Preparation of Debian GNU/Linux 2.2r5
=====================================
Up-to-date version on http://master.debian.org/~joey/2.2r5/
I am preparing 2.2r5 and will send reports so people can actually
comment on it. The plan is to get this revision of Debian GNU/Linux
2.2 (codename `potato') it out within the first week of January 2002.
James Troup will have to give the final approval for each package.
However, I will try to make his work as easy as possible in the hope
to get the next revision out properly. Thanks for your attention.
My requirements for packages to go into stable:
1. The package fixes a security problem. An advisory by our own
Security Team would be quite helpful.
2. The package fixes a critical bug which can lead into data loss,
data corruption or an overly broken system.
3. The stable version of the package is not installable at all due to
broken or unmet dependencies or broken installation scripts
4. The package gets all architectures in stable in sync.
5. All released architectures have to be in sync.
Packages which I will most probably reject:
. Package which fix non-critical bugs
. Misplaced uploads, i.e. packages that were uploaded to 'stable
unstable' or `frozen unstable'
. Packages for which its binary packages are out of sync wrt. our
different architectures.
. Binary packages for which the source got lost somehow
Accepted packages
-----------------
These packages should be installed into stable and be part of the next
revision.
bb stable 1.2-9 i386, powerpc
bb stable 1.2-9.0.1 alpha
bb updates 1.2-9 sparc
Package was missing from stable.
catsboot updates 0.2.2 arm
Boot glue for ARM CATS systems
Required on some ARM systems
current stable boot-floppies Build-Depend on it.
freewnn-common stable 1.1.0+1.1.1-a016-1 all
freewnn-common updates 1.1.0+1.1.1-a016-1.potato.3 all
freewnn-cserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-cserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-cserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-cserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc
* [security fix] backport from freewnn 1.1.0+1.1.1-a017-6.4
- adduser wnn, kwnn, cwnn for jserver,kserver,cserver respectively
instead of running as root user
- restrict upload/create path under jserver_dir
The 2nd upload is required to make the package installable
*sigh* At least, it is proved to be tested now...
imp stable 2:2.2.3-0.potato.4 all
imp updates 2:2.2.6-0.potato.3 all
DSA 073, though it mentioned imp 2.2.6-0.potato.1
The maintainer, Ola Lundqvist, commented:
"The potato.1 version (the real security fix) was broken. :(
I uploaded it too fast, without testing the postgres part. It also
had some other minor issues because I forgot to apply one patch.
So if any new packages of horde and imp should go to a new revision
only the latest version should go there (from proposed-updates)."
.4: SECURITY FIX, backport from 2.2.7, closes: #118986
kernel-image-2.2.19-netwinder stable 20010414 arm
kernel-image-2.2.19-netwinder updates 20011103 arm
kernel-image-2.2.19-riscpc stable 20010414 arm
kernel-image-2.2.19-riscpc updates 20011109 arm
kernel-patch-2.2.19-arm stable 20010414 all
kernel-patch-2.2.19-arm updates 20011109 all
Rebuilt with current kernel that has security fixes
incorporated, was supposed for 2.2r4 but uploaded too late.
ARM 20011109: Build against kernel-source 2.2.19.1-2 and latest ARM patch.
ssh-askpass-gnome stable 1:1.2.3-9.3 alpha, arm, i386, m68k, powerpc, sparc
ssh-askpass-gnome updates 1:1.2.3-9.4 alpha, arm, i386, m68k, powerpc, sparc
ssh-askpass-ptk stable 1:1.2.3-9.3 all
ssh-askpass-ptk updates 1:1.2.3-9.4 all
ssh stable 1:1.2.3-9.3 alpha, arm, i386, m68k, powerpc, sparc
ssh updates 1:1.2.3-9.4 alpha, arm, i386, m68k, powerpc, sparc
Security Fix, DSA 091
postfix stable 0.0.19991231pl11-1 alpha, arm, i386, m68k, powerpc, sparc
postfix updates 0.0.19991231pl11-2 alpha, arm, i386, m68k, powerpc, sparc
* Fix 'smtpd command log memory exhaustion' problem.
* Fix dhelp dangling symlink problem. Closes: #91877, #97332.
* Rebuild on current potato. Closes: #102388, #99220.
Security Fix: DSA 093
xtel stable 3.2.1-4 alpha, arm, i386, m68k, powerpc, sparc
xtel updates 3.2.1-4.potato.1 alpha, arm, i386, m68k, powerpc, sparc
* New maintainer
* Security fixes:
- symlink vulnerability in xteld (see #87787).
- symlink vulnerability in xtel while printing harcopy of screen.
- run xteld under control of tcpd to be able to restrict access to the
service from network.
* Backport of annoying and easy to fix bugs from woody version of xtel:
- Fixed segfaults (see #43566).
- Fixed a little typo in the /etc/xtel/lignes file.
- Fixed creation of the symlink to french doc directory (see #55131).
* Other annoying fixes:
- bad X resource in Xtel[m].ad (missing '-o -' in a2ps printing command).
DSA 090
Further investigation
---------------------
These packages need further investigation. One reason the package is
listed here could be that I'm not yet convinced this package should go
into stable, but don't want to reject it entirely at the moment.
Another reason could be that released and updated architectures are
not in sync yet.
apache stable 1.3.9-13.2 alpha, arm, i386, m68k, powerpc, sparc
apache testing 1.3.19-1 alpha, arm, i386, m68k, powerpc, sparc
apache unstable 1.3.19-1 hurd-i386
apache unstable 1.3.20-1.1 alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sh, sparc
apache updates 1.3.9-14 alpha, arm, i386, m68k, powerpc, sparc
* Non-maintainer upload on behalf of Simon Huggins <huggie@earth.li>
* Applied patch from Martin Kraemer to fix mod_negotiation bug to prevent
revealing of directory contents.
This looks like a half security update, right?
DSA 067-1 is a broken security upload and requires an update. [further]
bwbasic stable 2.20pl2-3 alpha, i386, m68k, powerpc
bwbasic stable 2.20pl2-3.1 sparc
bwbasic updates 2.20pl2-3.2 arm, m68k, powerpc, sparc
* New maintainer.
* Recompile. Due to strange interactions with libc6, functions
weren't interpreted, and the package was practically unusable.
Closes: #108924.
MISSING alpha
MISSING i386
icecast-server stable 1.0.0-1 alpha, arm, i386, m68k, powerpc, sparc
icecast-server updates 1.3.10-1 alpha, arm, m68k, powerpc, sparc
icecast-server updates 1.3.10-1.1 i386
Alleged security update.
Changelog says:
* Several security exploits found to icecast. No simple way to patch
* old version, so upgrade to latest stable version from icecast.org
* If questions or assistance needed join #icecast on openprojects.net IRC
Do you have a documentation about said security exploits?
That's still pending
Is it something different than this one?
"icecast" is a server used to distribute audio streams to
compatible clients such as winamp, mpg123, xmms and many
others. Matt Messier (mmessier@prilnari.com) and John Viega
(viega@list.org) have identified several buffer overflow and
format strings problems in Icecast that could be remotely
exploited.
Our latest update to this software changes the package to use
an unprivileged user ("icecast") for the daemon, so the impact
of this vulnerability is not as high. Recent distributions (CL
>= 5.1) have this package compiled with StackGuard to make it
more difficult to exploit buffer overflows.
It's said to be.
Clarification appreciated.
To make it worse, there is now Version: 1.3.10-1.1
* Binary-only recompile by security team
* Rebuild with potato libc6
inn2-dev updates 2.2.2.2000.01.31-4.1 arm
inn2-dev updates 2.2.2.2000.01.31-5 alpha, i386, m68k, sparc
inn2-inews updates 2.2.2.2000.01.31-4.1 arm
inn2-inews updates 2.2.2.2000.01.31-5 alpha, i386, m68k, sparc
inn2 updates 2.2.2.2000.01.31-4.1 arm
inn2 updates 2.2.2.2000.01.31-5 alpha, i386, m68k, sparc
task-news-server updates 2.2.2.2000.01.31-5 all
Security Update, DSA 023 [further]
Bdale reports a serious problem with this upload, it broke
some functionality. He's going to upload a fixed version, so
this will have to wait for 2.2r5 (formerly 2.2r4) then. Fixed
for 2.2.2.2000.01.31-5.
MISSING arm
MISSING powerpc
mailman stable 1.1-8 alpha, arm, i386, m68k, powerpc, sparc
mailman updates 1.1-10 i386
Security Fix? Related to DSA 094?
Changelog for 1.1-9:
* Cross site scripting (CSS) fixes, backported from Mailman 2.0.8.
* Support list names with spaces in them.
Changelog for 1.1-10:
* Add missing paranthesis in Mailman/Cgi/edithtml.py, line 88
MISSING alpha
MISSING arm
MISSING m68k
MISSING powerpc
MISSING sparc
man2html stable 1.5-23 alpha, arm, i386, m68k, powerpc, sparc
man2html updates 1.5-23.1 i386, m68k, powerpc
* Recompiled with correct CGIBASE to avoid bad links; closes: #104474.
Grave bug, warrants inclusion into stable.
MISSING alpa
MISSING arm
MISSING sparc
nedit updates 1:5.1.1-3 alpha, arm, i386, m68k, powerpc
nedit is now Free Software.
MISSING sparc
telnetd stable 0.16-4 alpha
telnetd stable 0.16-4potato.1 arm, i386, m68k, powerpc, sparc
telnetd updates 0.16-4potato.3 arm, i386, powerpc
telnet stable 0.16-4 alpha
telnet stable 0.16-4potato.1 arm, i386, m68k, powerpc, sparc
telnet updates 0.16-4potato.3 arm, i386, powerpc
Changelog says:
* Fixed same overflow with minimal change.
DSA 070 mentioned version 0.16-4potato.2 [further]
MISSING alpha
MISSING m68k
MISSING sparc
ldap-rfc stable 1:1.2.12-1 all
ldap-rfc updates 1:1.2.12-2 all
libopenldap-dev stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
libopenldap-dev updates 1:1.2.12-2 i386
libopenldap-runtime stable 1:1.2.12-1 all
libopenldap-runtime updates 1:1.2.12-2 all
libopenldap1 stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
libopenldap1 updates 1:1.2.12-2 i386
openldap-gateways stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
openldap-gateways updates 1:1.2.12-2 i386
openldap-utils stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
openldap-utils updates 1:1.2.12-2 i386
openldapd stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc
openldapd updates 1:1.2.12-2 i386
Minor bugfix:
* Include backport of billion second bug.
MISSING alpha
MISSING arm
MISSING m68k
MISSING powerpc
MISSING sparc
php4-cgi-gd updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi-gd updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-cgi-imap updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi-imap updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-cgi-ldap updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi-ldap updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-cgi-mhash updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi-mhash updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-cgi-mysql updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi-mysql updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-cgi-pgsql updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi-pgsql updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-cgi-snmp updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi-snmp updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-cgi-xml updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi-xml updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-cgi updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-cgi updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-dev updates 4.0.3pl1-0potato2 all
php4-gd updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-gd updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-imap updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-imap updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-ldap updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-ldap updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-mhash updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-mhash updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-mysql updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-mysql updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-pgsql updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-pgsql updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-snmp updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-snmp updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4-xml updates 4.0.3pl1-0potato1.1 alpha, sparc
php4-xml updates 4.0.3pl1-0potato2 i386, m68k, powerpc
php4 updates 4.0.3pl1-0potato1.1 alpha, sparc
php4 updates 4.0.3pl1-0potato2 i386, m68k, powerpc
Security Update (DSA 020 mentions 4.0.3pl1-0potato1.1) [further]
Roland Bauerschmidt reports "php4-cgi broken". Look at
#89431. /usr/lib/cgi-bin/php4 is a symlink to
debian/php4-cgi/usr/bin/php4 which of course doesn't exist.
MISSING alpha
MISSING sparc
ecpg stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
ecpg updates 6.5.3-27 arm, i386, m68k, powerpc
libpgperl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
libpgperl updates 6.5.3-27 arm, i386, m68k, powerpc
libpgsql2 stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
libpgsql2 updates 6.5.3-27 arm, i386, m68k, powerpc
libpgtcl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
libpgtcl updates 6.5.3-27 arm, i386, m68k, powerpc
odbc-postgresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
odbc-postgresql updates 6.5.3-27 arm, i386, m68k, powerpc
pgaccess stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
pgaccess updates 6.5.3-27 arm, i386, m68k, powerpc
postgresql-client stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-client updates 6.5.3-27 arm, i386, m68k, powerpc
postgresql-contrib stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-contrib updates 6.5.3-27 arm, i386, m68k, powerpc
postgresql-dev stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-dev updates 6.5.3-27 arm, i386, m68k, powerpc
postgresql-doc stable 6.5.3-26 all
postgresql-doc updates 6.5.3-27 all
postgresql-pl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-pl updates 6.5.3-27 arm, i386, m68k, powerpc
postgresql-test stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql-test updates 6.5.3-27 arm, i386, m68k, powerpc
postgresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
postgresql updates 6.5.3-27 arm, i386, m68k, powerpc
python-pygresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc
python-pygresql updates 6.5.3-27 arm, i386, m68k, powerpc
* postgresql: applied patch from Ben Pfaff <pfaffben@msu.edu> to cure
problem with segfault in pg_dump. High urgency because pg_dump is
essential for transferring data when upgrading postgresql.
Closes: #101940
No security update but something that is anticipated to
prevent data loss, I'm convinced.
MISSING alpha
MISSING sparc
ssh-askpass-nonfree stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc
ssh-askpass-nonfree updates 1.2.27-6.2 alpha, i386, m68k, powerpc, sparc
ssh-nonfree stable 1.2.27-3 m68k
ssh-nonfree stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc
ssh-nonfree updates 1.2.27-6.2 alpha, i386, m68k, powerpc, sparc
ssh-socks stable 1.2.27-3 m68k
ssh-socks stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc
ssh-socks updates 1.2.27-6.2 alpha, i386, m68k, powerpc, sparc
* Urgency high because this addresses a well-known vulnerability which
is being exploited.
* Add security fixes from -7.
* Add build-depends.
* Remove client's setuid bit; people who need it can turn it back on,
and everyone else will be safer.
MISSING arm
tkseti stable 2.10-1 arm
tkseti stable 2.12-1 powerpc
tkseti stable 2.12-2 alpha, i386, sparc
tkseti updates 2.12-2 arm
Get versions back in sync.
MISSING powerpc
wu-ftpd-academ stable 2.6.0-5.3 all
wu-ftpd-academ updates 2.6.0-6 all
wu-ftpd stable 2.6.0-5.3 alpha, arm, i386, m68k, powerpc, sparc
wu-ftpd updates 2.6.0-6 alpha, i386, m68k, powerpc, sparc
Security upload, DSA 087
MISSING arm
xxgdb stable 1.12-9.3 alpha, arm, i386, m68k, powerpc, sparc
xxgdb updates 1.12-9.4potato i386, m68k, powerpc
* Applied a patch from Massimo Dal Zotto <dz@cs.unitn.it>. This is a
workaround for a serious bug (#94892) in libXaw.
Seems this bug makes xxgdb useless in stable
MISSING alpha
MISSING arm
MISSING sparc
yabasic stable 2.42-1 arm
yabasic stable 2.53-1 alpha, i386, m68k, powerpc, sparc
yabasic updates 2.53-2 arm, m68k, powerpc, sparc
* New maintainer.
* yabasic.c: Fixed a /tmp race condition.
* Completed the FHS transition to allow building with a recent
debhelper. Closes: #98875.
No DSA assigned, maintainer, please get in touch with the
Security Team
MISSING alpha
MISSING i386
Rejected packages
-----------------
These packages don't meet the requirements.
dvi2ps-fontdata-a2n stable 1.0-5 all
dvi2ps-fontdata-a2n updates 1.0-6 all
dvi2ps-fontdata-bsr stable 1.0-5 all
dvi2ps-fontdata-bsr updates 1.0-6 all
dvi2ps-fontdata-ja stable 1.0-5 all
dvi2ps-fontdata-ja updates 1.0-6 all
dvi2ps-fontdata-n2a stable 1.0-5 all
dvi2ps-fontdata-n2a updates 1.0-6 all
dvi2ps-fontdata-ptexfake stable 1.0-5 all
dvi2ps-fontdata-ptexfake updates 1.0-6 all
dvi2ps-fontdata-rrs stable 1.0-5 all
dvi2ps-fontdata-rrs updates 1.0-6 all
dvi2ps-fontdata-rsp stable 1.0-5 all
dvi2ps-fontdata-rsp updates 1.0-6 all
dvi2ps-fontdata-tbank stable 1.0-5 all
dvi2ps-fontdata-tbank updates 1.0-6 all
dvi2ps-fontdata-three stable 1.0-5 all
dvi2ps-fontdata-three updates 1.0-6 all
Misplaced upload to 'stable unstable'
groff stable 1.15.2-2 alpha, arm, i386, m68k, powerpc, sparc
groff updates 1.15.2-3 i386
Changelog says:
* Use lpr as the print spooler, even if it happens not to be
installed on the build system. Version 1.15.2-2 broke 'groff
-l', which worked with previous versions of groff in stable
(thanks, Mike Fontenot).
Since I can't even find a single bug report that says 'groff
-l' is broken in stable, I guess it will only be used on
accident. Hence, I don't think this justifies an update to stable.
MISSING alpha
MISSING arm
MISSING m68k
MISSING powerpc
MISSING sparc
roxen-doc stable 1.3.122-13 all
roxen-doc updates 1.3.122-22 all
roxen-ssl stable 1.3.122-13 all
roxen-ssl updates 1.3.122-22 all
roxen stable 1.3.122-11 arm
roxen stable 1.3.122-13 alpha, i386, m68k, sparc
roxen updates 1.3.122-22 i386
Misplaced upload:
Distribution: stable unstable
* Dropping the 'task-webserver-roxen2' package...
* Updating config.{sub|guess} Closes: #111546
Disclaimer
----------
This list intends to help the ftp-masters releasing 2.2r5. They have the
final power to accept a package or not. If you want to comment on
this list, please send a mail to Martin Schulze <joey@debian.org>.
--
All language designers are arrogant. Goes with the territory...
-- Larry Wall
Please always Cc to me when replying to me on the lists.
Attachment:
pgp1nzBn_2s2V.pgp
Description: PGP signature