1.1
Followup-For: Bug #656046

Are you sure postfix tries to connect to IPv6? If you are using

check_policy_service inet:127.0.0.1:10023

as suggested in README.Debian postfix will not use IPv6.
The examples in README.Debian should cover IPv6.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#630887: libchipcard6: please use SCardEstablishContext() before SCardListReaders()

[Frank Engler]

Package: libchipcard6
Version: 5.0.2-1
Severity: important
Tags: upstream

Hi,

since pcsc-lite-1.6.0 pcscd deamon would not be started by default.
Instead, libpcsclite will try to start it on SCardEstablishContext().

LC_Client_Start() tries to find chipcard readers invoking
LC_Client_UpdateReaderStates(). Neither LC_Client_Start() nor
LC_Client_UpdateReaderStates() create a communication context before 
looking for readers with SCardListReaders(). As a result, no reader
would be found using default configuration.

I recommend creating a context before SCardListReaders() as suggested
by http://pcsclite.alioth.debian.org/pcsc-lite/node10.html.

Thanks

-- System Information:
Versions of packages libchipcard6 depends on:
ii  libc6   2.13-4   Embedded GNU C Library: Shared lib
ii  libchipcard-data5.0.2-1  configuration files for libchipcar
ii  libgwenhywfar60 4.1.0-1  OS abstraction layer
ii  libpcsclite11.7.2-2  Middleware to access a smart card 
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#630887: libchipcard6: please use SCardEstablishContext() before SCardListReaders()

[Frank Engler]

Martin Preuss mar...@aqbanking.de writes:

 I recommend creating a context before SCardListReaders() as suggested
 by http://pcsclite.alioth.debian.org/pcsc-lite/node10.html.
 [...]

 SCardEstablishContext is already called by LC_Client_Init(), which is the 
 first function called before trying to list readers...

But SCardListReaders() does not require cl-scardContext being a valid
context. E.g. geldkarte call LC_Client_Init() and LC_Client_free()
before calling LC_Client_Start(). So I suppose, the context has already
gone before looking for readers.

So geldkarte only works, if I run pcscd in daemon mode. Otherwise, I'll
get a client.c: 827: No readers available-error.

Frank



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#620788: /etc/network/if-up.d/mountnfs: Not fixed in 2.88dsf-13.5

[Frank Engler]

Package: initscripts
Version: 2.88dsf-13.5
Followup-For: Bug #620788

reopen 620788

This bug is still not fixed in 2.88dsf-13.5.

Thanks



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#612383: upgrade 1.7.4p4-2.squeeze.1 - 1.7.4p4-6 overwrites /etc/sudoers

[Frank Engler]

Package: sudo
Version: 1.7.4p4-6
Severity: minor
File: /etc/sudoers

sudo's postinst asks if it should overwrite /etc/sudoers/README. But it
doesn't ask if it should overwrite /etc/sudoers. If sudo is the sole
root access, root account is completely locked.

postinst should probably ask before overwriting /etc/sudoers.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#593853: mutter version 2.29.0-3 stops working without damage extension

[Frank Engler]

Package: mutter
Version: 2.29.0-3
Severity: important

Mutter used to work without damage extension. This is not the case since
version 2.29.0-3. After logging in at gdm I'll get a black screen with
only a mouse cursor on it.

.xsession-errors:
/etc/gdm/Xsession: Beginning session setup...
GNOME_KEYRING_CONTROL=/tmp/keyring-AABP0l
SSH_AUTH_SOCK=/tmp/keyring-AABP0l/ssh
GNOME_KEYRING_PID=7303
GNOME_KEYRING_CONTROL=/tmp/keyring-AABP0l
SSH_AUTH_SOCK=/tmp/keyring-AABP0l/ssh
GNOME_KEYRING_CONTROL=/tmp/keyring-AABP0l
SSH_AUTH_SOCK=/tmp/keyring-AABP0l/ssh
Window manager warning: Missing damage extension required for 
compositing--sm-config-prefix: unknown option

Usage: gnubiff [OPTION...]

General command line options:
  -c, --config=file Configuration file to use
  -n, --noconfigure Skip the configuration process
  --nogui   Start gnubiff without GUI
  --systemtray  Put gnubiff's icon into the system tray
  -v, --version Print version information and exit

Help options:
  -?, --helpShow this help message
  --usage   Display brief usage message

(polkit-gnome-authentication-agent-1:7335): GLib-GObject-WARNING **: cannot 
register existing type `_PolkitError'

(polkit-gnome-authentication-agent-1:7335): GLib-CRITICAL **: 
g_once_init_leave: assertion `initialization_value != 0' failed
Daemon already running, exiting...
Unable to open desktop file epiphany.desktop for panel launcher
Unable to open desktop file evolution.desktop for panel launcher

** (nautilus:7322): WARNING **: Can not get _NET_WORKAREA

** (nautilus:7322): WARNING **: Can not determine workarea, guessing at layout

Versions of packages mutter depends on:
ii  libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii  libc6   2.11.2-2 Embedded GNU C Library: Shared lib
ii  libcairo2   1.8.10-4 The Cairo 2D vector graphics libra
ii  libclutter-1.0-01.2.12-3 Open GL based interactive canvas l
ii  libffi5 3.0.9-2  Foreign Function Interface library
ii  libfontconfig1  2.8.0-2.1generic font configuration library
ii  libfreetype62.4.2-1  FreeType 2 font engine, shared lib
ii  libgconf2-4 2.28.1-3 GNOME configuration database syste
ii  libgirepository1.0-00.6.14-1+b1  Library for handling GObject intro
ii  libgl1-mesa-glx [libgl1 7.7.1-4  A free implementation of the OpenG
ii  libglib2.0-02.24.1-1 The GLib library of C routines
ii  libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface 
ii  libice6 2:1.0.6-1X11 Inter-Client Exchange library
ii  libjson-glib-1.0-0  0.10.2-2 GLib JSON manipulation library
ii  libmutter-private0  2.29.0-3 library for the Mutter window mana
ii  libpango1.0-0   1.28.1-1 Layout and rendering of internatio
ii  libsm6  2:1.1.1-1X11 Session Management library
ii  libstartup-notification 0.10-1   library for program launch feedbac
ii  libx11-62:1.3.3-3X11 client-side library
ii  libxcomposite1  1:0.4.2-1X11 Composite extension library
ii  libxcursor1 1:1.1.10-2   X cursor management library
ii  libxdamage1 1:1.1.3-1X11 damaged region extension libra
ii  libxext62:1.1.2-1X11 miscellaneous extension librar
ii  libxfixes3  1:4.0.5-1X11 miscellaneous 'fixes' extensio
ii  libxinerama12:1.1-3  X11 Xinerama extension library
ii  libxrandr2  2:1.3.0-3X11 RandR extension library
ii  libxrender1 1:0.9.6-1X Rendering Extension client libra
ii  mutter-common   2.29.0-3 shared files for the Mutter window
ii  zenity  2.30.0-1 Display graphical dialog boxes fro
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages mutter recommends:
ii  gnome-session [x-session-mana 2.30.2-1   The GNOME Session Manager - GNOME 

Versions of packages mutter suggests:
ii  gnome-control-center  1:2.30.1-2 utilities to configure the GNOME d
ii  gnome-themes  2.30.2-1   official themes for the GNOME desk
pn  xdg-user-dirs none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#569698: /etc/init.d/selinux-basics should not umount -a

[Frank Engler]

Package: selinux-basics
Version: 0.3.5+nmu1
Severity: important
Tags: patch

An umount -a is invoked in selinux-complete-relable() of
/etc/init.d/selinux-basics. This was ok in prior versions
because a reboot -f followed. Today, only a reboot without
option -f is invoked which amounts to a shutdown -r now.
As a result, file systems are unmounted later in shutdown
process. Therefore, a umount is not necessary in this
script.

My server failed to change into runlevel 6 after
unmounting file systems.

-- /var/log/boot (relevant part)
Sun Feb  7 22:57:20 2010: Checking SELinux contexts: selinux-basics
Sun Feb  7 22:57:20 2010: Relabeling your filesystems for SELinux..Cleaning 
out /tmp
Sun Feb  7 22:57:21 2010: *
Sun Feb  7 22:57:37 2010: Relabeled, now reboot
Sun Feb  7 22:57:37 2010: umount: /var: device is busy
Sun Feb  7 22:57:37 2010: umount: /dev: device is busy
Sun Feb  7 22:57:38 2010: Checking minimum space in /tmp...done.
Sun Feb  7 22:57:38 2010: Setting up networking
Sun Feb  7 22:57:38 2010: Configuring network interfaces...done.
Sun Feb  7 22:57:39 2010: /etc/rcS.d/S55bootmisc.sh: line 50: savelog: command 
not found
Sun Feb  7 22:57:39 2010: rm: cannot remove `/tmp/.clean': Read-only file system
Sun Feb  7 22:57:39 2010: Initializing random number 
generator.../etc/rcS.d/S55urandom: line 31: find: command not found
Sun Feb  7 22:57:39 2010: /etc/rcS.d/S55urandom: line 32: [: : integer 
expression expected
Sun Feb  7 22:57:39 2010: done.
Sun Feb  7 22:57:39 2010: /etc/rcS.d/S70screen-cleanup: line 27: find: command 
not found
Sun Feb  7 22:57:39 2010: /etc/rcS.d/S70screen-cleanup: line 27: xargs: command 
not found
Sun Feb  7 22:57:39 2010: INIT: Entering runlevel: 2
Sun Feb  7 22:57:39 2010: Running local boot scripts (/etc/rc.local).
Sun Feb  7 22:57:40 2010:
-- end /var/log/boot

Though I am not abled to reproduce the error in a test
environment, I suggest to remove the umount -a because
it is redundant in most cases and fatal on maybe some
more machines.

After removing it the relabeling worked fine.

-- /var/log/boot (relevant part)
Sat Feb 13 14:29:16 2010: Checking SELinux contexts: selinux-basics
Sat Feb 13 14:29:16 2010: Relabeling your filesystems for SELinux..Cleaning 
out /tmp
Sat Feb 13 14:29:17 2010: *
Sat Feb 13 14:29:30 2010: Relabeled, now reboot
Sat Feb 13 14:29:31 2010: INIT: Switching to runlevel: 6
-- end /var/log/boot
diff -urN a/etc/init.d/selinux-basics b/etc/init.d/selinux-basics
--- a/etc/init.d/selinux-basics	2010-02-13 14:52:39.0 +0100
+++ b/etc/init.d/selinux-basics	2010-02-13 14:53:02.0 +0100
@@ -61,7 +61,6 @@
 	# re-enable SELinux if enabled before
 	if [ ! -f /.autorelabel ]; then
 		echo Relabeled, now reboot
-		umount -a || true
 		sync
 		reboot
 	fi

Bug#547887: [gnome-session] shutdown no longer in menu

[Frank Engler]

Hello,

having the same problem the installation of gnome-power-manager resolved
it. Probably, gnome-session should suggest or recommend
gnome-power-manger?

Frank



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#528123: openct contains no bundle files for pcscd

[Frank Engler]

Package: openct
Version: 0.6.16-1
Severity: minor
Tags: patch

Hi,

openct delivers pcsc support but contains no bundle files for pcscd. So 
pcscd can't use openct, it stops with an error: No bundle files in pcsc 
drivers directory: /usr/lib/pcsc/drivers. To solve this, 2 things have 
to be done:

1st: to create the bundle files add 
 --with-bundle=/usr/lib/pcsc/drivers to DEB_CONFIGURE_EXTRA_FLAGS 
 in debian/rules

2nd: to install the bundle files add a line 
 debian/tmp/usr/lib/pcsc/drivers/* to  debian/openct.install

Thanks
Frank

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openct depends on:
ii  adduser   3.110  add and remove users and groups
ii  dpkg  1.14.26Debian package management system
ii  libc6 2.9-4  GNU C Library: Shared libraries
ii  libltdl3  1.5.26-4   A system independent dlopen wrappe
ii  libopenct10.6.16-1local1 middleware framework for smart car
ii  libpcsclite1  1.5.3-1Middleware to access a smart card 
ii  libusb-0.1-4  2:0.1.12-13userspace USB programming library

Versions of packages openct recommends:
ii  udev  0.141-1/dev/ and hotplug management daemo

openct suggests no packages.

-- no debconf information
diff -urN openct-0.6.16/debian/openct.install openct-0.6.16.fix/debian/openct.install
--- openct-0.6.16/debian/openct.install	2009-05-10 23:52:46.0 +0200
+++ openct-0.6.16.fix/debian/openct.install	2009-05-10 23:26:53.726284238 +0200
@@ -6,6 +6,7 @@
 debian/tmp/usr/lib/openct-ifd.so
 debian/tmp/usr/lib/openct-ifd.la
 debian/tmp/usr/lib/openct-ifd.a
+debian/tmp/usr/lib/pcsc/drivers/*
 
 etc/openct.conf etc/
 debian/tmp/lib/udev lib/
diff -urN openct-0.6.16/debian/rules openct-0.6.16.fix/debian/rules
--- openct-0.6.16/debian/rules	2009-05-10 23:52:46.0 +0200
+++ openct-0.6.16.fix/debian/rules	2009-05-10 23:26:33.229411165 +0200
@@ -3,7 +3,7 @@
 include /usr/share/cdbs/1/class/autotools.mk
 include /usr/share/cdbs/1/rules/debhelper.mk
 
-DEB_CONFIGURE_EXTRA_FLAGS = --enable-pcsc --enable-usb --with-udev=/lib/udev
+DEB_CONFIGURE_EXTRA_FLAGS = --enable-pcsc --enable-usb --with-udev=/lib/udev --with-bundle=/usr/lib/pcsc/drivers
 
 DEB_INSTALL_DOCS_ALL := NEWS TODO
 

Bug#517709: refpolicy: dovecot-deliver won't work because files are in unexpected locations

[Frank Engler]

Package: refpolicy
Version: 2:0.0.20080702-14
Severity: normal
Tags: patch

Hello,

dovecot's LDA /usr/lib/dovecot/deliver does not work because its context 
lib_t does not allow execution without a transition. As it is called 
by the MTA it is required to run deliver in the context of the MTA. 
Alternatively a transition might work as well. In the attached patch it
will be labeled bin_t to allow the execution.

Thanks
Frank
diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.fc refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc
--- refpolicy-0.0.20080702/policy/modules/services/dovecot.fc	2008-02-25 20:31:03.0 +0100
+++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc	2009-03-01 16:59:39.0 +0100
@@ -16,7 +16,11 @@
 /usr/share/ssl/private/dovecot\.pem --	gen_context(system_u:object_r:dovecot_cert_t,s0)
 
 ifdef(`distro_debian', `
+# in Debian these files are in /usr/lib/dovecot which is lib_t
+# to execute without transition they should be bin_t - as /usr/libexec is
+/usr/lib/dovecot(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/dovecot/dovecot-auth 	--	gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+/usr/lib/dovecot/modules(/.*)?		gen_context(system_u:object_r:lib_t,s0)
 ')
 
 ifdef(`distro_redhat', `

Bug#517712: refpolicy: dovecot's etc files are in unexpected location

[Frank Engler]

Package: refpolicy
Version: 2:0.0.20080702-14
Severity: normal
Tags: patch

Hi,

the policy expects the etc files in the /etc/ directory. In fact these 
files are in the /etc/dovecot sub-directory. As a result of this 
dovecot_t and dovecot_auth_t require permission search_dir_perm. See the 
attached patch.

Thanks
Frank
diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.fc refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc
--- refpolicy-0.0.20080702/policy/modules/services/dovecot.fc	2009-03-01 16:59:39.0 +0100
+++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc	2009-03-01 17:31:47.0 +0100
@@ -7,6 +7,12 @@
 
 /etc/pki/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_cert_t,s0)
 
+# Debian uses /etc/dovecot/
+ifdef(`distro_debian', `
+/etc/dovecot(/.*)?			gen_context(system_u:object_r:dovecot_etc_t,s0)
+/etc/dovecot/passwd.*			gen_context(system_u:object_r:dovecot_passwd_t,s0)
+')
+
 #
 # /usr
 #
diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.te refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te
--- refpolicy-0.0.20080702/policy/modules/services/dovecot.te	2008-07-02 16:07:57.0 +0200
+++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te	2009-03-01 17:31:47.0 +0100
@@ -1,5 +1,5 @@
 
-policy_module(dovecot, 1.9.0)
+policy_module(dovecot, 1.9.1)
 
 
 #
@@ -54,6 +54,10 @@
 read_lnk_files_pattern(dovecot_t,dovecot_cert_t,dovecot_cert_t)
 
 allow dovecot_t dovecot_etc_t:file read_file_perms;
+# Debian uses /etc/dovecot/
+ifdef(`distro_debian', `
+allow dovecot_t dovecot_etc_t:dir search_dir_perms;
+')
 files_search_etc(dovecot_t)
 
 can_exec(dovecot_t, dovecot_exec_t)
@@ -164,6 +168,10 @@
 auth_domtrans_chk_passwd(dovecot_auth_t)
 auth_use_nsswitch(dovecot_auth_t)
 
+# Debian uses /etc/dovecot/
+ifdef(`distro_debian', `
+	allow dovecot_auth_t dovecot_etc_t:dir search_dir_perms;
+')
 files_read_etc_files(dovecot_auth_t)
 files_read_etc_runtime_files(dovecot_auth_t)
 files_search_pids(dovecot_auth_t)

Bug#517721: refpolicy: dovecot-deliver requires read access to /etc/dovecot.conf

[Frank Engler]

Package: refpolicy
Version: 2:0.0.20080702-14
Severity: normal
Tags: patch

Hello,

/usr/lib/dovecot/deliver, the LDA of dovecot, requires access to 
/etc/dovecot.conf. After applying the patch in #517709 deliver runs in 
the domain of the MTA. As it is recommended to run postfix as MTA 
together with SELinux, this will be the domain postfix_local_t.

After applying the patch in #517712 /etc/dovecot.conf is dovecot_etc_t. 
Domain postfix_local_t has no access to type dovecot_etc_t. The attached 
patch will fix it.

Thanks
Frank
diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.te refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te
--- refpolicy-0.0.20080702/policy/modules/services/dovecot.te	2009-03-01 17:31:47.0 +0100
+++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te	2009-03-01 18:11:25.0 +0100
@@ -1,5 +1,5 @@
 
-policy_module(dovecot, 1.9.1)
+policy_module(dovecot, 1.9.2)
 
 
 #
@@ -58,6 +58,18 @@
 ifdef(`distro_debian', `
 allow dovecot_t dovecot_etc_t:dir search_dir_perms;
 ')
+# deliver runs in the domain of the caller but needs read access
+# to config files. If deliver ist used by postfix it will run in
+# domain postfix_local_t
+optional_policy(`
+	require {
+		type postfix_local_t;
+	};
+	allow postfix_local_t dovecot_etc_t:file read_file_perms;
+	ifdef(`distro_debian', `
+		allow postfix_local_t dovecot_etc_t:dir search_dir_perms;
+	')
+')
 files_search_etc(dovecot_t)
 
 can_exec(dovecot_t, dovecot_exec_t)

Bug#513021: openct: new upstream version available

[Frank Engler]

Package: openct
Severity: wishlist


Hello,

a new upstream version (0.6.15) of openct is available. It would be 
nice, if there will be a package of it in debian.

Thanks
Frank



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#508084: libchipcard-tools: Missing manual page for chipcard-tool

[Frank Engler]

Package: libchipcard-tools
Version: 4.2.3-1
Severity: normal


Hello Micha,

there is no manual page for the chipcard-tool command.

Thanks
Frank



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#432436: icedove: misleading package description

[Frank Engler]

Package: icedove
Severity: normal


The package description of icedove contains what its predecessors are 
and how it works. The average user would like to know what this package 
can do for her.

Therefore the description could start in this way:
Icedove is a graphical mail client formerly known as Thunderbird. Its 
features are:
* POP3/IMAP
* spam filter
* news reader
* graphical customizable configuration
* I don't know, because I don't use it

The code of Thunderbird was unbranded for free distribution. The goal of 
Thunderbird is to produce a cross platform stand- alone mail application 
using the XUL user interface language.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#408616: sun-java5-bin: README.Debian points to wrong url for the Unlimited Strength JCE

[Frank Engler]

Package: sun-java5-bin
Version: 1.5.0-10-3
Severity: normal

README.Debian points to 
URL:http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=22PartDetailId=7503-jce-1.4.2-oth-JPRSiteId=JSCTransactionId=noreg
for the Unlimited Strength Jurisdiction Policy Files but it should point 
to
URL:http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=22PartDetailId=jce_policy-1.5.0-oth-JPRSiteId=JSCTransactionId=noreg

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages sun-java5-bin depends on:
ii  debconf [debconf-2.0]1.5.11  Debian configuration management sy
ii  libc62.3.6.ds1-8 GNU C Library: Shared libraries
ii  sun-java5-jre1.5.0-10-3  Sun Java(TM) Runtime Environment (
ii  unixodbc 2.2.11-13   ODBC tools libraries

Versions of packages sun-java5-bin recommends:
ii  libasound21.0.13-1   ALSA library
ii  libx11-6  2:1.0.3-4  X11 client-side library
ii  libxext6  1:1.0.1-2  X11 miscellaneous extension librar
ii  libxi61:1.0.1-4  X11 Input extension library
ii  libxp61:1.0.0.xsf1-1 X Printing Extension (Xprint) clie
ii  libxt61:1.0.2-2  X11 toolkit intrinsics library
ii  libxtst6  1:1.0.1-5  X11 Testing -- Resource extension 

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#408620: sun-java6: JCE files should be in their own package or conffiles

[Frank Engler]

Package: sun-java6
Severity: wishlist

For legal reasons JCE key size is limited in this release. If the user 
wants unlimited strength he or she has to replace binary files of the 
package.

Perhaps the jce files should be in their own package. So the user 
could replace this packages with his or her own unlimited strength 
package. 

Maybe its easier to place the jce policy files in /etc/java-6-sun and 
symlink to them as they are like configuration files.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#406837: cryptsetup: Misleading description of checkscript swap in man 5 crypttab

[Frank Engler]

Package: cryptsetup
Version: 2:1.0.4-8
Severity: normal

The manpage of crypttab(5) says to the checkscripts:

swap
  Checks for partition type swap. Only useful as precheck.

But the script in /lib/cryptsetup/checks/swap checks for a valid swap 
signature. Because checking for partition type is a bad idea (#342079) 
an there is no solution for good precheck available (#350922) 
perhaps /lib/cryptsetup/checks/swap should be removed completely.

There is no sense to use it as precheck. Encrypting the raw device,
the signature has gone away.
There is also no sense to use it as check. Swapon will do it itself.

At least the manual should be corrected:

swap
Check for swap signature. This is not very useful. In creating 
an encrypted swap device you destroy any swap signature on raw 
device. Hence you cannot check for it.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages cryptsetup depends on:
ii  dmsetup  2:1.02.08-1 The Linux Kernel Device Mapper use
ii  libc62.3.6.ds1-8 GNU C Library: Shared libraries
ii  libdevma 2:1.02.08-1 The Linux Kernel Device Mapper use
ii  libgcryp 1.2.3-2 LGPL Crypto library - runtime libr
ii  libgpg-e 1.4-1   library for common error values an
ii  libpopt0 1.10-3  lib for parsing cmdline parameters
ii  libuuid1 1.39+1.40-WIP-2006.11.14+dfsg-1 universally unique id library

cryptsetup recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#364817: mixer_applet2: no mute function

[Frank Engler]

Package: gnome-applets
Version: 2.8.2-3
Severity: normal

If I mute the sound device (AC'97 with alsa driver) using the mixer_applet2
volume is set to the lowest level instead of muting the sound device.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.15
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages gnome-applets depends on:
ii  gnome-applets-data 2.8.2-3   Various applets for GNOME 2 panel 
ii  gnome-panel2.8.3-1   launcher and docking facility for 
ii  gstreamer0.8-alsa  0.8.8-2   ALSA plugin for GStreamer
ii  libapm13.2.2-3   Library for interacting with APM d
ii  libart-2.0-2   2.3.17-1  Library of functions for 2D graphi
ii  libatk1.0-01.8.0-4   The ATK accessibility toolkit
ii  libbonobo2-0   2.8.1-2   Bonobo CORBA interfaces library
ii  libbonoboui2-0 2.8.1-2   The Bonobo UI library
ii  libc6  2.3.2.ds1-22sarge3GNU C Library: Shared libraries an
ii  libgail-common 1.8.4-1   GNOME Accessibility Implementation
ii  libgail17  1.8.4-1   GNOME Accessibility Implementation
ii  libgconf2-42.8.1-6   GNOME configuration database syste
ii  libgcrypt111.2.0-11.1LGPL Crypto library - runtime libr
ii  libglade2-01:2.4.2-2 library to load .glade files at ru
ii  libglib2.0-0   2.6.4-1   The GLib library of C routines
ii  libgnome2-02.8.1-2   The GNOME 2 library - runtime file
ii  libgnomecanvas2-0  2.8.0-1   A powerful object-oriented display
ii  libgnomeui-0   2.8.1-3   The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0 2.8.4-4   The GNOME virtual file-system libr
ii  libgnutls111.0.16-13.2   GNU TLS library - runtime library
ii  libgstreamer-plugi 0.8.8-2   Various GStreamer libraries and li
ii  libgstreamer0.8-0  0.8.9-2   Core GStreamer libraries, plugins,
ii  libgtk2.0-02.6.4-3.1 The GTK+ graphical user interface 
ii  libgtop2-2 2.6.0-4   Libraries for gtop system monitori
ii  libice64.3.0.dfsg.1-14sarge1 Inter-Client Exchange library
ii  liborbit2  1:2.12.2-1libraries for ORBit2 - a CORBA ORB
ii  libpanel-applet2-0 2.8.3-1   library for GNOME 2 panel applets
ii  libpango1.0-0  1.8.1-1   Layout and rendering of internatio
ii  libpopt0   1.7-5 lib for parsing cmdline parameters
ii  libsm6 4.3.0.dfsg.1-14sarge1 X Window System Session Management
ii  libx11-6   4.3.0.dfsg.1-14sarge1 X Window System protocol client li
ii  libxklavier8   1.03-1X Keyboard Extension high-level AP
ii  libxml22.6.16-7  GNOME XML library
ii  xlibs  4.3.0.dfsg.1-14sarge1 X Keyboard Extension (XKB) configu
ii  zlib1g 1:1.2.2-4.sarge.2 compression library - runtime

-- no debconf information
-- lsmod | grep snd
snd_intel8x0   29980  2
snd_pcm_oss46560  0
snd_mixer_oss  16576  1 snd_pcm_oss
snd_intel8x0m  16268  2
snd_ac97_codec 83488  2 snd_intel8x0,snd_intel8x0m
snd_ac97_bus2304  1 snd_ac97_codec
snd_pcm78920  4 
snd_intel8x0,snd_pcm_oss,snd_intel8x0m,snd_ac97_codec
snd_timer  22148  1 snd_pcm
snd50468  15 
snd_intel8x0,snd_pcm_oss,snd_mixer_oss,snd_intel8x0m,snd_ac97_codec,snd_pcm,snd_timer
soundcore   9312  1 snd
snd_page_alloc 10440  3 snd_intel8x0,snd_intel8x0m,snd_pcm


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]