[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

The Hamm Bugs Stamp-Out List for 1998-06-08

Major changes since the previous list:
  - Bdale Garbee took over bind and fixed its bugs. (3 down)
  - The ircii license issue was resolved. (2 can be closed)
  - Many packages were moved from Incoming into the archive. (3 down,
    5 more can be closed)
  - Bugs #23092 and #23216 apply only to versions in slink,
    and were removed from this list.  (2 down)
  - xinetd was taken by Norbert Veber, who fixed one of its
    release-critical bugs.  (1 down)
  - Joost Kooij has created a non-maintainer release of dwww and
    has offered it to the testing group.

In the mean time, new bugs have been reported for apache, smail,
and xlib6g.  The smail one has already been fixed.

Richard Braakman

Tue,  9 Jun 1998 00:27:07 GMT: 105 release-critical bugs in hamm.

Package: afbackup             
Maintainer: Christian Meder <meder@isr.uni-stuttgart.de>                
  23250  afbackup: insecure use of /tmp/*$$*

Package: apache               
Maintainer: Johnie Ingram <johnie@debian.org>                           
  23221  apache: wrong perl path in apxs
  23277  apache: should conflict with php3 (<= 3.0rc4-2)

Package: bitchx               
Maintainer: Johnie Ingram <johnie@debian.org>                           
  22980  bitchx: Bitchx is "non-free"
[FIX] The ircii license issue has been resolved.

Package: boot-floppies        
Maintainer: Enrique Zanardi <sr1-boot-floppies@debian.org>              
  23167  uncaught error in unpacking modules

Package: bootdisk             (pseudo)
Maintainer: Maintainer Group <sr1-boot-floppies@debian.org>             
  20779  Debian 2.0 won't boot of a hard disk after install
[STRATEGY] Enrique: "This is a hardware-specific bug too. I have asked
      the submitter to try to install after disabling the 128KB cache
      as stated in the docs (he has a Cyrix CPU). He is going to try it
      and will report back."
  23171  PCMCIA modules don't match kernel version on boot disks
[STRATEGY] Luis Francisco Gonzalez: "This bug is not in the
           boot-floppies. The idea was to make sure we knew that there
           is need to wait for the new pcmcia-packages but the bug is
           in those packages as we only use the standard

Package: crafty               
Maintainer: olet@debian.org (Ole J. Tetlie)                             
  22493  crafty is not DFSG free software
[FIX] install crafty 14.11-3 in Incoming, which goes to non-free, and
      remove the version from main.

Package: cwnn                 
Maintainer: Keita Maehara <maehara@debian.org>                          
  20539  Overlap between cwnn, wnn, and kwnn
[FIX] install wnn 4.2-4, which is currently in Incoming.

Package: dhcp                 
Maintainer: Rich Sahlender <rsahlen@debian.org>                         
  23087  dhcp stopped working after upgrade

Package: dhcp-client-beta     
Maintainer: Christoph Lameter <clameter@fuller.edu>                     
[FIX] Handle bug#22757 ("remove dhcp-client-beta from hamm") reported to
  18322  dhclient-script problem with "EXPIRE"
  19767  dhcp-client-beta has no /usr/doc directory

Package: dpkg                 
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
   1797  upgrade/downgrade dependency calculation problem
   5639  URGENT - dpkg ignored predependency versions when downgradi
   6842  dpkg lets installation break another package
   6843  dpkg ignores its own dependency
   7956  dpkg allows package downgrade to violate predependency
  17624  dpkg: installs regular dir when .deb contains symlink !
  20250  Overlapping files in glut-doc and glut-data.
  21182  dpkg: dpkg can go into an infinite loop with --force-config
  21183  dpkg can go into an infinite loop with --force-configure-an
  22940  dpkg stops after just 20 errors

Package: dpkg-dev             
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
  20776  dpkg-dev: dpkg-dev does not use emacsen-commen method of in
  21186  dpkg-dev: dpkg-dev has a file also provided in dpkg

Package: dpkg-python          
Maintainer: Klee Dienes <klee@debian.org>                               
  23059  .py files must not install files into /usr/lib/python
[FIX] Fixing this would break other packages in hamm.  Gregor Hoffleit
      (python maintainer) said he would change the severity level of
      the bug to 'normal'.  Matthias Klose will fix it in slink.

Package: dwww                 
Maintainer: Jim Pick <jim@jimpick.com>                                  
[FIX] Handle bug#22635, "please remove dwww from hamm/frozen", reported
      to ftp.debian.org.
[STRATEGY] Joost Kooij has created a non-maintainer release of dwww and 
      has offered it to the testing group.
  16212  dwww: dwww tries to update-menus every day
  22018  dwww: can't find _anything_

Package: file-rc              
Maintainer: Martin Schulze <joey@debian.org>                            
  23057  file-rc: rcS fails to complete startup

Package: ftp.debian.org       (pseudo)
Maintainer: Guy Maor <ftpmaster@debian.org>                             
  16652  javalex: bad dependencies
  21819  sinuskey-login: libc5 version in hamm!
  21938  xarchie is not DFSG free software
  22390  Please move slink gcc packages to frozen
[FIX] This bug can be closed; it is obsolete since gcc has
      been installed in hamm.
  22417  Please move premail to contrib.
  22438  binkd: libc5 package in hamm
  22490  two versions of base_passwd in hamm
  22548  jdk1.1-docdemo: obsolete?
  22554  ftp.deb.org: ssg-dev still here
  22635  ftp.debian.org: Please remove dwww from hamm/frozen
  22757  ftp.debian.org: remove dhcp-client-beta from hamm
  22808  ftp.debian.org: pine396-src and pine396-diffs
  22832  ftp.debian.org: m68k Packages files not being updated
  22885  ftp.debian.org: files to be removed
  22939  Please remove old unixcw in hamm/main
  22978  Please move ircii from main to non-free
  23034  Remove cxhextris from binary-powerpc
  23108  ftp.debian.org: Please move sniffit from main to non-free

Package: gcc                  
Maintainer: Galen Hazelwood <galenh@micron.net>                         
Ray Dassen is non-maintaining gcc, with help from Matthias Klose.
  23123  gcc creates lots of empty files in /tmp
[HELP] Ray: "I'm currently very limited in time available for Debian work."
[STRATEGY] Ray: "The modifications introduced in -4.4 were security
       improvements preventing a symlink attack (based on gcc making
       predictable tempfiles). The current solution uses mkstemp(3)
       which is secure. mkstemp(3) opens the tempfile immediately (so
       there's no race condition).  All tempfile names are now
       individually generated (using the %g directive in gcc's specs
       (gcc/gcc.c)) and marked for deletion on completion (using the %d
       directive). My current guess is that the %g-generated tempfile
       names aren't included in the list of file to be deleted."
(Note that this bug probably applies to egcs and altgcc as well)

Package: gstep-make           (i386 contrib)
Maintainer: Gregor Hoffleit <flight@debian.org>                         
  22328  gstep-make configuration / gstep-* new versions
[FIX] This has been fixed by the gstep-* versions, which
      have been installed in hamm.

Package: hwtools              
Maintainer: Siggy Brentrup <bsb@debian.org>                             
  21288  hwtools: irqtune should be in /usr/sbin, or rc.boot script 

Package: ircii                
Maintainer: Bernd Eckenfels <ecki@debian.org>                           
  21683  ircii: ircii is non-free!
[FIX] The ircii license issue has been resolved :)

Package: kdeadmin             (i386 contrib)
Maintainer: Stephan Kulow <coolo@kde.org>                               
[FIX] Bug #22233 to ftp.debian.org requests removal of this package
      from hamm and slink.
  22060  kuser removes all passwords and disables root account

Package: kterm                
Maintainer: Yoshiaki Yanagihara <yochi@debian.or.jp>                    
  23209  kterm needs to have xterm's security patch applied.

Package: libc5-dbg            
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>           
  21039  ftp.debian.org: libc5-dbg probably shouldn't be in frozen
[FIX] Dale Scheetz: "While this should be cleaned up, it represents
      no problem for the release, as dselect and friends will not try to
      install it."  (Also see #19347)

Package: libc5-dev            (m68k main)
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>           
  19347  libc5-dev: no-copyright-file LI#82
Dale Scheetz: "This appears to only apply to the m68k version, so it
is probably only a symlink missing, as the dev package has the same
copyright as the runtime."
(I think what happened here is that libc5-dev got removed from hamm
at freeze time, but only from the i386 tree.)
[STRATEGY] I have a non-maintainer release for libc5 ready, which does
           not generate the packages libc5-dev and libc5-dbg.  That
           will allow libc5-dev and libc5-dbg to be removed from
           the archive.  It will fix #21039 as well as this one.

Package: libc6                
Maintainer: Dale Scheetz <dwarf@polaris.net>                            
  20714  Current libc6 is a beta.
[STRATEGY] "Depending on Ulrich's schedule we may have to release with
       a beta version.  I am working currently from the CVS archive,
       and will soon be able to produce a package from the latest
       upstream patches. At some point we will need to bite the
       bullet and release the best library we have a that time."
  20799  getgrnam does not return when group name does not exist
[HELP] "This has been worked on. If someone could test the -pre3-1
       release in unstable and verify it as fixed, we can probably
       close this one."
  22626  netbase: bugtraq says: RPC services are subject to Denial o
[HELP] "This has also been worked on upstream and needs some testing."
  22790  libc6: login(3) does not reuse dead entries
[STRATEGY] "This one is fixed in my current, unreleased version,
           coming soon ;-)"

Package: libc6-dev            
Maintainer: Dale Scheetz <dwarf@polaris.net>                            
[HELP] Dale Scheetz: "I have not had a chance to even read these
       reports yet. Some outside help determining what should, or
       shouldn't change would be helpful here."
(My translation: send him patches :-)
  19797  libc6-dev: use of /tmp/*$$ in an insecure fashion
  21884  libc6-dev: relative links between top-level dirs

Package: libdb1-dev           (alpha main)
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>                       
[FIX] Handle bug#23245 to ftp.debian.org, which requests removal of libdb
      from hamm.
  19351  libdb1-dev: no-copyright-file LI#86

Package: libpaper             
Maintainer: Marco Pistore <pistore@di.unipi.it>                         
  22942  libpaper depends on libpaperg
[HELP] The maintainer asked for advice on debian-devel.  Details are
       in the archive for this bug report.

Package: libreadline2         
Maintainer: Guy Maor <maor@debian.org>                                  
  22941  libreadline2 depends on libc6

Package: libreadlineg2        
Maintainer: Guy Maor <maor@debian.org>                                  
  23035  bash: Not 8-bit clean.

Package: libssl08             (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>            
  23169  libssl08 hangs while waiting randomness from /dev/random
[STRATEGY] "For the solution: I have to exchange /dev/random with
            /dev/urandom and recompile."

Package: lilo                 
Maintainer: Bernd Eckenfels <ecki@debian.org>                           
  19821  lilo: liloconfig doesn't make the system bootable
[STRATEGY] "AFAIK this Bug was in the old boot-floppies, I can't
            reproduce it. If nobody objects I will close it."

Package: login                
Maintainer: Guy Maor <maor@debian.org>                                  
  22191  login: does not chown /dev/vcs* anymore

Package: lpr                  
Maintainer: Adam Klein <aklein@debian.org>                              
  22837  lpd dies without trace (severe!)

Package: modutils             
Maintainer: Wichert Akkerman <wakkerma@debian.org>                      
  22612  modutils package is difficult to upgrade from bo
[HELP] Need people to upgrade from bo machines, try to reproduce.
       Wichert: "I can't reproduce that one.  I found a glitch in the
       postinst though which I fixed.  I guess I have to wait for some
       people to upgrade more bo machines to check if it works."

Package: msqld                (i386 non-free)
Maintainer: Martin Schulze <joey@debian.org>                            
  23081  msqld: SECURITY: msqld does not preserve permissions on /et

Package: nonus.debian.org     (pseudo)
Maintainer: Sven Rudolph <sr1@inf.tu-dresden.de>                        
This is being maintained by Heiko Schlittermann <heiko@lotte.sax.de>.
  15764  ftp.debian.org: Non-US Packages files are broken
  18572  nonus.debian.org: remove des-solnet_1.03-5.deb
  18785  nonus.debian.org: incoming backlog
  20773  nonus.debian.org: please remove gnupg from frozen
  21423  Dpkg-ftp can't handle alternative distributions
[HELP] Yann Dirson: "This used to work until some date I don't know
       exactly. I guess that non-us has changed the paths they use
       in the Packages file."  (more info, and workaround, in the bug
       entry itself)
       (Bug has been reassigned from dpkg-ftp to nonus.debian.org)
  22287  nonus.debian.org with incorrect layout

Package: p2c                  
Maintainer: Andrew Howell <andrew@it.com.au>                            
[HELP] This package is orphaned.
       Andrew: "Already tried to get rid of this package 3 times,
       the last 2 or 3 releases have been not by me. I don't have time
       at present to work on packages.  This bug wouldn't exist with
       my version of the package as I never created shared library
       for it when I had it :)"
  21036  p2c: depends on libp2c1 which seems to have been fed to the

Package: p3nfs                
Maintainer: cmchow@se.cuhk.edu.hk (Billy C.-M. Chow)                    
[HELP] Mail to the maintainer address bounced.
  21488  p3nfs: still linked with libc5

Package: passwd               
Maintainer: Guy Maor <maor@debian.org>                                  
  21275  passwd: useradd violates base-passwd's rules

Package: perl                 
Maintainer: Darren Stalder <torin@daft.com>                             
  19805  perl: use of /tmp/*$$ in an insecure fashion
[FIX] This has been fixed by perl 5.004.04-6, which has been installed
      in hamm.

Package: premail              (i386 non-free)
Maintainer: Karl Sackett <krs@debian.org>                               
  15680  Insecure /tmp file usage
[FIX] Install premail 0.45-4, currently in Incoming.

Package: python-dev           
Maintainer: Gregor Hoffleit <flight@debian.org>                         
  23168  Error in Python's Makefile.pre.in 
[STRATEGY] "I'm currently evaluating one of the following solutions:
   a) Again, only provide the upstream Makefile.pre.in. This won't make
      life easier for users who don't want to build Debian packages,
      but want to install the extension locally in /usr/local.
   b) Provide both the upstream Makefile.pre.in for building Debian
      packages and a modified Makefile-local.pre.in for installing
      extensions locally.
   c) Fix the problem in the modified Makefile.pre.in and provide both
      a boot as well as a boot-deb target for preparing extensions for
      local installation as well as for Debian packaging."
[HELP] "Feedback wanted!"

Package: python-doc           
Maintainer: Gregor Hoffleit <flight@debian.org>                         
  22944  python-doc in hamm refers to an ancient version of python
[FIX] This has been fixed by python-doc 1.5.1-2, which has been installed
      in hamm.

Package: rat                  
Maintainer: Chu-yeon Park <kokids@doit.ajou.ac.kr>                      
  21935  rat is not free software
[FIX] Install rat 3.0.23-1, currently in Incoming, which moves it from
      main to non-free.

