The Hamm Bugs Stamp-Out List for 1998-06-16
Major changes since the last time I posted this list:
- James Troup reported several /tmp security bugs (7 new)
- New bugs were reported for dpkg, emacs20, infocom (3 new)
- Fixed versions of premail, tetex-bin, libpaper, and lambdamoo
were installed (4 down)
- A number of things were fixed on nonus.debian.org, including one
'important' bug. (1 down)
- Already-fixed bugs were closed (2 down)
- Bug #22493 was set to 'wishlist' because crafty 14.11-3 was installed
in non-free. Unfortunately, 14.11-1 is still in main.
I'm afraid this list was a bit more hastily done than the others, I'm
packing for my trip :)
I will be away for about two weeks. Wichert Akkerman said he would
take over the list in the meantime. His main problem will be that he
can't read my mail, so if you sent me something to include in this
list, you may have to re-send to him.
Richard Braakman
-----------------------------------------------------------------------------
Tue, 16 Jun 1998 23:42:08 GMT: 90 release-critical bugs in hamm.
Package: boot-floppies
Maintainer: Enrique Zanardi <sr1-boot-floppies@debian.org>
23167 uncaught error in unpacking modules
Package: bootdisk (pseudo)
Maintainer: Maintainer Group <sr1-boot-floppies@debian.org>
23171 PCMCIA modules don't match kernel version on boot disks
[STRATEGY] Luis Francisco Gonzalez: "This bug is not in the
boot-floppies. The idea was to make sure we knew that there
is need to wait for the new pcmcia-packages but the bug is
in those packages as we only use the standard
kernel/pcmcia-modules."
Package: cwnn
Maintainer: Keita Maehara <maehara@debian.org>
20539 Overlap between cwnn, wnn, and kwnn
[FIX] install wnn 4.2-4, which is currently in Incoming.
Package: dhcp
Maintainer: Rich Sahlender <rsahlen@debian.org>
23087 dhcp stopped working after upgrade
Package: dhcp-client-beta
Maintainer: Rich Sahlender <rsahlen@debian.org>
[FIX] Handle bug#22757 ("remove dhcp-client-beta from hamm") reported to
ftp.debian.org.
18322 dhclient-script problem with "EXPIRE"
19767 dhcp-client-beta has no /usr/doc directory
Package: dosemu
Maintainer: Herbert Xu <herbert@debian.org>
23596 dosemu: insecure use of /tmp
Package: dpkg
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
1797 upgrade/downgrade dependency calculation problem
17381 dpkg: please add --force-overwrite-inexistant-files and def
17624 dpkg: installs regular dir when .deb contains symlink !
20401 Problems updating bo -> hamm
21182 dpkg: dpkg can go into an infinite loop with --force-config
23520 dpkg dumps core while reading /var/lib/dpkg/status
Package: dpkg-dev
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
20776 dpkg-dev: dpkg-dev does not use emacsen-commen method of in
21186 dpkg-dev: dpkg-dev has a file also provided in dpkg
Package: dpkg-python
Maintainer: Klee Dienes <klee@debian.org>
23059 .py files must not install files into /usr/lib/python
[FIX] Fixing this would break other packages in hamm. Gregor Hoffleit
(python maintainer) said he would change the severity level of
the bug to 'normal'. Matthias Klose will fix it in slink.
Package: dwww
Maintainer: Jim Pick <jim@jimpick.com>
[FIX] Handle bug#22635, "please remove dwww from hamm/frozen", reported
to ftp.debian.org.
[STRATEGY] Joost Kooij has created a non-maintainer release of dwww and
has offered it to the testing group.
16212 dwww: dwww tries to update-menus every day
22018 dwww: can't find _anything_
Package: emacs20
Maintainer: Rob Browning <rlb@cs.utexas.edu>
22577 compile of pcl-cvs.el fails (cannot load "cookie")
Package: file-rc
Maintainer: Martin Schulze <joey@debian.org>
23057 file-rc: rcS fails to complete startup
Package: ftp.debian.org (pseudo)
Maintainer: Guy Maor <ftpmaster@debian.org>
16652 javalex: bad dependencies
21039 ftp.debian.org: libc5-dbg probably shouldn't be in frozen
[FIX] There is now a libc5 (5.4.38-1.1) in hamm that does not generate
libc5-dbg, so it can be removed.
21819 sinuskey-login: libc5 version in hamm!
21938 xarchie is not DFSG free software
22417 Please move premail to contrib.
22438 binkd: libc5 package in hamm
22490 two versions of base_passwd in hamm
22548 jdk1.1-docdemo: obsolete?
22554 ftp.deb.org: ssg-dev still here
22635 ftp.debian.org: Please remove dwww from hamm/frozen
22757 ftp.debian.org: remove dhcp-client-beta from hamm
22808 ftp.debian.org: pine396-src and pine396-diffs
22832 ftp.debian.org: m68k Packages files not being updated
22885 ftp.debian.org: files to be removed
22939 Please remove old unixcw in hamm/main
22946 We have two priority: standard emacs.
22978 Please move ircii from main to non-free
[FIX] This bug can be closed, since the ircii license issue has been resolved.
23034 Remove cxhextris from binary-powerpc
23108 ftp.debian.org: Please move sniffit from main to non-free
23327 Please remove javalex from hamm
Package: gstep-make (i386 contrib)
Maintainer: Gregor Hoffleit <flight@debian.org>
22328 gstep-make configuration / gstep-* new versions
[FIX] This has been fixed by the gstep-* 0.5.0.980520-1 versions, which
have been installed in hamm.
Package: infocom
Maintainer: Brian White <bcwhite@pobox.com>
23563 infocom: /usr/doc/infocom/copyright doesn't include a licen
Package: kdeadmin (i386 contrib)
Maintainer: Stephan Kulow <coolo@kde.org>
[FIX] Bug #22233 to ftp.debian.org requests removal of this package
from hamm and slink.
22060 kuser removes all passwords and disables root account
Package: libc5-dev (m68k main)
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>
19347 libc5-dev: no-copyright-file LI#82
[STRATEGY] libc5-dev can be removed from m68k once libc5 5.4.38-1.1 has
been compiled for it.
Package: libc6
Maintainer: Dale Scheetz <dwarf@polaris.net>
20714 Current libc6 is a beta.
[STRATEGY] "Depending on Ulrich's schedule we may have to release with
a beta version. I am working currently from the CVS archive,
and will soon be able to produce a package from the latest
upstream patches. At some point we will need to bite the
bullet and release the best library we have a that time."
20799 getgrnam does not return when group name does not exist
[HELP] "This has been worked on. If someone could test the -pre3-1
release in unstable and verify it as fixed, we can probably
close this one."
22626 netbase: bugtraq says: RPC services are subject to Denial o
[HELP] "This has also been worked on upstream and needs some testing."
22790 libc6: login(3) does not reuse dead entries
[STRATEGY] "This one is fixed in my current, unreleased version,
coming soon ;-)"
Package: libc6-dev
Maintainer: Dale Scheetz <dwarf@polaris.net>
[HELP] Dale Scheetz: "I have not had a chance to even read these
reports yet. Some outside help determining what should, or
shouldn't change would be helpful here."
(My translation: send him patches :-)
19797 libc6-dev: use of /tmp/*$$ in an insecure fashion
[STRATEGY] Joel Klecker has sent in some patches to fix this.
21884 libc6-dev: relative links between top-level dirs
23458 cdwrite: unable to build from source
[STRATEGY] Dale is investigating this and will contact the upstream author.
Package: libdb1-dev (alpha main)
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>
[FIX] Handle bug#23245 to ftp.debian.org, which requests removal of libdb
from hamm.
19351 libdb1-dev: no-copyright-file LI#86
Package: libg++2.8-dev
Maintainer: Galen Hazelwood <galenh@micron.net>
23448 genclass can't find .hP files
Package: libpaper
Maintainer: Marco Pistore <pistore@di.unipi.it>
22942 libpaper depends on libpaperg
[FIX] Fixed in libpaper 1.0.3-10, which has already been installed in hamm.
Package: libreadline2
Maintainer: Guy Maor <maor@debian.org>
22941 libreadline2 depends on libc6
Package: libreadlineg2
Maintainer: Guy Maor <maor@debian.org>
23035 bash: Not 8-bit clean.
Package: libssl08 (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
23169 libssl08 hangs while waiting randomness from /dev/random
[STRATEGY] "For the solution: I have to exchange /dev/random with
/dev/urandom and recompile."
Package: login
Maintainer: Guy Maor <maor@debian.org>
22191 login: does not chown /dev/vcs* anymore
[NOTE] This was recently discussed on debian-devel.
Package: metamail
Maintainer: Herbert Xu <herbert@debian.org>
23595 metamail [showpartial]: insecure use of /tmp/
Package: modutils
Maintainer: Wichert Akkerman <wakkerma@debian.org>
22612 modutils package is difficult to upgrade from bo
[HELP] Need people to upgrade from bo machines, try to reproduce.
Wichert: "I can't reproduce that one. I found a glitch in the
postinst though which I fixed. I guess I have to wait for some
people to upgrade more bo machines to check if it works."
Package: mtools
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>
23604 mtools: insecure use of /tmp
Package: mysql-base (i386 non-free)
Maintainer: Scott Hanson <shanson@debian.org>
23606 mysql-base: insecure use of /tmp
Package: nonus.debian.org (pseudo)
Maintainer: Sven Rudolph <sr1@inf.tu-dresden.de>
This is being maintained by Heiko Schlittermann <heiko@lotte.sax.de>.
18572 nonus.debian.org: remove des-solnet_1.03-5.deb
18785 nonus.debian.org: incoming backlog
20773 nonus.debian.org: please remove gnupg from frozen
21423 Dpkg-ftp can't handle alternative distributions
[HELP] Yann Dirson: "This used to work until some date I don't know
exactly. I guess that non-us has changed the paths they use
in the Packages file." (more info, and workaround, in the bug
entry itself)
(Bug has been reassigned from dpkg-ftp to nonus.debian.org)
22287 nonus.debian.org with incorrect layout
Package: p2c
Maintainer: Andrew Howell <andrew@it.com.au>
[HELP] This package is orphaned.
Andrew: "Already tried to get rid of this package 3 times,
the last 2 or 3 releases have been not by me. I don't have time
at present to work on packages. This bug wouldn't exist with
my version of the package as I never created shared library
for it when I had it :)"
21036 p2c: depends on libp2c1 which seems to have been fed to the
Package: p3nfs
Maintainer: David Frey <dfrey@debian.org>
21488 p3nfs: still linked with libc5
[STRATEGY] Copy the version in slink to hamm, or remove the one in hamm.
(Or try to backpatch the one in hamm)
Package: passwd
Maintainer: Guy Maor <maor@debian.org>
21275 passwd: useradd violates base-passwd's rules
Package: python-dev
Maintainer: Gregor Hoffleit <flight@debian.org>
23168 Error in Python's Makefile.pre.in
[STRATEGY] "I'm currently evaluating one of the following solutions:
a) Again, only provide the upstream Makefile.pre.in. This won't make
life easier for users who don't want to build Debian packages,
but want to install the extension locally in /usr/local.
b) Provide both the upstream Makefile.pre.in for building Debian
packages and a modified Makefile-local.pre.in for installing
extensions locally.
c) Fix the problem in the modified Makefile.pre.in and provide both
a boot as well as a boot-deb target for preparing extensions for
local installation as well as for Debian packaging."
[HELP] "Feedback wanted!"
Package: rat
Maintainer: Chu-yeon Park <kokids@doit.ajou.ac.kr>
21935 rat is not free software
[FIX] Install rat 3.0.23-1, currently in Incoming, which moves it from
main to non-free.
Package: sinuskey-login
Maintainer: Skuli Davidsson <skuli@hi.is>
[FIX] Bug#21819 to ftp.debian.org requests removal of this package.
21446 sinuskey-login: depends on libc5 but doesn't report that
Package: sniffit
Maintainer: Damjan Marion <dmarion@debian.org>
21832 sniffit is not DFSG free software
[FIX] install the sniffit 0.3.5-3 in Incoming, which goes to non-free, and
remove the version in main.
Package: ssh (i386 non-us)
Maintainer: Philip Hands <phil@hands.com>
22470 ssh: ssh spits out debugging messages because of socks4
[FIX] "I just uploaded 1.2.23-1 without socks support. I'll wait for
the problem to be resolved in libsocks before putting it back
in again."
23452 ssh: New security release version available
Package: ssleay (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
19410 ssleay: md5sums-lists-nonexisting-file LI#146
[STRATEGY] "As ssleay is not in the main distribution, I delayed the
fix of this (which consists mainly of a repacking) in
favor of tetex-*."
Package: svgalib-bin
Maintainer: Andy Mortimer <andy.mortimer@poboxes.com>
23601 svgalib-bin: insecure use of /tmp
Package: tetex-bin
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
23605 tetex-bin (texi2dvi): insecure use of /tmp
Package: wxxt1-dev
Maintainer: Brian Bassett <brian@butterfly.ml.org>
[HELP] Mail to the maintainer was returned as undeliverable.
21707 wxxt1-dev depends on deprecated libg++-dev
Package: xadmin
Maintainer: Turbo Fredriksson <turbo@debian.org>
23053 xadmin does not set perms correctly for /etc/shadow
[FIX] This is fixed in xadmin 1.0.15-2, which has been installed in hamm.
Package: xbase
Maintainer: Branden Robinson <branden@debian.org>
[HELP] See http://master.debian.org/~branden/xsf.html for detailed
discussion of these problems and ways you can help.
22329 Patch for #20685 prevents talk working
[HELP] Please see the XSF page for more information.
22668 TERM=xterm meaning has changed incompatibly
[STRATEGY] "Coordinate with ncurses-base maintainer to use XFree86's xterm
entry for xterm, put our modified version into a new terminal type
called xterm-debian, and change XTerm's app-defaults file to use
xterm-debian by default. See the XSF page for more information."
22877 xbase: xdm port, and X applications
[HELP] "These have been forwarded upstream but I haven't heard anything
from XFree86 about them to date. Fixing them is beyond my knowledge."
22928 New upstream security fix release
[STRATEGY] The patches have been applied, but a build has not yet been done.
23002 Problem With Fresh Install
[HELP] "I need some advice on this one."
(The rest is too long to quote. See Branden's mail at
http://http://www.nl.debian.org/Lists-Archives/debian-devel-9806/msg00733.html)
Package: xlib6g
Maintainer: Branden Robinson <branden@debian.org>
23122 typo in debian/rules
[STRATEGY] "Already applied to the source tree, but no package has been built
yet."
23274 xlib6g: Upgrading to 3.3.2.1-1 breaks keyboard
[STRATEGY] "I think I have already fixed it. I'll find out when I do
another build."
23441 xlib6g is not thread-safe
Package: xviewg-dev
Maintainer: Martin Buck <mbuck@debian.org>
23598 xviewg-dev (cv2xview): insecure use of /tmp
--
To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: