Bug#987690: openafs-fileserver: Servers do not work with des3-cbc-sha1 keys

2021-04-27 Thread Chaskiel Grundman 
Package: openafs-fileserver
Version: 1.8.2-1+deb10u1
Severity: important
Tags: upstream

Dear Maintainer,

The servers in this release do not work when used with des3-cbc-sha1
(enctype 16) keys. The requested size of the key is computed incorrectly
as 21 bytes instead of 24, and authcon.c:_afsconf_GetRxkadKrb5Key rejects
the key from the KeyFileExt. If the 3des key is the only one available,
it is impossible to authenticate to the server, even with -localauth.

This has been fixed upstream (https://gerrit.openafs.org/#/c/14203/),
but the patch is apparently not yet in any release

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
'stable-debug'), (500, 'proposed-updates-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/1 CPU core)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openafs-fileserver depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6  2.28-10
ii  libhcrypto4-heimdal7.5.0+dfsg-3
ii  libroken18-heimdal 7.5.0+dfsg-3
ii  lsb-base   10.2019051400
ii  openafs-client 1.8.2-1+deb10u1

Versions of packages openafs-fileserver recommends:
ii  ntp  1:4.2.8p12+dfsg-4

Versions of packages openafs-fileserver suggests:
pn  openafs-doc  

-- debconf information:
  openafs-fileserver/thiscell: grand.central.org
  openafs-fileserver/alpha-broken:

Bug#986702: openafs-fileserver: Upgrade from stretch broken (missing dependency)

2021-04-09 Thread Chaskiel Grundman 
Package: openafs-fileserver
Version: 1.8.2-1+deb10u1
Severity: important

Dear Maintainer,
While upgrading a system from stretch (9.9) to buster (10.9), I had a
failure in this package:

Setting up openafs-fileserver (1.8.2-1+deb10u1) ...
/var/lib/dpkg/info/openafs-fileserver.postinst: 24:
/var/lib/dpkg/info/openafs-fileserver.postinst: akeyconvert: not found
dpkg: error processing package openafs-fileserver (--configure):
 installed openafs-fileserver package post-installation script
subprocess returned error exit status 127
dpkg: dependency problems prevent configuration of openafs-dbserver:
 openafs-dbserver depends on openafs-fileserver; however:
  Package openafs-fileserver is not configured yet.

dpkg: error processing package openafs-dbserver (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 openafs-fileserver
 openafs-dbserver
E: Sub-process /usr/bin/dpkg returned an error code (1)

It appears that this package needs to depend on openafs-krb5, or that
the postinst needs to not attempt to convert the keys.

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-11-amd64 (SMP w/1 CPU core)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openafs-fileserver depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6  2.28-10
ii  libhcrypto4-heimdal7.5.0+dfsg-3
ii  libroken18-heimdal 7.5.0+dfsg-3
ii  lsb-base   10.2019051400
ii  openafs-client 1.8.2-1+deb10u1

Versions of packages openafs-fileserver recommends:
ii  ntp  1:4.2.8p12+dfsg-4

Versions of packages openafs-fileserver suggests:
pn  openafs-doc  

-- debconf information:
  openafs-fileserver/thiscell: grand.central.org
  openafs-fileserver/alpha-broken:

Bug#925550: signing cert EKU

2019-08-01 Thread Chaskiel Grundman 
The problem openssl has is with the intermediate signing certificate's
extendedKeyUsage.
openssl wants codeSigning (1.3.6.1.5.5.7.3.3) or emailProtection
(1.3.6.1.5.5.7.3.4).

The certificate actually has msCTLSign ("Microsoft Trust List Signing",
1.3.6.1.4.1.311.10.3.1) for some reason. The only use for this EKU appears
to be certificate list updates.

Bug#847493: The bug is in pyside

2017-01-03 Thread Chaskiel Grundman 
The real bug is in pyside (#744741) which does not publish egg-info.
If/when pyside is fixed, this package will have to depend on the pyside package 
that provides the egg-info, which will probably be the current metapackage.

Alternatively, the easy_install generated script could be replaced with 
something that does not depend on pkg_resources. (e.g. a bash script that runs 
python2.7 -m pivman, as suggested by Alexandre Vaissière in 744741)

Bug#760860: sa-exim: Causes spamassassin --lint to display warnings; makes cronjobs send error reports

2014-09-08 Thread Chaskiel Grundman 
Package: sa-exim
Version: 4.2.1-14
Severity: minor
Tags: patch

As reported by others (#687149), installing sa-exim causes spamassassin's
daily cronjobs to emit warnings, which are sent to root. e.g.

/etc/cron.daily/spamassassin:
Sep  8 07:33:57.584 [8468] warn: Couldn't get Connecting IP header 
X-SA-Exim-Connect-IP for message 1410176036@lint_rules, skipping greylisting 
call Couldn't get Connecting IP header X-SA-Exim-Connect-IP for message 
1410176042@lint_rules, skipping greylisting 

While I currently have spamassassin 3.4.0 from backports intalled, it affects
the stable 3.3.2 the same way

The attached patch makes the greylisting function return immediately if 
spamassassin is linting. A more conservative approach would be to only
downgrade the warning message during lint (as the spamassassin FreeMail
plugin does)
-- System Information:
Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages sa-exim depends on:
ii  debconf [debconf-2.0]1.5.49
ii  exim4-daemon-heavy [exim4-localscanapi-1.1]  4.80-7
ii  libc62.13-38+deb7u4
ii  spamc3.4.0-2~bpo70+1

Versions of packages sa-exim recommends:
ii  perl  5.14.2-21+deb7u1

Versions of packages sa-exim suggests:
ii  spamassassin  3.4.0-2~bpo70+1

-- Configuration Files:
/etc/cron.d/greylistclean changed:
33 * * * * debian-spamd [ -x /usr/share/sa-exim/greylistclean ]  
/usr/share/sa-exim/greylistclean

/etc/exim4/sa-exim.conf changed:
SAEximDebug: 1
SAspamcpath: /usr/bin/spamc
SAspamcHost: 127.0.0.1
SAspamcPort: 783
SAEximRunCond: ${if and {{def:sender_host_address} {!eq 
{$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{::1
SAmaxbody: 256000
SATruncBodyCond: 0
SARewriteBody: 0
SAPrependArchiveWithFrom: 1
SAmaxarchivebody: 20971520
SAerrmaxarchivebody: 1073741824
SAmaxrcptlistlength: 8000
SAaddSAEheaderBeforeSA: 1
SAtimeoutsave: /var/spool/sa-exim/SAtimeoutsave
SAtimeoutSavCond: 1
SAerrorsave: /var/spool/sa-exim/SAerrorsave
SAerrorSavCond: 1
SAtemprejectonerror: 0
SAteergrubetime: 900
SAteergrubeSavCond: 0
SAteergrubesave: /var/spool/sa-exim/SAteergrube
SAteergrubeoverwrite: 1
SAdevnull: 20.0
SAdevnullSavCond: 0
SAdevnullsave: /var/spool/sa-exim/SAdevnull
SApermreject: ${if and { {!eq {$sender_host_address}{128.2.200.12}} {!eq 
{$sender_host_address}{128.2.204.218}} {!eq 
{$sender_host_address}{128.2.235.26}} } {6.0}{}}
SApermrejectSavCond: 0
SApermrejectsave: /var/spool/sa-exim/SApermreject
SAtempreject: ${if and { {!eq {$sender_host_address}{128.2.200.12}} {!eq 
{$sender_host_address}{128.2.204.218}} {!eq 
{$sender_host_address}{128.2.235.26}} } {3.0}{}}
SAtemprejectSavCond: 0
SAtemprejectsave: /var/spool/sa-exim/SAtempreject
SAtemprejectoverwrite: 1
SAgreylistiswhitestr: GREYLIST_ISWHITE
SAgreylistraisetempreject: 9.0
SAspamacceptsave: /var/spool/sa-exim/SAspamaccept
SAspamacceptSavCond: 0
SAnotspamsave: /var/spool/sa-exim/SAnotspam
SAnotspamSavCond: 0
SAmsgteergrubewait: Wait for more output
SAmsgteergruberej: Please try again later
SAmsgpermrej: Rejected
SAmsgtemprej: Please try again later
SAmsgerror: Temporary local error while processing message, please contact 
postmaster.


-- debconf information:
  sa-exim/purge_spool: false
--- Greylisting.pm.orig	2014-09-08 10:47:05.0 -0400
+++ Greylisting.pm	2014-09-08 10:38:24.0 -0400
@@ -63,6 +63,10 @@
 my $dontcheckscore;
 my %option;
 
+if ($self-{main}-{lint_rules}) {
+   Mail::SpamAssassin::Plugin::dbg(GREYLISTING: disabled while linting);
+   return 0;
+}
 Mail::SpamAssassin::Plugin::dbg(GREYLISTING: called function);
 
 $optionhash  =~ s/;/,/g;

Bug#687149: Does not only affect squeeze

2014-09-08 Thread Chaskiel Grundman 
The sa-exim part of this does not only affect squeeze. Both wheezy 
(3.3.2-5+deb7u1) and backports (3.4.0-2~bpo70+1) produce the

Couldn't get Connecting IP header X-SA-Exim-Connect-IP for message 
1410186651@lint_rules, skipping greylisting call messages.



I have filed 760860 against sa-exim, with a patch, to try and get this solved

Bug#746643: OpenCL not supported by lastest NVIDIA driver

2014-05-16 Thread Chaskiel Grundman 
In order for the uvm module to import the proper symbol versions from the main 
nvidia module, the Modules.symvers file must be copied into the uvm 
subdirectory after nvidia.ko is built and before nvidia-uvm.ko is built

Bug#719943: I am also having this problem

2013-12-12 Thread Chaskiel Grundman 
I am using the debian kernel from jessie (3.11-2-amd64) and also have this 
problem.

The kernel debug package was not installed when the crashes occurred.

the crash 'log' command shows the log normally

For, now, I am commenting out the makedumpfile --dump-dmesg line from the 
kdump-config script.

--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#699789: FTBFS: samples/wrapper depends on zip library

2013-02-04 Thread Chaskiel Grundman 
Source: boinc
Version: 7.0.45+dfsg-1
Severity: normal

Dear Maintainer,
I wanted to use the experimental version to provide app_config.xml support.
Unfortunately, the binary deb for amd64 depends on the experimental libc,
so I tried building it with sbuild. That did not work, since samples/wrapper
depends on the not-built zip library. I have not yet had time to patch the
source package to skip samples/wrapper.



-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#682819: fwknop-client: not compatible with old fwknop-server

2012-07-25 Thread Chaskiel Grundman 
Package: fwknop-client
Version: 2.0.0rc2-2
Severity: important

It appears that 2.0.0rc2 is not completely compatible with 1.9.12. I have
a squeeze machine that I run fwknop-server on, and connect
from my wheezy laptop. When I try to connect with this command line:


fwknop -A tcp/22,tcp/443,tcp/902 -R --gpg-signer-key=FAE55EC7 --gpg-recipient 
6F000801 -D yeltsin.andrew.cmu.edu

the server logs:

Jul 25 16:53:52 yeltsin fwknopd: received valid GnuPG encrypted packet (signed 
with required key ID: FAE55EC7) from: 71.182.238.47, remote user: cg2v, 
client version: 1.9.12 (SOURCE line num: 26)
Jul 25 16:53:52 yeltsin fwknopd: Could not work out access to ports from SPA 
packet originating from: 71.182.238.47

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fwknop-client depends on:
ii  libc62.13-33
ii  libfko0  2.0.0rc2-2

fwknop-client recommends no packages.

fwknop-client suggests no packages.

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#682819: Apparently unreproduceable.

2012-07-25 Thread Chaskiel Grundman 
tags 682819 + unreproduceable
thanks

I restarted the perl server (in part so I could run it with debugging), and now 
it is working for me. I'm not sure what if anything should be done about this 
now.

--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#673414: libwine-gecko-unstable: Should be multi-arch: foreign

2012-05-18 Thread Chaskiel Grundman 
Package: libwine-gecko-unstable
Version: 1.0.0+dfsg-1.1
Severity: normal

I am trying to install wine-unstable from i386 on amd64, so as to not have
ia32-libs present. Ignoring lcms and printing, the only thing that I think
is still blocking this is wine-bin-unstable's dependency on
libwine-gecko-unstable.

For reasons that aren't entirely clear to me, arch: all packages must still
be marked Multi-Arch: foreign to satisfy cross-arch dependencies. Please do
this for libwine-gecko-unstable.

Thanks

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#633656: opensc: Remove dev files if libraries really are private

2011-07-27 Thread Chaskiel Grundman 
Package: opensc
Version: 0.12.1-1.1
Followup-For: Bug #633656

Since the maintainer has decided to go along with the upstreams idea that
the library interface is private and should not be used by applications,
the job should be finished. libopensc.la, libopensc.a, and libopensc.so
should not be present in the package if debian users and packages aren't
supposed to use them.



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (989, 'testing'), (49, 'experimental'), (49, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opensc depends on:
ii  libc6   2.13-10  Embedded GNU C Library: Shared lib
ii  libltdl72.4-2A system independent dlopen wrappe
ii  libssl1.0.0 1.0.0d-3 SSL shared libraries
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime

opensc recommends no packages.

opensc suggests no packages.

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#607204: awstats produces invalid XHTML

2011-06-18 Thread Chaskiel Grundman 
I think this the validation failures are mostly because it's marked 
as XHTML Strict whereas it's actually transitional. If I change the 
doctype (and fix the selected=true thing), the output validates.





--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#630943: awstats: HTML output nits

2011-06-18 Thread Chaskiel Grundman 
Package: awstats
Version: 6.9.5~dfsg-5
Severity: minor
Tags: patch

I have noticed several minor issues with the HTML output of awstats

1) it mis-marks its xhtml output as conforming to xhtml 1.0 strict, but it
is really transitional (as the non-xml html output is marked)
2) the non-xml html declaration doesn't include the system identifier.
this causes tidy to not recognize it, and also means that gecko browsers
use quirks mode rather than standards compliance mode.
3) option selected=true is not valid. You're supposed to use 
option selected=selected
4) the CSS content is surrounded by HTML comments, which causes firefox to log
Selector expected. Ruleset ignored due to bad selector
Random webpages suggest that this practice hasn't been recommended 
since 2002ish.
5) even more minor. A font tag is used to trigger some css, where 
a span would do. This use of font triggers a tidy warning

-- System Information:
Debian Release: 6.0.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages awstats depends on:
ii  perl  5.10.1-17  Larry Wall's Practical Extraction 

Versions of packages awstats recommends:
ii  coreutils 8.5-1  GNU core utilities
ii  libnet-xwhois-perl0.90-3 Whois Client Interface for Perl5

Versions of packages awstats suggests:
ii  apache22.2.16-6+squeeze1 Apache HTTP Server metapackage
ii  apache2-mpm-event [htt 2.2.16-6+squeeze1 Apache HTTP Server - event driven 
pn  libgeo-ipfree-perl none(no description available)
pn  libnet-dns-perlnone(no description available)
pn  libnet-ip-perl none(no description available)
ii  liburi-perl1.54-2module to manipulate and access UR

-- Configuration Files:
/etc/awstats/awstats.conf changed [not included]
/etc/awstats/awstats.conf.local changed [not included]
/etc/cron.d/awstats changed [not included]

-- no debconf information
 text/html; charset="us-ascii": Unrecognized

Bug#621875: krb5-config: Update config for Carnegie Mellon University (ANDREW.CMU.EDU)

2011-04-10 Thread Chaskiel Grundman 

On Sun, 10 Apr 2011, Sam Hartman wrote:


Any reason to keep the entry around at all?
We could just drop it and depend on SRV records.


If all relevant implementations do SRV, then that would be fine.



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#621875: krb5-config: Update config for Carnegie Mellon University (ANDREW.CMU.EDU)

2011-04-09 Thread Chaskiel Grundman 
Package: krb5-config
Version: 2.2
Severity: wishlist

Please replace the ANDREW.CMU.EDU realm configuration with

ANDREW.CMU.EDU = {
kdc = kerberos.andrew.cmu.edu
kdc = kerberos2.andrew.cmu.edu
kdc = kerberos3.andrew.cmu.edu
admin_server = kerberos.andrew.cmu.edu
default_domain = andrew.cmu.edu
}

The old names were deprecated a while ago, but will continue to work for
the forseeable future.

Thanks

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (101, 'unstable'), (49, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages krb5-config depends on:
ii  bind9-host1:9.7.3.dfsg-1 Version of 'host' bundled with BIN
ii  debconf [debconf-2.0] 1.5.38 Debian configuration management sy

krb5-config recommends no packages.

krb5-config suggests no packages.

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#615086: /usr/lib32/libX11.so.6: Please update libx11 to compensate for missing XKeySymDB

2011-02-25 Thread Chaskiel Grundman 
Package: ia32-libs
Version: 20110117
Severity: normal
File: /usr/lib32/libX11.so.6

I have a (commercial) 32bit binary that's now failing with a set of errors 
like this:

Warning: translation table syntax error: Unknown keysym name:  osfHelp
Warning: ... found while parsing '~Shift ~Ctrl ~AltKeyosfHelp: Help()'
Warning: String to TranslationTable conversion encountered errors

and then crashing. This seems to be because XKeySymDB was removed from
libx11-data, presumably because StringToKeysym now supports all the vendor
keysyms (http://patchwork.freedesktop.org/patch/1295/)

the 32 bit libx11 doesn't seem to have that update, based on 
grep osfHelp /usr/lib{,32}/libX11.so.6


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (101, 'unstable'), (49, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ia32-libs depends on:
ii  dpkg1.15.8.10Debian package management system
ii  lib32asound21.0.23-2.1   shared library for ALSA applicatio
ii  lib32bz2-1.01.0.5-6  high-quality block-sorting file co
ii  lib32gcc1   1:4.4.5-12   GCC support library (32 bit Versio
ii  lib32ncurses5   5.7+20100313-5   shared libraries for terminal hand
ii  lib32stdc++64.4.5-12 The GNU Standard C++ Library v3 (3
ii  lib32v4l-0  0.8.3-1  Collection of video4linux support 
ii  lib32z1 1:1.2.3.4.dfsg-3 compression library - 32 bit runti
ii  libc6-i386  2.11.2-11Embedded GNU C Library: 32-bit sha

ia32-libs recommends no packages.

Versions of packages ia32-libs suggests:
ii  ia32-libs-gtk 20110117   GTK+ ia32 shared libraries

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#594236: shishi: no libresolv, SRV RRs not used

2010-08-24 Thread Chaskiel Grundman 

Package: shishi
Version: 1.0.0-1
Severity: important

shishi's build log includes:
configure: WARNING: no libresolv, SRV RRs not used
checking for res_query in -lresolv... no

and indeed, shishi fails to find kdcs using SRV records.

This seems to be because libresolv exports __res_query, not res_query, and
relies on macros in resolv.h to fix up the names. So, you're either going
to need a more complex test using AC_LINK_IFELSE, or assume that if
AC_CHECK_DECL says res_query is in resolv.h, then it will link when you 
use -lresolv



-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (989, 'testing'), (50, 'unstable'), (49, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages shishi depends on:
ii  libc6 2.11.2-2   Embedded GNU C Library: Shared lib
ii  libgcrypt11   1.4.5-2LGPL Crypto library - runtime libr
ii  libgpg-error0 1.6-1  library for common error values an
ii  libshishi01.0.0-1Library for the Shishi Kerberos v5

shishi recommends no packages.

Versions of packages shishi suggests:
ii  shishi-doc1.0.0-1Documentation for Shishi

-- debconf-show failed



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517478: krb5-auth-dialog: Does not implement X session

2010-06-10 Thread Chaskiel Grundman 

On Tue, 8 Jun 2010, Guido Günther wrote:


Hi,
I rechecked and it works fine here with GNOME 2.30. No additional
arguments being passed - it seems that gnome-session got fixed to not
pass these deprecated arguments. Could you check if it works for you to?
I'll close the report then.


I don't see the sm-prefix  messages in .xsession-errors anymore, so it is 
probably ok.


gnome-session-properties doesn't have the 'view current session' dialog 
anymore, so I cannot see what gnome-session thinks.


In any case, you can close this.

Bug#578334: devscripts: bts is using sendmail/exim even though --smtp-host is used

2010-04-18 Thread Chaskiel Grundman 
Package: devscripts
Version: 2.10.61
Severity: normal

My MTA is not configured to send non-local mail because it's usually on a dsl
network. Instead, all my MUA's use smtp auth to a server at my employer.

bts doesn't seem to be honoring this anymore:

If I run it like so (or with stuff configured in ~/.devscripts):
$ bts --smtp-host=smtps://smtp.andrew.cmu.edu --smtp-username=cg2v subscribe  
577809
Null message body; hope that's ok

The message is submitted via exim and bounces:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  577809-subscr...@bugs.debian.org
Mailing to remote domains not supported



-- Package-specific info:

--- /etc/devscripts.conf ---

--- ~/.devscripts ---
BTS_SMTP_HOST=smtps://smtp.andrew.cmu.edu

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (989, 'testing'), (50, 'unstable'), (49, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages devscripts depends on:
ii  dpkg-dev  1.15.5.6   Debian package development tools
ii  libc6 2.10.2-6   Embedded GNU C Library: Shared lib
ii  perl  5.10.1-11  Larry Wall's Practical Extraction 

Versions of packages devscripts recommends:
ii  at 3.1.12-1  Delayed job execution and batch pr
ii  bsd-mailx [mailx]  8.1.2-0.20100314cvs-1 simple mail user agent
ii  curl   7.20.0-3+b1   Get a file from an HTTP, HTTPS or 
ii  cvs1:1.12.13-12  Concurrent Versions System
ii  dctrl-tools2.14  Command-line tools to process Debi
ii  debian-keyring [de 2010.03.31GnuPG (and obsolete PGP) keys of D
ii  dput   0.9.5.1   Debian package upload tool
ii  elinks [www-browse 0.12~pre5-2   advanced text-mode WWW browser
ii  epiphany-browser [ 2.29.3-1  Intuitive GNOME web browser
ii  equivs 2.0.8 Circumvent Debian package dependen
ii  fakeroot   1.14.4-1  Gives a fake root environment
ii  git-core   1:1.7.0-1 fast, scalable, distributed revisi
ii  gnupg  1.4.10-2  GNU privacy guard - a free PGP rep
ii  iceweasel [www-bro 3.5.9-2   Web browser based on Firefox
ii  libauthen-sasl-per 2.14-1Authen::SASL - SASL Authentication
ii  libcrypt-ssleay-pe 0.57-2Support for https protocol in LWP
ii  libparse-debcontro 2.005-2   Easy OO parsing of Debian control-
ii  libsoap-lite-perl  0.711-1   Perl implementation of a SOAP clie
ii  libterm-size-perl  0.2-4+b1  Perl extension for retrieving term
ii  libtimedate-perl   1.2000-1  collection of modules to manipulat
ii  liburi-perl1.54-1module to manipulate and access UR
ii  libwww-perl5.834-1   Perl HTTP/WWW client/server librar
ii  libyaml-syck-perl  1.07-1fast, lightweight YAML loader and 
ii  lintian2.3.4 Debian package checker
ii  lsb-release3.2-23Linux Standard Base version report
ii  lynx-cur [www-brow 2.8.8dev.2-1  Text-mode WWW Browser with NLS sup
ii  lzma   4.43-14   Compression method of 7z format in
ii  man-db 2.5.7-2   on-line manual pager
ii  mercurial  1.4.1-1+b1scalable distributed version contr
ii  openssh-client [ss 1:5.3p1-3 secure shell (SSH) client, for sec
ii  patch  2.6-2 Apply a diff file to an original
ii  patchutils 0.3.1-2   Utilities to work with patches
ii  sensible-utils 0.0.2 Utilities for sensible alternative
ii  strace 4.5.19-2  A system call tracer
ii  subversion 1.6.9dfsg-1   Advanced version control system
ii  svk2.0.2-3   A Distributed Version Control Syst
ii  unzip  6.0-4 De-archiver for .zip files
ii  w3m [www-browser]  0.5.2-4   WWW browsable pager with excellent
ii  wdiff  0.5-21Compares two files word by word
ii  wget   1.12-1.1  retrieves files from the web
ii  xemacs21-mule [www 21.4.22-3 highly customizable text editor --

Versions of packages devscripts suggests:
ii  build-essential   11.4   Informational list of build-essent
pn  cvs-buildpackage  none (no description available)
pn  devscripts-el none (no description available)
ii  gnuplot   4.4.0-1A command-line driven interactive 
pn

Bug#574769: nut postinst changes my system clock

2010-03-20 Thread Chaskiel Grundman 
Package: nut
Version: 2.4.3-1
Severity: normal

r...@whitestar:~# date;dpkg-reconfigure nut;date
Sun Mar 21 04:39:43 EDT 2010
nut disabled, please adjust the configuration to your needs.
Then set MODE to a suitable value in /etc/nut/nut.conf to enable it.
nut disabled, please adjust the configuration to your needs.
Then set MODE to a suitable value in /etc/nut/nut.conf to enable it.
Sun Mar 21 08:39:46 EDT 2010

nut's postinst includes the following:
# ask udev to check for new udev rules
[ -x /etc/init.d/udev ]  pidof udevd  /dev/null \
   udevadm trigger --action=change

On my system, this causes my system clock to advance by four hours,
due to a udev rule installed by util-linux
(/lib/udev/rules.d/85-hwclock.rules)

I don't know if the real bug here is in util-linux, udev, or nut,
but there is one somewhere

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable'), (49, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages nut depends on:
ii  adduser  3.112   add and remove users and groups
ii  libc62.10.2-6Embedded GNU C Library: Shared lib
ii  libupsclient12.4.3-1 network UPS tools - client library
ii  libusb-0.1-4 2:0.1.12-14 userspace USB programming library
ii  libwrap0 7.6.q-18Wietse Venema's TCP wrappers libra
ii  lsb-base 3.2-23  Linux Standard Base 3.2 init scrip
ii  udev 151-2   /dev/ and hotplug management daemo

Versions of packages nut recommends:
ii  bash-completion   1:1.1-3programmable completion for the ba

Versions of packages nut suggests:
pn  nut-cgi   none (no description available)
pn  nut-dev   none (no description available)
pn  nut-snmp  none (no description available)
pn  nut-xml   none (no description available)

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#533588: trousers: segfault due to symbol conflict with libselinux

2009-06-18 Thread Chaskiel Grundman 
Package: trousers
Version: 0.3.1-9
Severity: normal

When used with firefox via opencryptoki, trousers causes a crash when 
Tspi_Context_Close is called:

#6  0x7f8044bd34c3 in context_free () from /lib/libselinux.so.1
#7  0x7f802fb71cde in obj_list_close (list=0x7f802fdc6780, 
freeFcn=0x7f8044bd34a0 context_free, tspContext=3221225473) at 
obj.c:219
#8  0x7f802fb71d3d in obj_close_context (tspContext=3221225473)
at obj.c:236
#9  0x7f802fb78016 in Tspi_Context_Close (tspContext=3221225473)
at tspi_context.c:56
#10 0x7f802fdff572 in token_specific_final () at tpm_specific.c:2003
#11 0x7f802fde3775 in SC_Finalize (sid=value optimized out)
at new_host.c:556
#12 0x7f80300a38cc in C_Finalize ()
   from /usr/lib/pkcs11/libopencryptoki.so

This issue is discussed on redhat bugzilla, 
https://bugzilla.redhat.com/show_bug.cgi?id=464042 and 
https://bugzilla.redhat.com/show_bug.cgi?id=464037

One possible fix is rename src/tspi/obj_context.c:context_free as 'IBM 
Bug Proxy' claims was done upstream. The alternative I've tested, is to 
use libtool's --export-symbols-regexp option to limit the symbols that 
are resolved using the PLT (and are thus subject to interposition), like 
so:
--- src/tspi/Makefile.am.orig   2009-06-19 00:01:51.0 -0400
+++ src/tspi/Makefile.am2009-06-18 23:14:53.0 -0400
@@ -17,7 +17,7 @@
 # 5. If any interfaces have been added since the last public release, then 
increment age.
 # 6. If any interfaces have been removed since the last public release, then 
set age to 0.
 
-libtspi_la_LDFLAGS=-version-info 2:1:1 -lpthread @CRYPTOLIB@
+libtspi_la_LDFLAGS=-export-symbols-regex ^Trspi|^Tspi -version-info 2:1:1 
-lpthread @CRYPTOLIB@
 
 libtspi_la_CFLAGS=-I../include -DAPPID=\TSPI\ 
-DVAR_PREFIX=\@localstate...@\ -DETC_PREFIX=\@sysconf...@\
 

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable'), (49, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages trousers depends on:
ii  adduser 3.110add and remove users and groups
ii  libc6   2.9-12   GNU C Library: Shared libraries
ii  libssl0.9.8 0.9.8g-16SSL shared libraries
ii  libtspi10.3.1-9  open-source TCG Software Stack (li

trousers recommends no packages.

trousers suggests no packages.

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#533489: trousers: FTBFS if built twice in a row

2009-06-17 Thread Chaskiel Grundman 

tag 533489 +patch
thanks

There's an easy fix for this:

--- trousers-0.3.1/debian/rules 2009-06-17 22:36:36.0 -0400
+++ trousers-0.3.1-build/debian/rules   2009-06-15 00:02:21.0 -0400
@@ -17,9 +17,9 @@
dh_testdir
dh_testroot
rm -f build-stamp
-   rm -f config.guess config.sub

[ ! -f Makefile ] || $(MAKE) distclean
+   rm -f config.guess config.sub

dh_clean





--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#530774: no ActivateServer with signature s on iface org.bluez.Manager found

2009-06-04 Thread Chaskiel Grundman 
Bluez 4.x changed some of the dbus apis around. In this case, audio runs 
inside of blutoothd (new name of hcid) and so uses the org.bluez 
destination and not a dynamic destination looked up with ActivateService. 
(the bluez 4.x method for connecting an audio device is shown in the 
pulseaudio-specific part of 
http://wiki.bluez.org/wiki/HOWTO/AudioDevices, which I excerpt below)


$ dbus-send --print-reply --system --dest=org.bluez / 
org.bluez.Manager.DefaultAdapter

method return sender=:1.18141 - dest=:1.18218 reply_serial=2
   object path /org/bluez/4189/hci0
$ dbus-send --print-reply --system --dest=org.bluez /org/bluez/4189/hci0 
org.bluez.Adapter.FindDevice string:00:15:0E:A0:6C:C8

method return sender=:1.18141 - dest=:1.18221 reply_serial=2
   object path /org/bluez/4189/hci0/dev_00_15_0E_A0_6C_C8
$ dbus-send --print-reply --system --dest=org.bluez 
/org/bluez/4189/hci0/dev_00_15_0E_A0_6C_C8 org.bluez.AudioSink.Connect

method return sender=:1.18141 - dest=:1.18226 reply_serial=2




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#521245: Still fails if all keyhandles are invalid

2009-05-31 Thread Chaskiel Grundman 

found 521245 0.3.1-9
thanks

I happened to run into this problem this weekend (noticed now only because 
the upgrade to 0.3.1-9 failed because the prerm's invocation of the stop 
script failed), and the 0.3.1-9 tcsd failed to start too. I'm pretty sure 
(can't test anymore because I evicted the keys using tpmj) that the 
problem is that both of the resident handles were returning 
TPM_E_INVALID_KEYHANDLE, and the patch does not reset result to 0 when 
deciding to ignore the error.


if (result == TPM_E_INVALID_KEYHANDLE) {
respData = NULL;
+   result = 0;
continue;
}

Actually, the return at the end should just be return 0, since errors 
always return early.




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517478: krb5-auth-dialog: Does not implement X session management

2009-03-01 Thread Chaskiel Grundman 

In future sessions, .xsession-errors includes this error message:
Unknown option --sm-config-prefix
Run 'krb5-auth-dialog --help' to see a full list of available command line 
options

But krb5-auth-dialog is running as desired?

It is running



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#517478: krb5-auth-dialog: Does not implement X session management

2009-02-27 Thread Chaskiel Grundman 
Package: krb5-auth-dialog
Version: 0.7.hit7cc1d84-1
Severity: minor

I would like for krb5-auth-dialog to be started whenever I log in, even though
I do not authenticate to the local system with kerberos. I created a 'startup
program' entry (system-preferences-sessions) to launch
krb5-auth-dialog --always

This works normally the first time, but after that, the session manager gets
confused. My 'current session' includes two krb5-auth-dialog invocations, one
that matches what I did, and one that is invoked like

krb5-auth-dialog --sm-config-prefix /krb5-auth-dialog-XX/

In future sessions, .xsession-errors includes this error message:
Unknown option --sm-config-prefix
Run 'krb5-auth-dialog --help' to see a full list of available command line 
options

The usual way to make the session manager ignore something that is
also a startup program is to add --sm-disable, but krb5-auth-dialog doesn't
support that either.



-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.28.4 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages krb5-auth-dialog depends on:
ii  libc6 2.7-18 GNU C Library: Shared libraries
ii  libcomerr21.41.3-1   common error description library
ii  libdbus-glib-1-2  0.76-1 simple interprocess messaging syst
ii  libgconf2-4   2.22.0-1   GNOME configuration database syste
ii  libglade2-0   1:2.6.3-1  library to load .glade files at ru
ii  libglib2.0-0  2.19.8-2   The GLib library of C routines
ii  libgtk2.0-0   2.14.7-3   The GTK+ graphical user interface 
ii  libkrb53  1.6.dfsg.4~beta1-6 MIT Kerberos runtime libraries
ii  libnm-glib0   0.6.6-3network management framework (GLib
ii  libnotify1 [libnotify 0.4.4-3sends desktop notifications to a n
ii  libpango1.0-0 1.22.4-2   Layout and rendering of internatio

krb5-auth-dialog recommends no packages.

krb5-auth-dialog suggests no packages.

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#513454: libevolution3.0-cil: Does not work with mono 2.0 because it is delay signed

2009-01-28 Thread Chaskiel Grundman 
Package: libevolution3.0-cil
Version: 0.17.1-2
Severity: normal

evolution-sharp.dll is delay signed and does not install correctly when mono
2.0.x (from experimental) is used:

Setting up libevolution3.0-cil (0.17.1-2) ...
* Installing 1 assembly from libevolution3.0-cil into Mono
E: installing Assembly /usr/lib/cli/evolution-sharp-3.0/evolution-sharp.dll 
failed

The underlying error is:
# gacutil -i /usr/lib/cli/evolution-sharp-3.0/evolution-sharp.dll
Failure adding assembly /usr/lib/cli/evolution-sharp-3.0/evolution-sharp.dll to 
the cache: Strong name cannot be verified for delay-signed assembly
Apps that depend on evolution-sharp.dll (such as tasque) cannot load it.

To fix this, either upgrade to 0.18.1 or newer (0.19.1 is out), or:
1) copy evolution-sharp.snk from the 0.18.1 sources
2) s/evolution-sharp.pub/evolution-sharp.snk/ in evolution/Makefile.am
3) adjust evolution/AssemblyInfo.cs.in as follows:

-[assembly:AssemblyDelaySign(true)]
-[assembly:AssemblyKeyFile(evolution-sharp.pub)]
+[assembly:AssemblyDelaySign(false)]
+[assembly:AssemblyKeyFile(evolution-sharp.snk)]

Thanks

-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.28 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libevolution3.0-cil depends on:
ii  cli-common 0.5.7 common files between all CLI packa
ii  libbonobo2-0   2.22.0-1  Bonobo CORBA interfaces library
ii  libc6  2.7-18GNU C Library: Shared libraries
ii  libebook1.2-9  2.22.3-1.1Client library for evolution addre
ii  libecal1.2-7   2.22.3-1.1Client library for evolution calen
ii  libedataserver1.2-92.22.3-1.1Utility library for evolution data
ii  libgconf2-42.22.0-1  GNOME configuration database syste
ii  libglib2.0-0   2.16.6-1  The GLib library of C routines
ii  libglib2.0-cil 2.12.7-1  CLI binding for the GLib utility l
ii  libgnome2-02.20.1.1-1The GNOME 2 library - runtime file
ii  libmono-corlib1.0-cil  2.0.1-3   Mono core library (1.0)
ii  libmono-system1.0-cil  2.0.1-3   Mono System libraries (1.0)
ii  liborbit2  1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB
ii  libpopt0   1.14-4lib for parsing cmdline parameters
ii  libxml22.6.32.dfsg-5 GNOME XML library

libevolution3.0-cil recommends no packages.

libevolution3.0-cil suggests no packages.

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#511283: hdparm: contributed scripts have become irrelevant

2009-01-08 Thread Chaskiel Grundman 
Package: hdparm
Version: 8.9-3
Severity: minor

/usr/share/doc/hdparm/contrib/idectl relies on hdparm -R/-U, which have been
removed (presumably because the underlying ioctls have been removed from
linux). The scripts should be removed or replaced with something that uses
/sys/class/ide_port/ide*/scan. (I don't have a thinkpad, so I can't test an
updated ultrabayd. The sysfs thing does work on my dell laptop)


-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.28 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages hdparm depends on:
ii  libc6 2.7-16 GNU C Library: Shared libraries
ii  lsb-base  3.2-20 Linux Standard Base 3.2 init scrip

hdparm recommends no packages.

Versions of packages hdparm suggests:
pn  apmd  none (no description available)

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#497756: strongswan: not compiled with curl support; crl fetching not available

2008-09-03 Thread Chaskiel Grundman 
Package: strongswan
Version: 4.2.4-3
Severity: normal

strongswan 4.1.10-1 and earlier were compiled with libcurl support, and
were able to update cached crls if so configured. 4.2.4-3 does not have
libcurl support, and connections fail if crls are expired:

002 localnets #1: crl update is overdue since Aug 25 07:18:28 UTC 2008
002 localnets #1: fetch failed:  warning: not compiled with libcurl support
002 localnets #1: fetch failed:  warning: not compiled with libcurl support
002 localnets #1: fetch failed:  warning: not compiled with libcurl support
002 localnets #1: fetch failed:  warning: not compiled with libcurl support
002 localnets #1: X.509 certificate rejected
003 localnets #1: no RSA public key known for 'XXX'
217 localnets #1: STATE_MAIN_I3: INVALID_KEY_INFORMATION
002 localnets #1: sending encrypted notification
INVALID_KEY_INFORMATION to XXX.XXX.XXX.XXX:4500
003 localnets #1: ignoring Delete SA payload: ISAKMP SA not established
031 localnets #1: max number of retransmissions (2) reached STATE_MAIN_I3.
Possible authentication failure: no acceptable response to our first
encrypted message
000 localnets #1: starting keying attempt 2 of at most 3, but releasing whack


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages strongswan depends on:
ii  bind9-host [host]  1:9.5.0.dfsg.P2-1 Version of 'host' bundled with BIN
ii  bsdmainutils   6.1.10collection of more utilities from 
ii  dbus   1.2.1-3   simple interprocess messaging syst
ii  debconf [debconf-2.0]  1.5.22Debian configuration management sy
ii  debianutils2.30  Miscellaneous utilities specific t
ii  iproute20080725-2networking and traffic control too
ii  ipsec-tools1:0.7-2.1 IPsec tools for Linux
ii  libc6  2.7-13GNU C Library: Shared libraries
ii  libfcgi0ldbl   2.4.0-7   Shared library of FastCGI
ii  libgmp3c2  2:4.2.2+dfsg-3Multiprecision arithmetic library
ii  libldap-2.4-2  2.4.10-3  OpenLDAP libraries
ii  libssl0.9.80.9.8g-13 SSL shared libraries
ii  libxml22.6.32.dfsg-3 GNOME XML library
ii  openssl0.9.8g-13 Secure Socket Layer (SSL) binary a
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

strongswan recommends no packages.

Versions of packages strongswan suggests:
ii  curl  7.18.2-5   Get a file from an HTTP, HTTPS or 

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#473043: selinux-policy-default: Also affects mailq; unconfined_r cannot send mail

2008-08-26 Thread Chaskiel Grundman 

Package: selinux-policy-default
Version: 2:0.0.20080702-6
Followup-For: Bug #473043

Running mailq does not work for any user role (user_r, staff_r,
sysadm_r, unconfined_r)

debian:/# id
uid=0(root) gid=0(root) groups=0(root) context=root:sysadm_r:sysadm_t:s0
debian:/# mailq
mailq: fatal: execv /usr/sbin/postqueue: Permission denied

A similar invalid context message is logged for all the roles.

security_compute_sid: invalid context root:sysadm_r:postfix_postqueue_t:s0 
for

scontext=root:sysadm_r:sysadm_mail_t:s0
tcontext=system_u:object_r:postfix_postqueue_exec_t:s0 tclass=process

Less important to me, but still bad: unconfined_r cannot send mail with
/usr/bin/mail.

[EMAIL PROTECTED]:~$ id
uid=1002(xunc) gid=1002(xunc) groups=1002(xunc)
context=unconfined_u:unconfined_r:unconfined_t:s0
[EMAIL PROTECTED]:~$ echo Test  | mail -s Test message root
send-mail: fatal: execvp /usr/sbin/postdrop: Permission denied
send-mail: warning: command /usr/sbin/postdrop -r exited with status 1
send-mail: fatal: xunc(1002): unable to execute /usr/sbin/postdrop -r:
Success
Can't send mail: sendmail process failed with error code 75

security_compute_sid:  invalid context
unconfined_u:unconfined_r:postfix_postdrop_t:s0 for
scontext=unconfined_u:unconfined_r:unconfined_mail_t:s0
tcontext=system_u:object_r:postfix_postdrop_exec_t:s0 tclass=process

Other roles do not have this particular problem.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules1.0.1-3Pluggable Authentication Modules f
ii  libselinux1   2.0.65-2   SELinux shared libraries
ii  libsepol1 2.0.30-2   Security Enhanced Linux policy lib
ii  policycoreutils   2.0.49-5   SELinux core policy utilities
ii  python2.5.2-2An interactive high-level object-o

Versions of packages selinux-policy-default recommends:
ii  checkpolicy   2.0.16-1   SELinux policy compiler
ii  setools   2.4-3  Tresys tools for managing Security

Versions of packages selinux-policy-default suggests:
pn  logcheck  none (no description available)
pn  syslog-summarynone (no description available)

-- no debconf information



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#472356: targeted policy does NOT set user context to unconfined

2008-08-25 Thread Chaskiel Grundman 

The targeted policy does not set the context of users to unconfined_t as
expected. In stead the context for users logged in on the console is
local_login_t and for users logged in through SSH it is system_chkpwd_t.


The local_login_t for console logins only happens when the pam_selinux 
invocation is missing from /etc/pam.d/login


sshd does not seem to need the pam module anymore, but perhaps it did when 
you originally tried it. (I admit that I did have the unix_chkpwd_t 
problem at one point, but it went away when I reinstalled the machine)




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#492156: Cannot be installed (file conflict with libopencryptoki0)

2008-07-23 Thread Chaskiel Grundman 
Package: opencryptoki
Version: 2.2.6+dfsg-1
Severity: grave
Justification: renders package unusable

Trying to install opencryptoki 2.2.6+dfsg-1 fails on amd64 with this
error:

Unpacking libopencryptoki0 (from ../libopencryptoki0_2.2.6+dfsg-1_amd64.deb) ...
Selecting previously deselected package opencryptoki.
Unpacking opencryptoki (from .../opencryptoki_2.2.6+dfsg-1_amd64.deb)...
dpkg: error processing
/var/cache/apt/archives/opencryptoki_2.2.6+dfsg-1_amd64.deb (--unpack):
 trying to overwrite `/usr/lib/pkcs11/libopencryptoki.so', which is also
 in package libopencryptoki0



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opencryptoki depends on:
ii  adduser 3.108add and remove users and groups
ii  libc6   2.7-10   GNU C Library: Shared libraries
ii  libopencryptoki02.2.6+dfsg-1 PKCS#11 implementation for Linux (

opencryptoki recommends no packages.

opencryptoki suggests no packages.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#489465: /etc/acpi/events/sleepbtn: /etc/acpi/events/sleepbtn runs wrong script

2008-07-05 Thread Chaskiel Grundman 
Package: acpi-support
Version: 0.109-5
Severity: normal
File: /etc/acpi/events/sleepbtn

Between 0.109-3 and 0.109-5, the is gnome-power-manager running check
moved into /etc/acpi/sleepbtn.sh from
/usr/share/acpi-support/suspendorhibernate.

Unfortunately, the /etc/acpi/events/sleepbtn config file dispatches
sleep button events to /etc/acpi/sleep.sh, not /etc/acpi/sleepbtn.sh, 
bypassing the check entirely. This results in double suspends when
gnome-power-manager is configured to handle suspend button events.

Also, why do you think you need to use acpi_fakekey to submit an event
to gnome-power-manager?  g-p-m seems to get the original event itself
(not sure if this is via hal or direct from acpid). While mostly
harmless, this can result in g-p-m reporting that suspends failed or
were disallowed, because it gets two suspend requests in a short period
of time (currently, it says 'Policy timeout is not valid. Please wait
a few seconds')

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages acpi-support depends on:
ii  acpi-support-base 0.109-5scripts for handling base ACPI eve
ii  acpid 1.0.6-10   Utilities for using ACPI power man
ii  dmidecode 2.9-1  Dump Desktop Management Interface 
ii  finger0.17-12user information lookup program
ii  hdparm8.6-1  tune hard disk parameters for high
ii  laptop-detect 0.13.6 attempt to detect a laptop
ii  libc6 2.7-10 GNU C Library: Shared libraries
ii  lsb-base  3.2-12 Linux Standard Base 3.2 init scrip
ii  powermgmt-base1.30   Common utils and configs for power
ii  vbetool   1.0-3  run real-mode video BIOS code to a
ii  x11-xserver-utils 7.3+3  X server utilities

Versions of packages acpi-support recommends:
ii  dbus  1.2.1-2simple interprocess messaging syst
ii  hal   0.5.11-2   Hardware Abstraction Layer
ii  nvclock   0.8b3-1Allows you to overclock your nVidi
ii  pm-utils  1.1.2.3-1  utilities and scripts for power ma
ii  radeontool1.5-5  utility to control ATI Radeon back

-- debconf-show failed



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#484845: kvm: init script should not load module if package uninstalled

2008-06-06 Thread Chaskiel Grundman 
Package: kvm
Version: 69+dfsg-1
Severity: wishlist

After discovering that vmware is oncompatible with kvm, I uninstalled 
kvm (at least for now). This caused the kernel module to be unloaded 
(good). Unfortunately, after a reboot, it was loaded again. It would be 
nice if the init script checked for the kvm executable in the start 
action before doing anything.

Thanks

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kvm depends on:
ii  adduser3.107 add and remove users and groups
ii  bridge-utils   1.4-2 Utilities for configuring the Linu
ii  iproute20080417-1networking and traffic control too
ii  libasound2 1.0.16-2  ALSA library
ii  libc6  2.7-10GNU C Library: Shared libraries
ii  libgnutls262.2.5-1   the GNU TLS library - runtime libr
ii  libncurses55.6+20080308-1Shared libraries for terminal hand
ii  libsdl1.2debian1.2.13-2  Simple DirectMedia Layer
ii  python 2.5.2-1   An interactive high-level object-o
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages kvm recommends:
ii  linux-image-2.6.22-3-amd 2.6.22-6.lenny1 Linux 2.6.22 image on AMD64
ii  linux-image-2.6.24-1-amd 2.6.24-7Linux 2.6.24 image on AMD64
ii  linux-image-2.6.25-2-amd 2.6.25-4Linux 2.6.25 image on AMD64



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#484453: openafs-client: would be nice to have cellservdb updating

2008-06-03 Thread Chaskiel Grundman 
Package: openafs-client
Version: 1.4.7.dfsg1-2
Severity: wishlist

Right now, the openafs-client package includes a CellServDB in 
/usr/share that is only copied to /etc/openafs/CellServDB when the 
latter doesn't already exist. I'd really like it to do better than that.

The macos packaging includes something I wrote that merges CellServDB
updates into a possibly user-modified copy (it does this by 
keeping a copy of the previous master CellServDB, and any cells that 
are the same in the old master and the active CellServDB are allowed to 
be updated to what is in the new master).

If you wanted to get really fancy about it, you could even optionally 
decouple the cellservdb contents from the openafs-client package, and 
have an additional package with (or debconf logic in the existing 
package that controls...) scripts that download a copy from 
www.central.org and merge that in, either periodically or on demand.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openafs-client depends on:
ii  debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii  libc6 2.7-10 GNU C Library: Shared libraries
ii  libncurses5   5.6+20080308-1 Shared libraries for terminal hand

Versions of packages openafs-client recommends:
ii  lsof  4.78.dfsg.1-4  List open files
ii  openafs-modules-2 1.4.5.dfsg1-1+2.6.22-6 AFS distributed filesystem kernel 
ii  openafs-modules-2 1.4.6.dfsg1-2+2.6.24-3 AFS distributed filesystem kernel 
ii  openafs-modules-s 1.4.7.dfsg1-2  AFS distributed filesystem kernel 

-- debconf information:
* openafs-client/run-client: false
* openafs-client/crypt: true
* openafs-client/cachesize: 5
* openafs-client/cell-info:
* openafs-client/fakestat: true
* openafs-client/afsdb: true
* openafs-client/dynroot: true
* openafs-client/thiscell: andrew.cmu.edu



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#463899: trousers: /usr/sbin/ps_{inspect,convert} are useless libtool wrappers

2008-02-03 Thread Chaskiel Grundman 
Package: trousers
Version: 0.3.1-4
Severity: normal

The tools/ps_* files are copied into deban/tmp incorrectly.
Having been linked with libtool, they need to be copied out using
libtool --mode=install


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages trousers depends on:
ii  adduser   3.105  add and remove users and groups
ii  libc6 2.7-6  GNU C Library: Shared libraries
ii  libssl0.9.8   0.9.8g-4   SSL shared libraries

trousers recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#463760: opencryptoki: FTBFS if automake1.9 is installed

2008-02-02 Thread Chaskiel Grundman 
Package: opencryptoki
Version: 2.2.5+dfsg-1
Severity: normal

if automake1.9 is installed, then building opencryptoki fails:

Makefile.am:2: required directory ./testcases does not exist



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opencryptoki depends on:
ii  adduser 3.105add and remove users and groups
ii  libc6   2.7-6GNU C Library: Shared libraries
ii  libopencryptoki02.2.5+dfsg-1 PKCS#11 implementation for Linux (

opencryptoki recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#463762: opencryptoki-dbg: does not include any debug symbols

2008-02-02 Thread Chaskiel Grundman 
Package: opencryptoki-dbg
Version: 2.2.5+dfsg-1
Severity: normal

opencryptoki is not built with gcc -g, so there are no useful debug
symbols for dh_strip to extract. This makes the -dbg package useless.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opencryptoki-dbg depends on:
ii  libopencryptoki-dev 2.2.5+dfsg-1 PKCS#11 implementation for Linux (
ii  libopencryptoki02.2.5+dfsg-1 PKCS#11 implementation for Linux (
ii  opencryptoki2.2.5+dfsg-1 PKCS#11 implementation for Linux (

opencryptoki-dbg recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#463763: /etc/init.d/opencryptoki stop does not stop pkcsslotd

2008-02-02 Thread Chaskiel Grundman 
Package: opencryptoki
Version: 2.2.5+dfsg-1
Severity: normal

The stop action of the opencryptoki init script does not successfully stop
pkcsslotd. This is because it passes --pidfile to start-stop-daemon, but
pkcsslotd does not actually create a pid file.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opencryptoki depends on:
ii  adduser 3.105add and remove users and groups
ii  libc6   2.7-6GNU C Library: Shared libraries
ii  libopencryptoki02.2.5+dfsg-1 PKCS#11 implementation for Linux (

opencryptoki recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#463764: removing opencryptoki fails if pkcs11 group is not empty

2008-02-02 Thread Chaskiel Grundman 
Package: opencryptoki
Version: 2.2.5+dfsg-1
Severity: normal

removing the opencryptoki package fails if users have been added to the
pkcs11 group (which will always be the case when the package is actually
used, as not even the root user can use the pkcs11 module unless
/etc/group lists it as a member of group pkcs11)

Removing opencryptoki ...
Stopping PKCS#11 slot daemon: pkcsslotd.
/usr/sbin/deluser: The group `pkcs11' is not empty!
dpkg: error processing opencryptoki (--remove):
 subprocess post-removal script returned error exit status 5

Please add a || true to the delgroup command.

Thanks.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opencryptoki depends on:
ii  adduser 3.105add and remove users and groups
ii  libc6   2.7-6GNU C Library: Shared libraries
ii  libopencryptoki02.2.5+dfsg-1 PKCS#11 implementation for Linux (

opencryptoki recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#463767: trousers: postrm script always fails

2008-02-02 Thread Chaskiel Grundman 
Package: trousers
Version: 0.3.1-4
Severity: normal

The postrm script includes

remove)
if [ -x /usr/sbin/deluser ]
then
deluser --system --remove-home tss
deluser --group --only-if-empty tss
fi

if the tss group has members, then the deluser -group command will fail 
as in #463764. If it has no members, then deluser --system will remove it
automatically. In either case the deluser -group command fails
and the postrm aborts. Please include a || true so this does not happen.

Thanks

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages trousers depends on:
ii  adduser   3.105  add and remove users and groups
ii  libc6 2.7-6  GNU C Library: Shared libraries
ii  libssl0.9.8   0.9.8g-4   SSL shared libraries

trousers recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#463593: pkcsconf requires libopencryptoki.so (from libopencryptoki-dev)

2008-02-01 Thread Chaskiel Grundman 

Package: opencryptoki
Version: 2.2.5+dfsg-1
Severity: normal

pkcsconf tries to load libopencryptoki.so, which doesn't exist in 
libopencryptoki0. In order for pkcsconf (or any of the tpmtoken_* tools) 
to work, you have to install libopencryptoki-dev and run ldconfig



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opencryptoki depends on:
ii  adduser 3.105add and remove users and groups
ii  libc6   2.7-6GNU C Library: Shared libraries
ii  libopencryptoki02.2.5+dfsg-1 PKCS#11 implementation for Linux (

opencryptoki recommends no packages.

-- no debconf information




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#452415: gnome-power-manager: incorrectly reports that suspend failed

2007-11-22 Thread Chaskiel Grundman 

Subject: gnome-power-manager: incorrectly reports that suspend failed
Package: gnome-power-manager
Version: 2.20.0-1+b1
Severity: minor

After getting the recent hal update (and fixing hal to suspend my Dell
D830), g-p-m reports that suspends fail, even though they succeed.

The log does not contain anything interesting:
Nov 22 11:36:53 whitestar gnome-power-manager: (cg2v) Suspending
computer because the lid has been closed on battery power
Nov 22 12:19:46 whitestar gnome-power-manager: (cg2v) Resuming computer
Nov 22 12:19:46 whitestar gnome-power-manager: (cg2v) suspend failed

I do not see any other relevant messages in syslog or .xsession-errors

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-2-amd64-mac80211 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnome-power-manager depends on:
ii  gconf2  2.20.1-1 GNOME configuration database syste
ii  hal 0.5.10-2 Hardware Abstraction Layer
ii  libart-2.0-22.3.19-3 Library of functions for 2D graphi
ii  libatk1.0-0 1.20.0-1 The ATK accessibility toolkit
ii  libbonobo2-02.20.1-1 Bonobo CORBA interfaces library
ii  libbonoboui2-0  2.20.0-1 The Bonobo UI library
ii  libc6   2.6.1-1  GNU C Library: Shared libraries
ii  libcairo2   1.4.10-1+b2  The Cairo 2D vector graphics libra
ii  libdbus-1-3 1.1.1-3  simple interprocess messaging syst
ii  libdbus-glib-1-20.74-1   simple interprocess messaging syst
ii  libfontconfig1  2.4.2-1.2generic font configuration library
ii  libfreetype62.3.5-1+b1   FreeType 2 font engine, shared lib
ii  libgconf2-4 2.20.1-1 GNOME configuration database syste
ii  libglade2-0 1:2.6.2-1library to load .glade files at ru
ii  libglib2.0-02.14.1-5 The GLib library of C routines
ii  libgnome-keyring0   2.20.1-1 GNOME keyring services library
ii  libgnome2-0 2.20.1.1-1   The GNOME 2 library - runtime file
ii  libgnomecanvas2-0   2.20.1.1-1   A powerful object-oriented display
ii  libgnomeui-02.20.1.1-1   The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0  1:2.20.0-3   GNOME Virtual File System (runtime
ii  libgstreamer0.10-0  0.10.14-2Core GStreamer libraries and eleme
ii  libgtk2.0-0 2.12.1-1 The GTK+ graphical user interface
ii  libhal1 0.5.10-2 Hardware Abstraction Layer - share
ii  libice6 2:1.0.4-1X11 Inter-Client Exchange library
ii  libnotify1 [libnotify1- 0.4.4-3  sends desktop notifications to a n
ii  liborbit2   1:2.14.7-0.1 libraries for ORBit2 - a CORBA ORB
ii  libpanel-applet2-0  2.20.1-1 library for GNOME Panel applets
ii  libpango1.0-0   1.18.3-1 Layout and rendering of internatio
ii  libpng12-0  1.2.15~beta5-3   PNG library - runtime
ii  libpopt01.10-3   lib for parsing cmdline parameters
ii  libsm6  2:1.0.3-1+b1 X11 Session Management library
ii  libstartup-notification 0.9-1library for program launch feedbac
ii  libwnck22   2.20.1-1 Window Navigator Construction Kit
ii  libx11-62:1.0.3-7X11 client-side library
ii  libxcomposite1  1:0.3.2-1+b1 X11 Composite extension library
ii  libxcursor1 1:1.1.9-1X cursor management library
ii  libxdamage1 1:1.1.1-3X11 damaged region extension libra
ii  libxext61:1.0.3-2X11 miscellaneous extension librar
ii  libxfixes3  1:4.0.3-2X11 miscellaneous 'fixes' extensio
ii  libxi6  2:1.1.3-1X11 Input extension library
ii  libxinerama11:1.0.2-1X11 Xinerama extension library
ii  libxml2 2.6.30.dfsg-2GNOME XML library
ii  libxrandr2  2:1.2.2-1X11 RandR extension library
ii  libxrender1 1:0.9.4-1X Rendering Extension client libra
ii  notification-daemon 0.3.7-1  a daemon that displays passive pop
ii  zlib1g  1:1.2.3.3.dfsg-6 compression library - runtime

gnome-power-manager recommends no packages.

-- no debconf information




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#410449: whois.verio.net no longer exists

2007-02-10 Thread Chaskiel Grundman 
Package: whois
Version: 4.7.20
Severity: normal

 whois 204.2.240.10
getaddrinfo(whois.verio.net): Name or service not known

arin issues a redirect to rwhois.gin.ntt.net for this address, which 
whois 4.7.20 does not seem to be able to follow (it seems to hang.
jwhois-3.2.2 follows it ok)

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (101, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages whois depends on:
ii  libc6   2.3.6.ds1-10 GNU C Library: Shared libraries
ii  libidn110.6.5-1  GNU libidn library, implementation

whois recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#409503: initial udev install creates socket symlinks with wrong name

2007-02-03 Thread Chaskiel Grundman 
Package: udev
Version: 0.103-2
Severity: normal

An initial udev install inside a xen guest domain resulted in the following:
[EMAIL PROTECTED]:/$ find /dev -type l -ls | grep static
 189670 lrwxrwxrwx   1 root root   24 Feb  3 10:53 
/dev/initctl/initctl - /dev/.static/dev/initctl
 189630 lrwxrwxrwx   1 root root   25 Feb  3 10:53 
/dev/xconsole/xconsole - /dev/.static/dev/xconsole
 189590 lrwxrwxrwx   1 root root   20 Feb  3 10:53 
/dev/log/log - /dev/.static/dev/log

This prevents shutdown from working properly (one time... on the next boot,
the sockets are created directly in udev's /dev)

-- Package-specific info:
-- /etc/udev/rules.d/:
/etc/udev/rules.d/:
total 4
lrwxrwxrwx 1 root root  20 2007-02-03 10:53 020_permissions.rules - 
../permissions.rules
lrwxrwxrwx 1 root root  13 2007-02-03 10:53 udev.rules - ../udev.rules
lrwxrwxrwx 1 root root  25 2007-02-03 10:53 z20_persistent-input.rules - 
../persistent-input.rules
lrwxrwxrwx 1 root root  19 2007-02-03 10:53 z20_persistent.rules - 
../persistent.rules
-rw-r--r-- 1 root root 347 2007-02-03 10:53 z25_persistent-net.rules
lrwxrwxrwx 1 root root  33 2007-02-03 10:53 z45_persistent-net-generator.rules 
- ../persistent-net-generator.rules
lrwxrwxrwx 1 root root  12 2007-02-03 10:53 z50_run.rules - ../run.rules
lrwxrwxrwx 1 root root  16 2007-02-03 10:53 z55_hotplug.rules - 
../hotplug.rules
lrwxrwxrwx 1 root root  29 2007-02-03 10:53 z75_cd-aliases-generator.rules - 
../cd-aliases-generator.rules

-- /sys/:
/sys/block/hda1/dev
/sys/block/hda2/dev
/sys/block/ram0/dev
/sys/block/ram10/dev
/sys/block/ram11/dev
/sys/block/ram12/dev
/sys/block/ram13/dev
/sys/block/ram14/dev
/sys/block/ram15/dev
/sys/block/ram1/dev
/sys/block/ram2/dev
/sys/block/ram3/dev
/sys/block/ram4/dev
/sys/block/ram5/dev
/sys/block/ram6/dev
/sys/block/ram7/dev
/sys/block/ram8/dev
/sys/block/ram9/dev
/sys/class/input/mice/dev
/sys/class/misc/device-mapper/dev
/sys/class/misc/evtchn/dev
/sys/class/misc/psaux/dev

-- Kernel configuration:
 isapnp_init not present.


-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-xen-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages udev depends on:
ii  debconf [debconf-2.0]   1.5.11   Debian configuration management sy
ii  libc6   2.3.6.ds1-10 GNU C Library: Shared libraries
ii  libselinux1 1.32-3   SELinux shared libraries
ii  libvolume-id0   0.103-2  libvolume_id shared library
ii  lsb-base3.1-22   Linux Standard Base 3.1 init scrip

udev recommends no packages.

-- debconf information:
  udev/reboot_needed:
  udev/new_kernel_needed: false


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#406045: nut-usb: udev rule needed for belkin

2007-01-07 Thread Chaskiel Grundman 
Package: nut-usb
Version: 2.0.4-3
Severity: normal

The following line in nut-usbups.rules is needed to allow nut to be used
with some belkin ups's (I have a F6C1000-TW-RK)

SYSFS{idVendor}==050d, SYSFS{idProduct}==0551, MODE=660, GROUP=nut

It would seem to be appropriate to import all the usb ids from
http://svn.debian.org/wsvn/nut/trunk/scripts/hotplug/libhid.usermap?op=filerev=0sc=0

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (101, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages nut-usb depends on:
ii  libc62.3.6.ds1-8 GNU C Library: Shared libraries
ii  libusb-0.1-4 2:0.1.12-2  userspace USB programming library
ii  nut  2.0.4-3 The core system of the nut - Netwo
ii  udev 0.103-1 /dev/ and hotplug management daemo

nut-usb recommends no packages.

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#397758: #397758: xen-utils-3.0.3-1: wrong grub menu entry generated if /boot is a separate partition

2006-11-14 Thread Chaskiel Grundman 

FYI: this is the same as #397021: update-grub: gets hypervisor path wrong, which
was fixed in grub 0.97-19, now in testing. (not closing the bug since I'm
not the maintainer or submitter...)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#379401: ISCAN/PSCAN can't be enabled in hcid.conf

2006-09-24 Thread Chaskiel Grundman 

The problem is this code snippet in hcid/main.c:configure_device()

   /* Set scan mode */
if (!read_device_mode(di.bdaddr, mode, sizeof(mode))) {
if (!strcmp(mode, MODE_OFF))
device_opts-scan = SCAN_DISABLED;
else if (!strcmp(mode, MODE_CONNECTABLE))
device_opts-scan = SCAN_PAGE;
else if (!strcmp(mode, MODE_DISCOVERABLE)) {
/* Set discoverable only if timeout is 0 */
if (!get_discoverable_timeout(hdev))
device_opts-scan = SCAN_PAGE | 
SCAN_INQUIRY;

else
device_opts-scan = SCAN_PAGE;
}
}


When the configuration is read from the files in /var (what useful purpose 
does this serve?) instead of /etc/bluetooth/hcid.conf, SCAN_INQUIRY is 
only set if the 'discovto' parameter is available and set to 0. (discovto 
can be set in hcid.conf's device section)


if you remove /var/lib/bluetooth/local_bdaddr/*, then the scan mode are 
set correctly the next time you start hcid, but after that, it breaks 
again unless discovto is available.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#364463: gnome-session: only runs one copy of xterm

2006-04-23 Thread Chaskiel Grundman 
Package: gnome-session
Version: 2.14.0-2
Severity: normal

My saved .gnome2/session attempts to run 5 copies of xterm. 
However, since I upgraded to 2.14, only one actually appears. session 
file is attached. (I normally run sawfish, but replicated the problem 
easily under metacity)

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages gnome-session depends on:
ii  gconf22.14.0-1   GNOME configuration database syste
ii  gnome-control-center  1:2.12.3-2 utilities to configure the GNOME d
ii  libatk1.0-0   1.11.3-1   The ATK accessibility toolkit
ii  libbonobo2-0  2.14.0-1   Bonobo CORBA interfaces library
ii  libc6 2.3.6-7GNU C Library: Shared libraries
ii  libesd0   0.2.36-3   Enlightened Sound Daemon - Shared 
ii  libgconf2-4   2.14.0-1   GNOME configuration database syste
ii  libglib2.0-0  2.10.2-1   The GLib library of C routines
ii  libgnome-desktop-22.14.0-1   Utility library for loading .deskt
ii  libgnome2-0   2.14.0-2   The GNOME 2 library - runtime file
ii  libgnomeui-0  2.14.0-1   The GNOME 2 libraries (User Interf
ii  libgtk2.0-0   2.8.16-1   The GTK+ graphical user interface 
ii  libice6   6.9.0.dfsg.1-6 Inter-Client Exchange library
ii  liborbit2 1:2.14.0-1 libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0 1.12.0-2   Layout and rendering of internatio
ii  libsm66.9.0.dfsg.1-6 X Window System Session Management
ii  libx11-6  6.9.0.dfsg.1-6 X Window System protocol client li
ii  libxrandr26.9.0.dfsg.1-6 X Window System Resize, Rotate and

Versions of packages gnome-session recommends:
ii  dbus 0.61-5  simple interprocess messaging syst
ii  desktop-base 0.3.16  common files for the Debian Deskto
ii  gnome-panel  2.12.3-1launcher and docking facility for 
ii  metacity 1:2.12.3-3  A lightweight GTK2 based Window Ma
ii  nautilus 2.12.2-2file manager and graphical shell f
ii  sawfish  1:1.3+cvs20050709-6 a window manager for X11

-- debconf-show failed

[Default]
0,id=117f0100011458098380077910004
0,Program=xterm
0,CloneCommand=xterm 
0,RestartCommand=xterm -xtsessionID 117f0100011458098380077910004 
1,id=117f0100010656704170007670002
1,RestartStyleHint=2
1,Priority=40
1,Program=gnome-panel
1,CurrentDirectory=/home/cg2v
1,CloneCommand=gnome-panel --sm-config-prefix /gnome-panel-pfrbpT/ 
1,RestartCommand=gnome-panel --sm-config-prefix /gnome-panel-pfrbpT/ 
--sm-client-id 117f0100010656704170007670002 --screen 0 
2,id=117f0100010656704170007670003
2,RestartStyleHint=2
2,Priority=40
2,Program=nautilus
2,CurrentDirectory=/home/cg2v
2,CloneCommand=nautilus --sm-config-prefix /nautilus-cMfHgB/ 
--no-default-window 
2,RestartCommand=nautilus --sm-config-prefix /nautilus-cMfHgB/ --sm-client-id 
117f0100010656704170007670003 --screen 0 --no-default-window 
3,id=117f0100011458095520074660004
3,Program=xterm
3,CloneCommand=xterm 
3,RestartCommand=xterm -xtsessionID 117f0100011458095520074660004 
4,id=117f0100011458098190077910001
4,Program=xterm
4,CloneCommand=xterm 
4,RestartCommand=xterm -xtsessionID 117f0100011458098190077910001 
5,id=117f0100011458098230077910002
5,Program=xterm
5,CloneCommand=xterm 
5,RestartCommand=xterm -xtsessionID 117f0100011458098230077910002 
6,id=117f0100011458098350077910003
6,Program=xterm
6,CloneCommand=xterm 
6,RestartCommand=xterm -xtsessionID 117f0100011458098350077910003 
7,id=117f01000114580987791
7,RestartStyleHint=2
7,Priority=20
7,Program=metacity
7,CurrentDirectory=/home/cg2v
7,DiscardCommand=rm -f 
/home/cg2v/.metacity/sessions/1145809868-7903-3334376159.ms 
7,CloneCommand=metacity 
7,RestartCommand=metacity --sm-save-file 1145809868-7903-3334376159.ms 
8,RestartCommand=ssh-add 
num_clients=9

Bug#352766: dictionaries-common: update-default-wordlist does not work if miscfiles is installed

2006-02-13 Thread Chaskiel Grundman 
Package: dictionaries-common
Version: 0.65.0
Severity: normal

the 'default' entry for miscfiles/languages is:
Default: english (Webster's Second International English wordlist)

It has a ' character in it. The ' is not quoted when
/var/cache/dictionaries-common/wordlist.db is created, which renders
that file syntactically invalid perl:

%  perl -cw /var/cache/dictionaries-common/wordlist.db
Substitution pattern not terminated at
/var/cache/dictionaries-common/wordlist.db line 24.

This in turn means that the loaddb() in /usr/sbin/update-default-wordlist
returns an empty list and update-default-wordlist bombs out with

/usr/sbin/update-default-wordlist No wordlist elements installed.

I don't know why debconf-show failed (below). here's the output:

  dictionaries-common/invalid_debconf_value:
  dictionaries-common/ispell-autobuildhash-message:
  dictionaries-common/move_old_usr_dict: true
  dictionaries-common/selecting_ispell_wordlist_default:
* dictionaries-common/default-ispell: american (American English)
* dictionaries-common/default-wordlist: Manual forced (No wordlist elements 
installed)
  dictionaries-common/old_wordlist_link: true
  dictionaries-common/remove_old_usr_dict_link: false

attached is a 'dpkg-reconfigure dictionaries-common' log with
DEBCONF_DEBUG=developer in case that turns out to be useful

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages dictionaries-common depends on:
ii  debconf [debconf-2.0] 1.4.70 Debian configuration management sy
ii  perl  5.8.7-10   Larry Wall's Practical Extraction 

dictionaries-common recommends no packages.

-- debconf-show failed
Script started on Tue 14 Feb 2006 01:45:23 AM EST
starfury:~  env DEBCONF_DEBUG=developer sudo dpkg-reconfigure 
-ftext -plow dict ionaries-common

remove/dictionaries-common: Purging byte-compiled files for flavour emacs21
remove/dictionaries-common: Purging byte-compiled files for flavour xemacs21
debconf (developer): starting /var/lib/dpkg/info/dictionaries-common.config 
reconfigure 0.65.0
debconf (developer): -- VERSION 2.0
debconf (developer): -- 0 2.0
debconf (developer): -- SET dictionaries-common/remove_old_usr_dict_link false
debconf (developer): -- 0 value set
debconf (developer): -- GO
debconf (developer): -- 0 ok
debconf (developer): -- UNREGISTER dictionaries-common/languages
debconf (developer): -- 10 dictionaries-common/languages doesn't exist
debconf (developer): -- UNREGISTER shared/packages-ispell
debconf (developer): -- 0
debconf (developer): -- UNREGISTER shared/packages-wordlist
debconf (developer): -- 0
debconf (developer): -- METAGET shared/packages-ispell owners
debconf (developer): -- 0 iamerican, ibritish
debconf (developer): -- METAGET iamerican/languages default
debconf (developer): -- 0 american (American English)
debconf (developer): -- METAGET ibritish/languages default
debconf (developer): -- 0 british (British English)
debconf (developer): -- METAGET dictionaries-common/default-ispell choices
debconf (developer): -- 0 american (American English), british (British 
English), Manual symlinks setting
debconf (developer): -- INPUT critical dictionaries-common/default-ispell
debconf (developer): -- 0 question will be asked
debconf (developer): -- TITLE Dictionaries-common: Ispell dictionary
debconf (developer): -- 0
debconf (developer): -- GO
Dictionaries-common: Ispell dictionary
--

Because more than one ispell dictionary will be available in your system, please
select the one you'd like applications to use by default.

You can change the default ispell dictionary at any time by running 
select-default-ispell.

  1. american (American English)  3. Manual symlinks setting
  2. british (British English)

Which ispell dictionary should be the system's default? 1
Which ispell dictionary should be the system's default? 
Which ispell dictionary should be the system's default? 1


debconf (developer): -- 0 ok
debconf (developer): -- METAGET shared/packages-wordlist owners
debconf (developer): -- 0 miscfiles, wamerican, wamerican-large, wbritish, 
wbritish-large, wcanadian, wcanadian-large
debconf (developer): -- METAGET miscfiles/languages default
debconf (developer): -- 0 english (Webster's Second International English 
wordlist)
debconf (developer): -- METAGET wamerican/languages default
debconf (developer): -- 0 american (American English)
debconf (developer): -- METAGET wamerican-large/languages default
debconf (developer): -- 0 american-large (American English -- large)
debconf (developer): -- METAGET wbritish/languages default
debconf (developer): -- 0 british (British English)
debconf (developer): -- METAGET wbritish-large/languages

Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails

2005-12-25 Thread Chaskiel Grundman 

On Sat, 24 Dec 2005, Sam Hartman wrote:


Can you reproduce with kvno?

yes. It seems that not DNS, but realm jumping, is the problem:
[EMAIL PROTECTED]:~$ kinit
Password for [EMAIL PROTECTED]:
Warning: Your password will expire in 192 days on Wed Jul  5 11:55:18 2006
[EMAIL PROTECTED]:~$ kvno host/erewhon
host/[EMAIL PROTECTED]: Server not found in Kerberos database while 
getting credentials

[EMAIL PROTECTED]:~$ kvno host/erewhon.squill.dementia.org
host/[EMAIL PROTECTED]: Server not found in 
Kerberos database while getting credentials
[EMAIL PROTECTED]:~$ kvno 
host/[EMAIL PROTECTED]

*** glibc detected *** double free or corruption (fasttop): 0x0804b8e0 ***
Aborted

and it isn't all realm jumping, only some (neither of these realms has 
crossrealm from ANDREW.CMU.EDU):

[EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED]
[EMAIL PROTECTED]: Server not found in Kerberos database while getting 
credentials

[EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED]
*** glibc detected *** double free or corruption (fasttop): 0x0804b890 ***
Aborted


the realm in question doesn't exist in DNS.

It appears that the problem is with realms ending in DEMENTIA.ORG. This 
makes no sense:


[EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED]
[EMAIL PROTECTED]: Server not found in Kerberos database while getting 
credentials

[EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED]
[EMAIL PROTECTED]: Server not found in Kerberos database while getting 
credentials

[EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED]
*** glibc detected *** double free or corruption (fasttop): 0x0804b890 ***
Aborted
[EMAIL PROTECTED]:~$ kinit cg2v
Password for [EMAIL PROTECTED]:
Warning: Your password will expire in 192 days on Wed Jul  5 11:55:18 2006
[EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED]
[EMAIL PROTECTED]: Server not found in Kerberos database while getting 
credentials

[EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED]
[EMAIL PROTECTED]: kvno = 2
[EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED]
[EMAIL PROTECTED]: Server not found in Kerberos database while 
getting credentials




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails

2005-12-23 Thread Chaskiel Grundman 
Package: libkrb53
Version: 1.4.3-4
Severity: important

After the last krb53 update, attempting to authenticate to a host that has no
key (or has once in a realm I can't authenticate to) breaks badly. glibc
detects a double-free, and the ticket cache is corrupted. when libkrb53 
subsuquently tries to use the corrupt ticket cache, it crashes.  I first
noticed the problem with ssh-krb5, but it can be reproduced with the ftp in
krb5-clients:

starfury:~ kinit cg2v
Password for [EMAIL PROTECTED]: 
Warning: Your password will expire in 193 days on Wed Jul  5 11:55:18 2006
starfury:~ ls -l /tmp/krb5cc_1000
-rw---  1 cg2v cg2v 466 2005-12-23 11:49 /tmp/krb5cc_1000
starfury:~ ftp erewhon
Connected to erewhon.
220 erewhon FTP server (Version 6.00+Heimdal 0.6.3+KTH-KRB 1.2.2) ready.
334 Send authorization data.
GSSAPI accepted as authentication type
*** glibc detected *** double free or corruption (fasttop): 0x08070af8 ***
Abort
starfury:~ ls -l /tmp/krb5cc_1000
-rw---  1 cg2v cg2v 4096 2005-12-23 11:49 /tmp/krb5cc_1000
starfury:~ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [EMAIL PROTECTED]

Valid starting ExpiresService principal
12/23/05 11:48:59  12/24/05 11:48:59  krbtgt/[EMAIL PROTECTED]
Segmentation fault


#0  0xe410 in __kernel_vsyscall ()
#1  0xb7b56691 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7b57f5b in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7b8cba7 in __libc_message () from /lib/tls/i686/cmov/libc.so.6
#4  0xb7b93177 in _int_free () from /lib/tls/i686/cmov/libc.so.6
#5  0xb7b93612 in free () from /lib/tls/i686/cmov/libc.so.6
#6  0xb7ce8039 in krb5_free_cred_contents () from /usr/lib/libkrb5.so.3
#7  0xb7ce80c1 in krb5_free_creds () from /usr/lib/libkrb5.so.3
#8  0xb7ce8c5a in krb5_free_tgt_creds () from /usr/lib/libkrb5.so.3
#9  0xb7ce3df7 in krb5_get_credentials () from /usr/lib/libkrb5.so.3
#10 0xb7d24925 in krb5_gss_init_sec_context ()
   from /usr/lib/libgssapi_krb5.so.2
#11 0xb7d288dc in gss_init_sec_context () from /usr/lib/libgssapi_krb5.so.2

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages libkrb53 depends on:
ii  libc6 2.3.5-8GNU C Library: Shared libraries an
ii  libcomerr21.38-2 common error description library

libkrb53 recommends no packages.

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#325350: gnome-panel: workspace-switcher fails to save its configuration

2005-09-04 Thread Chaskiel Grundman 
It appears that wnck-applet saves the number-of-workspaces configuration 
in metacity's preferences, not its own, and relies on the window manager 
to create the workspaces. If you are not running metacity, then you should 
be able to work around this behavior by configuring your window manager to 
create the workspaces. It may be an appropriate fix to remove the 
workspace-creation preference from wnck-applet if metacity is not the 
active window manager.




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#326692: librep9: incorrect platform name results in bad library search path

2005-09-04 Thread Chaskiel Grundman 
Package: librep9
Version: 0.17-11
Severity: important

on i386, rep is built with the platform name i486-pc-linux-gnu while
older reps were built as i386-pc-linux-gnu. The platform name is used to
construct the directory name where native libraries are searched for.
Packages that provide rep libraries, including rep-gtk and sawfish, place
their i386 libraries in /usr/lib/rep/i386-pc-linux-gnu, but rep is
searching for them in /usr/lib/rep/i486-pc-linux-gnu.

This in turn prevents sawfish-ui from working. sawfish-ui displays
the error
*** File error: No such file or directory, gui/gtk-2/gtk
and exits.


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages librep9 depends on:
ii  libc6 2.3.5-6GNU C Library: Shared libraries an
ii  libgdbm3  1.8.3-2GNU dbm database routines (runtime
ii  libgmp3   4.1.4-6Multiprecision arithmetic library
ii  libncurses5   5.4-9  Shared libraries for terminal hand
ii  libreadline5  5.0-10 GNU readline and history libraries
ii  rep   0.17-11lisp command interpreter frontends

librep9 recommends no packages.

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#321025: greylistd: greylistd-setup-exim4 remove breaks exim config files

2005-08-02 Thread Chaskiel Grundman 
Package: greylistd
Version: 0.8.3
Severity: normal

because greylistd-setup-exim4 does not consider conditionals (.ifdef,
etc) to be the beginining of a block, the remove action will break
recent exim configurations which introduce lots of conditionals in the
exim configuration. Possible solutions to this are:

1) add .ifdef to exim4conf_blocks
2) use markers (e.g. # BEGIN GREYLISTD ENTRY #END GREYLISTD ENTRY)
to decide what text to remove instead of knowing what a block is.
3) make greylistd-setup-exim4 aware of the conditional syntax and
preserve conditionals that are not wholly contained in the removed block


*** typescript
Script started on Tue Aug  2 17:14:43 2005
# cp -r /etc/exim4/conf.d/acl /etc/exim4/conf.d/acl.bak
# greylistd-setup-exim4 add
Adding greylistd support to Exim 4 configuration files
/etc/exim4/exim4.conf.template  : OK
/etc/exim4/exim4.conf.template  : OK
...conf.d/acl/30_exim4-config_check_rcpt: OK
...conf.d/acl/40_exim4-config_check_data: OK
Reloading exim4 configuration files
# greylistd-setup-exim4 remove
Removing greylistd support from Exim 4 configuration files
/etc/exim4/exim4.conf.template  : OK
/etc/exim4/exim4.conf.template  : OK
...conf.d/acl/30_exim4-config_check_rcpt: OK
...conf.d/acl/40_exim4-config_check_data: OK
Reloading exim4 configuration files
2005-08-02 17:15:06 Exim configuration error in line 329 of 
/var/lib/exim4/config.autogenerated.tmp:
  .endif without matching .ifdef
Invalid new configfile /var/lib/exim4/config.autogenerated.tmp
not installing /var/lib/exim4/config.autogenerated.tmp to 
/var/lib/exim4/config.autogenerated
invoke-rc.d: initscript exim4, action reload failed.
# diff -u /etc/exim4/conf.d/acl /etc/exim4/conf.d/acl.bak
diff -u /etc/exim4/conf.d/acl/40_exim4-config_check_data 
/etc/exim4/conf.d/acl.bak/40_exim4-config_check_data
--- /etc/exim4/conf.d/acl/40_exim4-config_check_data2005-08-02 
17:15:05.0 -0400
+++ /etc/exim4/conf.d/acl.bak/40_exim4-config_check_data2005-08-02 
17:14:54.0 -0400
@@ -3,6 +3,7 @@
 #
 
 acl_check_data:
+  .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
   deny
 message = Message headers fail syntax check
 !acl = acl_whitelist_local_deny
# exit

Script done on Tue Aug  2 17:15:18 2005


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages greylistd depends on:
ii  debconf [debconf-2.0] 1.4.52 Debian configuration management sy
ii  python2.3.5-2An interactive high-level object-o

Versions of packages greylistd recommends:
ii  exim4 4.52-1 metapackage to ease exim MTA (v4) 

-- debconf information:
  greylistd/restartexim: true
  greylistd/autoconfig_notdone:
* greylistd/autoconfig_notdone_exim4:


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#305298: ssh-krb5: password authentication does not use pam

2005-04-18 Thread Chaskiel Grundman 
Package: ssh-krb5
Version: 3.8.1p1-7
Severity: normal

README.Debian still states
Unfortunately, privilege separation interacts badly with PAM. [...]
and PAM keyboard-interactive authentication won't work.

but that doesn't seem to be true at all. keyboard-interactive
authentication _is_ enabled, and does work with privsep.

Moreover, if an ssh client that does not perform keyboard-interactive
authentication connects to the server, pam is not used for password
validation. 

Even if this is considered appropriate behavior, I would think that it would
merit a mention in NEWS. I will even suggest that not supporting
PasswordAuthentication at all would be better than the current behavior.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: sparc (sparc64)
Kernel: Linux 2.4.27-2-sparc64
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages ssh-krb5 depends on:
ii  adduser 3.63 Add and remove users and groups
ii  debconf 1.4.30.13Debian configuration management sy
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libcomerr2  1.35-6   The Common Error Description libra
ii  libkrb531.3.6-2  MIT Kerberos runtime libraries
ii  libpam-runtime  0.76-22  Runtime support for the PAM librar
ii  libpam0g0.76-22  Pluggable Authentication Modules l
ii  libssl0.9.7 0.9.7e-3 SSL shared libraries
ii  libwrap07.6.dbs-8Wietse Venema's TCP wrappers libra
ii  zlib1g  1:1.2.2-3compression library - runtime

-- debconf information:
* ssh/privsep_tell:
  ssh/insecure_rshd:
  ssh/privsep_ask: true
  ssh/ssh2_keys_merged:
* ssh/user_environment_tell:
* ssh/forward_warning:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: false
  ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: false


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#303753: heimdal-clients: rsh manpage should use alternatives

2005-04-08 Thread Chaskiel Grundman 
Package: heimdal-clients
Version: 0.6.3-8
Severity: minor

rsh.1.gz should use the alternatives mechanism, just like the ftp and
telnet manpages. Otherwise, update-alternatives removes it, which
causes, among other things, reportbug to complain about package integrity
problems.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages heimdal-clients depends on:
ii  krb5-config   1.6Configuration files for Kerberos V
ii  libasn1-6-heimdal 0.6.3-8Libraries for Heimdal Kerberos
ii  libc6 2.3.2.ds1-20   GNU C Library: Shared libraries an
ii  libdb4.2  4.2.52-18  Berkeley v4.2 Database Libraries [
ii  libedit2  2.9.cvs.20040827-1 BSD editline and history libraries
ii  libgssapi1-heimdal0.6.3-8Libraries for Heimdal Kerberos
ii  libhdb7-heimdal   0.6.3-8Libraries for Heimdal Kerberos
ii  libhesiod03.0.2-15.1 Libraries for hesiod, a service na
ii  libkadm5clnt4-heimdal 0.6.3-8Libraries for Heimdal Kerberos
ii  libkadm5srv7-heimdal  0.6.3-8Libraries for Heimdal Kerberos
ii  libkafs0-heimdal  0.6.3-8Libraries for Heimdal Kerberos
ii  libkrb-1-kerberos4kth 1.2.2-11.1 Kerberos Libraries for Kerberos4 F
ii  libkrb5-17-heimdal0.6.3-8Libraries for Heimdal Kerberos
ii  libncurses5   5.4-4  Shared libraries for terminal hand
ii  libotp0-kerberos4kth  1.2.2-11.1 Otp Libraries for Kerberos4 From K
ii  libroken16-kerberos4k 1.2.2-11.1 Roken Libraries for Kerberos4 From
ii  libsl0-kerberos4kth   1.2.2-11.1 Sl Libraries for Kerberos4 From KT
ii  libssl0.9.7   0.9.7e-3   SSL shared libraries

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#298650: cron-apt: error mail does not include apt output

2005-03-08 Thread Chaskiel Grundman 
Package: cron-apt
Version: 0.2.1
Severity: normal

With this configuration:
# grep -v ^# /etc/cron-apt/config | sed '/^$/d'
FILTERCTRLM=true
DIFFONCHANGES=prepend

I get mail every day containing something like this:
Subject: CRON-APT completed on lily [/etc/cron-apt/config]

CRON-APT RUN [/etc/cron-apt/config]: Tue Mar  8 04:00:02 EST 2005
CRON-APT SLEEP: 3267, Tue Mar  8 04:54:29 EST 2005
CRON-APT ACTION: 3-download

the download action _is_ failing, because I have some holds set that
break some dependencies. However, the mail does not include the relevant apt
output.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: sparc (sparc64)
Kernel: Linux 2.4.24-sparc64
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages cron-apt depends on:
ii  apt  0.5.28.1Advanced front-end for dpkg
ii  bash 2.05b-24The GNU Bourne Again SHell
ii  debianutils  2.8.4   Miscellaneous utilities specific t
ii  mailx1:8.1.2-0.20040524cvs-4 A simple mail user agent

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]