Package: sinuskey-login       
Maintainer: Skuli Davidsson <skuli@hi.is>                               
  21446  sinuskey-login: depends on libc5 but doesn't report that

Package: smail                
Maintainer: Soenke Lange <soenke@escher.north.de>                       
  23218  Smail refuses to configure on dynamic-IP machine
  23294  Smail *important* typo in smailconfig
[FIX] This has been fixed in smail, which is already in hamm.

Package: sniffit              
Maintainer: Damjan Marion <dmarion@debian.org>                          
  21832  sniffit is not DFSG free software
[FIX] install the sniffit 0.3.5-3 in Incoming, which goes to non-free, and
      remove the version in main.

Package: ssh                  (i386 non-us)
Maintainer: Philip Hands <phil@hands.com>                               
  22470  ssh: ssh spits out debugging messages because of socks4
[FIX] "I just uploaded 1.2.23-1 without socks support.  I'll wait for
       the problem to be resolved in libsocks before putting it back
       in again."

Package: ssleay               (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>            
  19410  ssleay: md5sums-lists-nonexisting-file LI#146
[STRATEGY] "As ssleay is not in the main distribution, I delayed the
            fix of this (which consists mainly of a repacking) in
            favor of tetex-*."

Package: sysvinit             
Maintainer: Miquel van Smoorenburg <miquels@cistron.nl>                 
  22945  Problems with last ( bug in sysvinit package)?
[FIX] This is fixed in sysvinit 2.75-2, which has been installed in hamm.

Package: tetex-bin            
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>            
  23111  tetex-bin: cron.daily script falls over when /usr/local/is 
[FIX] "This just came in last week, and I had not yet a chance to deal with
       it.  I don't consider it release-critical.  It just sends an annoying
       email from the cron.daily script about not being able to write to
       /usr/local if /usr/local is readonly.  But the script does not really
       "fall over" as the bug report says.  It finishes correctly just
       without updating the ls-R file in /usr/local. I'll try to make this
       file a link to somewhere in /var to fix this and hope that mktexlsr
       works on a symlink."

Package: wxxt1-dev            
Maintainer: Brian Bassett <brian@butterfly.ml.org>                      
[HELP] Mail to the maintainer was returned as undeliverable.
  21707  wxxt1-dev depends on deprecated libg++-dev

Package: xadmin               
Maintainer: Turbo Fredriksson <turbo@debian.org>                        
  23053  xadmin does not set perms correctly for /etc/shadow
[FIX] This is fixed in xadmin 1.0.15-2, which has been installed in hamm.

Package: xbase                
Maintainer: Branden Robinson <branden@debian.org>                       
[HELP] See http://master.debian.org/~branden/xsf.html for detailed
       discussion of these problems and ways you can help.
  22329  Patch for #20685 prevents talk working
  22422  xbase: xterm and rxvt sessions no longer logged
  22668  TERM=xterm meaning has changed incompatibly
[STRATEGY] "There needs to be a new terminal type, xterm-debian, which
     tracks the latest XFree86 xterm entry but incorporates our keyboard
     policy (and anything else we want to customize).  I need to
     coordinate with the ncurses-base maintainer and some other folks
     about this."
  22877  xbase: xdm port, and X applications
  22878  xbase: xdm port, and X applications
  22928  New upstream security fix release
  23002  Problem With Fresh Install

Package: xexec                (i386 contrib)
Maintainer: Zed Pobre <zed@debian.org>                                  
  22927  xexec: unsatisfiable dependency
A fixed xexec was released, but only to slink.

Package: xinetd               (i386 non-free)
Maintainer: "Adam Heath" <adam.heath@usa.net>                           
This package was taken over by Norbert Veber <nveber@debian.org>.
  20705  xinetd: samba 1.9.18p3-1 don't work from xinetd (from inetd

Package: xlib6g               
Maintainer: Branden Robinson <branden@debian.org>                       
  23122  typo in debian/rules
  23274  xlib6g: Upgrading to breaks keyboard

To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: