Preparation of Debian GNU/Linux 2.2r7
=====================================
An up-to-date version is at http://master.debian.org/~joey/2.2r7/
I am preparing another revision of the stable Debian distribution (r7)
and will infrequently send reports so people can actually comment on
it and intervene whenever this is required.
The plan is to get this revision of Debian GNU/Linux 2.2 (codename
`potato') out at the beginning of July this year (2002). James Troup
still has to give the final approval for each package since he is the
ftpmaster involved with stable revisions. However, I will try to make
his work as easy as possible in the hope to get the next revision out
properly. Thanks for your attention.
This may also be the last version of the 2.2 series, depending on how
well the woody release is making progress.
My requirements for packages to go into stable:
1. The package fixes a security problem. An advisory by our own
Security Team would be quite helpful. I really should make this a
requirement for security uploads.
2. The package fixes a critical bug which can lead into data loss,
data corruption, or an overly broken system, or the package is
broken or not usable (anymore).
3. The stable version of the package is not installable at all due to
broken or unmet dependencies or broken installation scripts.
4. All released architectures have to be in sync.
Packages, which I will most probably reject:
. Package which fix non-critical bugs.
. Misplaced uploads, i.e. packages that were uploaded to 'stable
unstable' or `frozen unstable'.
. Packages for which its binary packages are out of sync with regard
to all supported architectures in the stable distribution.
. Binary packages for which the source got lost somehow.
Accepted packages
-----------------
These packages should be installed into stable and be part of the next
revision.
analog stable 2:5.22-0potato3 alpha, arm, i386, m68k, powerpc, sparc, source
analog updates 2:5.22-0potato4 alpha, arm, i386, m68k, powerpc, sparc, source
DSA 125, backport of 5.22 for security reasons. The advisory
mentions version 5.22-0potato1, though.
apache-common stable 1.3.9-14 alpha, arm, i386, m68k, powerpc, sparc
apache-common updates 1.3.9-14.1 alpha, arm, i386, m68k, powerpc, sparc
apache-dev stable 1.3.9-14 alpha, arm, i386, m68k, powerpc, sparc
apache-dev updates 1.3.9-14.1 alpha, arm, i386, m68k, powerpc, sparc
apache-doc stable 1.3.9-14 all
apache-doc updates 1.3.9-14.1 all
apache stable 1.3.9-14 alpha, arm, i386, m68k, powerpc, sparc, source
apache updates 1.3.9-14.1 alpha, arm, i386, m68k, powerpc, sparc, source
DSA 131
apache-perl stable 1.3.9-13.1-1.21.20000309-1 alpha, arm, i386, m68k, powerpc, sparc, source
apache-perl updates 1.3.9-14.1-1.21.20000309-1 alpha, arm, i386, m68k, powerpc, sparc, source
DSA 133
apache-ssl updates 1.3.9.13-4.1 alpha, arm, i386, m68k, powerpc, sparc, source
DSA 132
cupsys-bsd stable 1.0.4-9 alpha, arm, i386, m68k, powerpc, sparc
cupsys-bsd updates 1.0.4-12 alpha, arm, i386, m68k, powerpc, sparc
cupsys stable 1.0.4-9 alpha, arm, i386, m68k, powerpc, sparc, source
cupsys updates 1.0.4-12 alpha, arm, i386, m68k, powerpc, sparc, source
libcupsys1-dev stable 1.0.4-9 alpha, arm, i386, m68k, powerpc, sparc
libcupsys1-dev updates 1.0.4-12 alpha, arm, i386, m68k, powerpc, sparc
libcupsys1 stable 1.0.4-9 alpha, arm, i386, m68k, powerpc, sparc
libcupsys1 updates 1.0.4-12 alpha, arm, i386, m68k, powerpc, sparc
-10: Security upload: DSA 110, Buffer overflow
-11: More security fixes: more complete patch for attribute
buffer handling and a more correct path validation check to
prevent ".." attacks.
-12: Remove lpd backend for security reasons.
erlang-base stable 49.1-10 all
erlang-base updates 49.1-10.1 all
erlang-erl stable 49.1-10 all
erlang-erl updates 49.1-10.1 all
erlang-java stable 49.1-10 all
erlang-java updates 49.1-10.1 all
erlang stable 49.1-10 i386, powerpc, sparc, source
erlang updates 49.1-10.1 i386, powerpc, sparc, source
Probably from the zlib fuckup
* Non-maintainer upload by the Security Team
* Apply patch for double-free bug to included copy of zlib
ethereal stable 0.8.0-2potato alpha, arm, i386, m68k, powerpc, sparc, source
ethereal updates 0.8.0-3potato alpha, arm, i386, m68k, powerpc, sparc, source
Security upload (backports of 0.9.3) - DSA 130
- asn1.c: fixes zero-length g_malloc that could have caused problems.
- asn1.c: fixes possible buffer overflow.
horde stable 2:1.2.6-0.potato.4 all, source
horde updates 2:1.2.6-0.potato.5 all, source
imp stable 2:2.2.6-0.potato.4 all, source
imp updates 2:2.2.6-0.potato.5 all, source
DSA 126
qpopper stable 2.53-5 alpha, arm, i386, m68k, powerpc, sparc, source
qpopper updates 2.53-7 alpha, arm, i386, m68k, powerpc, sparc, source
Fix a bug that can cause lost data and DoS. (closes:#140784,
#114300) This only affected qpoper-2.23 and before. Thank for
Masaki Ikeda <masaki@orange.co.jp>'s patch.
!!! Not yet verified !!!
sudo stable 1.6.2p2-2.1 alpha, arm, i386, m68k, powerpc, sparc, source
sudo updates 1.6.2p2-2.2 alpha, arm, i386, m68k, powerpc, sparc, source
DSA 128
uucp stable 1.06.1-11potato2 alpha, arm, i386, m68k, powerpc, sparc, source
uucp updates 1.06.1-11potato3 alpha, arm, i386, m68k, powerpc, sparc, source
DSA 129
xsane stable 0.50-5 alpha, arm, i386, m68k, powerpc, sparc, source
xsane updates 0.50-5.1 alpha, arm, i386, m68k, powerpc, sparc, source
DSA 118 - insecure temporary files
Further investigation
---------------------
These packages need further investigation. One reason the package is
listed here could be that I'm not yet convinced this package should go
into stable, but don't want to reject it entirely at the moment.
Another reason could be that released and updated architectures are
not in sync yet.
cfengine-doc stable 1.5.3-6 all
cfengine-doc updates 1.5.3-7 all
cfengine stable 1.5.3-6 arm, i386, m68k, powerpc, sparc, source
cfengine stable 1.5.3-6.0.1 alpha
cfengine updates 1.5.3-7 alpha, arm, i386, m68k, powerpc, sparc, source
Changelog says: fix stat -> lstat in src/image.c, else a
symlink might be followed if we are purging. This is security
bug!
Requires attention from the security team
dns-browse stable 1.6-4 all, source
dns-browse updates 1.6-5 all, source
Changelog says: Fixed dns_tree so that it uses the HOME
directory for cache files (Closes: #146591)
This requires action by the Security Team
freeamp-doc stable 2.0.6-2 all
freeamp-doc updates 2.0.6-2.1 all
freeamp stable 1.3.1-5 m68k, powerpc
freeamp stable 2.0.6-1 arm
freeamp stable 2.0.6-2 alpha, i386, sparc, source
freeamp updates 2.0.6-2.1 i386, sparc, source
libfreeamp-alsa stable 2.0.6-2 alpha, i386, sparc
libfreeamp-alsa updates 2.0.6-2.1 i386, sparc
libfreeamp-esound stable 2.0.6-1 arm
libfreeamp-esound stable 2.0.6-2 alpha, i386, sparc
libfreeamp-esound updates 2.0.6-2.1 i386, sparc
* Non-maintainer upload by the security team
* Apply patch for zlib double-free bug
Looks like a leaf of the zlib disaster
M-ISSING alpha: elmo -u -e -a source -v 2.0.6-2.1 freeamp
listar-cgi stable 0.129a-2.potato1 alpha, arm, i386, m68k, powerpc, sparc
listar-cgi updates 0.129a-2.potato2 alpha, arm, i386, m68k, sparc
listar stable 0.129a-2.potato1 alpha, arm, i386, m68k, powerpc, sparc, source
listar updates 0.129a-2.potato2 alpha, arm, i386, m68k, sparc, source
DSA 123 - covers 0.129a-2.potato1, though. This one adds:
* SECURITY: Applied argv security fixes from the Ecartis tree.
MISSING powerpc
photopc stable 2.1-1 powerpc
photopc stable 2.8-3 arm
photopc stable 3.02-2 alpha, i386, sparc, source
photopc updates 3.02-2 powerpc
Get versions in sync.
MISSING arm
unixcw stable 1.1a-2 arm
unixcw stable 1.1a-5 alpha, i386, source
unixcw updates 1.1a-5 powerpc, sparc
Get package in sync through all architectures.
MISSING arm
vrweb stable 1.5-5 alpha, arm, i386, m68k, powerpc, sparc, source
vrweb updates 1.5-5.1 alpha, i386, powerpc, sparc, source
* Non-maintainer upload by the security team
* Upgrade zlib to 1.1.3 and apply patch for double-free bug
Cleaning bits from the zlib disaster
wmtv stable 0.6.5-2.0.1 sparc
wmtv stable 0.6.5-2potato2 alpha, arm, i386, m68k, powerpc, source
Security Upload, DSA 108, symlink vulnerability
Why the HELL got the sparc package lost?
Looks like the file is there but the database doesn't know about it.
MISSING sparc
zlib-bin stable 1:1.1.3-5 alpha, arm, i386, powerpc, sparc
zlib-bin stable 1:1.1.3-5.0.1 m68k
zlib-bin updates 1:1.1.3-5.1 alpha, arm, i386, powerpc, sparc
zlib1-altdev stable 1:1.1.3-3 sparc
zlib1-altdev stable 1:1.1.3-5 i386
zlib1-altdev stable 1:1.1.3-5.0.1 m68k
zlib1-altdev updates 1:1.1.3-5.1 i386
zlib1g-dev stable 1:1.1.3-5 alpha, arm, i386, powerpc, sparc
zlib1g-dev stable 1:1.1.3-5.0.1 m68k
zlib1g-dev updates 1:1.1.3-5.1 alpha, arm, i386, powerpc, sparc
zlib1g stable 1:1.1.3-5 alpha, arm, i386, powerpc, sparc
zlib1g stable 1:1.1.3-5.0.1 m68k
zlib1g updates 1:1.1.3-5.1 alpha, arm, i386, powerpc, sparc
zlib1 stable 1:1.1.3-3 sparc
zlib1 stable 1:1.1.3-5 i386
zlib1 stable 1:1.1.3-5.0.1 m68k
zlib1 updates 1:1.1.3-5.1 i386
zlib stable 1:1.1.3-5 source
zlib updates 1:1.1.3-5.1 source
DSA 122 - zlib strikes back
MISSING m68k
Rejected packages
-----------------
These packages don't meet the requirements.
dvi2ps-fontdata-a2n stable 1.0-5 all
dvi2ps-fontdata-a2n updates 1.0-7 all
dvi2ps-fontdata-bsr stable 1.0-5 all
dvi2ps-fontdata-bsr updates 1.0-7 all
dvi2ps-fontdata-ja stable 1.0-5 all
dvi2ps-fontdata-ja updates 1.0-7 all
dvi2ps-fontdata-n2a stable 1.0-5 all
dvi2ps-fontdata-n2a updates 1.0-7 all
dvi2ps-fontdata-ptexfake stable 1.0-5 all
dvi2ps-fontdata-ptexfake updates 1.0-7 all
dvi2ps-fontdata-rrs stable 1.0-5 all
dvi2ps-fontdata-rrs updates 1.0-7 all
dvi2ps-fontdata-rsp stable 1.0-5 all
dvi2ps-fontdata-rsp updates 1.0-7 all
dvi2ps-fontdata-tbank stable 1.0-5 all
dvi2ps-fontdata-tbank updates 1.0-7 all
dvi2ps-fontdata-three stable 1.0-5 all
dvi2ps-fontdata-three updates 1.0-7 all
Misplaced upload to 'stable unstable'
efingerd stable 1.3 alpha, arm, i386, m68k, powerpc, sparc, source
efingerd updates 1.3.2 alpha, arm, i386, m68k, powerpc, sparc, source
Alleged security update, .1 and .2 are broken, though.
Joey is discussion the issue with the maintainer.
jtex-base stable 1.8-6 all, source
jtex-base updates 1.8-7 all, source
Misplaced upload, stable+unstable
rsync stable 2.3.2-1.2 alpha, arm, i386, m68k, powerpc, sparc
rsync updates 2.3.2-1.3 alpha, arm, i386, m68k, powerpc, sparc
DSA 106
Broken packages, hence rejecting
Disclaimer
----------
This list intends to help the ftp-masters releasing 2.2r7. They have the
final power to accept a package or not. If you want to comment on
this list, please send a mail to Martin Schulze <joey@debian.org>.
--
Every use of Linux is a proper use of Linux. -- John "Maddog" Hall
Please always Cc to me when replying to me on the lists.
Attachment:
pgpIhPCxhbEDH.pgp
Description: PGP signature