Bug#1063835: roundcube: When upgrading from roundcube 1.4.15+dfsg.1-1~deb11u2 to 1.6.5+dfsg-1~deb12u1 error "table roundcube.filestore does not exist" is thrown, not handled

[Andrew Gallagher]

Package: roundcube
Version: 1.6.5+dfsg-1~deb12u1
Severity: important

When upgrading roundcube to the latest version, the mariadb schema upgrade 
fails due to a missing table "roundcube.filestore".
This table apparently never existed, however this did not seem to cause any 
noticeable issues before the upgrade.

It appears therefore that the schema migration makes too many assumptions about 
the state of the current database,
and so does not handle the missing (but apparently optianal) table gracefully. 
Missing tables should be created if they do not exist..



-- System Information:
Debian Release: 11.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'oldoldstable-updates'), (500, 'oldoldstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-11-amd64 (SMP w/3 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages roundcube depends on:
ii  dpkg1.21.22
ih  roundcube-core  1.6.5+dfsg-1~deb12u1

roundcube recommends no packages.

roundcube suggests no packages.

Versions of packages roundcube-core depends on:
ii  dbconfig-common 2.0.19
ii  debconf [debconf-2.0]   1.5.77
ii  dpkg1.21.22
ii  libjs-bootstrap44.5.2+dfsg1-8~deb11u1
ii  libjs-codemirror5.59.2+~cs0.23.109-1
ii  libjs-jquery3.5.1+dfsg+~3.5.5-7
ii  libjs-jquery-minicolors 2.2.6+dfsg-4
ii  libjs-jquery-ui 1.12.1+dfsg-8+deb11u1
ii  libjs-jstimezonedetect  1.0.6-5
ii  libmagic1   1:5.39-3+deb11u1
ii  php 2:7.4+76
ii  php-auth-sasl   1.1.0-1
ii  php-common  2:76
ii  php-guzzlehttp-guzzle   7.4.5-1
ii  php-intl2:7.4+76
ii  php-mail-mime   1.10.10-1
ii  php-masterminds-html5   2.7.4+dfsg-2
ii  php-mbstring2:7.4+76
ii  php-net-sieve   1.4.6-1
ii  php-net-smtp1.10.1-1
ii  php-pear1:1.10.12+submodules+notgz+20210212-1
ii  php7.4 [php]7.4.33-1+deb11u4
ii  php7.4-cli [php-cli]7.4.33-1+deb11u4
ii  php7.4-intl [php-intl]  7.4.33-1+deb11u4
ii  php7.4-json [php-json]  7.4.33-1+deb11u4
ii  php7.4-mbstring [php-mbstring]  7.4.33-1+deb11u4
ii  roundcube-mysql 1.6.5+dfsg-1~deb12u1
ii  ucf 3.0043

Versions of packages roundcube-core recommends:
ii  apache2 [httpd-cgi] 2.4.57-2
pn  php-enchant 
ii  php-gd  2:7.4+76
ii  php7.4-gd [php-gd]  7.4.33-1+deb11u4
pn  roundcube-skin-classic  
pn  roundcube-skin-larry

Versions of packages roundcube-core suggests:
pn  php-bacon-qr-code   
pn  php-bjeavons-zxcvbn-php 
pn  php-crypt-gpg   
pn  php-net-ldap3   
pn  php-roundcube-rtf-html-php  
iu  roundcube-plugins   1.6.5+dfsg-1~deb12u1

-- debconf information:
  roundcube/mysql/admin-pass: (password omitted)
  roundcube/mysql/app-pass: (password omitted)
  roundcube/app-password-confirm: (password omitted)
  roundcube/password-confirm: (password omitted)
  roundcube/internal/skip-preseed: false
  roundcube/internal/reconfiguring: false
  roundcube/mysql/authplugin: default
  roundcube/database-type: mysql
  roundcube/db/app-user: roundcube@localhost
  roundcube/remote/port:
  roundcube/missing-db-package-error: abort
  roundcube/hosts:
  roundcube/db/dbname: roundcube
  roundcube/remote/newhost:
  roundcube/language: en_US
  roundcube/purge: false
  roundcube/dbconfig-remove: true
  roundcube/remove-error: abort
  roundcube/restart-webserver: true
  roundcube/dbconfig-upgrade: true
  roundcube/mysql/admin-user: debian-sys-maint
  roundcube/upgrade-error: abort
  roundcube/dbconfig-reinstall: false
  roundcube/passwords-do-not-match:
  roundcube/install-error: abort
  roundcube/remote/host: localhost
  roundcube/upgrade-backup: true
  roundcube/mysql/method: Unix socket
  roundcube/reconfigure-webserver: apache2, lighttpd
  roundcube/dbconfig-install: true

Bug#1025782: Info received (gpg-wks-server not build with sendmail)

[Andrew Gallagher]

I have opened a related ticket upstream (https://dev.gnupg.org/T6321), however 
Debian should still fix their build.


signature.asc
Description: Message signed with OpenPGP

Bug#1025782: gpg-wks-server not build with sendmail

[Andrew Gallagher]

I have reproduced this bug. gpg-wks-server is currently unusable on bullseye.


signature.asc
Description: Message signed with OpenPGP

Bug#911189: src:gpgme1.0: please ship gpgme-json with native messaging hooks for chromium and firefox

[Andrew Gallagher]

Has there been any progress on this? Ubuntu currently ships an 
equivalent package, although it doesn't contain the firefox manifest 
(presumably because of the config file issue mentioned by Sascha above).


From my understanding, a per-extension manifest file is intended to be 
shipped as part of the webext-* package for the extension, and not with 
the native helper. Compare with webext-browserpass:


```
$ dpkg -L webext-browserpass | grep native-messaging
/etc/chromium/native-messaging-hosts
/etc/chromium/native-messaging-hosts/com.github.browserpass.native.json
/usr/lib/mozilla/native-messaging-hosts
/usr/lib/mozilla/native-messaging-hosts/com.github.browserpass.native.json
```

Confusion may have arisen because most webextensions (such as 
browserpass) ship the extension and the native helper app in the same 
package, making it unclear where the manifest belongs when the native 
helper is in a separate package (as gpgme must if it is to be shared 
between applications).


This would imply that the correct place for the manifests is in a 
notional `webext-mailvelope` package, where they SHOULD NOT be marked as 
config. Packaging mailvelope properly would greatly improve the user 
experience (see e.g. https://github.com/mailvelope/mailvelope/issues/628 
, https://github.com/mailvelope/mailvelope/issues/699 ).


--
Andrew Gallagher



OpenPGP_signature
Description: OpenPGP digital signature

Bug#976461: [Pkg-privacy-maintainers] Bug#976461: torbrowser-launcher: fails to launch, apparmor=DENIED (incomplete fix for #908068?)

[Andrew Gallagher]

On 01/07/2021 16:32, Roger Shimizu wrote:


Please kindly try latest version in bullseye or buster-backports.
Thank you!


I can confirm it works in the latest version from buster-backports 
(0.3.3-6~bpo10+1).


Thanks!

--
Andrew Gallagher



OpenPGP_signature
Description: OpenPGP digital signature

Bug#976461: torbrowser-launcher: fails to launch, apparmor=DENIED (incomplete fix for #908068?)

[Andrew Gallagher]

Package: torbrowser-launcher
Version: 0.3.3-2
Severity: important

Dear Maintainer,

I updated torbrowser-launcher from 0.2.9-1~bpo9+1 to 0.3.2-14~bpo10+1. This has 
rendered 
torbrowser-launcher unusable. When invoking, the following error appears in 
syslog:

```
Dec  5 11:24:37 whippet kernel: [7222867.725534] audit: type=1400 
audit(1607167477.149:61): apparmor="DENIED" operation="exec" 
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox"
 name="/usr/bin/dirname" pid=6594 comm="firefox" requested_mask="x" 
denied_mask="x" fsuid=1000 ouid=0
```

This appears to be either a regression to, or an incomplete fix for #908068. I 
noticed that the apparmor 
profile for torbrowser has been overridden, and the timestamp is the same as 
that of the upgrade:

```
andrewg@whippet:~$ ls -al /etc/apparmor.d/local/*tor*
-rw-r--r-- 1 root root 117 Jan  5  2015 /etc/apparmor.d/local/system_tor
-rw-r--r-- 1 root root   0 Nov  6 16:55 
/etc/apparmor.d/local/torbrowser.Browser.firefox
-rw-r--r-- 1 root root 134 Jan 28  2018 
/etc/apparmor.d/local/torbrowser.Browser.firefox.dpkg-dist
-rw-r--r-- 1 root root 135 Jan  5  2015 
/etc/apparmor.d/local/torbrowser.start-tor-browser
-rw-r--r-- 1 root root   0 Nov  6 16:55 /etc/apparmor.d/local/torbrowser.Tor.tor
-rw-r--r-- 1 root root 125 Jan  5  2015 
/etc/apparmor.d/local/torbrowser.Tor.tor.dpkg-old
-rw-r--r-- 1 root root 134 Jan  5  2015 
/etc/apparmor.d/local/usr.bin.torbrowser-launcher
andrewg@whippet:~$ zgrep torbrowser /var/log/dpkg.log.1
2020-11-06 16:55:17 upgrade torbrowser-launcher:amd64 0.2.9-1~bpo9+1 
0.3.2-14~bpo10+1
2020-11-06 16:55:17 status half-configured torbrowser-launcher:amd64 
0.2.9-1~bpo9+1
2020-11-06 16:55:17 status unpacked torbrowser-launcher:amd64 0.2.9-1~bpo9+1
2020-11-06 16:55:17 status half-installed torbrowser-launcher:amd64 
0.2.9-1~bpo9+1
2020-11-06 16:55:19 status unpacked torbrowser-launcher:amd64 0.3.2-14~bpo10+1
2020-11-06 16:55:42 configure torbrowser-launcher:amd64 0.3.2-14~bpo10+1 
2020-11-06 16:55:42 status unpacked torbrowser-launcher:amd64 0.3.2-14~bpo10+1
2020-11-06 16:55:42 status half-configured torbrowser-launcher:amd64 
0.3.2-14~bpo10+1
2020-11-06 16:55:43 status installed torbrowser-launcher:amd64 0.3.2-14~bpo10+1
```

It would appear that this change resulted from a failed attempt by apt to 
update the apparmor config 
for torbrowser-launcher. Further upgrading from stable to testing (0.3.3-2) did 
not resolve the issue. 
Moving the dpkg-old and/or dpkg-dist files over the zero-length originals did 
not help either. Purging 
and reinstalling torbrowser-launcher from buster-backports (0.3.2-14~bpo10+1) 
brought back fresh copies 
of the zero-length apparmor files and the problem persisted:

```
andrewg@whippet:~$ ls -al /etc/apparmor.d/local/*tor*
-rw-r--r-- 1 root root 117 Jan  5  2015 /etc/apparmor.d/local/system_tor
-rw-r--r-- 1 root root   0 Dec  5 11:48 
/etc/apparmor.d/local/torbrowser.Browser.firefox
-rw-r--r-- 1 root root 135 Jan  5  2015 
/etc/apparmor.d/local/torbrowser.start-tor-browser
-rw-r--r-- 1 root root   0 Dec  5 11:48 /etc/apparmor.d/local/torbrowser.Tor.tor
-rw-r--r-- 1 root root 134 Jan  5  2015 
/etc/apparmor.d/local/usr.bin.torbrowser-launcher
```

Comparing with a working torbrowser-launcher on another machine, I see that two 
of the nonzero-size files
are not present:

```
andrewg@fred:~$ ls -al /etc/apparmor.d/local/*tor*
-rw-r--r-- 1 root root 117 Nov 12  2018 /etc/apparmor.d/local/system_tor
-rw-r--r-- 1 root root   0 Jan  8  2019 
/etc/apparmor.d/local/torbrowser.Browser.firefox
-rw-r--r-- 1 root root   0 Jan  8  2019 
/etc/apparmor.d/local/torbrowser.Browser.plugin-container
-rw-r--r-- 1 root root   0 Jan  8  2019 /etc/apparmor.d/local/torbrowser.Tor.tor
```

And yet removing both usr.bin.torbrowser-launcher and 
torbrowser.start-tor-browser from the offending 
machine has made no difference.

At this point I am out of ideas.

Andrew.

-- System Information:
Debian Release: 10.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'stable'), 
(500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-10-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages torbrowser-launcher depends on:
ii  ca-certificates20200601~deb10u1
ii  gnupg  2.2.12-1+deb10u1
ii  libdbus-glib-1-2   0.110-4
ii  python33.7.3-1
ii  python3-gpg1.12.0-6
ii  python3-packaging  20.4-1
ii  python3-pyqt5  5.11.3+dfsg-1+b3
ii  python3-requests   2.21.0-1
ii  python3-socks  1.6.8+dfsg-1

Versions of packages torbrowser-launcher recommends:
ii  tor  0.3.5.10-1

Versions of packages torbrowser-launcher suggests:
ii  apparmor  

Bug#961129: xscreensaver should not search for screensaver executables in PATH

[Andrew Gallagher]

Package: xscreensaver
Version: 5.42+dfsg1-1
Severity: important

Dear Maintainer,

Ever since I installed the magic-wormhole package, I have noticed that 
xscreensaver occasionally throws an error on the screen as follows:

```
Usage: wormhole [OPTIONS] COMMAND [ARGS]...
Try "wormhole --help" for help.

Error: no such option: -r
```

Luckily, invoking magic-wormhole with invalid options does not result in 
anything dangerous happening, but it raises the question whether potentially 
dangerous unintended behaviour is possible.

I believe this happens because xscreensaver is searching for known screensaver 
binaries, and finding `wormhole` in the PATH it blindly assumes that this is 
the `wormhole` from xscreensaver-data-extra, but it is not installed.

xscreensaver SHOULD search for screensavers only in /usr/lib/xscreensaver, 
where other packages are expected to install them. Any other executable on the 
PATH which may happen to have the same name as a known screensaver MUST NOT be 
invoked, as this may result in unintended behaviour.

Beware for example that `zoom` is the name of a known screensaver. I am glad 
that I do not have xscreensaver and zoom.us installed on the same machine. :-)

Andrew.


-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'stable'), 
(500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xscreensaver depends on:
ii  libatk1.0-0  2.30.0-2
ii  libc62.28-10
ii  libcairo21.16.0-4
ii  libfontconfig1   2.13.1-2
ii  libfreetype6 2.9.1-3+deb10u1
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglade2-0  1:2.6.4-2+b1
ii  libglib2.0-0 2.58.3-2+deb10u2
ii  libgtk2.0-0  2.24.32-3
ii  libice6  2:1.0.9-2
ii  libpam0g 1.3.1-5
ii  libpango-1.0-0   1.42.4-8~deb10u1
ii  libpangocairo-1.0-0  1.42.4-8~deb10u1
ii  libpangoft2-1.0-01.42.4-8~deb10u1
ii  libsm6   2:1.2.3-1
ii  libx11-6 2:1.6.7-1
ii  libxext6 2:1.3.3-1+b2
ii  libxi6   2:1.7.9-1
ii  libxinerama1 2:1.1.4-2
ii  libxml2  2.9.4+dfsg1-7+b3
ii  libxmu6  2:1.1.2-2+b3
ii  libxrandr2   2:1.5.1-1
ii  libxrender1  1:0.9.10-1
ii  libxt6   1:1.1.5-1+b3
ii  libxxf86vm1  1:1.1.4-1+b2
ii  xscreensaver-data5.42+dfsg1-1

Versions of packages xscreensaver recommends:
ii  libjpeg-turbo-progs   1:1.5.2-2+b1
ii  perl  5.28.1-6
ii  wamerican [wordlist]  2018.04.16-1

Versions of packages xscreensaver suggests:
ii  firefox-esr [www-browser]  68.8.0esr-1~deb10u1
pn  fortune
ii  gdm3   3.30.2-3
ii  links [www-browser]2.18-2
ii  lynx [www-browser] 2.8.9rel.1-3
pn  qcam | streamer
ii  w3m [www-browser]  0.5.3-37
pn  xdaliclock 
pn  xfishtank  
pn  xscreensaver-data-extra
pn  xscreensaver-gl
pn  xscreensaver-gl-extra  

-- no debconf information

Bug#954221: monkeysign: monkeyscan requires python modules that are not listed as dependencies

[Andrew Gallagher]

Package: monkeysign
Version: 2.2.4
Severity: important

If monkeysign is installed on a bare-bones system, it does not pull all of its
required python modules. Monkeyscan is therefore unusable on e.g. Tails without
a lot of manual intervention.

Installing the following packages by hand clears the errors:

python-gobject-2
python-gtk2
python-pil
python-zbar
python-zbarpygtk
python-qrencode

These should be added to debian/control, and an audit performed to check that
there are no other unstated dependencies that I have missed.

Andrew.


-- Package-specific info:

detailed monkeysign version information
Monkeysign: 2.2.4
Load path: /usr/lib/python2.7/dist-packages/monkeysign
CPython: 2.7.16 (GCC 8.3.0 default Oct 10 2019 22:02:15)
Kernel: Linux fred 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64 
Operating system: debian 10.3 (Linux)
PID: 947, CWD: /home/andrewg/git/wordpress-theme
Command: ['/usr/bin/monkeyscan', '--version', '--debug']
GnuPG: 2.2.12
GTK: 2.24.32
PyGTK: 2.24.0
ZBar: 0.22
PIL: 1.1.7
qrencode: 1.2

please also include a backtrace and full --debug information in case
of a crash or any failure.

WARNING: make sure you review the information included in the output for
confidential information. secret key material should never show up in
Monkeysign output, but public key material, including user identies like
pictures and email addresses may be shown.

also include the output of monkeysign --test if you run Monkeysign
older than 2.1.

-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (900, 'stable-updates'), (900, 'stable'), (800, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8), LANGUAGE=en_IE:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages monkeysign depends on:
ii  dirmngr  2.2.12-1+deb10u1
ii  gnupg2.2.12-1+deb10u1
ii  gnupg-agent  2.2.12-1+deb10u1
ii  gpg-agent [gnupg-agent]  2.2.12-1+deb10u1
ii  python   2.7.16-1
ii  python-pkg-resources 40.8.0-1
ii  python-socks 1.6.8+dfsg-1

Versions of packages monkeysign recommends:
ii  python-gtk2   2.24.0-5.1+b1
ii  python-mock   2.0.0-4
ii  python-qrencode   1.2-4+b2
ii  python-zbar   0.22-1
ii  python-zbarpygtk  0.22-1

Versions of packages monkeysign suggests:
pn  monkeysign-doc  

-- no debconf information

Bug#954214: monkeysign signs with different private key

[Andrew Gallagher]

Package: monkeysign
Version: 2.2.4
Severity: normal
Tags: upstream

When calling monkeysign without the --user command line flag, it confirms
that it will sign with the most recent valid key (as one would expect)
but it actually signs with the *oldest* valid key. Providing a --user flag
works as expected.

Andrew.

-- Package-specific info:

detailed monkeysign version information
Monkeysign: 2.2.4
Load path: /usr/lib/python2.7/dist-packages/monkeysign
CPython: 2.7.16 (GCC 8.3.0 default Oct 10 2019 22:02:15)
Kernel: Linux fred 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64 
Operating system: debian 10.3 (Linux)
PID: 25596, CWD: /home/andrewg/git/wordpress-theme
Command: ['/usr/bin/monkeyscan', '--version', '--debug']
GnuPG: 2.2.12
GTK: 2.24.32
PyGTK: 2.24.0
ZBar: 0.22
PIL: 1.1.7
qrencode: 1.2

please also include a backtrace and full --debug information in case
of a crash or any failure.

WARNING: make sure you review the information included in the output for
confidential information. secret key material should never show up in
Monkeysign output, but public key material, including user identies like
pictures and email addresses may be shown.

also include the output of monkeysign --test if you run Monkeysign
older than 2.1.

-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (900, 'stable-updates'), (900, 'stable'), (800, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8), LANGUAGE=en_IE:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages monkeysign depends on:
ii  dirmngr  2.2.12-1+deb10u1
ii  gnupg2.2.12-1+deb10u1
ii  gnupg-agent  2.2.12-1+deb10u1
ii  gpg-agent [gnupg-agent]  2.2.12-1+deb10u1
ii  python   2.7.16-1
ii  python-pkg-resources 40.8.0-1
ii  python-socks 1.6.8+dfsg-1

Versions of packages monkeysign recommends:
ii  python-gtk2   2.24.0-5.1+b1
ii  python-mock   2.0.0-4
ii  python-qrencode   1.2-4+b2
ii  python-zbar   0.22-1
ii  python-zbarpygtk  0.22-1

Versions of packages monkeysign suggests:
pn  monkeysign-doc  

-- no debconf information

Bug#897366: monkeysphere: update-users is paranoid; locks out users unnecessarily

[Andrew Gallagher]

Package: monkeysphere
Version: 0.41-1
Severity: important
Tags: upstream

Dear Maintainer,

`/usr/share/monkeysphere/ma/update_users` deletes the managed authorised_keys 
file in the case of error,
even when that error has no possible security impact. The offending code is 
here:

```
chown $(whoami) "$tmpAuthorizedKeys" && \
chgrp $(id -g "$uname") "$tmpAuthorizedKeys" && \
chmod g+r "$tmpAuthorizedKeys" && \
mv -f "$tmpAuthorizedKeys" "${authorizedKeysDir}/${uname}" || \
{
log error "Failed to install authorized_keys for '$uname'!"
rm -f "${authorizedKeysDir}/${uname}"
# indicate that there has been a failure:
returnCode=1
}
```

Any error whatsoever in this pipeline will cause `rm -f 
"${authorizedKeysDir}/${uname}"` to be invoked,
potentially locking out the affected user. A transient filesystem error can 
easily cause all users of a
system to be locked out simultaneously, e.g. if /var fills up. This has 
happened to me several times.

Are you sure you want to remove the *live* authorized_keys file in case of 
error? Not the temp one? I don't
understand how a failed `mv` in this case could cause a security issue serious 
enough to warrant disabling 
a login method.

Andrew.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (800, 'testing'), (700, 'unstable'), (500, 'stable-updates'), 
(500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages monkeysphere depends on:
ii  adduser   3.117
ii  gnupg 2.2.5-1
ii  libcrypt-openssl-rsa-perl 0.28-5+b1
ii  libperl5.24 [libdigest-sha-perl]  5.24.1-7
ii  libperl5.26 [libdigest-sha-perl]  5.26.2-2
ii  lockfile-progs0.1.17+b1
ii  procmail  3.22-26

Versions of packages monkeysphere recommends:
ii  agent-transfer   0.41-1
ii  cron [cron-daemon]   3.0pl1-130
ii  netcat-traditional [netcat]  1.10-41.1
ii  openssh-client   1:7.7p1-2
ii  ssh-askpass  1:1.2.4.1-10

Versions of packages monkeysphere suggests:
ii  msva-perl [monkeysphere-validation-agent]  0.9.2-1

-- Configuration Files:
/etc/monkeysphere/monkeysphere-authentication.conf changed:
AUTHORIZED_USER_IDS="/etc/monkeysphere/authorized_user_ids/%u"
RAW_AUTHORIZED_KEYS='/etc/security/authorized_keys/%u'

/etc/monkeysphere/monkeysphere.conf changed:
KEYSERVER=localhost


-- no debconf information

Bug#880448: alien: Large integers in version numbers are converted to floating point format

[Andrew Gallagher]

Package: alien
Version: 8.95
Severity: minor

When running alien against a package that has a large integer as one of the
version components (e.g. a nanosecond timestamp), alien appears to convert it
internally to floating point, with the result that the output filename contains
exponential notation. So, for example:

```
andrewg@fred:~/Downloads$ sudo alien --scripts 
dremio-community-1.2.2-201710100154510864_d40e31c_1.noarch.rpm 
dremio-community_1.2.2-2.01710100154511e+17_all.deb generated
```
 
One would expect that the version number components would be copied verbatim
between the input and output filenames.

Andrew.


-- System Information:
Debian Release: 9.1
  APT prefers stable-updates
  APT policy: (900, 'stable-updates'), (900, 'stable'), (800, 'testing'), (700, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8), LANGUAGE=en_IE:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages alien depends on:
ii  cpio   2.11+dfsg-6
ii  debhelper  10.2.5
ii  dpkg-dev   1.18.24
ii  make   4.1-9.1
ii  perl   5.24.1-3+deb9u1
ii  rpm4.12.0.2+dfsg1-2
ii  rpm2cpio   4.12.0.2+dfsg1-2

alien recommends no packages.

Versions of packages alien suggests:
ii  bzip21.0.6-8.1
pn  lintian  
ii  patch2.7.5-1+b2
ii  xz-utils [lzma]  5.2.2-1.2+b1

-- no debconf information

Bug#861169: systemd service overrides opendkim.conf socket at start

[Andrew Gallagher]

Package: opendkim
Followup-For: Bug #861169

> 1.  It does *NOT* render the package unusable to the majority of its
> users, and it only affects more complex setups that would never
> work out-of-the-box without local configuration being done.

This is misleading - postfix is chrooted by default in Debian, and the default 
opendkim 
configuration does not therefore work out of the box. A "more complex setup" is 
thus a
minimum requirement for basic functionality.

> 2.  AFAIK, it matches previous behavior of Debian stable, and also when
> using initscripts instead of systemd.

That's because it was also broken when using initscripts. The upgrade to 
systemd has 
reinvigorated this bug because the previous workaround (editing 
/etc/default/opendkim)
is initscripts-specific.

Andrew.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (900, 'stable'), (800, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 4.8.3-x86_64-linode76 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=C 
(charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opendkim depends on:
ii  adduser  3.115
ii  dns-root-data2017041102
ii  init-system-helpers  1.48
ii  libbsd0  0.8.3-1
ii  libc62.24-11+deb9u1
ii  libdb5.3 5.3.28-12+b1
ii  libldap-2.4-22.4.44+dfsg-5
ii  liblua5.1-0  5.1.5-8.1+b2
ii  libmemcached11   1.0.18-4.1
ii  libmemcachedutil21.0.18-4.1
ii  libmilter1.0.1   8.15.2-8
ii  libopendbx1  1.4.6-11+b1
ii  libopendkim112.11.0~alpha-10
ii  librbl1  2.11.0~alpha-10
ii  libssl1.11.1.0f-3
ii  libunbound2  1.6.0-3
ii  libvbr2  2.11.0~alpha-10
ii  lsb-base 9.20161125

opendkim recommends no packages.

Versions of packages opendkim suggests:
ii  opendkim-tools  2.11.0~alpha-10
ii  unbound 1.6.0-3

-- Configuration Files:
/etc/default/opendkim changed:

/etc/opendkim.conf changed:
Syslog  yes
UMask   002
Socket inet:10101@localhost
KeyTablerefile:/etc/opendkim/keytable
SigningTablerefile:/etc/opendkim/signingtable
ExternalIgnoreList  refile:/etc/opendkim/trustedhosts
InternalHosts   refile:/etc/opendkim/trustedhosts
OversignHeaders From


-- no debconf information

-- debsums errors found:
debsums: changed file /lib/systemd/system/opendkim.service (from opendkim 
package)

Bug#863869: monkeysphere: Add PGP (sub)key ID in ssh pubkey comments

[Andrew Gallagher]

On 2017/06/01 21:04, Daniel Kahn Gillmor wrote:
> On Thu 2017-06-01 10:33:23 +0100, Andrew Gallagher wrote:
>> When multiple A-usage (sub)keys are found on a user's key, all valid
>> ones are by default emitted when exporting ssh public key blocks. It
>> would be nice if there was some identifier (e.g. long ID) in the
>> comments of these ssh pubkeys to identify which A key they correspond
>> to - this would be helpful in situations where only some of the A
>> privkeys are available (e.g. a smartcard).
> 
> This sounds like a reasonable request, though i personally don't like
> key IDs in general [0].  What would you think about the full fingerprint
> of the subkey?  is that too long?  at least it would be unspoofable.

Sure, I'm happy with full fingerprints for robustness. It doesn't matter
for my use case (discriminating between my own subkeys), but it might to
others so let's do it right. An ssh pubkey is a human-hostile slab of
base64 anyway, so I don't think a few extra characters is worth worrying
about.

> If we're going for something that can be spoofed/confused, what about
> the date of the subkey or something else that's more human-readable?

It currently puts a date in the comments but AFAICT it's the date that
the export was performed, not the creation date of the source key
material. Since the export is a reproducible process, the date it was
performed is fairly meaningless. Maybe we should forget about emitting
the export date and use the subkey creation date instead?

A



signature.asc
Description: OpenPGP digital signature

Bug#863869: monkeysphere: Add PGP (sub)key ID in ssh pubkey comments

[Andrew Gallagher]

Package: monkeysphere
Version: 0.37-2
Severity: wishlist

Dear Maintainer,

When multiple A-usage (sub)keys are found on a user's key, all valid ones are 
by default emitted
when exporting ssh public key blocks. It would be nice if there was some 
identifier (e.g. long ID)
in the comments of these ssh pubkeys to identify which A key they correspond to 
- this would be
helpful in situations where only some of the A privkeys are available (e.g. a 
smartcard).

Thanks,
Andrew.

-- System Information:
Debian Release: 8.8
  APT prefers stable
  APT policy: (900, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 4.8.3-x86_64-linode76 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages monkeysphere depends on:
ii  adduser3.113+nmu3
ii  gnupg  1.4.18-7+deb8u3
ii  libcrypt-openssl-rsa-perl  0.28-2+b1
ii  lockfile-progs 0.1.17
ii  perl [libdigest-sha-perl]  5.20.2-3+deb8u6
ii  procmail   3.22-24

Versions of packages monkeysphere recommends:
ii  cron3.0pl1-127+deb8u1
pn  netcat | socat  
ii  openssh-client  1:6.7p1-5+deb8u3
pn  ssh-askpass 

Versions of packages monkeysphere suggests:
pn  monkeysphere-validation-agent  

-- Configuration Files:
/etc/X11/Xsession.d/70monkeysphere_use-validation-agent 
2e95953896510b58f2d1a8342936b088 [Errno 2] No such file or directory: 
u'/etc/X11/Xsession.d/70monkeysphere_use-validation-agent 
2e95953896510b58f2d1a8342936b088'
/etc/monkeysphere/monkeysphere-authentication.conf changed:
AUTHORIZED_USER_IDS="/etc/monkeysphere/authorized_user_ids/%u"
RAW_AUTHORIZED_KEYS='/etc/security/authorized_keys/%u'


-- no debconf information

Bug#394070: BUMP

[Andrew Gallagher]

Ten years on and still no UTF-8 locale support?

-- 
Andrew Gallagher



signature.asc
Description: OpenPGP digital signature

Bug#845350: sks no longer creates pidfile

[Andrew Gallagher]

On 22/11/16 17:54, Daniel Kahn Gillmor wrote:
> 
> You're using systemd, and sks should be running under the control of
> systemd.

That addresses my use case, but not the case of someone using
traditional init - is this not supported?

Thanks!

A



signature.asc
Description: OpenPGP digital signature

Bug#845350: sks no longer creates pidfile

[Andrew Gallagher]

Package: sks
Version: 1.1.6-3
Severity: normal

Dear Maintainer,

It appears sks no longer (since 1.1.6) creates a pidfile. This means that a 
standard 
cron job such as 'kill -USR2 $( 
0xFB73E21AF1163937
keys.bonus-communis.eu  11370 # Pascal Levasseur 
 0xB81EE352 http://37hyu2hzynpjwuaw.onion/
keyserver.miniskipper.at11370 # Sven Kocksch 
 0x90D94808
key1.dock23.de  11370 # Ramón Goeden  
0xb7c51fd6
key2.dock23.de  11370 # Ramón Goeden  
0xb7c51fd6
sks.static.lu   11370 # Martin Albus  0xEF3D2226
pgpkeys.urown.net   11370 # Alain Wolf  
0x27A69FC9A1744242
pgpkeys.ch  11370 # Julien Sansonnens 
 0xf714cda06b1c2b3b
sks.srv.dumain.com  11370 # William Hay  
0xA0B31F88E8123356
keyserver.syseleven.de  11370 # Lars Weiler  
0x3567AE7FD7AE9CED
keyserver.nbg-ha.de 11370 # David Mjoelnir  
0x607E2861 
pgp.ohai.su 11370 # Lukas Martini  
0xC9E1BD2C
keys.void.gr11370 # George K.  
#0x721006E470459C9C
sks.mj2.uk  11370 # Michael Jones  
0x129BAF74
sks.okoyono.de  11370 # Fabian 'otih' Fingerle 
 0xAB41AB85
keys.alderwick.co.uk11370 # Andrew Alderwick 
 0x6E4730742E01FC54
keys2.alderwick.co.uk   11370 # Andrew Alderwick 
 0x6E4730742E01FC54 

/etc/sks/sksconf changed:
hostname: whippet.andrewg.com
recon_address: 0.0.0.0
recon_port: 11370
hkp_address: 127.0.0.1
hkp_port: 11371
from_addr: "PGP Key Server Administrator "
pagesize:  16
ptree_pagesize:16
debuglevel: 3
server_contact: 0xFB73E21AF1163937
disable_mailsync:
membership_reload_interval: 1
stat_hour:  12
max_matches:500


-- no debconf information

Bug#841632: sks does not start automatically under systemd

[Andrew Gallagher]

Package: sks
Version: 1.1.6-3
Severity: normal

Dear Maintainer,

After upgrading to sks v1.1.6, the sks daemons no longer start automatically on 
boot.
Starting by hand with `systemctl` or `service` works as expected. This appears 
to be an issue
with registering sks* as units in systemd - they do not appear in `systemctl 
list-units --all`
until invoked for the first time.

Andrew.


-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (900, 'stable-updates'), (900, 'stable'), (800, 'testing'), (700, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sks depends on:
ii  adduser 3.113+nmu3
ii  db-util 5.3.0
ii  db5.3-util  5.3.28-9
ii  libc6   2.19-18+deb8u6
ii  libdb5.35.3.28-9
ii  zlib1g  1:1.2.8.dfsg-2+b1

sks recommends no packages.

Versions of packages sks suggests:
ii  exim4-daemon-light [mail-transport-agent]  4.84.2-2+deb8u1
ii  logrotate  3.8.7-1+b1
ii  procmail   3.22-24

-- Configuration Files:
/etc/default/sks changed:
initstart=yes

/etc/sks/membership changed:
skspub.ward.ie  11370 # Andrew Gallagher <andr...@andrewg.com> 
0xFB73E21AF1163937
keys.bonus-communis.eu  11370 # Pascal Levasseur 
<pascal.levass...@topette.eu> 0xB81EE352 http://37hyu2hzynpjwuaw.onion/
keyserver.miniskipper.at11370 # Sven Kocksch 
<sven.kock...@miniskipper.at> 0x90D94808
key1.dock23.de  11370 # Ramón Goeden <ra...@internetsenat.de> 
0xb7c51fd6
key2.dock23.de  11370 # Ramón Goeden <ra...@internetsenat.de> 
0xb7c51fd6
sks.static.lu   11370 # Martin Albus <i...@rdns.cc> 0xEF3D2226
pgpkeys.urown.net   11370 # Alain Wolf <keymas...@urown.net> 
0x27A69FC9A1744242
pgpkeys.ch  11370 # Julien Sansonnens 
<jul...@jsansonnens.ch> 0xf714cda06b1c2b3b
sks.srv.dumain.com  11370 # William Hay <w...@dumain.com> 
0xA0B31F88E8123356
keyserver.syseleven.de  11370 # Lars Weiler <l.wei...@syseleven.de> 
0x3567AE7FD7AE9CED
keyserver.nbg-ha.de 11370 # David Mjoelnir <v...@nbg-ha.de> 
0x607E2861 
pgp.ohai.su 11370 # Lukas Martini <lut...@ohai.su> 
0xC9E1BD2C
keys.void.gr11370 # George K. <keyser...@void.gr> 
#0x721006E470459C9C
sks.mj2.uk  11370 # Michael Jones <m...@mikejonesey.co.uk> 
0x129BAF74
sks.okoyono.de  11370 # Fabian 'otih' Fingerle 
<fab...@datensalat.eu> 0xAB41AB85

/etc/sks/sksconf changed:
hostname: whippet.andrewg.com
recon_address: 0.0.0.0
recon_port: 11370
hkp_address: 127.0.0.1
hkp_port: 11371
from_addr: "PGP Key Server Administrator <pgp-public-k...@andrewg.com>"
pagesize:  16
ptree_pagesize:16
debuglevel: 3
server_contact: 0xFB73E21AF1163937
disable_mailsync:
membership_reload_interval: 1
stat_hour:  12
max_matches:500


-- no debconf information

Bug#832532: nautilus: Ampersand breaks tooltip rendering

[Andrew Gallagher]

Package: nautilus
Version: 3.14.1-2
Severity: normal

Dear Maintainer,

Sidebar entries containing ampersand characters cause tooltip rendering to
break.

To reproduce:

1. Create a directory with "&" in its name
2. Drag it to the sidebar
3. Hover over the new sidebar entry with the mouse
4. The tooltip is rendered either empty or with the contents of the previously
rendered tooltip

Andrew.



-- System Information:
Debian Release: 8.5
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nautilus depends on:
ii  desktop-file-utils 0.22-1
ii  gsettings-desktop-schemas  3.14.1-1
ii  gvfs   1.22.2-1
ii  libatk1.0-02.14.0-1
ii  libc6  2.19-18+deb8u4
ii  libcairo-gobject2  1.14.0-2.1+deb8u1
ii  libcairo2  1.14.0-2.1+deb8u1
ii  libexempi3 2.2.1-2
ii  libexif12  0.6.21-2
ii  libgail-3-03.14.5-1+deb8u1
ii  libgdk-pixbuf2.0-0 2.31.1-2+deb8u5
ii  libglib2.0-0   2.42.1-1+b1
ii  libglib2.0-data2.42.1-1
ii  libgnome-desktop-3-10  3.14.1-1
ii  libgtk-3-0 3.14.5-1+deb8u1
ii  libnautilus-extension1a3.14.1-2
ii  libnotify4 0.7.6-2
ii  libpango-1.0-0 1.36.8-3
ii  libpangocairo-1.0-01.36.8-3
ii  libselinux12.3-2
ii  libtracker-sparql-1.0-01.2.4-2
ii  libx11-6   2:1.6.2-3
ii  libxml22.9.1+dfsg1-5+deb8u2
ii  nautilus-data  3.14.1-2
ii  shared-mime-info   1.3-1

Versions of packages nautilus recommends:
ii  eject  2.1.5+deb1+cvs20081104-13.1
ii  gnome-icon-theme-symbolic  3.12.0-1
ii  gnome-sushi3.12.0-2+b1
ii  gvfs-backends  1.22.2-1
ii  librsvg2-common2.40.5-1+deb8u2

Versions of packages nautilus suggests:
ii  brasero3.11.4-1.1
ii  eog3.14.1-1
ii  evince [pdf-viewer]3.14.1-2+deb8u1
ii  totem  3.14.0-2
ii  tracker1.2.4-2
ii  vlc [mp3-decoder]  2.2.4-1~deb8u1
ii  vlc-nox [mp3-decoder]  2.2.4-1~deb8u1
ii  xdg-user-dirs  0.15-2

-- no debconf information

Bug#814916: Acknowledgement (nginx-common: nginx upgrade deletes all configuration)

[Andrew Gallagher]

Sorry, please delete this report. I found the error and it was a local
misconfiguration, not the package itself.

Andrew.

Bug#814916: nginx-common: nginx upgrade deletes all configuration

[Andrew Gallagher]

Package: nginx-common
Version: 1.6.2-5+deb8u1
Severity: important

Dear Maintainer,

On upgrading to the latest nginx-common, all configuration files in /etc/nginx 
are deleted.
The directory structure is left intact, but no files exist in the tree - not 
even the
package originals. Nginx then (understandably) refuses to start.

Andrew.



0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 0 B/86.7 kB of archives.
After this operation, 0 B of additional disk space will be used.
(Reading database ... 169364 files and directories currently installed.)
Preparing to unpack .../nginx-common_1.6.2-5+deb8u1_all.deb ...
Unpacking nginx-common (1.6.2-5+deb8u1) over (1.6.2-5+deb8u1) ...
Processing triggers for systemd (215-17+deb8u3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up nginx-common (1.6.2-5+deb8u1) ...
Setting up nginx-full (1.6.2-5+deb8u1) ...
Job for nginx.service failed. See 'systemctl status nginx.service' and 
'journalctl -xn' for details.
invoke-rc.d: initscript nginx, action "start" failed.
dpkg: error processing package nginx-full (--configure):
 subprocess installed post-installation script returned error exit status 1
E: Sub-process /usr/bin/dpkg returned an error code (1)
andrewg@whippet:~$ sudo systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
   Active: failed (Result: exit-code) since Tue 2016-02-16 14:48:53 GMT; 31s ago
  Process: 6282 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process 
on; (code=exited, status=1/FAILURE)

Feb 16 14:48:53 whippet nginx[6282]: nginx: [emerg] open() 
"/etc/nginx/nginx.conf" failed (2: No such file or directory)
Feb 16 14:48:53 whippet nginx[6282]: nginx: configuration file 
/etc/nginx/nginx.conf test failed
Feb 16 14:48:53 whippet systemd[1]: nginx.service: control process exited, 
code=exited status=1
Feb 16 14:48:53 whippet systemd[1]: Failed to start A high performance web 
server and a reverse proxy server.
Feb 16 14:48:53 whippet systemd[1]: Unit nginx.service entered failed state.
andrewg@whippet:~$ ls -alR /etc/nginx/
/etc/nginx/:
total 32
drwxr-xr-x   6 root root  4096 Feb 16 14:48 .
drwxr-xr-x 155 root root 12288 Feb 16 14:43 ..
drwxr-xr-x   2 root root  4096 Feb 10 21:54 conf.d
drwxr-xr-x   2 root root  4096 Feb 16 14:48 sites-available
drwxr-xr-x   2 root root  4096 Feb 10 21:54 sites-enabled
drwxr-xr-x   2 root root  4096 Feb 16 14:48 snippets

/etc/nginx/conf.d:
total 8
drwxr-xr-x 2 root root 4096 Feb 10 21:54 .
drwxr-xr-x 6 root root 4096 Feb 16 14:48 ..

/etc/nginx/sites-available:
total 8
drwxr-xr-x 2 root root 4096 Feb 16 14:48 .
drwxr-xr-x 6 root root 4096 Feb 16 14:48 ..

/etc/nginx/sites-enabled:
total 8
drwxr-xr-x 2 root root 4096 Feb 10 21:54 .
drwxr-xr-x 6 root root 4096 Feb 16 14:48 ..

/etc/nginx/snippets:
total 8
drwxr-xr-x 2 root root 4096 Feb 16 14:48 .
drwxr-xr-x 6 root root 4096 Feb 16 14:48 ..



-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (900, 'stable-updates'), (900, 'stable'), (800, 'testing'), (700, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nginx-common depends on:
ii  init-system-helpers  1.22
ii  lsb-base 4.1+Debian13+nmu1

nginx-common recommends no packages.

Versions of packages nginx-common suggests:
pn  fcgiwrap   
pn  nginx-doc  
ii  ssl-cert   1.0.35

-- Configuration Files:
/etc/nginx/fastcgi.conf [Errno 2] No such file or directory: 
u'/etc/nginx/fastcgi.conf'
/etc/nginx/fastcgi_params [Errno 2] No such file or directory: 
u'/etc/nginx/fastcgi_params'
/etc/nginx/koi-utf [Errno 2] No such file or directory: u'/etc/nginx/koi-utf'
/etc/nginx/koi-win [Errno 2] No such file or directory: u'/etc/nginx/koi-win'
/etc/nginx/mime.types [Errno 2] No such file or directory: 
u'/etc/nginx/mime.types'
/etc/nginx/nginx.conf [Errno 2] No such file or directory: 
u'/etc/nginx/nginx.conf'
/etc/nginx/proxy_params [Errno 2] No such file or directory: 
u'/etc/nginx/proxy_params'
/etc/nginx/scgi_params [Errno 2] No such file or directory: 
u'/etc/nginx/scgi_params'
/etc/nginx/sites-available/default [Errno 2] No such file or directory: 
u'/etc/nginx/sites-available/default'
/etc/nginx/snippets/fastcgi-php.conf [Errno 2] No such file or directory: 
u'/etc/nginx/snippets/fastcgi-php.conf'
/etc/nginx/snippets/snakeoil.conf [Errno 2] No such file or directory: 
u'/etc/nginx/snippets/snakeoil.conf'
/etc/nginx/uwsgi_params [Errno 2] No such file or directory: 
u'/etc/nginx/uwsgi_params'
/etc/nginx/win-utf [Errno 2] No such file or directory: u'/etc/nginx/win-utf'

-- no debconf information

Bug#811095: Acknowledgement (libpam-poldi: does not play nice with a running scdaemon)

[Andrew Gallagher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

I wrote a small utility that will kill any running scdaemon before
starting a new one. This can be used to replace
"/usr/lib/gnupg2/scdaemon" in /etc/poldi/poldi.conf.

- 

#include 

char *scdaemon="/usr/lib/gnupg2/scdaemon";

main(int argc, char **argv) {

system("/usr/bin/killall -9 scdaemon");

argv[0]=scdaemon;
execvp(scdaemon, argv);

}

- 

It has no lasting effect on the functioning of gnupg, as gpg-agent
will simply start a new scdaemon on finding the old one dead. This
functionality could easily be added to poldi natively.

Ideally, we would instead try to detect and connect to the running
scdaemon on its unix socket (this can be found via netstat). I tried
patching something together using socat but had no success.

- -- 
Andrew Gallagher
Senior Systems Engineer, Ward Solutions Ltd.
2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWnimxAAoJENW/k7AUpJcA5R8H+gLrwIv3ic817lnYugGlM7po
CitIkkJyIAcWu0bRBnxpX05mJmY7CdUW4AJuJFONnA7ffNGFs753vZTphoSKoFuj
XV5uQxrPgKI+wrGLqnMyDln9b02vMlmAhetmcAAe/e7vr+/CVqnD9s/+KEakNg7w
xKBAM1ZJs6x/HvyxB0dbF4zKdHSfKsRyXT0Jl8hu5fOJ6JhanvpQetim/2yRBu1H
GK5N2Vqm5yzDso4k0dUXzMsPZM1xTPVPHcU7cvJEDDTAVT5WD7HvQBGxzn+a5ojs
mh99O6sPISyRmUaj+IOO3WqmAame8q4EUo3DEuVfqptLljPiB9qSzn86FAG2jAM=
=RU8T
-END PGP SIGNATURE-


The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811380: enigmail: does not show progress - if gpg is slow, signed email looks unsigned until gpg completes

[Andrew Gallagher]

Package: enigmail
Version: 2:1.8.2-4~deb8u1
Severity: normal

Dear Maintainer,

I have quite a large public keyring and gpg (v2.0 in particular) can be quite
slow to complete. While gpg is running, enigmail shows no indication that
processing is being performed. This means that emails quite often appear to be
unsigned even when they have (possibly valid) signatures.

Solution: enigmail should show a "working..." indicator in the toolbar as soon
as it detects pgp content, to be replaced by the success/failure notification
once processing is complete.

A



-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages enigmail depends on:
ii  gnupg1.4.18-7
ii  gnupg2   2.0.26-6
ii  icedove  38.5.0-1~deb8u1
ii  libc62.19-18+deb8u1

Versions of packages enigmail recommends:
ii  gnupg-agent   2.0.26-6
ii  gnupg22.0.26-6
ii  pinentry-gtk2 [pinentry-x11]  0.8.3-2

enigmail suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811375: libpam-poldi: does not update filehandle on logrotate

[Andrew Gallagher]

Package: libpam-poldi
Version: 0.4.2+git20151221.338f78b-1
Severity: normal

Dear Maintainer,

The logrotate script provided with the package does not attempt to sighup any
processes.
This means that if a user is left logged in the poldi logs continue to go to
the old
logfiles even after they are rotated out.

Andrew.



-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpam-poldi depends on:
ii  libc6  2.19-18+deb8u1
ii  libgcrypt201.6.3-2
ii  libgpg-error0  1.17-3
ii  libksba8   1.3.2-1
ii  scdaemon   2.0.26-6

Versions of packages libpam-poldi recommends:
ii  gnupg2  2.0.26-6

libpam-poldi suggests no packages.

-- Configuration Files:
/etc/poldi/localdb/users changed:
D27600012401020100052ED9 agallagher


-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811374: libpam-poldi: fallback password hangs when no card inserted (gnome-screensaver)

[Andrew Gallagher]

Package: libpam-poldi
Version: 0.4.2+git20151221.338f78b-1
Severity: normal

Dear Maintainer,

When using libpam-poldi under gnome-screensaver and unlocking with fallback
password
authentication, the unlock will hang if no card is inserted. This happens
whether poldi
is defined above or below "unix" in common-auth.

Even inserting the card after the fact does not break the hang - only clicking
cancel will do so.

This does not occur under sudo, where poldi gives up trying to contact the card
after a few attempts and password auth will succeed.

Andrew.



-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpam-poldi depends on:
ii  libc6  2.19-18+deb8u1
ii  libgcrypt201.6.3-2
ii  libgpg-error0  1.17-3
ii  libksba8   1.3.2-1
ii  scdaemon   2.0.26-6

Versions of packages libpam-poldi recommends:
ii  gnupg2  2.0.26-6

libpam-poldi suggests no packages.

-- Configuration Files:
/etc/poldi/localdb/users changed:
D27600012401020100052ED9 agallagher


-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811096: libpam-poldi: missing pam configuration

[Andrew Gallagher]

Package: libpam-poldi
Version: 0.4.2+git20151221.338f78b-1
Severity: important
Tags: patch

Dear Maintainer,

poldi requires the following extra file before it will be active in pam. It
will also need a call to "pam-auth-update" in both the postinst and postrm
scripts to (de)activate the change on (un)install.

/usr/share/pam-configs/poldi:


Name: PGP smartcard authentication
Default: yes
Priority: 254
Auth-Type: Primary
Auth:
[success=end default=ignore]pam_poldi.so
Auth-Initial:
[success=end default=ignore]pam_poldi.so




-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpam-poldi depends on:
ii  libc6  2.19-18+deb8u1
ii  libgcrypt201.6.3-2
ii  libgpg-error0  1.17-3
ii  libksba8   1.3.2-1
ii  scdaemon   2.0.26-6

Versions of packages libpam-poldi recommends:
ii  gnupg2  2.0.26-6

libpam-poldi suggests no packages.

-- Configuration Files:
/etc/poldi/localdb/users changed:
D27600012401020100052ED9 agallagher


-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811094: broken default configuration

[Andrew Gallagher]

Package: libpam-poldi
Version: 0.4.1-3+b1
Severity: important
Tags: patch

Dear Maintainer,

The default configuration shipped with poldi refers to the wrong location of
scdaemon.

/etc/poldi/poldi.conf:

14c14
< scdaemon-program /usr/bin/scdaemon
---
> scdaemon-program /usr/lib/gnupg2/scdaemon



-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpam-poldi depends on:
ii  libc6  2.19-18+deb8u1
ii  libgcrypt201.6.3-2
ii  libgpg-error0  1.17-3
ii  libksba8   1.3.2-1
ii  scdaemon   2.0.26-6

Versions of packages libpam-poldi recommends:
ii  gnupg2  2.0.26-6

libpam-poldi suggests no packages.

-- Configuration Files:
/etc/poldi/localdb/users changed:
D27600012401020100052ED9 agallagher


-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811095: libpam-poldi: does not play nice with a running scdaemon

[Andrew Gallagher]

Package: libpam-poldi
Version: 0.4.2+git20151221.338f78b-1
Severity: important

Dear Maintainer,

If scdaemon is already running when poldi is called from pam, it cannot
communicate with an inserted card and waits forever, or until an alternative
login method is used.

The following log is emitted:

Poldi 2016-01-15 15:29:58 [16461] debug: using authentication method `localdb'
Poldi 2016-01-15 15:29:58 [16461] debug: spawned a new scdaemon (path:
'/usr/lib/gnupg2/scdaemon')
Poldi 2016-01-15 15:29:59 [16461] debug: Waiting for card for user
`agallagher'...
Poldi 2016-01-15 15:29:59 [16461] error: failed to wait for card insertion:
Card error
Poldi 2016-01-15 15:29:59 [16461] error: authentication failed: Card error

Andrew.



-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpam-poldi depends on:
ii  libc6  2.19-18+deb8u1
ii  libgcrypt201.6.3-2
ii  libgpg-error0  1.17-3
ii  libksba8   1.3.2-1
ii  scdaemon   2.0.26-6

Versions of packages libpam-poldi recommends:
ii  gnupg2  2.0.26-6

libpam-poldi suggests no packages.

-- Configuration Files:
/etc/poldi/localdb/users changed:
D27600012401020100052ED9 agallagher


-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811111: libpam-poldi: authentication always fails

[Andrew Gallagher]

Package: libpam-poldi
Version: 0.4.2+git20151221.338f78b-1
Severity: important

Dear Maintainer,

I have been unable to get poldi to successfully authenticate using a known good
key/pin on known good hardware (that I use with enigmail daily).

For example, gnome-screensaver causes the following errors to be emitted:

Poldi 2016-01-15 19:05:50 [26255] debug: using authentication method `localdb'
Poldi 2016-01-15 19:05:51 [26255] debug: spawned a new scdaemon (path:
'/usr/lib/gnupg2/scdaemon')
Poldi 2016-01-15 19:05:51 [26255] debug: Waiting for card for user
`agallagher'...
Poldi 2016-01-15 19:05:52 [26255] debug: connected to card; serial number is:
D27600012401020100052ED9
Poldi 2016-01-15 19:05:52 [26255] debug: Trying authentication as user
`agallagher'...
Poldi 2016-01-15 19:05:58 [26255] error: failed to verify challenge
Poldi 2016-01-15 19:05:58 [26255] error: authentication failed: General error

sudo emits the exact same errors, as does console login. I have not tried gdm-
login.

Andrew.



-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpam-poldi depends on:
ii  libc6  2.19-18+deb8u1
ii  libgcrypt201.6.3-2
ii  libgpg-error0  1.17-3
ii  libksba8   1.3.2-1
ii  scdaemon   2.0.26-6

Versions of packages libpam-poldi recommends:
ii  gnupg2  2.0.26-6

libpam-poldi suggests no packages.

-- Configuration Files:
/etc/poldi/localdb/users changed:
D27600012401020100052ED9 agallagher


-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811111: Acknowledgement (libpam-poldi: authentication always fails)

[Andrew Gallagher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Apologies, this was reported in haste. I've got it working now (bad
format of the keys file). Please delete.

- -- 
Andrew Gallagher
Senior Systems Engineer, Ward Solutions Ltd.
2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWmWcTAAoJENW/k7AUpJcAl4EH/ixpFcYIANmSckjcbBMttIO4
bnG8d5XX6+KESlE/iO7pjPjmlebFyB5IxYMgwMSksMUXDFZTKsKCkQFUY6qnZXNG
ye52wF/QKRMPvl+WWHFdHhWeBjE5t5HB8bcgT+RspNhn0964rHQGFORka21xKHiz
UBoFXAeaOrtI3LHJLuYuSDOcGG5wn1IkhbIPLpgHhfh45O2lW/GOHSkVa3tpbpY8
ejTCW8zbxK3iTK/cfXKl6emOx1fLfVry059kHvd0dchMWGlOsyh0LcO0h2YR5MYX
TgqluTMK+EiE8yZ9Ec64gul2YnWEqjriuTo96XIdXu93cWKpdWLpEIcJ0ri2iLM=
=BxKP
-END PGP SIGNATURE-


The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811111: Info received (Bug#811111: Acknowledgement (libpam-poldi: authentication always fails))

[Andrew Gallagher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

In fact, now that I think about it some more, poldi should probably
warn that a key file is unparseable, rather than throwing a generic
failure... :-)

- -- 
Andrew Gallagher
Senior Systems Engineer, Ward Solutions Ltd.
2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWmWucAAoJENW/k7AUpJcA3n8IAMbL8Lf3jltkLQXcFoAP1vM8
y+T4K5mCuOsDv3zecper9L1hnJZMX0qWiLgU2Ef6ucVGzaq/iwUmGi0Jhra75fCR
1b6bML82ioF4ptC8Ep6Fx/1VRLJX7PEZ+st1C7SozZAqcNfFG+Rg4NBYj1JQ424X
6BoB0shnncC0pou47Qh+bIwdLde+f//QvmHBoFRGyskAmMPlf6BQl/9nIaa7h3lq
CTY6lk0dAq0DoE2YXhbBxclcfLghynOCMWGkoRrmOx5tDLt+G5GBOSMwDJxa/rgw
vjNJjuqHBbzjh6c9QrNk7YRYyadfX+U+VsOX5XD2vaFzM+BN+IxTGtmUpl25UX0=
=w0A+
-END PGP SIGNATURE-


The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#811094: Acknowledgement (broken default configuration)

[Andrew Gallagher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I see this has already been fixed in testing. Ignore me. :-)

- -- 
Andrew Gallagher
Senior Systems Engineer, Ward Solutions Ltd.
2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWmWrcAAoJENW/k7AUpJcAVwsH/2HodynkayF6zKeDFEqfOlaI
cVtS5PplO//KWSrMlVr3braPiRJVfHiWYe2fhjg9aEOT4iALHGi5hftny2B4XyEk
FYzu3ftNMc96yhLWHaK07sJBIM7nnYLxyjCGcVi/AaeFUdEOn+xSgqEGPbghVfDO
VYy1ixhMH0kYnsbp2I5p76iVbFhJV0qmxLQbpFVM511YXmNex+RVqKIpfrZXRRXD
l4aJKIOkoabJd3sgyoXcIuu9ON8dmmYIJFx1ADZjtM7ExezMH8WBzSHYyCbs7r+8
/zLpoCJTzu0Kbhr8Wh93fMN8/QdFc4ZpQVK4xwHxJ1XLB0w38gHTUtWU+87vQ0E=
=xrM0
-END PGP SIGNATURE-


The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#810571: gnome-shell-extensions: Apps menu fails with "Error: can't convert event.get_time(...) to an integer"

[Andrew Gallagher]

Package: gnome-shell-extensions
Version: 3.14.2-1
Severity: important
Tags: upstream

Dear Maintainer,

I have been experiencing the following (known) errors in Jessie:

https://unix.stackexchange.com/questions/213549/centos-7-gnome-applications-menu-items-dont-respond
https://github.com/gcampax/gnome-shell-extensions/issues/7

As experienced by the other reporters, after a few days I notice that the 
applications menu 
in gnome-shell stops responding to click events, but only when launching the 
apps and not 
when navigating the menu tree. I see this in /var/log/messages:

Jan  3 15:39:20 whippet gnome-session[3274]: (gnome-shell:3420): Gjs-WARNING 
**: JS ERROR: Error: can't convert event.get_time(...) to an integer
Jan  3 15:39:20 whippet gnome-session[3274]: 
ApplicationMenuItem<.activate@/usr/share/gnome-shell/extensions/apps-m...@gnome-shell-extensions.gcampax.github.com/extension.js:77
Jan  3 15:39:20 whippet gnome-session[3274]: 
wrapper@resource:///org/gnome/gjs/modules/lang.js:169
Jan  3 15:39:20 whippet gnome-session[3274]: 
PopupBaseMenuItem<._onButtonReleaseEvent@resource:///org/gnome/shell/ui/popupMenu.js:118
Jan  3 15:39:20 whippet gnome-session[3274]: 
wrapper@resource:///org/gnome/gjs/modules/lang.js:169
Jan  3 15:39:20 whippet gnome-session[3274]: (gnome-shell:3420): Gjs-WARNING 
**: JS ERROR: Error: can't convert event.get_time(...) to an integer
Jan  3 15:39:20 whippet gnome-session[3274]: 
ApplicationMenuItem<.activate@/usr/share/gnome-shell/extensions/apps-m...@gnome-shell-extensions.gcampax.github.com/extension.js:77
Jan  3 15:39:20 whippet gnome-session[3274]: 
wrapper@resource:///org/gnome/gjs/modules/lang.js:169
Jan  3 15:39:20 whippet gnome-session[3274]: 
PopupBaseMenuItem<._onButtonReleaseEvent@resource:///org/gnome/shell/ui/popupMenu.js:118
Jan  3 15:39:20 whippet gnome-session[3274]: 
wrapper@resource:///org/gnome/gjs/modules/lang.js:169


Andrew.

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-shell-extensions depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.22.0-1
ii  gir1.2-atk-1.0   2.14.0-1
ii  gir1.2-clutter-1.0   1.20.0-1
ii  gir1.2-gdkpixbuf-2.0 2.31.1-2+deb8u4
ii  gir1.2-glib-2.0  1.42.0-2.2
ii  gir1.2-gmenu-3.0 3.13.3-6
ii  gir1.2-gtk-3.0   3.14.5-1+deb8u1
ii  gir1.2-gtop-2.0  2.28.5-2+b1
ii  gir1.2-mutter-3.03.14.4-1~deb8u1
ii  gir1.2-pango-1.0 1.36.8-3
ii  gnome-session3.14.0-2
ii  gnome-shell  3.14.4-1~deb8u1
ii  gvfs 1.22.2-1

Versions of packages gnome-shell-extensions recommends:
ii  gnome-tweak-tool  3.14.2-2

gnome-shell-extensions suggests no packages.

-- no debconf information

Bug#791659: unbound does not handle network errors gracefully

[Andrew Gallagher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 07/07/15 17:05, Robert Edmonds wrote:
 Hi, Andrew:
 
 Can you try your sequence again, and then try the following:
 
 8. `unbound-control flush_infra all` 9. `host www.google.com`
 
 If the flush_infra unbound-control command fixes the problem, we
 might be able to insert this as a hook to be run after an interface
 is reconfigured.

It takes a little bit of time but it does work after a few moments.
That may just be the TTL kicking in though...

- -- 
Andrew Gallagher
Senior Systems Engineer, Ward Solutions Ltd.
2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJVnP5JAAoJENW/k7AUpJcAH3AH/jww7yuImFxaPO+27u8hBDf4
XQFWsn61CcKJNMlm3Ke3vDHeIT1qAvRhOVeDlXdL0YWxu4Ngz5B8rKlo2GcZGT0P
5udO1Ithy7Endaw1Rj3Lf2QK1gpGKt6ob5FbC/1hXzSHdWgPWlhvvACGkPtQ8L9/
51bcuysOYZj88g08TBk75EiEsItsM9tcb9tuPxiZo+6YzSMBOKkDm7GMALrEMWam
sjDCtVt+ji6OFh3e6SK7XHu7inBO8oSrCP8V2fJwIfewr84V5YrfQoCDPehwLwnz
07Oe5MjTUShdGpJQVJaQbR80QK5LSBKrey0A9IsWnTh9k9HjxHcTRTwg1Tmz3UA=
=AdLS
-END PGP SIGNATURE-

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#791826: enigmail: does not display monkeysphere host key IDs properly in import selector

[Andrew Gallagher]

Package: enigmail
Version: 2:1.7.2-3
Severity: normal

Dear Maintainer,

When importing monkeysphere host keys from a keyserver, they are displayed in
the import selector as ssh instead of ssh://host.example.com.

They appear correctly in the standard view.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages enigmail depends on:
ii  gnupg1.4.18-7
ii  icedove  31.7.0-1~deb8u1
ii  libc62.19-18

Versions of packages enigmail recommends:
ii  gnupg-agent  2.0.26-6

enigmail suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#791659: unbound does not handle network errors gracefully

[Andrew Gallagher]

Package: unbound
Version: 1.4.22-3
Severity: important

Dear Maintainer,

Unbound does not recover gracefully from network-level errors. For example, if
it is running as a local resolver on a laptop it can easily be thrown into a
broken state when connecting to a new network, or when trying to browse the web
while accidentally disconnected from a network.

1. Disconnect laptop from a network
2. Restart unbound (to flush cache, simulates leaving it disconnected
overnight)
3. Connect laptop to a network
4. Simulate a transient network failure by deleting the default route
5. `host www.google.com` - it does not work (obviously)
6. Fix the network failure by reinstating the default route or running sudo
dhclient eth0
7. `host www.google.com` again. It is still broken.

The problem can only be fixed by either manually flushing all the offending
records or restarting unbound. This is not user friendly.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages unbound depends on:
ii  adduser 3.113+nmu3
ii  libc6   2.19-18
ii  libevent-2.0-5  2.0.21-stable-2
ii  libpython2.72.7.9-2
ii  libssl1.0.0 1.0.1k-3
ii  openssl 1.0.1k-3
ii  unbound-anchor  1.4.22-3

unbound recommends no packages.

unbound suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#791350: enigmail: autodecryption success/error results shown at top of wrong message

[Andrew Gallagher]

Package: enigmail
Version: 2:1.7.2-3
Severity: important

Dear Maintainer,

When auto-decrypting incoming mail for notification purposes, the coloured bar
is shown at the top of the currently viewed message, no matter what the
currently-viewed message is.

For example, I can have a mail open in one account, and when an encrypted mail
comes in to a second account, it gets auto-decrypted (using gpg-agent) and the
results of the decryption and signature verification are displayed at the top
of whatever message I'm currently viewing. This can potentially cause an
unsigned or unencrypted message to appear signed/crypted, or a badly-signed
message to appear properly signed.

See attached screenshot.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages enigmail depends on:
ii  gnupg1.4.18-7
ii  icedove  31.7.0-1~deb8u1
ii  libc62.19-18

Versions of packages enigmail recommends:
ii  gnupg-agent  2.0.26-6

enigmail suggests no packages.

-- no debconf information


The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#788422: gnome-core: Lock screen shows incorrect password in plain text briefly

[Andrew Gallagher]

Package: gnome-core
Version: 1:3.14+3
Severity: important

Dear Maintainer,

When unlocking the default screensaver, I typed in an incorrect password and it 
was shown
in plain text briefly as the text box greyed out. I have never seen this issue 
before, and
am not sure how to reproduce, but it is a serious security issue and therefore 
worth
reporting.

I will continue to try to reproduce.

Andrew.

-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-core depends on:
ii  adwaita-icon-theme 3.14.0-2
ii  at-spi2-core   2.14.0-1
ii  baobab 3.14.1-1
ii  caribou0.4.15-1
ii  caribou-antler 0.4.15-1
ii  dconf-gsettings-backend0.22.0-1
ii  dconf-tools0.22.0-1
ii  empathy3.12.7-1
ii  eog3.14.1-1
ii  evince 3.14.1-2
ii  evolution-data-server  3.12.9~git20141128.5242b0-2+deb8u2
ii  fonts-cantarell0.0.16-1
ii  gdm3   3.14.1-7
ii  gkbd-capplet   3.6.0-1
ii  glib-networking2.42.0-2
ii  gnome-backgrounds  3.14.1-1
ii  gnome-bluetooth3.14.0-2
ii  gnome-calculator   3.14.1-1
ii  gnome-contacts 3.14.1-1
ii  gnome-control-center   1:3.14.2-3
ii  gnome-dictionary   3.14.1-1
ii  gnome-disk-utility 3.12.1-1+b1
ii  gnome-font-viewer  3.14.0-2
ii  gnome-keyring  3.14.0-1+b1
ii  gnome-menus3.13.3-6
ii  gnome-online-accounts  3.14.2-1
ii  gnome-online-miners3.14.0-2
ii  gnome-packagekit   3.14.0-1
ii  gnome-screenshot   3.14.0-1
ii  gnome-session  3.14.0-2
ii  gnome-settings-daemon  3.14.2-3
ii  gnome-shell3.14.2-3+b1
ii  gnome-shell-extensions 3.14.2-1
ii  gnome-sushi3.12.0-2+b1
ii  gnome-system-log   3.9.90-2
ii  gnome-system-monitor   3.14.1-1
ii  gnome-terminal 3.14.1-1
ii  gnome-themes-standard  3.14.2.2-1
ii  gnome-user-guide   3.14.1-1
ii  gnome-user-share   3.14.0-2
ii  gsettings-desktop-schemas  3.14.1-1
ii  gstreamer1.0-plugins-base  1.4.4-2
ii  gstreamer1.0-plugins-good  1.4.4-2
ii  gstreamer1.0-pulseaudio1.4.4-2
ii  gtk2-engines   1:2.20.2-3
ii  gucharmap  1:3.14.1-1
ii  gvfs-backends  1.22.2-1
ii  gvfs-bin   1.22.2-1
ii  gvfs-fuse  1.22.2-1
ii  iceweasel  31.6.0esr-1
ii  libatk-adaptor 2.14.0-2
ii  libcanberra-pulse  0.30-2.1
ii  libcaribou-gtk-module  0.4.15-1
ii  libcaribou-gtk3-module 0.4.15-1
ii  libgtk-3-common3.14.5-1
ii  libpam-gnome-keyring   3.14.0-1+b1
ii  metacity   1:3.14.3-1
ii  mousetweaks3.12.0-1
ii  nautilus   3.14.1-2
ii  policykit-1-gnome  0.105-2
ii  pulseaudio 5.0-13
ii  sound-theme-freedesktop0.8-1
ii  totem  3.14.0-2
ii  tracker-gui1.2.4-2
ii  vino   3.14.0-2+b1
ii  yelp   3.14.1-1
ii  zenity 3.14.0-1

Versions of packages gnome-core recommends:
ii  anacron2.3-23
ii  network-manager-gnome  0.9.10.0-2

Versions of packages gnome-core suggests:
pn  gnome  none

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#788111: dateutils: Problems with input and output formats

[Andrew Gallagher]

Package: dateutils
Version: 0.3.1-1.1
Severity: normal

Dear Maintainer,

The input format %y does not work as per the documentation. Only %Y works:

andrewg@xen:~$ dateutils.ddiff -i %y%m%d%H%M%S -f %S now 20150407075744
ddiff: cannot make sense of `20150407075744' using the given input formats
andrewg@xen:~$ dateutils.ddiff -i %Y%m%d%H%M%S -f %S now 20150407075744
-5393469


Also, the output format %d doesn't work when used by itself (but does work in
combination with other format specifiers, strangely):

andrewg@xen:~$ dateutils.ddiff -i %Y%m%d%H%M%S -f %d %S 20150407075744 now
62 36520
andrewg@xen:~$ dateutils.ddiff -i %Y%m%d%H%M%S -f %d 20150407075744 now
0
andrewg@xen:~$ dateutils.ddiff -i %Y%m%d%H%M%S -f %S 20150407075744 now
5393331



-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.0.4-x86-linode75 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dateutils depends on:
ii  libc6  2.19-18

dateutils recommends no packages.

dateutils suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#788157: bind9utils: dnssec-keygen creates keys with wrong permissions for debian

[Andrew Gallagher]

Package: bind9utils
Version: 1:9.9.5.dfsg-9
Severity: important

Dear Maintainer,

dnssec-keygen creates *.private files with mode 0600, but /etc/bind belongs to 
root and is
only setguid bind. This means that by default bind9 (running as bind) cannot 
read them.
Manual intervention is required to chmod the resulting files to 0640.

Andrew Gallagher.

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.0.4-x86-linode75 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bind9utils depends on:
ii  libbind9-901:9.9.5.dfsg-9
ii  libc6  2.19-18
ii  libcap21:2.24-8
ii  libcomerr2 1.42.12-1.1
ii  libdns100  1:9.9.5.dfsg-9
ii  libgssapi-krb5-2   1.12.1+dfsg-19
ii  libisc95   1:9.9.5.dfsg-9
ii  libisccc90 1:9.9.5.dfsg-9
ii  libisccfg901:9.9.5.dfsg-9
ii  libk5crypto3   1.12.1+dfsg-19
ii  libkrb5-3  1.12.1+dfsg-19
ii  libpython2.7-stdlib [python-argparse]  2.7.9-2
ii  libssl1.0.01.0.1k-3
ii  libxml22.9.1+dfsg1-5
ii  python 2.7.9-1

bind9utils recommends no packages.

bind9utils suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#788159: bind9 tries to write temporary DNSSEC files to /etc/bind instead of /var/cache/bind

[Andrew Gallagher]

Package: bind9
Version: 1:9.9.5.dfsg-9
Severity: important

Dear Maintainer,

I have enabled inline signing in bind9, but even though I have set directory 
/var/cache/bind
it tries to write temporary files into /etc/bind (which fails because the 
debian file ownerships
are sensible and don't allow that sort of thing).


Jun  8 23:44:39 xen named[7604]: zone andrewg.com/IN (signed): reconfiguring 
zone keys
Jun  8 23:44:39 xen named[7604]: zone web/IN (signed): reconfiguring zone keys
Jun  8 23:44:39 xen named[7604]: /etc/bind/db.andrewg.signed.jnl: create: 
permission denied
Jun  8 23:44:39 xen named[7604]: zone andrewg.com/IN (signed): 
zone_rekey:dns_journal_open - unexpected error


I have to break policy and set /etc/bind to group-writable to get this to work.

Andrew Gallagher.

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.0.4-x86-linode75 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bind9 depends on:
ii  adduser3.113+nmu3
ii  bind9utils 1:9.9.5.dfsg-9
ii  debconf [debconf-2.0]  1.5.56
ii  init-system-helpers1.22
ii  libbind9-901:9.9.5.dfsg-9
ii  libc6  2.19-18
ii  libcap21:2.24-8
ii  libcomerr2 1.42.12-1.1
ii  libdns100  1:9.9.5.dfsg-9
ii  libgssapi-krb5-2   1.12.1+dfsg-19
ii  libisc95   1:9.9.5.dfsg-9
ii  libisccc90 1:9.9.5.dfsg-9
ii  libisccfg901:9.9.5.dfsg-9
ii  libk5crypto3   1.12.1+dfsg-19
ii  libkrb5-3  1.12.1+dfsg-19
ii  liblwres90 1:9.9.5.dfsg-9
ii  libssl1.0.01.0.1k-3
ii  libxml22.9.1+dfsg1-5
ii  lsb-base   4.1+Debian13+nmu1
ii  net-tools  1.60-26+b1
ii  netbase5.3

bind9 recommends no packages.

Versions of packages bind9 suggests:
pn  bind9-doc   none
ii  dnsutils1:9.9.5.dfsg-9
pn  resolvconf  none
pn  ufw none

-- Configuration Files:
/etc/bind/named.conf.local changed:
//
// Add local zone definitions here.
include /etc/bind/zones.andrewg;

/etc/bind/named.conf.options 0367900f381d5c83cf34009440f3d211 [Errno 2] No such 
file or directory: u'/etc/bind/named.conf.options 
0367900f381d5c83cf34009440f3d211'

-- debconf information:
  bind9/run-resolvconf: true
  bind9/different-configuration-file:
  bind9/start-as-user: bind


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#788165: bind9utils: dnssec-settime does not output current timing metadata

[Andrew Gallagher]

Package: bind9utils
Version: 1:9.9.5.dfsg-9
Severity: normal

Dear Maintainer,

The manual for dnssec-settime states:

   If none of these options is set on the command line, then dnssec-settime 
simply prints the key timing metadata already stored in the key.

But it doesn't do anything of the sort in practice:

xen:/etc/bind/keys# dnssec-settime -v 9 Kandrewg.com.+008+51780.private
dnssec-settime: andrewg.com/RSASHA256/51780
xen:/etc/bind/keys# 

Andrew Gallagher.

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.0.4-x86-linode75 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bind9utils depends on:
ii  libbind9-901:9.9.5.dfsg-9
ii  libc6  2.19-18
ii  libcap21:2.24-8
ii  libcomerr2 1.42.12-1.1
ii  libdns100  1:9.9.5.dfsg-9
ii  libgssapi-krb5-2   1.12.1+dfsg-19
ii  libisc95   1:9.9.5.dfsg-9
ii  libisccc90 1:9.9.5.dfsg-9
ii  libisccfg901:9.9.5.dfsg-9
ii  libk5crypto3   1.12.1+dfsg-19
ii  libkrb5-3  1.12.1+dfsg-19
ii  libpython2.7-stdlib [python-argparse]  2.7.9-2
ii  libssl1.0.01.0.1k-3
ii  libxml22.9.1+dfsg1-5
ii  python 2.7.9-1

bind9utils recommends no packages.

bind9utils suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#783721: Info received (Bug#783721: Acknowledgement (dnssec-tools: dnssec-signzone behaviour changed; new signed zonefiles unparseable by rollerd))

[Andrew Gallagher]

I have just had to pull the plug on six DNSSEC domains, as it has been a
month without any movement on this bug and all my RRSIGs have now expired.

Andrew.



signature.asc
Description: OpenPGP digital signature

Bug#726426: Acknowledgement (geany: only saves session state on clean shutdown)

[Andrew Gallagher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

This bug is still present in Jessie.

The current behaviour defeats the purpose of a saved session state, as
the time you really need it is when your laptop crashes.

- -- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJVSKpNAAoJENW/k7AUpJcANhoIALjCcrJZK20rmJ1xwoiZe6NE
pecBFk5ihWfvpK+f2zFxphH5c0wE37H+tpl4tLjUPwEwDx8x0Es1HrBw6Unnwjz7
HVuRwHTOeb7xyHckx6d2Nq6RUhc+uZeZc7p455WyCQNWh32OD5a08tzLHuULiD3y
nTqUWFAGEuIVYB6yjHJmU+3B6vQyVR2C2BVbwH5YQ9SaBAsKrXe5FL3xd2fZMzFb
He5/bol3u+E36HchGueeik8UTfpjPbqMnZEYK3DS54lRwzLdfGTul1rhBBysWH8H
PpFi1jL3FsZgcVLgPicBgn5uA9YLyHrpoIePxLKxZ4Hlm7s5ZIW5cJdT7dT2TO8=
=7XB1
-END PGP SIGNATURE-

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#783703: pcscd needs to be restarted after first plugging of usb card reader

[Andrew Gallagher]

Package: pcscd
Version: 1.8.13-1
Severity: important

I am using an ACS card reader with openpgp smart card. It was working until I
rebooted, and then gnupg stopped recognising the card. Restarting pcscd with
the ACS reader plugged in fixed the problem, and the fix persists even after I
unplug/replug the usb reader.

The symptoms and workaround appear identical to this fedora bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1092207

I noticed the same behaviour with the ordering of card readers before and after
pcscd restarts that the fedora OP reports:

agallagher@itchy:~$ gpg2 --card-status
gpg: selecting openpgp failed: Card not present
gpg: OpenPGP card not available: Card not present
agallagher@itchy:~$ opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0No  Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD)
00 00
1Yes ACS ACR 38U-CCID 01 00
agallagher@itchy:~$ sudo service pcscd restart
[ ok ] Restarting PCSC Lite resource manager: pcscd.
agallagher@itchy:~$ gpg2 --card-status
Application ID ...: D27600012401020100052ED9
Version ..: 2.1
Manufacturer .: ZeitControl
Serial number : 2ED9
Name of cardholder: Andrew Gallagher
Language prefs ...: en
Sex ..: unspecified
URL of public key : http://xen.andrewg.com/andr...@andrewg.com.pub
Login data ...: [not set]
Signature PIN : forced
Key attributes ...: 4096R 4096R 4096R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 8
Signature key : 291E 79A1 DC55 AE27 A52E  EF83 5C1E C404 D590 6629
  created : 2015-04-26 16:01:24
Encryption key: 0539 428D 4EF7 FF24 FE16  C291 6B09 0693 1454 9D4B
  created : 2013-07-02 17:04:50
Authentication key: EEFB 8D7C 6E3F 401C 4820  FFB2 85FD F561 DA8C 0C46
  created : 2015-04-26 16:18:28
General key info..: pub  4096R/0x5C1EC404D5906629 2015-04-26 Andrew Gallagher
andr...@andrewg.com
sec#  4096R/0xFB73E21AF1163937  created: 2013-07-02  expires: 2017-01-20
ssb  4096R/0x6B09069314549D4B  created: 2013-07-02  expires: 2017-04-25
  card-no: 0005 2ED9
ssb  4096R/0x5C1EC404D5906629  created: 2015-04-26  expires: 2017-04-25
  card-no: 0005 2ED9
ssb  4096R/0x85FDF561DA8C0C46  created: 2015-04-26  expires: 2017-04-25
  card-no: 0005 2ED9
agallagher@itchy:~$ opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0Yes ACS ACR 38U-CCID 00 00
1No  Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD)
01 00


The new reader ordering persists across USB unplugging.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages pcscd depends on:
ii  init-system-helpers 1.22
ii  libc6   2.19-18
ii  libccid [pcsc-ifd-handler]  1.4.18-1
ii  libpcsclite11.8.13-1
ii  libudev1215-17
ii  lsb-base4.1+Debian13+nmu1

pcscd recommends no packages.

Versions of packages pcscd suggests:
ii  systemd  215-17

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#783703: pcscd needs to be restarted after first plugging of usb card reader

[Andrew Gallagher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Thanks.

Unfortunately I can't put the card in the broadcom reader as it's a
full size card reader and I've already chopped out the small format
card. The correct fix would appear to be the only recourse...

Andrew.

On 29/04/15 12:59, Ludovic Rousseau wrote:
 reassign  783703gnupg2 retitle 783703 do not just use the first
 PC/SC smart card reader tags783703 upstream thank
 
 Hello,
 
 The problem is that gpg2 does not allow to specify a smart card
 reader to use if you have 2 or more readers.
 
 What you can do is insert your GPG card in the integrated Broadcom
 Corp 5880 reader, or in fact in the first reader listes by pcscd.
 
 A correct fix would be for GPG to try to find the GPG card in any 
 present reader, not just the first one.
 
 I reassign the bug tognupg2.
 
 Bye
 
 Le 29/04/2015 12:18, Andrew Gallagher a écrit :
 Package: pcscd Version: 1.8.13-1 Severity: important
 
 I am using an ACS card reader with openpgp smart card. It was
 working until I rebooted, and then gnupg stopped recognising the
 card. Restarting pcscd with the ACS reader plugged in fixed the
 problem, and the fix persists even after I unplug/replug the usb
 reader.
 
 The symptoms and workaround appear identical to this fedora bug:
 
 https://bugzilla.redhat.com/show_bug.cgi?id=1092207
 
 I noticed the same behaviour with the ordering of card readers
 before and after pcscd restarts that the fedora OP reports:
 
 agallagher@itchy:~$ gpg2 --card-status gpg: selecting openpgp
 failed: Card not present gpg: OpenPGP card not available: Card
 not present agallagher@itchy:~$ opensc-tool -l # Detected readers
 (pcsc) Nr.  Card  Features  Name 0No  Broadcom
 Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00 1Yes
 ACS ACR 38U-CCID 01 00 agallagher@itchy:~$ sudo service pcscd
 restart [ ok ] Restarting PCSC Lite resource manager: pcscd. 
 agallagher@itchy:~$ gpg2 --card-status Application ID ...:
 D27600012401020100052ED9 Version ..: 2.1 
 Manufacturer .: ZeitControl Serial number : 2ED9 Name
 of cardholder: Andrew Gallagher Language prefs ...: en Sex
 ..: unspecified URL of public key :
 http://xen.andrewg.com/andr...@andrewg.com.pub Login data
 ...: [not set] Signature PIN : forced Key attributes ...:
 4096R 4096R 4096R Max. PIN lengths .: 32 32 32 PIN retry counter
 : 3 0 3 Signature counter : 8 Signature key : 291E 79A1 DC55
 AE27 A52E  EF83 5C1E C404 D590 6629 created : 2015-04-26
 16:01:24 Encryption key: 0539 428D 4EF7 FF24 FE16  C291 6B09
 0693 1454 9D4B created : 2013-07-02 17:04:50 Authentication
 key: EEFB 8D7C 6E3F 401C 4820  FFB2 85FD F561 DA8C 0C46 created
 : 2015-04-26 16:18:28 General key info..: pub
 4096R/0x5C1EC404D5906629 2015-04-26 Andrew Gallagher 
 andr...@andrewg.com sec#  4096R/0xFB73E21AF1163937  created:
 2013-07-02  expires: 2017-01-20 ssb  4096R/0x6B09069314549D4B
 created: 2013-07-02  expires: 2017-04-25 card-no: 0005 2ED9 
 ssb  4096R/0x5C1EC404D5906629  created: 2015-04-26  expires:
 2017-04-25 card-no: 0005 2ED9 ssb  4096R/0x85FDF561DA8C0C46
 created: 2015-04-26  expires: 2017-04-25 card-no: 0005 2ED9 
 agallagher@itchy:~$ opensc-tool -l # Detected readers (pcsc) Nr.
 Card  Features  Name 0Yes ACS ACR 38U-CCID 00 00 
 1No  Broadcom Corp 5880 [Contacted SmartCard] 
 (0123456789ABCD) 01 00
 
 
 The new reader ordering persists across USB unplugging.
 
 Andrew.
 
 
 
 -- System Information: Debian Release: 8.0 APT prefers
 stable-updates APT policy: (500, 'stable-updates'), (500,
 'stable') Architecture: amd64 (x86_64)
 
 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale:
 LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8) Shell:
 /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
 
 Versions of packages pcscd depends on: ii  init-system-helpers
 1.22 ii  libc6   2.19-18 ii  libccid
 [pcsc-ifd-handler]  1.4.18-1 ii  libpcsclite1
 1.8.13-1 ii  libudev1215-17 ii  lsb-base
 4.1+Debian13+nmu1
 
 pcscd recommends no packages.
 
 Versions of packages pcscd suggests: ii  systemd  215-17
 
 -- no debconf information
 
 The information in this email and any attachments contain
 confidential information and is intended only for the individual
 named. If you are not the named addressee you should not
 disseminate, distribute or copy this e-mail, the attachments or
 any part thereof. Please notify the sender immediately by e-mail
 if you have received this e-mail by mistake and delete this
 e-mail from your system. E-mail transmission cannot be guaranteed
 to be secure or error-free as information could be intercepted,
 corrupted, lost, destroyed, arrive late or incomplete, or contain
 viruses. The sender therefore does not accept liability for any
 errors or omissions in the contents of this message which arise
 as a result of e-mail transmission. If verification is required

Bug#783721: dnssec-tools: dnssec-signzone behaviour changed; new signed zonefiles unparseable by rollerd

[Andrew Gallagher]

Package: dnssec-tools
Version: 1.13-1
Severity: grave
Justification: renders package unusable

After upgrading to jessie, rollerd will no longer start. 
It appears that the format of the signed zonefile has changed:

---

xen:/etc/bind# for i in db.andrewg.signed db.stibium.signed; do echo $i;head 
-16 $i; done
db.andrewg.signed
; File written on Mon Apr 27 10:40:38 2015
; dnssec_signzone version 9.9.5-9-Debian
andrewg.com.86400   IN SOA  xen.andrewg.com. root.xen.andrewg.com. (
2014120939 ; serial
28800  ; refresh (8 hours)
7200   ; retry (2 hours)
604800 ; expire (1 week)
86400  ; minimum (1 day)
)
86400   RRSIG   SOA 8 2 86400 (
20150527094038 20150427084038 11508 
andrewg.com.
oA4xSft7iCqdaxGyjj1blI0E8WNRJlKa+KFK
72xOSPIk8cYp6hdKdTel93WMPNU7l11KLKrd
E8uIOumut9jIdKoxjJ1d+dQMJyKtfYAd0tJY
TwrtCq3TZOHF1Pzy1pNdg3sHD/3Rptt1AU3Y
kK/ng1ieUVww30ipx/UZH4VRewM= )
db.stibium.signed
; File written on Sat Apr 18 08:21:32 2015
; dnssec_signzone version 9.8.4-rpz2+rl005.12-P1
stibium.net.86400   IN SOA  xen.andrewg.com. root.xen.andrewg.com. (
2014120938 ; serial
28800  ; refresh (8 hours)
7200   ; retry (2 hours)
604800 ; expire (1 week)
86400  ; minimum (1 day)
)
86400   RRSIG   SOA 8 2 86400 20150518082132 (
20150418072132 53691 stibium.net.
IAgXJGD1LzFfi09VDGFtQ4YOTObK4rKEHcXR
KSZGMqB11fOxCYMiXd+jN3h2qGvsO9iEVS/b
uNc0nKT9XouiYhPEjmQG7774sT86hEnqs2To
eD17BrD8t5CtAgYrcfDtnUVyt5AV569qAy+1
3gupeYBrmn7gYsEkn5WhcivyAfM= )
xen:/etc/bind# service rollerd restart
Restarting DNSSEC-Tools rollerd: rollerdUNIVERSAL-import is deprecated and 
will be removed in a future perl at 
/usr/share/perl5/Net/DNS/SEC/Tools/tooloptions.pm line 19.
.
xen:/etc/bind# bad RRSIG data 1, line 10
...propagated at /usr/share/perl5/Net/DNS/ZoneFile/Fast.pm line 164, 
GEN0 line 10.

---


This may be related to #642772. Fedora has a possibly related patch here:

http://pkgs.fedoraproject.org/cgit/dnssec-tools.git/plain/dnssec-tools-zonefile-fast-new-bind-1.13.patch?id2=HEAD

Note that the regular expression around line 800 has changed to match three 
sets 
of digits rather than four, matching the zonefile format changes observed.


Andrew


-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.18.5-x86-linode70 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages dnssec-tools depends on:
ii  bind9utils   1:9.9.5.dfsg-9
ii  libmailtools-perl2.13-1
ii  libnet-dns-perl  0.81-2
ii  libnet-dns-sec-perl  0.21-1
ii  libtimedate-perl 2.3000-2
ii  perl 5.20.2-3

Versions of packages dnssec-tools recommends:
ii  bind9  1:9.9.5.dfsg-9

dnssec-tools suggests no packages.

-- Configuration Files:
/etc/dnssec-tools/dnssec-tools.conf changed:
admin-email andr...@andrewg.com
keyarch /usr/sbin/keyarch
rollchk /usr/sbin/rollchk
zonesigner  /usr/sbin/zonesigner
keygen  /usr/sbin/dnssec-keygen
rndc/usr/sbin/rndc
zonecheck   /usr/sbin/named-checkzone
zonesign/usr/sbin/dnssec-signzone
algorithm   rsasha256
ksklength   2048
zsklength   1024
random  /dev/urandom
usensec3yes
nsec3iter   100
nsec3salt   random:64
nsec3optout no
endtime +2592000# RRSIGs good for thirty days.
lifespan-max94608000
lifespan-min3600
ksklife 31536000
zsklife 604800
archivedir  /var/lib/dnssec-tools/archive
entropy_msg 1
savekeys1
kskcount1
zskcount1
roll_loadzone   1
roll_logfile/var/log/dnssec-tools/rollerd.log
roll_loglevel   phase
roll_phasemsg   long
roll_sleeptime  3600
zone_errors 5
autosign1
log_tz  gmt
tacontact   
tasmtpserverlocalhost
taresolvconflocalhost
tatmpdir  

Bug#783703: Info received (Bug#783703: pcscd needs to be restarted after first plugging of usb card reader)

[Andrew Gallagher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

It's not just the ordering of readers that is the issue. I ran across
this problem just now:

https://paulphilippov.com/articles/how-to-fix-device-not-accepting-address-error

... so plugged the ACS reader into a docking station port, thinking it
would be able to supply more power. The ACS reader started working
again, but even though it is still the first reader in the list, gpg2
can't talk to it:

dmesg output:

[34471.749264] usb 2-1.4: new full-speed USB device number 22 using
ehci-pci
[34471.821260] usb 2-1.4: device descriptor read/64, error -32
[34471.997172] usb 2-1.4: device descriptor read/64, error -32
[34472.173381] usb 2-1.4: new full-speed USB device number 23 using
ehci-pci
[34472.245303] usb 2-1.4: device descriptor read/64, error -32
[34472.421236] usb 2-1.4: device descriptor read/64, error -32
[34472.597175] usb 2-1.4: new full-speed USB device number 24 using
ehci-pci
[34473.002996] usb 2-1.4: device not accepting address 24, error -32
[34473.077029] usb 2-1.4: new full-speed USB device number 25 using
ehci-pci
[34473.482909] usb 2-1.4: device not accepting address 25, error -32
[34473.484910] usb 2-1-port4: unable to enumerate USB device
[34765.026312] usb 1-1.1.2: new full-speed USB device number 9 using
ehci-pci
[34765.121888] usb 1-1.1.2: New USB device found, idVendor=072f,
idProduct=90cc
[34765.121898] usb 1-1.1.2: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
[34765.121903] usb 1-1.1.2: Product: CCID USB Reader
[34765.121907] usb 1-1.1.2: Manufacturer: ACS


agallagher@itchy:~$ opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0Yes ACS ACR 38U-CCID 00 00
1No  Broadcom Corp 5880 [Contacted SmartCard]
(0123456789ABCD) 01 00
agallagher@itchy:~$ gpg2 --card-status
gpg: selecting openpgp failed: Card not present
gpg: OpenPGP card not available: Card not present
agallagher@itchy:~$ opensc-explorer
OpenSC Explorer version 0.14.0
Using reader with a card: ACS ACR 38U-CCID 00 00
OpenSC [3F00] ls
FileID  Type  Size
 004FwEF16
 005EwEF 0
[0065]DF28
[006E]DF   217
[007A]DF 5
 00C4wEF 7
 0101wEF 0
 0102wEF 0
 5F50wEF46
 5F52wEF10
 7F21wEF 0
[A400]DF   527
 A401wEF   527
[B600]DF   527
 B601wEF   527
[B800]DF   527
 B801wEF   527


Unfortunately it seems that since kernel 2.6.38 there is no longer a
reliable way to cut power to an internal USB device, so I can now only
use my PGP card with a 50% success rate on this machine - short of
cracking open the case and disconnecting the internal broadcom reader.

This basically screws my intended use of this PGP card.

- -- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJVQOmCAAoJENW/k7AUpJcAra4H/2OdYKakHJ1DsQOPvrc9prJ6
juiiXV+EqiBjpA32gbZUUjbGv/bW8MfylkXic0cJAWikFsvJAMvAB016F3Y6O2rK
jbLgvD/hhBWjHn6KjanjvmgyML5XTtYSGbWN1D00ojvOzlclWDaJo0CnCLyRz6Us
nwVPJXPDx85OLAy9jSvuVjse9Z+AxkgaxMbetbJHkJ0CLC1Ni4HtXueAIejYx57C
o/RvR+CyyizJFXSwRRaVanR7fu10CZCHXs+G2fYf3MGlIhp6UC+ArdK7X73UAkYW
TiVqJS6cd+zS1h1vE3D7z8bRg5tcV9OK9iyMKmMZSJULMD6fp+EnBvBaL3nemaA=
=p5nQ
-END PGP SIGNATURE-

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 

Bug#783721: Acknowledgement (dnssec-tools: dnssec-signzone behaviour changed; new signed zonefiles unparseable by rollerd)

[Andrew Gallagher]

I have confirmed that the Fedora patch does clear the original error,
however there is now a new error:

xen:/etc/bind# service rollerd restart
Restarting DNSSEC-Tools rollerd: rollerdUNIVERSAL-import is deprecated
and will be removed in a future perl at
/usr/share/perl5/Net/DNS/SEC/Tools/tooloptions.pm line 19.
.
xen:/etc/bind# bad NSEC data, line 154
...propagated at /usr/share/perl5/Net/DNS/ZoneFile/Fast.pm line
164, GEN0 line 154.

This would appear to stem from the same faulty assumption as the first
one...

Andrew.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#780068: enigmail: key management view is misleading when collapsed

[Andrew Gallagher]

Package: enigmail
Version: 2:1.7.2-3
Severity: minor

Dear Maintainer,

In the list view of the key manager, it shows the validity of the primary
identity - not of the key - when the entry is collapsed. However, it is
possible for one of the secondary identities of a key to be more valid than the
primary, for example when the primary ID has recently been changed.

There should be an indicator in the collapsed state to denote an unexpectedly
valid secondary ID, for example an asterisk appended to the primary ID's
validity. This would be particularly helpful when cleaning up keyrings - a key
with a new primary ID may appear to be wholly untrusted, when in fact it is
only the primary ID that is untrusted and secondary IDs might well be fully
validated.

Also, the expand/collapse buttons should only be displayed when there is
something to see in expanded mode, i.e. when there is either a secondary ID or
a photo. This would save a lot of fruitless clicking.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages enigmail depends on:
ii  gnupg1.4.18-6
ii  icedove  31.4.0-2
ii  libc62.19-13

Versions of packages enigmail recommends:
ii  gnupg-agent  2.0.26-4

enigmail suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#779298: dnssec-trigger: fails to create /run/dnssec-trigger

[Andrew Gallagher]

Package: dnssec-trigger
Version: 0.13~svn685-4
Severity: important

Dear Maintainer,

After upgrading dnssec-trigger to the latest version in testing, it stopped
working from network manager. I found the following in syslog:

/var/log/syslog.1:Feb 18 18:11:35 itchy nm-dispatcher: Script
'/etc/NetworkManager/dispatcher.d/01-dnssec-trigger' exited with error status
1.
/var/log/syslog.1:Feb 18 18:11:35 itchy NetworkManager[25535]: warn (24) 01
-dnssec-trigger failed (failed): Script '/etc/NetworkManager/dispatcher.d/01
-dnssec-trigger' exited with error status 1.
/var/log/syslog.1:Feb 18 18:48:31 itchy nm-dispatcher: Script
'/etc/NetworkManager/dispatcher.d/01-dnssec-trigger' exited with error status
1.
/var/log/syslog.1:Feb 18 18:48:32 itchy NetworkManager[25535]: warn (25) 01
-dnssec-trigger failed (failed): Script '/etc/NetworkManager/dispatcher.d/01
-dnssec-trigger' exited with error status 1.
/var/log/syslog.1:Feb 19 11:03:01 itchy nm-dispatcher: Script
'/etc/NetworkManager/dispatcher.d/01-dnssec-trigger' exited with error status
1.
/var/log/syslog.1:Feb 19 11:03:02 itchy NetworkManager[25535]: warn (27) 01
-dnssec-trigger failed (failed): Script '/etc/NetworkManager/dispatcher.d/01
-dnssec-trigger' exited with error status 1.


Running the dispatcher script by hand shows the error:

root@itchy:~# /etc/NetworkManager/dispatcher.d/01-dnssec-trigger
Traceback (most recent call last):
  File /usr/lib/dnssec-trigger/dnssec-trigger-script, line 463, in module
Application(sys.argv).run()
  File /usr/lib/dnssec-trigger/dnssec-trigger-script, line 360, in run
with lockfile.FileLock(/run/dnssec-trigger/dnssec-trigger):
  File /usr/lib/pymodules/python2.7/lockfile.py, line 223, in __enter__
self.acquire()
  File /usr/lib/pymodules/python2.7/lockfile.py, line 239, in acquire
raise LockFailed(failed to create %s % self.unique_name)
lockfile.LockFailed: failed to create /run/dnssec-
trigger/itchy.MainThread-25103
root@itchy:~# mkdir /run/dnssec-trigger
root@itchy:~# /etc/NetworkManager/dispatcher.d/01-dnssec-trigger
ok removed 491 rrsets, 136 messages and 4 key entries
Global forwarders: 8.8.8.8 8.8.4.4


Creating /run/dnssec-trigger by hand appears to fix the issue.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages dnssec-trigger depends on:
ii  gir1.2-networkmanager-1.0  0.9.10.0-6
ii  init-system-helpers1.22
ii  libc6  2.19-13
ii  libgdk-pixbuf2.0-0 2.31.1-2+b1
ii  libglib2.0-0   2.42.1-1
ii  libgtk2.0-02.24.25-1
ii  libldns1   1.6.17-5+b1
ii  libssl1.0.01.0.1k-1
ii  python 2.7.8-3
ii  python-gi  3.14.0-1
ii  python-lockfile1:0.8-2
ii  unbound1.4.22-3

dnssec-trigger recommends no packages.

dnssec-trigger suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#778903: logcheck: saslauthd logging has changed

[Andrew Gallagher]

Package: logcheck
Version: 1.3.15
Severity: normal
Tags: patch


New versions of saslauthd say pam_unix(smtp:auth) instead of (pam_unix). 
New rule is:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
pam_unix\(smtp:auth\) authentication failure; logname= uid=0 euid=0 tty= ruser= 
rhost=( [[:space:]]*user=[-._[:alnum:]]+)?$


-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.14.5-x86-linode61 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logcheck depends on:
ii  adduser 3.113+nmu3
ii  cron3.0pl1-124
ii  lockfile-progs  0.1.17
ii  logtail 1.3.15
ii  mime-construct  1.11
ii  postfix [mail-transport-agent]  2.9.6-2
ii  rsyslog [system-log-daemon] 5.8.11-3+deb7u2

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.15

Versions of packages logcheck suggests:
pn  syslog-summary  none

-- Configuration Files:
/etc/logcheck/logcheck.conf changed:
REPORTLEVEL=server
SENDMAILTO=r...@andrewg.com
FQDN=1


-- debconf information:
  logcheck/changes:
* logcheck/install-note:


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#778905: logcheck: logging changes in spamd

[Andrew Gallagher]

Package: logcheck
Version: 1.3.15
Severity: normal
Tags: patch

spamd no longer suffixes (closed before headers) with at /usr/sbin/spamd 
line N

Updated rule attached. This may also apply to other errors that I haven't been 
able to test yet.

-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.14.5-x86-linode61 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logcheck depends on:
ii  adduser 3.113+nmu3
ii  cron3.0pl1-124
ii  lockfile-progs  0.1.17
ii  logtail 1.3.15
ii  mime-construct  1.11
ii  postfix [mail-transport-agent]  2.9.6-2
ii  rsyslog [system-log-daemon] 5.8.11-3+deb7u2

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.15

Versions of packages logcheck suggests:
pn  syslog-summary  none

-- Configuration Files:
/etc/logcheck/logcheck.conf changed:
REPORTLEVEL=server
SENDMAILTO=r...@andrewg.com
FQDN=1


-- debconf information:
  logcheck/changes:
* logcheck/install-note:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? bad protocol: 
header error: \(closed before headers\)( at /usr/sbin/spamd line 2001.)?$

Bug#773701: Acknowledgement (libreoffice: will not open files on a gvfs share)

[Andrew Gallagher]

On 05/02/15 19:34, Bjoern Michaelsen wrote:
 
  
 http://cgit.freedesktop.org/libreoffice/core/commit/?id=f574e1defdb537bdd741edd2523563aa0b03be5a
 
 was done for a good reason.

That's fine in principle, but it doesn't work. ;-)

 that to the best of our knowledge, people either:
 - dont have libreoffice-gnome and friends installed, which you should if you 
 use gvfs

Installing libreoffice-gnome has no effect.

 - or they are suffering from a glib bug:
   https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1214352
   which is in a header file, thus would require a full rebuild of all rdepends
   of glib and so would be very hard to fix properly on a stable release.

Is there a way to determine if this is the cause here?

If the glib bug can't be fixed in Jessie, then IMO reverting the
URL-handling commit is an acceptable workaround. Libreoffice is painful
to the point of unusability in a corporate environment if you can't
double-click in the file browser (gvfs pathnames can be horrendous).

-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


signature.asc
Description: OpenPGP digital signature

Bug#773701: Info received (Bug#773701: Acknowledgement (libreoffice: will not open files on a gvfs share))

[Andrew Gallagher]

Argh.

Sorry, installing libreoffice-gnome DOES fix the problem. I have no idea
how I got that the wrong way around earlier. Obviously I need more
coffee. :-(

Thanks!

-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


signature.asc
Description: OpenPGP digital signature

Bug#773701: Acknowledgement (libreoffice: will not open files on a gvfs share)

[Andrew Gallagher]

I found the solution here:

http://geekphreek.com/fix-libreoffice-4-2-not-opening-files-on-gvfs/

sed -i 's/X-GIO-NoFuse=true/#X-GIO-NoFuse=true/'
/usr/share/applications/libreoffice-*

More info here:

https://bugzilla.redhat.com/show_bug.cgi?id=885156

https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1253620

This appears to be a widespread problem.

-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


signature.asc
Description: OpenPGP digital signature

Bug#775933: enigmail: calls 'gpg --list-keys' before encrypting. This is slow, esp. with gpg2

[Andrew Gallagher]

 BTW, which version of gpg2 are you using?  I found that gpg2 2.1.2 (from
 debian experimental) is actually significantly faster than gpg 1.4.18.

I'm using 2.0.26-4 from jessie.

-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


signature.asc
Description: OpenPGP digital signature

Bug#775933: enigmail: calls 'gpg --list-keys' before encrypting. This is slow, esp. with gpg2

[Andrew Gallagher]

Package: enigmail
Version: 2:1.7.2-3
Severity: normal

Dear Maintainer,

Enigmail appears to call 'gpg --list-keys' when trying to work out if it
should encrypt an email, even if that mail has only one recipient. This means 
slurping up every single key ID into memory, required or not. It also causes 
gpg to walk its entire database, which is ridiculously inefficient - with a 
large keyring and gpg2 this can take several minutes, during which time gpg 
hogs 99% of CPU. (gpg1 is faster, but there is still a noticeable delay)

Is this all really necessary? It would be hundreds of times faster to call 
'gpg --list-keys $email' for each recipient in turn. 

Andrew.

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages enigmail depends on:
ii  gnupg1.4.18-6
ii  icedove  31.3.0-1
ii  libc62.19-13

Versions of packages enigmail recommends:
ii  gnupg-agent  2.0.26-4

enigmail suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775910: nautilus: treats identical shares with implicit and explicit credentials as distinct

[Andrew Gallagher]

Package: nautilus
Version: 3.14.1-2
Severity: normal

Dear Maintainer,

Steps to reproduce:

1. Using connect to server, connect to a share for which you have previously 
cached
the credentials. Do not put credentials in the URL, e.g. smb://server/share/.

2. Now using the same method, connect to the same share but this time supply 
the 
credentials in the URL, e.g. smb://DOMAIN;user@server/share/

Result: There are now two identical shares in the sidebar.


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nautilus depends on:
ii  desktop-file-utils 0.22-1
ii  gsettings-desktop-schemas  3.14.1-1
ii  gvfs   1.22.2-1
ii  libatk1.0-02.14.0-1
ii  libc6  2.19-13
ii  libcairo-gobject2  1.14.0-2.1
ii  libcairo2  1.14.0-2.1
ii  libexempi3 2.2.1-2
ii  libexif12  0.6.21-2
ii  libgail-3-03.14.5-1
ii  libgdk-pixbuf2.0-0 2.31.1-2+b1
ii  libglib2.0-0   2.42.1-1
ii  libglib2.0-data2.42.1-1
ii  libgnome-desktop-3-10  3.14.1-1
ii  libgtk-3-0 3.14.5-1
ii  libnautilus-extension1a3.14.1-2
ii  libnotify4 0.7.6-2
ii  libpango-1.0-0 1.36.8-3
ii  libpangocairo-1.0-01.36.8-3
ii  libselinux12.3-2
ii  libtracker-sparql-1.0-01.2.4-1
ii  libx11-6   2:1.6.2-3
ii  libxml22.9.1+dfsg1-4
ii  nautilus-data  3.14.1-2
ii  shared-mime-info   1.3-1

Versions of packages nautilus recommends:
ii  eject  2.1.5+deb1+cvs20081104-13.1
ii  gnome-icon-theme-symbolic  3.12.0-1
ii  gnome-sushi3.12.0-2+b1
ii  gvfs-backends  1.22.2-1
ii  librsvg2-common2.40.5-1

Versions of packages nautilus suggests:
ii  brasero3.11.4-1
ii  eog3.14.1-1
ii  evince [pdf-viewer]3.14.1-1
ii  totem  3.14.0-2
ii  tracker1.2.4-1
ii  vlc [mp3-decoder]  2.2.0~rc2-1
ii  vlc-nox [mp3-decoder]  2.2.0~rc2-1
ii  xdg-user-dirs  0.15-2

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775907: nautilus: crashes when trying to bookmark an smb share

[Andrew Gallagher]

Package: nautilus
Version: 3.14.1-2
Severity: important

Dear Maintainer,

Steps to reproduce:

1. Connect to an smb share using connect to server
2. Drag from the path bar into the sidebar to create a bookmark
3. Unmount the share

Result: Bookmark gets renamed from share on server to /

4. Right-click on share and choose Rename

Result: nautilus crashes

5. Reopen nautilus
6. Try renaming bookmark again

Result: success

7. Click on bookmark
8. Unmount share
9. Click on bookmark

Result: nautilus crashes again



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nautilus depends on:
ii  desktop-file-utils 0.22-1
ii  gsettings-desktop-schemas  3.14.1-1
ii  gvfs   1.22.2-1
ii  libatk1.0-02.14.0-1
ii  libc6  2.19-13
ii  libcairo-gobject2  1.14.0-2.1
ii  libcairo2  1.14.0-2.1
ii  libexempi3 2.2.1-2
ii  libexif12  0.6.21-2
ii  libgail-3-03.14.5-1
ii  libgdk-pixbuf2.0-0 2.31.1-2+b1
ii  libglib2.0-0   2.42.1-1
ii  libglib2.0-data2.42.1-1
ii  libgnome-desktop-3-10  3.14.1-1
ii  libgtk-3-0 3.14.5-1
ii  libnautilus-extension1a3.14.1-2
ii  libnotify4 0.7.6-2
ii  libpango-1.0-0 1.36.8-3
ii  libpangocairo-1.0-01.36.8-3
ii  libselinux12.3-2
ii  libtracker-sparql-1.0-01.2.4-1
ii  libx11-6   2:1.6.2-3
ii  libxml22.9.1+dfsg1-4
ii  nautilus-data  3.14.1-2
ii  shared-mime-info   1.3-1

Versions of packages nautilus recommends:
ii  eject  2.1.5+deb1+cvs20081104-13.1
ii  gnome-icon-theme-symbolic  3.12.0-1
ii  gnome-sushi3.12.0-2+b1
ii  gvfs-backends  1.22.2-1
ii  librsvg2-common2.40.5-1

Versions of packages nautilus suggests:
ii  brasero3.11.4-1
ii  eog3.14.1-1
ii  evince [pdf-viewer]3.14.1-1
ii  totem  3.14.0-2
ii  tracker1.2.4-1
ii  vlc [mp3-decoder]  2.2.0~rc2-1
ii  vlc-nox [mp3-decoder]  2.2.0~rc2-1
ii  xdg-user-dirs  0.15-2

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#774947: dnssec-trigger: does not appear in gnome3 panel

[Andrew Gallagher]

Package: dnssec-trigger
Version: 0.13~svn685-3
Severity: important

Dear Maintainer,

I recently upgraded my machine to jessie and am using the standard gnome3
desktop. dnssec-trigger-control works on the command line, but dnssec-trigger-
panel does not appear in the system tray even though it is obviously running.
If I start by hand, it does not appear and does not throw any errors.




-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages dnssec-trigger depends on:
ii  gir1.2-networkmanager-1.0  0.9.10.0-4
ii  init-system-helpers1.22
ii  libc6  2.19-13
ii  libgdk-pixbuf2.0-0 2.31.1-2+b1
ii  libglib2.0-0   2.42.1-1
ii  libgtk2.0-02.24.25-1
ii  libldns1   1.6.17-5+b1
ii  libssl1.0.01.0.1j-1
ii  python 2.7.8-2
ii  python-gi  3.14.0-1
ii  python-lockfile1:0.8-2
ii  unbound1.4.22-3

dnssec-trigger recommends no packages.

dnssec-trigger suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#717563: proxy setting still not working

[Andrew Gallagher]

This bug is still present in testing. I can confirm that proxy operation
also fails when using the --http_proxy and --proxy command line options.

-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


signature.asc
Description: OpenPGP digital signature

Bug#774956: libgtk-3-bin: gboolean type FALSE not recognised in settings.ini

[Andrew Gallagher]

Package: libgtk-3-bin
Version: 3.14.5-1
Severity: normal

Dear Maintainer,

The documentation here:

https://developer.gnome.org/gtk3/stable/GtkSettings.html#GtkSettings--gtk-
primary-button-warps-slider

indicates that the allowed values for gtk-primary-button-warps-slider are TRUE
or FALSE, however setting it to FALSE in .config/gtk-3.0/settings.ini results
in an error:

Key file contains key 'gtk-primary-button-warps-slider' which has a value that
cannot be interpreted.

Setting the value to 0 works, but the documentation is clear that FALSE should
be an alias for 0. This is obviously not the case.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libgtk-3-bin depends on:
ii  libatk-bridge2.0-0   2.14.0-2
ii  libatk1.0-0  2.14.0-1
ii  libc62.19-13
ii  libcairo-gobject21.14.0-2.1
ii  libcairo21.14.0-2.1
ii  libfontconfig1   2.11.0-6.3
ii  libfreetype6 2.5.2-2
ii  libgdk-pixbuf2.0-0   2.31.1-2+b1
ii  libglib2.0-0 2.42.1-1
ii  libgtk-3-0   3.14.5-1
ii  libgtk-3-common  3.14.5-1
ii  libpango-1.0-0   1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-01.36.8-3
ii  libwayland-client0   1.6.0-2
ii  libwayland-cursor0   1.6.0-2
ii  libx11-6 2:1.6.2-3
ii  libxcomposite1   1:0.4.4-1
ii  libxcursor1  1:1.1.14-1+b1
ii  libxdamage1  1:1.1.4-2+b1
ii  libxext6 2:1.3.3-1
ii  libxfixes3   1:5.0.1-2+b2
ii  libxi6   2:1.7.4-1+b2
ii  libxinerama1 2:1.1.3-1+b1
ii  libxkbcommon00.4.3-2
ii  libxrandr2   2:1.4.2-1+b1

libgtk-3-bin recommends no packages.

libgtk-3-bin suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#774957: libgtk-3-bin: gtk-primary-button-warps-slider=1 is a bad default for scrollbars

[Andrew Gallagher]

Package: libgtk-3-bin
Version: 3.14.5-1
Severity: normal

Dear Maintainer,

Scrollbars appear to inherit the same settings as configuration sliders. It may
be a good idea to use gtk-primary-button-warps-slider=1 as a default for
settings panels (e.g. screenlock timeout etc.) but it is a very bad idea to use
the same settings for scrollbars.

Expected behaviour for scrollbars in pretty much all software (since Motif was
invented, yes I'm old enough to remember those days) is not to warp. GTK should
not (re)introduce such inferior and nonstandard scrollbar behaviour by default.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libgtk-3-bin depends on:
ii  libatk-bridge2.0-0   2.14.0-2
ii  libatk1.0-0  2.14.0-1
ii  libc62.19-13
ii  libcairo-gobject21.14.0-2.1
ii  libcairo21.14.0-2.1
ii  libfontconfig1   2.11.0-6.3
ii  libfreetype6 2.5.2-2
ii  libgdk-pixbuf2.0-0   2.31.1-2+b1
ii  libglib2.0-0 2.42.1-1
ii  libgtk-3-0   3.14.5-1
ii  libgtk-3-common  3.14.5-1
ii  libpango-1.0-0   1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-01.36.8-3
ii  libwayland-client0   1.6.0-2
ii  libwayland-cursor0   1.6.0-2
ii  libx11-6 2:1.6.2-3
ii  libxcomposite1   1:0.4.4-1
ii  libxcursor1  1:1.1.14-1+b1
ii  libxdamage1  1:1.1.4-2+b1
ii  libxext6 2:1.3.3-1
ii  libxfixes3   1:5.0.1-2+b2
ii  libxi6   2:1.7.4-1+b2
ii  libxinerama1 2:1.1.3-1+b1
ii  libxkbcommon00.4.3-2
ii  libxrandr2   2:1.4.2-1+b1

libgtk-3-bin recommends no packages.

libgtk-3-bin suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#773701: update

[Andrew Gallagher]

Update:

The dialog box problem appears to go away with a reboot. The
double-click issue does not.

-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


signature.asc
Description: OpenPGP digital signature

Bug#774738: rygel: Silently ignores mp4 files, throws odd errors about NULLs

[Andrew Gallagher]

Package: rygel
Version: 0.24.2-1
Severity: important

I reinstalled my machine (formerly running Ubuntu trusty), and rygel no longer
admits to the existence of mp4 files. I have restarted it twice and it will
serve any file other than mp4, which are all missing when listed over upnp/dlna.
The version on trusty (and earlier) had no such problem.

In possibly related news, it throws the following error multiple times :

libmediaart-CRITICAL **: media_art_get_file: assertion 'artist != NULL || title 
!= NULL' failed

Andrew Gallagher

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rygel depends on:
ii  libc6   2.19-13
ii  libgee-0.8-20.16.1-1
ii  libglib2.0-02.42.1-1
ii  libgssdp-1.0-3  0.14.10-1
ii  libgstreamer-plugins-base1.0-0  1.4.4-2
ii  libgstreamer1.0-0   1.4.4-2
ii  libgupnp-1.0-4  0.20.12-1
ii  libgupnp-av-1.0-2   0.12.6-1
ii  libgupnp-dlna-2.0-3 0.10.2-1
ii  libmediaart-1.0-0   0.7.0-2
ii  librygel-core-2.4-2 0.24.2-1
ii  librygel-renderer-2.4-2 0.24.2-1
ii  librygel-server-2.4-2   0.24.2-1
ii  libsoup2.4-12.48.0-1
ii  libsqlite3-03.8.7.1-1
ii  libunistring0   0.9.3-5.2+b1
ii  libuuid12.25.2-4
ii  libxml2 2.9.1+dfsg1-4

Versions of packages rygel recommends:
ii  gstreamer1.0-libav 1.4.4-2
ii  gstreamer1.0-plugins-base  1.4.4-2
ii  gstreamer1.0-plugins-good  1.4.4-2
ii  gstreamer1.0-plugins-ugly  1.4.4-2

Versions of packages rygel suggests:
pn  rygel-mediatheknone
ii  rygel-playbin  0.24.2-1
ii  rygel-preferences  0.24.2-1
ii  rygel-tracker  0.24.2-1
pn  tumblernone

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#769735: Confirm bug

[Andrew Gallagher]

I can confirm this bug. I am using the beta2 installer DVD1, and trying
to dual-boot jessie on an existing ubuntu box.

Using manual partitioning, I first resized the ubuntu root partition
from 1tb down to 500gb, then attempted to create an encrypted LVM
partition in the free space. This automatically filled the LVM VG with a
single ext4 partition, but I needed an encrypted swap space also, so
went into configure lvm, but there were no options there to change
LVs. On exiting that menu, partman attempts to detect disks, but hangs
at 81%. I have reproduced this twice.

Andrew.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#773701: libreoffice: will not open files on a gvfs share

[Andrew Gallagher]

Package: libreoffice
Version: 1:4.3.3-2
Severity: important

Dear Maintainer,

Opening files on gvfs no longer appears to work in jessie. When double-clicking
on a network file in nautilus, libreoffice starts, throws the splash but does
not open the file. It quits a few seconds later. When using the file-open
dialog, the directory /run/user/1000/gvfs contains the same number of entries
as there are mounted shares, but they all appear as zero-size, zero-timestamp
nameless plain files. (see attached screenshot)

Andrew Gallagher.



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libreoffice depends on:
ii  fonts-dejavu   2.34-1
ii  fonts-sil-gentium-basic1.1-7
ii  libreoffice-avmedia-backend-gstreamer  1:4.3.3-2
ii  libreoffice-base   1:4.3.3-2
ii  libreoffice-calc   1:4.3.3-2
ii  libreoffice-core   1:4.3.3-2
ii  libreoffice-draw   1:4.3.3-2
ii  libreoffice-impress1:4.3.3-2
ii  libreoffice-java-common1:4.3.3-2
ii  libreoffice-math   1:4.3.3-2
ii  libreoffice-report-builder-bin 1:4.3.3-2
ii  libreoffice-writer 1:4.3.3-2
ii  python-uno 1:4.3.3-2

Versions of packages libreoffice recommends:
ii  fonts-liberation   1.07.4-1
ii  libpaper-utils 1.1.24+nmu4
ii  ttf-mscorefonts-installer  3.6

Versions of packages libreoffice suggests:
pn  cups-bsd  none
pn  gstreamer1.0-ffmpeg   none
ii  gstreamer1.0-plugins-bad  1.4.4-2
ii  gstreamer1.0-plugins-base 1.4.4-2
ii  gstreamer1.0-plugins-good 1.4.4-2
ii  gstreamer1.0-plugins-ugly 1.4.4-2
ii  hunspell-en-us [hunspell-dictionary]  20070829-6
pn  hyphen-hyphenation-patterns   none
ii  icedove   31.3.0-1
ii  iceweasel 31.3.0esr-1
ii  imagemagick   8:6.8.9.9-3
ii  libgl1-mesa-glx [libgl1]  10.3.2-1
pn  libreoffice-gnome | libreoffice-kde   none
pn  libreoffice-grammarcheck  none
pn  libreoffice-help-4.3  none
pn  libreoffice-l10n-4.3  none
pn  libreoffice-officebeannone
ii  libsane   1.0.24-4
ii  libxrender1   1:0.9.8-1+b1
pn  myspell-dictionarynone
pn  mythes-thesaurus  none
pn  openclipart-libreoffice   none
ii  openjdk-6-jre [java5-runtime] 6b33-1.13.5-2~deb7u1
ii  openjdk-7-jre [java5-runtime] 7u71-2.5.3-2
ii  pstoedit  3.62-2+b1
ii  sun-java6-jre [java5-runtime] 6.26-0squeeze1
ii  unixodbc  2.3.1-3

Versions of packages libreoffice-core depends on:
ii  fontconfig2.11.0-6.3
ii  fonts-opensymbol  2:102.6+LibO4.3.3-2
ii  libatk1.0-0   2.14.0-1
ii  libboost-date-time1.55.0  1.55.0+dfsg-3
ii  libc6 2.19-13
ii  libcairo2 1.14.0-2.1
ii  libclucene-contribs1  2.3.3.4-4
ii  libclucene-core1  2.3.3.4-4
ii  libcmis-0.4-4 0.4.1-7
ii  libcups2  1.7.5-9
ii  libcurl3-gnutls   7.38.0-3
ii  libdbus-1-3   1.8.12-1
ii  libdbus-glib-1-2  0.102-1
ii  libeot0   0.01-3
ii  libexpat1 2.1.0-6+b3
ii  libexttextcat-2.0-0   3.4.4-1
ii  libfontconfig12.11.0-6.3
ii  libfreetype6  2.5.2-2
ii  libgcc1   1:4.9.1-19
ii  libgdk-pixbuf2.0-02.31.1-2+b1
ii  libgl1-mesa-glx [libgl1]  10.3.2-1
ii  libglew1.10   1.10.0-3
ii  libglib2.0-0  2.42.1-1
ii  libgltf-0.0-0 0.0.2-2
ii  libglu1-mesa [libglu1]9.0.0-2
ii  libgraphite2-31.2.4-3
ii  libgtk2.0-0   2.24.25-1
ii  libharfbuzz-icu0  0.9.35-2
ii  libharfbuzz0b 0.9.35-2
ii  libhunspell-1.3-0 1.3.3-3
ii  libhyphen02.8.8-1
ii  libice6   2:1.0.9-1+b1
ii  libicu52  52.1-6
ii  libjpeg62-turbo   1:1.3.1-11
ii  liblangtag1   0.5.1-3
ii  liblcms2-22.6-3+b3
ii  libldap-2.4-2 2.4.40-3
ii  libmythes-1.2-0   2:1.2.4-1
ii  libneon27-gnutls  0.30.1-1
ii  libnspr4  2:4.10.7-1
ii  libnspr4-0d   2:4.10.7-1
ii  libnss3   2:3.17.2-1
ii  libnss3-1d2:3.17.2-1
ii  libodfgen-0.1-1   0.1.1-2
ii  libpango-1.0-01.36.8-3
ii  libpangocairo-1.0

Bug#773707: gvfs not very usable with non-gnome applications

[Andrew Gallagher]

Package: gvfs
Version: 1.22.2-1
Severity: important

Dear Maintainer,

When upgrading from wheezy to jessie, the entire path structure of gvfs has
changed. I understand it is more compliant to place transient mount points
under /run rather than ~, but it has made working with non-gnome applications
even more difficult.

The path now contains both usernames and userids. This is a major usability
flaw, as different users see different paths to the same resource. Identifiers
should not contain credential information.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages gvfs depends on:
ii  gvfs-common   1.22.2-1
ii  gvfs-daemons  1.22.2-1
ii  gvfs-libs 1.22.2-1
ii  libc6 2.19-13
ii  libglib2.0-0  2.42.1-1
ii  libudev1  215-7

gvfs recommends no packages.

Versions of packages gvfs suggests:
ii  gvfs-backends  1.22.2-1

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#773708: reportbug: scrollbar operation is crude

[Andrew Gallagher]

Package: reportbug
Version: 6.6.1
Severity: minor

Dear Maintainer,

The scrollbars in the python-gtk UI do not exhibit expected behaviour. Clicking
inside the scrollbar track either above or below the bar should page up and
down by one page - this has been standard UI practice for years.

Andrew.



-- Package-specific info:
** Environment settings:
INTERFACE=gtk2

** /home/agallagher/.reportbugrc:
reportbug_version 4.12.6
mode standard
ui gtk2
realname Andrew Gallagher
email andr...@andrewg.com
smtphost localhost:1025
smtpuser agallagher

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages reportbug depends on:
ii  apt   1.0.9.4
ii  python2.7.8-2
ii  python-reportbug  6.6.1
pn  python:anynone

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail none
pn  debconf-utils  none
pn  debsumsnone
ii  dlocate1.02+nmu3
pn  emacs23-bin-common | emacs24-bin-commonnone
ii  exim4  4.84-3
ii  exim4-daemon-light [mail-transport-agent]  4.84-3
ii  file   1:5.20-2
ii  gnupg  1.4.18-6
ii  python-gtk22.24.0-4
pn  python-gtkspellnone
pn  python-urwid   none
ii  python-vte 1:0.28.2-5
ii  xdg-utils  1.1.0~rc1+git20111210-7.1

Versions of packages python-reportbug depends on:
ii  apt   1.0.9.4
ii  python-debian 0.1.25
ii  python-debianbts  1.12
pn  python:anynone

python-reportbug suggests no packages.

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#773537: enigmail: Confusing UI (potentially dangerous) when temporarily trusting an untrusted key

[Andrew Gallagher]

Package: enigmail
Version: 2:1.7.2-3
Severity: minor

Dear Maintainer,


When sending an encrypted message to someone whose key is untrusted, if I
forget to check trust the keys of all recipients I am prompted with a list of
keys to select from, with the untrusted key not preselected. If I select the
untrusted key from that list and continue, the resulting error message is less
than user friendly:

USERID_HINT D5BF93B014A49700 Andrew Gallagher andrew.gallag...@ward.ie
NEED_PASSPHRASE D5BF93B014A49700 D5BF93B014A49700 1 0
GOOD_PASSPHRASE
INV_RECP 10 0x

Evidently gpg has not accepted the untrusted key for encryption purposes.


Expected behaviour:

1. If I explicitly and manually select an untrusted key in the list dialog box
it should temporarily trust that key.

Otherwise, there should be another method to temporarily trust a particular
key. trust the keys of all recipients has persistent state and needs to be
manually unchecked the next time a message is composed, which is potentially
dangerous.

2. The error message should be friendlier, e.g. Key 0x is not
trusted.

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages enigmail depends on:
ii  gnupg1.4.18-6
ii  icedove  31.3.0-1
ii  libc62.19-13

Versions of packages enigmail recommends:
ii  gnupg-agent  2.0.26-3

enigmail suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#773545: nautilus: shows incorrect path when connecting directly to subfolder of share

[Andrew Gallagher]

Package: nautilus
Version: 3.14.1-2
Severity: normal

Dear Maintainer,


I have several bookmarks for subfolders of commonly-accessed SMB shares. After
upgrading from wheezy to jessie, if the share is not already mounted when
opening one of these bookmarks, the subfolder behaves inconsistently as if it
were the root of the share.

To reproduce:

1. Mount a share

2. Create a bookmark to the share, and also two top level folders within that
share

3. Unmount the share

4. Mount the share again using one of the folder bookmarks (BAD_FOLDER)


Results:

1. on entering a subfolder of BAD_FOLDER, the path in the topbar shows it as
being a child of the root, e.g. share on server / BAD_FOLDER / subfolder
appears as share on server / subfolder.

2. on entering the other folder bookmark, it is shown in the topbar (correctly)
as being a child of the share, but then clicking on the share root in the
topbar brings you to BAD_FOLDER, not to the share root

3. clicking on the mounted share shortcut in the sidebar (not the bookmark)
takes you to BAD_FOLDER, not the share root

4. clicking on the share root bookmark takes you to the share root. Entering a
subfolder of the share root works normally, and clicking on the share root in
the topbar immediately thereafter takes you to the share root, as expected.


This worked sensibly in wheezy.

Andrew



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nautilus depends on:
ii  desktop-file-utils 0.22-1
ii  gsettings-desktop-schemas  3.14.1-1
ii  gvfs   1.22.2-1
ii  libatk1.0-02.14.0-1
ii  libc6  2.19-13
ii  libcairo-gobject2  1.14.0-2.1
ii  libcairo2  1.14.0-2.1
ii  libexempi3 2.2.1-2
ii  libexif12  0.6.21-2
ii  libgail-3-03.14.5-1
ii  libgdk-pixbuf2.0-0 2.31.1-2+b1
ii  libglib2.0-0   2.42.1-1
ii  libglib2.0-data2.42.1-1
ii  libgnome-desktop-3-10  3.14.1-1
ii  libgtk-3-0 3.14.5-1
ii  libnautilus-extension1a3.14.1-2
ii  libnotify4 0.7.6-2
ii  libpango-1.0-0 1.36.8-3
ii  libpangocairo-1.0-01.36.8-3
ii  libselinux12.3-2
ii  libtracker-sparql-1.0-01.2.4-1
ii  libx11-6   2:1.6.2-3
ii  libxml22.9.1+dfsg1-4
ii  nautilus-data  3.14.1-2
ii  shared-mime-info   1.3-1

Versions of packages nautilus recommends:
ii  eject  2.1.5+deb1+cvs20081104-13.1
ii  gnome-icon-theme-symbolic  3.12.0-1
ii  gnome-sushi3.12.0-2+b1
ii  gvfs-backends  1.22.2-1
ii  librsvg2-common2.40.5-1

Versions of packages nautilus suggests:
ii  brasero3.11.4-1
ii  eog3.14.1-1
ii  evince [pdf-viewer]3.14.1-1
ii  totem  3.14.0-2
ii  tracker1.2.4-1
ii  vlc [mp3-decoder]  2.2.0~rc2-1
ii  vlc-nox [mp3-decoder]  2.2.0~rc2-1
ii  xdg-user-dirs  0.15-2

-- no debconf information

The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#773545: further info

[Andrew Gallagher]

In addition to the above, if I unmount the share from the sidebar and
then try to remount it by using the share's root bookmark, nautilus crashes.


-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



The information in this email and any attachments contain confidential 
information and is intended only for the individual named. If you are not the 
named addressee you should not disseminate, distribute or copy this e-mail, the 
attachments or any part thereof. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept liability 
for any errors or omissions in the contents of this message which arise as a 
result of e-mail transmission. If verification is required please request a 
hard-copy version. Unless expressly stated, this email is not intended to 
create any contractual relationship. If this email is not sent in the course of 
the senders employment or fulfilment of his/her duties to Ward Solutions, Ward 
Solutions accepts no liability whatsoever for the content of this message or 
any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 
2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165. 


signature.asc
Description: OpenPGP digital signature

Bug#772569: dnssec-tools: foo

[Andrew Gallagher]

Package: dnssec-tools
Version: 1.13-1
Severity: normal

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***

Content-Type: text/plain; charset=us-ascii
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Andrew Gallagher andr...@andrewg.com
To: Debian Bug Tracking System sub...@bugs.debian.org
Subject: dnssec-tools: rollerd does not reload zone after autosigning
Bcc: Andrew Gallagher andr...@andrewg.com

Package: dnssec-tools
Version: 1.13-1
Severity: normal

With autosign=1, rollerd re-signs zone files but forgets to subsequently reload 
the zone with rndc, even if roll_loadzone=1

To reproduce:

configure autosign=1; roll_loadzone=1
edit a zonefile
wait

Expected behaviour:

Either roll_loadzone should enable zone reloads for both autosigning and key 
rolling,
or there should be a separate method to reload a zone after autosigning. 
Autosigning
is pretty useless without this feature.


Andrew Gallagher


-- System Information:
Debian Release: 7.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.14.5-x86-linode61 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dnssec-tools depends on:
ii  bind9utils   1:9.8.4.dfsg.P1-6+nmu2+deb7u2
ii  libmailtools-perl2.09-1
ii  libnet-dns-perl  0.66-2+b2
ii  libnet-dns-sec-perl  0.16-2
ii  libtimedate-perl 1.2000-1
ii  perl 5.14.2-21+deb7u2

Versions of packages dnssec-tools recommends:
ii  bind9  1:9.8.4.dfsg.P1-6+nmu2+deb7u2

dnssec-tools suggests no packages.

-- Configuration Files:
/etc/dnssec-tools/dnssec-tools.conf changed:
admin-email andr...@andrewg.com
keyarch /usr/sbin/keyarch
rollchk /usr/sbin/rollchk
zonesigner  /usr/sbin/zonesigner
keygen  /usr/sbin/dnssec-keygen
rndc/usr/sbin/rndc
zonecheck   /usr/sbin/named-checkzone
zonesign/usr/sbin/dnssec-signzone
algorithm   rsasha256
ksklength   2048
zsklength   1024
random  /dev/urandom
usensec3yes
nsec3iter   100
nsec3salt   random:64
nsec3optout no
endtime +2592000# RRSIGs good for thirty days.
lifespan-max94608000
lifespan-min3600
ksklife 31536000
zsklife 604800
archivedir  /var/lib/dnssec-tools/archive
entropy_msg 1
savekeys1
kskcount1
zskcount1
roll_loadzone   1
roll_logfile/var/log/dnssec-tools/rollerd.log
roll_loglevel   phase
roll_phasemsg   long
roll_sleeptime  3600
zone_errors 5
autosign1
log_tz  gmt
tacontact   
tasmtpserverlocalhost
taresolvconflocalhost
tatmpdir/var/run/dnssec-tools/trustman
usegui  0

/etc/dnssec-tools/dnssec-tools.rollrec changed:
rollweb
zonenameweb
zonefiledb.web.signed
keyrec  web.krf
directory   /etc/bind
administrator   root@localhost
kskphase0
zskphase0
ksk_rolldateSun Dec  7 02:10:42 2014
ksk_rollsecs1417918242
zsk_rolldateSun Dec  7 02:10:42 2014
zsk_rollsecs1417918242
maxttl  0
display 1
phasestart  new
# optional records for RFC5011 rolling:
istrustanchor   no
holddowntime60D
rolltest.web
zonenametest.web
zonefiledb.test.web.signed
keyrec  test.web.krf
directory   /etc/bind
administrator   root@localhost
kskphase0
zskphase0
ksk_rolldateSun Dec  7 02:10:42 2014
ksk_rollsecs1417918242
zsk_rolldateSun Dec  7 02:10:42 2014
zsk_rollsecs1417918242
maxttl  0
display 1
phasestart  new
# optional records for RFC5011 rolling:
istrustanchor   no
holddowntime60D
rollandrewg.com
zonenameandrewg.com
zonefiledb.andrewg.signed
keyrec  andrewg.com.krf
directory   /etc/bind
administrator   root@localhost
kskphase0
zskphase0
ksk_rolldateSun Dec  7 02:10:42 2014
ksk_rollsecs1417918242
zsk_rolldateSun Dec  7 02:10:42 2014
zsk_rollsecs1417918242
maxttl  0
display 1
phasestart  new
# optional records for RFC5011 rolling:
istrustanchor   no
holddowntime60D
rollllagher.net
zonenamellagher.net
zonefiledb.llagher.signed

Bug#772569: Acknowledgement (dnssec-tools: foo)

[Andrew Gallagher]

Sorry. Please change the title of the bug to rollerd does not reload zone 
after autosigning. I messed up the reportbug command line. :-(

Andrew Gallagher

 On 8 Dec 2014, at 17:12, Debian Bug Tracking System ow...@bugs.debian.org 
 wrote:
 
 Thank you for filing a new Bug report with Debian.
 
 This is an automatically generated reply to let you know your message
 has been received.
 
 Your message is being forwarded to the package maintainers and other
 interested parties for their attention; they will reply in due course.
 
 Your message has been sent to the package maintainer(s):
 Ondřej Surý ond...@debian.org
 
 If you wish to submit further information on this problem, please
 send it to 772...@bugs.debian.org.
 
 Please do not send mail to ow...@bugs.debian.org unless you wish
 to report a problem with the Bug-tracking system.
 
 -- 
 772569: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772569
 Debian Bug Tracking System
 Contact ow...@bugs.debian.org with problems
 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#668899: calibre

[Andrew Gallagher]

I can also confirm that removing network-manager is a workaround.

Of course this is a bug. Calibre is using the wrong test to determine
internet connectivity.

Andrew.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#735168: libreoffice-calc: Editing/saving XLSX causes chrome rendering issues when document reopened (in both LO and MSXL)

[Andrew Gallagher]

Package: libreoffice-calc
Version: 1:3.5.4+dfsg2-0+deb7u2
Severity: normal

Dear Maintainer,

When updating an XLSX file (that has previously been edited in both LO and 
MSXL),
I have found on rare occasions that after saving and reopening the file again,
the chrome of LO is corrupted. In particular the line and column headers and the
worksheet tabs are overwritten. Interestingly, this misrendering also happens 
if 
the file is reopened in MSXL.

Saving the file as old-fashioned XLS fixes the headers issue, but the sheet tabs
are still missing (again, in both LO and MSXL). The worksheets still exist as I
can use hotkeys to navigate between them.

I have no method to reproduce, but it has happened twice so is not an isolated
issue. I can't provide an example as both files are commercially sensitive. 
Will 
update this bug if I come across one that I can redistribute.


Andrew


-- System Information:
Debian Release: 7.3
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libreoffice-calc depends on:
ii  libc6  2.17-97
ii  libgcc11:4.7.2-5
ii  libreoffice-base-core  1:3.5.4+dfsg2-0+deb7u2
ii  libreoffice-core   1:3.5.4+dfsg2-0+deb7u2
ii  libstdc++6 4.7.2-5
ii  lp-solve   5.5.0.13-7
ii  uno-libs3  3.5.4+dfsg2-0+deb7u2
ii  ure3.5.4+dfsg2-0+deb7u2

libreoffice-calc recommends no packages.

libreoffice-calc suggests no packages.

Versions of packages libreoffice-core depends on:
ii  fontconfig   2.9.0-7.1
ii  fonts-opensymbol 2:102.2+LibO3.5.4+dfsg2-0+deb7u2
ii  libc62.17-97
ii  libcairo21.12.2-3
ii  libcmis-0.2-00.1.0-1+b1
ii  libcurl3-gnutls  7.26.0-1+wheezy7
ii  libdb5.1 5.1.29-5
ii  libexpat12.1.0-1+deb7u1
ii  libexttextcat0   3.2.0-2
ii  libfontconfig1   2.9.0-7.1
ii  libfreetype6 2.4.9-1.1
ii  libgcc1  1:4.7.2-5
ii  libglib2.0-0 2.33.12+really2.32.4-5
ii  libgraphite2-2.0.0   1.1.3-1
ii  libgstreamer-plugins-base0.10-0  0.10.36-1.1
ii  libgstreamer0.10-0   0.10.36-1.2
ii  libhunspell-1.3-01.3.2-4
ii  libhyphen0   2.8.3-2
ii  libice6  2:1.0.8-2
ii  libicu48 4.8.1.1-12+deb7u1
ii  libjpeg8 8d-1
ii  libmythes-1.2-0  2:1.2.2-1
ii  libneon27-gnutls 0.29.6-3
ii  libnspr4 2:4.9.2-1+deb7u1
ii  libnspr4-0d  2:4.9.2-1+deb7u1
ii  libnss3  2:3.14.5-1
ii  libnss3-1d   2:3.14.5-1
ii  libpng12-0   1.2.49-1
ii  librdf0  1.0.15-1+b1
ii  libreoffice-common   1:3.5.4+dfsg2-0+deb7u2
ii  librsvg2-2   2.36.1-2
ii  libsm6   2:1.2.1-2
ii  libssl1.0.0  1.0.1e-2+deb7u3
ii  libstdc++6   4.7.2-5
ii  libx11-6 2:1.5.0-1+deb7u1
ii  libxext6 2:1.3.1-2+deb7u1
ii  libxinerama1 2:1.1.2-1+deb7u1
ii  libxml2  2.8.0+dfsg1-7+nmu2
ii  libxrandr2   2:1.3.2-2+deb7u1
ii  libxrender1  1:0.9.7-1+deb7u1
ii  libxslt1.1   1.1.26-14.1
ii  uno-libs33.5.4+dfsg2-0+deb7u2
ii  ure  3.5.4+dfsg2-0+deb7u2
ii  zlib1g   1:1.2.7.dfsg-13

-- no debconf information


The information in this email and any attachments contain
confidential information and is intended only for the individual
named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail, the attachments or any
part thereof. Please notify the sender immediately by e-mail if you
have received this e-mail by mistake and delete this e-mail from
your system. E-mail transmission cannot be guaranteed to be secure
or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or
omissions in the contents of this message which arise as a result
of e-mail transmission. If verification is required please request
a hard-copy version.
Unless expressly stated, this email is not intended to create any
contractual relationship. If this email is not sent in the course
of the senders employment or fulfilment of his/her duties to Ward
Solutions, Ward Solutions accepts no liability whatsoever 

Bug#735168: libreoffice-calc: Editing/saving XLSX causes chrome rendering issues when document reopened (in both LO and MSXL)

[Andrew Gallagher]

On 13/01/14 12:30, Rene Engelhard wrote:
 
 And please re-check with a uptodate upstream version (e.g. the 4.1.4 from bpo)
 as 3.5.4 is not going to get *any* attention except security updates and 
 updates
 for really important issues - which this isn't.

If I try to open an offending file with 4.1.4, it complains about a
corrupt file, attempts to recover and then fails with The file $(ARG1)
could not be repaired and therefore cannot be opened, and then General
error. This is both better (because it recognises the corruption) and
worse (because now I can't open the file at all).

If I open the repaired xls file the behaviour is unchanged.

-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



signature.asc
Description: OpenPGP digital signature

Bug#735168: libreoffice-calc: Editing/saving XLSX causes chrome rendering issues when document reopened (in both LO and MSXL)

[Andrew Gallagher]

Nope, it seems that 4.1.4 thinks every .xlsx and .docx file on my
computer is corrupt, and fails with the same error. Going back to 3,
thank you. At least I can get some work done.

-- 
Andrew Gallagher
Internetworking and Security Engineer, Ward Solutions Ltd.
Unit 2054 Castle Drive, Citywest, Dublin 24
+353 87 1200174



signature.asc
Description: OpenPGP digital signature

Bug#726426: geany: only saves session state on clean shutdown

[Andrew Gallagher]

Package: geany
Version: 1.22+dfsg-2
Severity: normal


Geany appears to save its session state only when it shuts down cleanly
of its own accord; when killed by a logout or reboot (or worse) its 
session restore returns it to an earlier state.

Expected behaviour:
Geany should save session state either on a timed basis, or whenever
anything significant changes (such as opening or closing tabs)


-- System Information:
Debian Release: 7.1
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages geany depends on:
ii  geany-common1.22+dfsg-2
ii  libatk1.0-0 2.4.0-2
ii  libc6   2.17-7
ii  libcairo2   1.12.2-3
ii  libfontconfig1  2.9.0-7.1
ii  libfreetype62.4.9-1.1
ii  libgcc1 1:4.7.2-5
ii  libgdk-pixbuf2.0-0  2.26.1-1
ii  libglib2.0-02.33.12+really2.32.4-5
ii  libgtk2.0-0 2.24.10-2
ii  libpango1.0-0   1.30.0-1
ii  libstdc++6  4.7.2-5
ii  multiarch-support   2.13-38

geany recommends no packages.

Versions of packages geany suggests:
pn  doc-base  none
ii  libvte9   1:0.28.2-5

-- no debconf information
The information in this email and any attachments contain
confidential information and is intended only for the individual
named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail, the attachments or any
part thereof. Please notify the sender immediately by e-mail if you
have received this e-mail by mistake and delete this e-mail from
your system. E-mail transmission cannot be guaranteed to be secure
or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or
omissions in the contents of this message which arise as a result
of e-mail transmission. If verification is required please request
a hard-copy version.
Unless expressly stated, this email is not intended to create any
contractual relationship. If this email is not sent in the course
of the senders employment or fulfilment of his/her duties to Ward
Solutions, Ward Solutions accepts no liability whatsoever for the
content of this message or any attachment(s). 
Ward Solutions Ltd. Registered in Republic of Ireland at 2054
Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165.



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#704130: virtualbox-guest-dkms: Module build fails on kernel 3.2 - please apply upstream patch

[Andrew Gallagher]

Package: virtualbox-guest-dkms
Version: 4.0.10-dfsg-1~bpo60+1
Severity: important


MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
From: Andrew Gallagher andr...@andrewg.com
To: Debian Bug Tracking System sub...@bugs.debian.org
Subject: virtualbox-guest-dkms: module build fails on kernel 3.2 - please 
implement
 upstream patch
Message-ID: 20130328110730.6268.72127.reportbug@itchy
X-Mailer: reportbug 4.12.6
Date: Thu, 28 Mar 2013 11:07:30 +

Package: virtualbox-guest-dkms
Version: 4.0.10-dfsg-1~bpo60+1
Severity: important


There is an error building utils.o under kernel 3.2 - this has been fixed 
upstream
for some time and a patch is available:

https://www.virtualbox.org/changeset/39224/vbox


Transcript:

agallagher@itchy:~$ sudo apt-get install --reinstall virtualbox-guest-dkms
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libbase-java-openoffice.org libxerces2-java fonts-opensymbol mesa-common-dev 
libxerces2-java-gcj
  libserializer-java-openoffice.org libjaxp1.3-java-gcj
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 0 B/547 kB of archives.
After this operation, 0 B of additional disk space will be used.
(Reading database ... 142544 files and directories currently installed.)
Preparing to replace virtualbox-guest-dkms 4.0.10-dfsg-1~bpo60+1 (using 
.../virtualbox-guest-dkms_4.0.10-dfsg-1~bpo60+1_all.deb) ...

--
Deleting module version: 4.0.10
completely from the DKMS tree.
--
Done.
Unpacking replacement virtualbox-guest-dkms ...
Setting up virtualbox-guest-dkms (4.0.10-dfsg-1~bpo60+1) ...
Loading new virtualbox-guest-4.0.10 DKMS files...
Building only for 3.2.0-0.bpo.4-rt-amd64
Building initial module for 3.2.0-0.bpo.4-rt-amd64

Error! Bad return status for module build on kernel: 3.2.0-0.bpo.4-rt-amd64 
(x86_64)
Consult the make.log in the build directory
/var/lib/dkms/virtualbox-guest/4.0.10/build/ for more information.
agallagher@itchy:~$ tail -20 
/var/lib/dkms/virtualbox-guest/4.0.10/build/make.log
  LD [M]  /var/lib/dkms/virtualbox-guest/4.0.10/build/vboxguest/vboxguest.o
  LD  /var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/built-in.o
  CC [M]  /var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/vfsmod.o
  CC [M]  /var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/dirops.o
  CC [M]  /var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/lnkops.o
  CC [M]  /var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/regops.o
  CC [M]  /var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/utils.o
/var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/utils.c: In function 
‘sf_init_inode’:
/var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/utils.c:112: error: 
assignment of read-only member ‘i_nlink’
/var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/utils.c:121: error: 
assignment of read-only member ‘i_nlink’
/var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/utils.c:131: error: 
assignment of read-only member ‘i_nlink’
/var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/utils.c: In function 
‘sf_nlscpy’:
/var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/utils.c:562: warning: 
passing argument 3 of ‘utf8_to_utf32’ from incompatible pointer type
/usr/src/linux-headers-3.2.0-0.bpo.4-common-rt/include/linux/nls.h:53: note: 
expected ‘unicode_t *’ but argument is of type ‘wchar_t *’
make[4]: *** [/var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf/utils.o] Error 
1
make[3]: *** [/var/lib/dkms/virtualbox-guest/4.0.10/build/vboxsf] Error 2
make[2]: *** [_module_/var/lib/dkms/virtualbox-guest/4.0.10/build] Error 2
make[1]: *** [sub-make] Error 2
make: *** [all] Error 2
make: Leaving directory `/usr/src/linux-headers-3.2.0-0.bpo.4-rt-amd64'


-- System Information:
Debian Release: 6.0.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-0.bpo.4-rt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages virtualbox-guest-dkms depends on:
ii  dkms   2.1.1.2-5 Dynamic Kernel Module Support Fram
ii  virtualbox-guest-u 4.0.10-dfsg-1~bpo60+1 x86 virtualization solution - non-

virtualbox-guest-dkms recommends no packages.

virtualbox-guest-dkms suggests no packages.

-- no debconf information

-- System Information:
Debian Release: 6.0.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-0.bpo.4-rt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages virtualbox-guest-dkms depends on:
ii  dkms   2.1.1.2-5 Dynamic Kernel Module Support Fram
ii  virtualbox-guest-u 4.0.10

Bug#675346: courier-imap reports LOGINDISABLED when IMAP_TLS_REQUIRED is set in /etc/courier/imapd-ssl

[Andrew Gallagher]

Package: courier-imap
Version: 4.8.0-3
Severity: important

courier-imap listens only on localhost, as I have courier-imap-ssl installed 
for connections from outside, and
it is configured to enforce TLS on all connections. Non-ssl courier-imap is 
installed so that I do not need to
configure TLS client behaviour on localhost squirrelmail.

After I upgraded to my current version, courier-imap logins from squirrelmail 
on localhost started to fail.
I traced this to courier-imap erroneously reporting LOGINDISABLED.

It turns out that if I set IMAP_TLS_ONLY=0 in /etc/courier/imapd-ssl the 
problem goes away. Why should non-ssl 
courier-imap behaviour depend on a foreign configuration file?


TO REPRODUCE:

install both courier-imap and courier-imap-ssl
set IMAP_TLS_REQUIRED=1 in /etc/courier/imapd-ssl
service courier-imap restart
telnet localhost 143
(CAPABILITY ~ LOGINDISABLED)

set IMAP_TLS_REQUIRED=0 in /etc/courier/imapd-ssl
service courier-imap restart
telnet localhost 143
(CAPABILITY !~ LOGINDISABLED)



-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.39.1-linode34 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages courier-imap depends on:
ii  courier-authlib 0.63.0-3 Courier authentication library
ii  courier-base0.65.0-3 Courier mail server - base system
ii  libc6   2.11.3-2 Embedded GNU C Library: Shared lib
ii  libfam0 2.7.0-17 Client library to control the FAM 
ii  libgdbm31.8.3-9  GNU dbm database routines (runtime
ii  postfix [mail-transport 2.7.1-1+squeeze1 High-performance mail transport ag

courier-imap recommends no packages.

Versions of packages courier-imap suggests:
pn  courier-docnone(no description available)
ii  courier-imap-ssl   4.8.0-3   Courier mail server - IMAP over SS
ii  mutt [imap-client] 1.5.20-9+squeeze2 text-based mailreader supporting M

-- Configuration Files:
/etc/courier/imapd changed:
ADDRESS=127.0.0.1
PORT=143
MAXDAEMONS=40
MAXPERIP=20
PIDFILE=/var/run/courier/imapd.pid
TCPDOPTS=-nodnslookup -noidentlookup
AUTHMODULES=authdaemon
AUTHMODULES_ORIG=authdaemon
DEBUG_LOGIN=1
IMAP_CAPABILITY=IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES SORT QUOTA IDLE AUTH=LOGIN
IMAP_KEYWORDS=1
IMAP_CAPABILITY_ORIG=IMAP4rev1 UIDPLUS CHILDREN NAMESPACE 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 
IDLE
IMAP_IDLE_TIMEOUT=60
IMAP_CAPABILITY_TLS=$IMAP_CAPABILITY AUTH=PLAIN
IMAP_CAPABILITY_TLS_ORIG=$IMAP_CAPABILITY_ORIG AUTH=PLAIN
IMAP_DISABLETHREADSORT=0
IMAP_CHECK_ALL_FOLDERS=0
IMAP_OBSOLETE_CLIENT=0
IMAP_ULIMITD=65536
IMAP_USELOCKS=1
IMAP_SHAREDINDEXFILE=/etc/courier/shared/index
IMAP_ENHANCEDIDLE=0
IMAP_TRASHFOLDERNAME=Trash
IMAP_EMPTYTRASH=Trash:7
IMAP_MOVE_EXPUNGE_TO_TRASH=0
OUTBOX=.Outbox
SENDMAIL=/usr/local/bin/stripandsend
HEADERFROM=X-IMAP-Sender
IMAPDSTART=YES
MAILDIRPATH=Maildir
IMAP_MAILBOX_SANITY_CHECK=0


-- debconf information:
  courier-imap/moveconfig: true



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#587154: debian dist-upgrade breaks existing sympa config

[Andrew Gallagher]

This bug also crops up when upgrading from v5 to v6 on lenny-squeeze
dist upgrade. In particular, it forgot my db password and I had to reset.

Saying that files called *.conf under the /etc/ tree are not conffiles
is disingenuous. If they contain user-editable settings they should not
be overwritten on upgrades. This is basic stuff.

-- 
Andrew Gallagher
Senior Technician, Digital Enterprise Research Institute
NUI Galway, Ireland



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#511932: python-pyrss2gen: Doesn't update lastBuildDate when updating existing rss file

[Andrew Gallagher]

Package: python-pyrss2gen
Version: 1.0.0-3
Severity: important


When updating an existing rss file, the lastBuildDate field is not updated to
the current time. NetNewsWire, for one, behaves strangely when items in the
feed are more recent than the apparent age of the rss file.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_IE.utf-8, LC_CTYPE=en_IE.utf-8 (charmap=UTF-8)

Versions of packages python-pyrss2gen depends on:
ii  python2.4.4-2An interactive high-level object-o
ii  python-central0.5.12 register and build utility for Pyt

python-pyrss2gen recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#511932: Bug report recanted - sorry!

[Andrew Gallagher]

Sorry!

I sent this bug report to the wrong maintainer - it's a script that uses
your code that is at fault.

Apologies.

Andrew.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#511353: logcheck-database: OpenVPN log messages have changed slightly in 2.1~rc11-1

[Andrew Gallagher]

Package: logcheck-database
Version: 1.2.68
Severity: normal
Tags: patch


Two lines in /etc/logcheck/ignore.d.server/openvpn need modified:
Connection reset, restarting message can return negative error code
SENT CONTROL ... PUSH_REPLY message has a new field topology WORD

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:( 
([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Connection reset, 
restarting \[-?[[:digit:]]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:( 
([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5}( \[[-_.[:alnum:]]+\])?)? 
SENT CONTROL \[[-_.[:alnum:]]+\]: 'PUSH_REPLY,route [.[:digit:]]{7,15} 
[.[:digit:]]+,(topology [[:alnum:]]+,)?ping [[:digit:]]+,ping-restart 
[[:digit:]]+,ifconfig [.[:digit:]]{7,15} [.[:digit:]]{7,15}' \(status=1\)$


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.18-xenU-xp070501 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-- debconf information:
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:
  logcheck-database/conffile-cleanup: false



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#451094: logcheck: amavisd-new Passed CLEAN rule fails to match

[Andrew Gallagher]

Package: logcheck
Version: 1.2.63
Severity: normal

I've just found another problem in ignore.d.server/amavisd-new. The
clause just after Passed CLEAN, should read:

( \[[.:[:xdigit:]]+\]){0,2}

so it can also match zero instances (as per amavisd-new 1:2.5.2-2).

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.18-xenU-xp070519 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser  3.105   add and remove users and groups
ii  cron 3.0pl1-100  management of regular
background p
ii  lockfile-progs   0.1.11  Programs for locking and
unlocking
ii  logtail  1.2.63  Print log file lines that
have not
ii  mailx1:8.1.2-0.20070424cvs-1 A simple mail user agent
ii  postfix [mail-tr 2.4.5-3 High-performance mail
transport ag
ii  sysklogd [system 1.5-1   System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database 1.2.63 database of system log
rules for t

-- debconf information:
  logcheck/changes:
* logcheck/install-note:






-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#451118: logcheck: Suggested couriertcpd rules

[Andrew Gallagher]

Package: logcheck
Version: 1.2.63
Severity: wishlist
Tags: patch

There are currently no rules matching couriertcpd. I have found the following
work with courier-imap-ssl = 4.2.0-1 and courier-base = 0.57.0-1 . It may
be worth merging these with the other courier rulesets.


^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\], 
command=(CAPABILITY|AUTHENTICATE|LOGIN)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\], 
username=[._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN, user=[._[:alnum:]-]+, 
ip=\[[.:[:alnum:]]+\], port=\[[[:digit:]]+\], protocol=(POP|IMAP)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, 
ip=\[[.:[:alnum:]]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Disconnected, 
ip=\[[.:[:alnum:]]+\], time=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: (LOGOUT|TIMEOUT|DISCONNECTED), 
[EMAIL PROTECTED]:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, 
body=[0-9]+, rcvd=[0-9]+, sent=[0-9]+, time=[0-9]+$



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.18-xenU-xp070519 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser  3.105   add and remove users and groups
ii  cron 3.0pl1-100  management of regular background p
ii  lockfile-progs   0.1.11  Programs for locking and unlocking
ii  logtail  1.2.63  Print log file lines that have not
ii  mailx1:8.1.2-0.20070424cvs-1 A simple mail user agent
ii  postfix [mail-tr 2.4.5-3 High-performance mail transport ag
ii  sysklogd [system 1.5-1   System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database 1.2.63 database of system log rules for t

-- debconf information:
  logcheck/changes:
* logcheck/install-note:



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#450928: logcheck: amavisd-new Passed CLEAN rule fails to match

[Andrew Gallagher]

Package: logcheck
Version: 1.2.63
Severity: normal

The amavisd-new rules fail to ignore Passed CLEAN messages due to a missing 
regexp clause ( size: [[:digit:]]+,)?. The first line should read as follows:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: 
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){1,2} [^]* - [^]*(
,[^]*)*, Message-ID: [^]+( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( 
Resent-Message-ID: [^]+,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[
:digit:]]*)+,( size: [[:digit:]]+,)? queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.18-xenU-xp070519 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser  3.105   add and remove users and groups
ii  cron 3.0pl1-100  management of regular background p
ii  lockfile-progs   0.1.11  Programs for locking and unlocking
ii  logtail  1.2.63  Print log file lines that have not
ii  mailx1:8.1.2-0.20070424cvs-1 A simple mail user agent
ii  postfix [mail-tr 2.4.5-3 High-performance mail transport ag
ii  sysklogd [system 1.5-1   System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database 1.2.63 database of system log rules for t

-- debconf information:
  logcheck/changes:
* logcheck/install-note:



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#450435: courier-imap-ssl: Config option TLS_PROTOCOL meaning change breaks server by default

[Andrew Gallagher]

Package: courier-imap-ssl
Version: 4.2.0-1
Severity: important

The fix for bug #442271 is inadequate, as it requires manual intervention to 
avoid breaking an existing server after upgrade. The meaning of config file 
options should not change unexpectedly, and using a new option to restore 
the old (expected) behaviour only causes confusion. A better solution would
be to create a new value (e.g. SSL3_ONLY) for the new behaviour, and either 
a) keep he old meaning of SSL3 (=SSL23) or b) deprecate the use of SSL3, 
thus generating a succinct error message.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.18-xenU-xp070519 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages courier-imap-ssl depends on:
ii  courier-imap  4.2.0-1.   Courier Mail Server - IMAP server
ii  courier-ssl   0.57.0-1   Courier Mail Server - SSL/TLS Supp
ii  openssl   0.9.8g-1   Secure Socket Layer (SSL) binary a

courier-imap-ssl recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]