The Hamm Bugs Stamp-Out List for 1998-06-08
Major changes since the previous list:
- Bdale Garbee took over bind and fixed its bugs. (3 down)
- The ircii license issue was resolved. (2 can be closed)
- Many packages were moved from Incoming into the archive. (3 down,
5 more can be closed)
- Bugs #23092 and #23216 apply only to versions in slink,
and were removed from this list. (2 down)
- xinetd was taken by Norbert Veber, who fixed one of its
release-critical bugs. (1 down)
- Joost Kooij has created a non-maintainer release of dwww and
has offered it to the testing group.
In the mean time, new bugs have been reported for apache, smail,
and xlib6g. The smail one has already been fixed.
Richard Braakman
------------------------------------------------------------------------------
Tue, 9 Jun 1998 00:27:07 GMT: 105 release-critical bugs in hamm.
Package: afbackup
Maintainer: Christian Meder <meder@isr.uni-stuttgart.de>
23250 afbackup: insecure use of /tmp/*$$*
Package: apache
Maintainer: Johnie Ingram <johnie@debian.org>
23221 apache: wrong perl path in apxs
23277 apache: should conflict with php3 (<= 3.0rc4-2)
Package: bitchx
Maintainer: Johnie Ingram <johnie@debian.org>
22980 bitchx: Bitchx is "non-free"
[FIX] The ircii license issue has been resolved.
Package: boot-floppies
Maintainer: Enrique Zanardi <sr1-boot-floppies@debian.org>
23167 uncaught error in unpacking modules
Package: bootdisk (pseudo)
Maintainer: Maintainer Group <sr1-boot-floppies@debian.org>
20779 Debian 2.0 won't boot of a hard disk after install
[STRATEGY] Enrique: "This is a hardware-specific bug too. I have asked
the submitter to try to install after disabling the 128KB cache
as stated in the docs (he has a Cyrix CPU). He is going to try it
and will report back."
23171 PCMCIA modules don't match kernel version on boot disks
[STRATEGY] Luis Francisco Gonzalez: "This bug is not in the
boot-floppies. The idea was to make sure we knew that there
is need to wait for the new pcmcia-packages but the bug is
in those packages as we only use the standard
kernel/pcmcia-modules."
Package: crafty
Maintainer: olet@debian.org (Ole J. Tetlie)
22493 crafty is not DFSG free software
[FIX] install crafty 14.11-3 in Incoming, which goes to non-free, and
remove the version from main.
Package: cwnn
Maintainer: Keita Maehara <maehara@debian.org>
20539 Overlap between cwnn, wnn, and kwnn
[FIX] install wnn 4.2-4, which is currently in Incoming.
Package: dhcp
Maintainer: Rich Sahlender <rsahlen@debian.org>
23087 dhcp stopped working after upgrade
Package: dhcp-client-beta
Maintainer: Christoph Lameter <clameter@fuller.edu>
[FIX] Handle bug#22757 ("remove dhcp-client-beta from hamm") reported to
ftp.debian.org.
18322 dhclient-script problem with "EXPIRE"
19767 dhcp-client-beta has no /usr/doc directory
Package: dpkg
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
1797 upgrade/downgrade dependency calculation problem
5639 URGENT - dpkg ignored predependency versions when downgradi
6842 dpkg lets installation break another package
6843 dpkg ignores its own dependency
7956 dpkg allows package downgrade to violate predependency
17624 dpkg: installs regular dir when .deb contains symlink !
20250 Overlapping files in glut-doc and glut-data.
21182 dpkg: dpkg can go into an infinite loop with --force-config
21183 dpkg can go into an infinite loop with --force-configure-an
22940 dpkg stops after just 20 errors
Package: dpkg-dev
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
20776 dpkg-dev: dpkg-dev does not use emacsen-commen method of in
21186 dpkg-dev: dpkg-dev has a file also provided in dpkg
Package: dpkg-python
Maintainer: Klee Dienes <klee@debian.org>
23059 .py files must not install files into /usr/lib/python
[FIX] Fixing this would break other packages in hamm. Gregor Hoffleit
(python maintainer) said he would change the severity level of
the bug to 'normal'. Matthias Klose will fix it in slink.
Package: dwww
Maintainer: Jim Pick <jim@jimpick.com>
[FIX] Handle bug#22635, "please remove dwww from hamm/frozen", reported
to ftp.debian.org.
[STRATEGY] Joost Kooij has created a non-maintainer release of dwww and
has offered it to the testing group.
16212 dwww: dwww tries to update-menus every day
22018 dwww: can't find _anything_
Package: file-rc
Maintainer: Martin Schulze <joey@debian.org>
23057 file-rc: rcS fails to complete startup
Package: ftp.debian.org (pseudo)
Maintainer: Guy Maor <ftpmaster@debian.org>
16652 javalex: bad dependencies
21819 sinuskey-login: libc5 version in hamm!
21938 xarchie is not DFSG free software
22390 Please move slink gcc packages to frozen
[FIX] This bug can be closed; it is obsolete since gcc 2.7.2.3-4.3 has
been installed in hamm.
22417 Please move premail to contrib.
22438 binkd: libc5 package in hamm
22490 two versions of base_passwd in hamm
22548 jdk1.1-docdemo: obsolete?
22554 ftp.deb.org: ssg-dev still here
22635 ftp.debian.org: Please remove dwww from hamm/frozen
22757 ftp.debian.org: remove dhcp-client-beta from hamm
22808 ftp.debian.org: pine396-src and pine396-diffs
22832 ftp.debian.org: m68k Packages files not being updated
22885 ftp.debian.org: files to be removed
22939 Please remove old unixcw in hamm/main
22978 Please move ircii from main to non-free
23034 Remove cxhextris from binary-powerpc
23108 ftp.debian.org: Please move sniffit from main to non-free
Package: gcc
Maintainer: Galen Hazelwood <galenh@micron.net>
Ray Dassen is non-maintaining gcc, with help from Matthias Klose.
23123 gcc creates lots of empty files in /tmp
[HELP] Ray: "I'm currently very limited in time available for Debian work."
[STRATEGY] Ray: "The modifications introduced in -4.4 were security
improvements preventing a symlink attack (based on gcc making
predictable tempfiles). The current solution uses mkstemp(3)
which is secure. mkstemp(3) opens the tempfile immediately (so
there's no race condition). All tempfile names are now
individually generated (using the %g directive in gcc's specs
(gcc/gcc.c)) and marked for deletion on completion (using the %d
directive). My current guess is that the %g-generated tempfile
names aren't included in the list of file to be deleted."
(Note that this bug probably applies to egcs and altgcc as well)
Package: gstep-make (i386 contrib)
Maintainer: Gregor Hoffleit <flight@debian.org>
22328 gstep-make configuration / gstep-* new versions
[FIX] This has been fixed by the gstep-* 0.5.0.980520-1 versions, which
have been installed in hamm.
Package: hwtools
Maintainer: Siggy Brentrup <bsb@debian.org>
21288 hwtools: irqtune should be in /usr/sbin, or rc.boot script
Package: ircii
Maintainer: Bernd Eckenfels <ecki@debian.org>
21683 ircii: ircii is non-free!
[FIX] The ircii license issue has been resolved :)
Package: kdeadmin (i386 contrib)
Maintainer: Stephan Kulow <coolo@kde.org>
[FIX] Bug #22233 to ftp.debian.org requests removal of this package
from hamm and slink.
22060 kuser removes all passwords and disables root account
Package: kterm
Maintainer: Yoshiaki Yanagihara <yochi@debian.or.jp>
23209 kterm needs to have xterm's security patch applied.
Package: libc5-dbg
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>
21039 ftp.debian.org: libc5-dbg probably shouldn't be in frozen
[FIX] Dale Scheetz: "While this should be cleaned up, it represents
no problem for the release, as dselect and friends will not try to
install it." (Also see #19347)
Package: libc5-dev (m68k main)
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>
19347 libc5-dev: no-copyright-file LI#82
Dale Scheetz: "This appears to only apply to the m68k version, so it
is probably only a symlink missing, as the dev package has the same
copyright as the runtime."
(I think what happened here is that libc5-dev got removed from hamm
at freeze time, but only from the i386 tree.)
[STRATEGY] I have a non-maintainer release for libc5 ready, which does
not generate the packages libc5-dev and libc5-dbg. That
will allow libc5-dev and libc5-dbg to be removed from
the archive. It will fix #21039 as well as this one.
Package: libc6
Maintainer: Dale Scheetz <dwarf@polaris.net>
20714 Current libc6 is a beta.
[STRATEGY] "Depending on Ulrich's schedule we may have to release with
a beta version. I am working currently from the CVS archive,
and will soon be able to produce a package from the latest
upstream patches. At some point we will need to bite the
bullet and release the best library we have a that time."
20799 getgrnam does not return when group name does not exist
[HELP] "This has been worked on. If someone could test the -pre3-1
release in unstable and verify it as fixed, we can probably
close this one."
22626 netbase: bugtraq says: RPC services are subject to Denial o
[HELP] "This has also been worked on upstream and needs some testing."
22790 libc6: login(3) does not reuse dead entries
[STRATEGY] "This one is fixed in my current, unreleased version,
coming soon ;-)"
Package: libc6-dev
Maintainer: Dale Scheetz <dwarf@polaris.net>
[HELP] Dale Scheetz: "I have not had a chance to even read these
reports yet. Some outside help determining what should, or
shouldn't change would be helpful here."
(My translation: send him patches :-)
19797 libc6-dev: use of /tmp/*$$ in an insecure fashion
21884 libc6-dev: relative links between top-level dirs
Package: libdb1-dev (alpha main)
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>
[FIX] Handle bug#23245 to ftp.debian.org, which requests removal of libdb
from hamm.
19351 libdb1-dev: no-copyright-file LI#86
Package: libpaper
Maintainer: Marco Pistore <pistore@di.unipi.it>
22942 libpaper depends on libpaperg
[HELP] The maintainer asked for advice on debian-devel. Details are
in the archive for this bug report.
Package: libreadline2
Maintainer: Guy Maor <maor@debian.org>
22941 libreadline2 depends on libc6
Package: libreadlineg2
Maintainer: Guy Maor <maor@debian.org>
23035 bash: Not 8-bit clean.
Package: libssl08 (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
23169 libssl08 hangs while waiting randomness from /dev/random
[STRATEGY] "For the solution: I have to exchange /dev/random with
/dev/urandom and recompile."
Package: lilo
Maintainer: Bernd Eckenfels <ecki@debian.org>
19821 lilo: liloconfig doesn't make the system bootable
[STRATEGY] "AFAIK this Bug was in the old boot-floppies, I can't
reproduce it. If nobody objects I will close it."
Package: login
Maintainer: Guy Maor <maor@debian.org>
22191 login: does not chown /dev/vcs* anymore
Package: lpr
Maintainer: Adam Klein <aklein@debian.org>
22837 lpd dies without trace (severe!)
Package: modutils
Maintainer: Wichert Akkerman <wakkerma@debian.org>
22612 modutils package is difficult to upgrade from bo
[HELP] Need people to upgrade from bo machines, try to reproduce.
Wichert: "I can't reproduce that one. I found a glitch in the
postinst though which I fixed. I guess I have to wait for some
people to upgrade more bo machines to check if it works."
Package: msqld (i386 non-free)
Maintainer: Martin Schulze <joey@debian.org>
23081 msqld: SECURITY: msqld does not preserve permissions on /et
Package: nonus.debian.org (pseudo)
Maintainer: Sven Rudolph <sr1@inf.tu-dresden.de>
This is being maintained by Heiko Schlittermann <heiko@lotte.sax.de>.
15764 ftp.debian.org: Non-US Packages files are broken
18572 nonus.debian.org: remove des-solnet_1.03-5.deb
18785 nonus.debian.org: incoming backlog
20773 nonus.debian.org: please remove gnupg from frozen
21423 Dpkg-ftp can't handle alternative distributions
[HELP] Yann Dirson: "This used to work until some date I don't know
exactly. I guess that non-us has changed the paths they use
in the Packages file." (more info, and workaround, in the bug
entry itself)
(Bug has been reassigned from dpkg-ftp to nonus.debian.org)
22287 nonus.debian.org with incorrect layout
Package: p2c
Maintainer: Andrew Howell <andrew@it.com.au>
[HELP] This package is orphaned.
Andrew: "Already tried to get rid of this package 3 times,
the last 2 or 3 releases have been not by me. I don't have time
at present to work on packages. This bug wouldn't exist with
my version of the package as I never created shared library
for it when I had it :)"
21036 p2c: depends on libp2c1 which seems to have been fed to the
Package: p3nfs
Maintainer: cmchow@se.cuhk.edu.hk (Billy C.-M. Chow)
[HELP] Mail to the maintainer address bounced.
21488 p3nfs: still linked with libc5
Package: passwd
Maintainer: Guy Maor <maor@debian.org>
21275 passwd: useradd violates base-passwd's rules
Package: perl
Maintainer: Darren Stalder <torin@daft.com>
19805 perl: use of /tmp/*$$ in an insecure fashion
[FIX] This has been fixed by perl 5.004.04-6, which has been installed
in hamm.
Package: premail (i386 non-free)
Maintainer: Karl Sackett <krs@debian.org>
15680 Insecure /tmp file usage
[FIX] Install premail 0.45-4, currently in Incoming.
Package: python-dev
Maintainer: Gregor Hoffleit <flight@debian.org>
23168 Error in Python's Makefile.pre.in
[STRATEGY] "I'm currently evaluating one of the following solutions:
a) Again, only provide the upstream Makefile.pre.in. This won't make
life easier for users who don't want to build Debian packages,
but want to install the extension locally in /usr/local.
b) Provide both the upstream Makefile.pre.in for building Debian
packages and a modified Makefile-local.pre.in for installing
extensions locally.
c) Fix the problem in the modified Makefile.pre.in and provide both
a boot as well as a boot-deb target for preparing extensions for
local installation as well as for Debian packaging."
[HELP] "Feedback wanted!"
Package: python-doc
Maintainer: Gregor Hoffleit <flight@debian.org>
22944 python-doc in hamm refers to an ancient version of python
[FIX] This has been fixed by python-doc 1.5.1-2, which has been installed
in hamm.
Package: rat
Maintainer: Chu-yeon Park <kokids@doit.ajou.ac.kr>
21935 rat is not free software
[FIX] Install rat 3.0.23-1, currently in Incoming, which moves it from
main to non-free.
Package: sinuskey-login
Maintainer: Skuli Davidsson <skuli@hi.is>
21446 sinuskey-login: depends on libc5 but doesn't report that
Package: smail
Maintainer: Soenke Lange <soenke@escher.north.de>
23218 Smail refuses to configure on dynamic-IP machine
23294 Smail 3.2.0.101-4.3 *important* typo in smailconfig
[FIX] This has been fixed in smail 3.2.0.101-4.4, which is already in hamm.
Package: sniffit
Maintainer: Damjan Marion <dmarion@debian.org>
21832 sniffit is not DFSG free software
[FIX] install the sniffit 0.3.5-3 in Incoming, which goes to non-free, and
remove the version in main.
Package: ssh (i386 non-us)
Maintainer: Philip Hands <phil@hands.com>
22470 ssh: ssh spits out debugging messages because of socks4
[FIX] "I just uploaded 1.2.23-1 without socks support. I'll wait for
the problem to be resolved in libsocks before putting it back
in again."
Package: ssleay (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
19410 ssleay: md5sums-lists-nonexisting-file LI#146
[STRATEGY] "As ssleay is not in the main distribution, I delayed the
fix of this (which consists mainly of a repacking) in
favor of tetex-*."
Package: sysvinit
Maintainer: Miquel van Smoorenburg <miquels@cistron.nl>
22945 Problems with last ( bug in sysvinit package)?
[FIX] This is fixed in sysvinit 2.75-2, which has been installed in hamm.
Package: tetex-bin
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
23111 tetex-bin: cron.daily script falls over when /usr/local/is
[FIX] "This just came in last week, and I had not yet a chance to deal with
it. I don't consider it release-critical. It just sends an annoying
email from the cron.daily script about not being able to write to
/usr/local if /usr/local is readonly. But the script does not really
"fall over" as the bug report says. It finishes correctly just
without updating the ls-R file in /usr/local. I'll try to make this
file a link to somewhere in /var to fix this and hope that mktexlsr
works on a symlink."
Package: wxxt1-dev
Maintainer: Brian Bassett <brian@butterfly.ml.org>
[HELP] Mail to the maintainer was returned as undeliverable.
21707 wxxt1-dev depends on deprecated libg++-dev
Package: xadmin
Maintainer: Turbo Fredriksson <turbo@debian.org>
23053 xadmin does not set perms correctly for /etc/shadow
[FIX] This is fixed in xadmin 1.0.15-2, which has been installed in hamm.
Package: xbase
Maintainer: Branden Robinson <branden@debian.org>
[HELP] See http://master.debian.org/~branden/xsf.html for detailed
discussion of these problems and ways you can help.
22329 Patch for #20685 prevents talk working
22422 xbase: xterm and rxvt sessions no longer logged
22668 TERM=xterm meaning has changed incompatibly
[STRATEGY] "There needs to be a new terminal type, xterm-debian, which
tracks the latest XFree86 xterm entry but incorporates our keyboard
policy (and anything else we want to customize). I need to
coordinate with the ncurses-base maintainer and some other folks
about this."
22877 xbase: xdm port, and X applications
22878 xbase: xdm port, and X applications
22928 New upstream security fix release
23002 Problem With Fresh Install
Package: xexec (i386 contrib)
Maintainer: Zed Pobre <zed@debian.org>
22927 xexec: unsatisfiable dependency
A fixed xexec was released, but only to slink.
Package: xinetd (i386 non-free)
Maintainer: "Adam Heath" <adam.heath@usa.net>
This package was taken over by Norbert Veber <nveber@debian.org>.
20705 xinetd: samba 1.9.18p3-1 don't work from xinetd (from inetd
Package: xlib6g
Maintainer: Branden Robinson <branden@debian.org>
23122 typo in debian/rules
23274 xlib6g: Upgrading to 3.3.2.1-1 breaks keyboard
--
To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: