[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

The Hamm Bugs Stamp-Out List for 1998-06-19

Welcome to a nem Hamm Bugs Stamp-Out List.

Since Richar Braakman is currently on vacation, I will be maintaining
this for the next two weeks. This is my first post, so please excuse
any errors/oversights and report them to me.


Major changes:
- Fixes were uploaded for dosemu, dwww, libpaper*, libsocks4, metamail, ssh,
- Application moved out of main: sniffit, rat, crafty, kbd 
- Help requests were made for file-rc
- dwww has been taken by Joost Kooy, who uploaded a fixed version
- ftp.debian.org now has 21 bugs!
- Ray Dassen fixed the gcc/g++ /tmp-bugs

There are now 18 bugs marked `FIX', leaving 74 bugs to be looked at.

Fri, 19 Jun 1998 12:17:32 GMT: 92 release-critical bugs in hamm.

Package: a2ps                 
Maintainer: Dirk Eddelbuettel <edd@debian.org>                          
  23671  a2ps: (texi2dvi4a2ps): insecure use of /tmp

Package: boot-floppies        
Maintainer: Enrique Zanardi <sr1-boot-floppies@debian.org>              
  23167  uncaught error in unpacking modules
[FIX] Fixed in boot-floppies 2.0.7, which will be uploaded soon.
  23679  bootdisk: no boot from MBR

Package: bootdisk             (pseudo)
Maintainer: Maintainer Group <sr1-boot-floppies@debian.org>             
  23171  PCMCIA modules don't match kernel version on boot disks
[STRATEGY] Luis Francisco Gonzalez: "This bug is not in the
           boot-floppies. The idea was to make sure we knew that there
           is need to wait for the new pcmcia-packages but the bug is
           in those packages as we only use the standard

Package: cwnn                 
Maintainer: Keita Maehara <maehara@debian.org>                          
  20539  Overlap between cwnn, wnn, and kwnn
[FIX] install wnn 4.2-4, which is currently in Incoming.

Package: debian-policy        
Maintainer: Debian QA <debian-qa@lists.debian.org>                      
  23661  Security issue when accessing documentation through an http

Package: dhcp                 
Maintainer: Rich Sahlender <rsahlen@debian.org>                         
  23087  dhcp stopped working after upgrade
[STRATEGY] Use the patch Eloy A. Paris submitted to the BTS.

Package: dhttpd               
Maintainer: Nicolás Lichtmaier <nick@feedback.com.ar>                   
  23659  /var/www/doc symlink introduces a security weakness
This is probably the as bug 23661.

Package: dosemu               
Maintainer: Herbert Xu <herbert@debian.org>                             
  23596  dosemu: insecure use of /tmp
[FIX] Install dosemu 0.66.7-11, uploaded on June 18

Package: dpkg                 
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
   1797  upgrade/downgrade dependency calculation problem
  17381  dpkg: please add --force-overwrite-inexistant-files and def
  17624  dpkg: installs regular dir when .deb contains symlink !
  20401  Problems updating bo -> hamm
  21182  dpkg: dpkg can go into an infinite loop with --force-config
  23520  dpkg dumps core while reading /var/lib/dpkg/status

Package: dpkg-dev             
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
  20776  dpkg-dev: dpkg-dev does not use emacsen-commen method of in
  21186  dpkg-dev: dpkg-dev has a file also provided in dpkg

Package: dpkg-python          
Maintainer: Klee Dienes <klee@debian.org>                               
  23059  .py files must not install files into /usr/lib/python
[FIX] Fixing this would break other packages in hamm.  Gregor Hoffleit
      (python maintainer) said he would change the severity level of
      the bug to 'normal'.  Matthias Klose will fix it in slink.

Package: dwww                 
Maintainer: Jim Pick <jim@jimpick.com>                                  
[FIX] Install dwww, NMU upload by Joost Kooy on June 18
  16212  dwww: dwww tries to update-menus every day
  22018  dwww: can't find _anything_

Package: emacs20              
Maintainer: Rob Browning <rlb@cs.utexas.edu>                            
  22577  compile of pcl-cvs.el fails (cannot load "cookie")

Package: file-rc              
Maintainer: Martin Schulze <joey@debian.org>                            
  23057  file-rc: rcS fails to complete startup
[HELP] "file-rc has one release critical bug.  I can't reproduce this bug
        on my systems that use file-rc. At the moment I don't think
		that I'm able to track it down - mainly due time shortness.  Could
		somebody please review it and investigate the problem."

Package: ftp.debian.org       (pseudo)
Maintainer: Guy Maor <ftpmaster@debian.org>                             
  16652  javalex: bad dependencies
  21039  ftp.debian.org: libc5-dbg probably shouldn't be in frozen
[FIX] There is now a libc5 (5.4.38-1.1) in hamm that does not generate
      libc5-dbg, so it can be removed.
  21819  sinuskey-login: libc5 version in hamm!
  21832  sniffit is not DFSG free software
[FIX] sniffit is now in non-free, version in main should be removed.
  21935  rat is not free software
[FIX] rat is now in non-free, version in main should be removed
  21938  xarchie is not DFSG free software
  22417  Please move premail to contrib.
  22438  binkd: libc5 package in hamm
  22490  two versions of base_passwd in hamm
  22493  crafty is not DFSG free software
[FIX] use crafty 14.11-3,  which is now to non-free, and remove the version
      in main.
  22548  jdk1.1-docdemo: obsolete?
  22554  ftp.deb.org: ssg-dev still here
  22635  ftp.debian.org: Please remove dwww from hamm/frozen
  22757  ftp.debian.org: remove dhcp-client-beta from hamm
  22808  ftp.debian.org: pine396-src and pine396-diffs
  22832  ftp.debian.org: m68k Packages files not being updated
  22885  ftp.debian.org: files to be removed
  22939  Please remove old unixcw in hamm/main
  22946  We have two priority: standard emacs.
  23034  Remove cxhextris from binary-powerpc
  23108  ftp.debian.org: Please move sniffit from main to non-free
  23327  Please remove javalex from hamm
  23668  kernel-image-2.0.34: crc error
  23684  premail both in contrib and non-free
  23704  ftp.debian.org: Please remove netatalk-asun

Package: gstep-make           (i386 contrib)
Maintainer: Gregor Hoffleit <flight@debian.org>                         
  22328  gstep-make configuration / gstep-* new versions
[FIX] This has been fixed by the gstep-* versions, which
      have been installed in hamm.

Package: infocom              
Maintainer: Brian White <bcwhite@pobox.com>                             
  23563  infocom: /usr/doc/infocom/copyright doesn't include a licen

Package: kbd                  
Maintainer: Yann Dirson <dirson@debian.org>                             
  23639  postinst
[FIX] Yann Dirson added an additionnal test-and-remove on top of postinst
      and uploaded 0.95-16 on June 19.

Package: kdebase              (i386 contrib)
Maintainer: Stephan Kulow <coolo@kde.org>                               
  23655  kdebase includes /etc/X11/Xsession

Package: libc5-dev            (m68k main)
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>           
  19347  libc5-dev: no-copyright-file LI#82
[STRATEGY] libc5-dev can be removed from m68k once libc5 5.4.38-1.1 has
      been compiled for it.

Package: libc6                
Maintainer: Dale Scheetz <dwarf@polaris.net>                            
  20714  Current libc6 is a beta.
[STRATEGY] "Depending on Ulrich's schedule we may have to release with
       a beta version.  I am working currently from the CVS archive,
       and will soon be able to produce a package from the latest
       upstream patches. At some point we will need to bite the
       bullet and release the best library we have a that time."
  20799  getgrnam does not return when group name does not exist
[HELP] "This has been worked on. If someone could test the -pre3-1
       release in unstable and verify it as fixed, we can probably
       close this one."
  22626  netbase: bugtraq says: RPC services are subject to Denial o
[HELP] "This has also been worked on upstream and needs some testing."
  22790  libc6: login(3) does not reuse dead entries
[STRATEGY] "This one is fixed in my current, unreleased version,
           coming soon ;-)"
  23698  Linux-security says: Beware of dangerous enviroment (libc6)
[STRATEGY] Merge a patch from Ulrich Drepper which he posted on linux-security
           a month ago.

Package: libc6-dev            
Maintainer: Dale Scheetz <dwarf@polaris.net>                            
[HELP] Dale Scheetz: "I have not had a chance to even read these
       reports yet. Some outside help determining what should, or
       shouldn't change would be helpful here."
(My translation: send him patches :-)
  19797  libc6-dev: use of /tmp/*$$ in an insecure fashion
[STRATEGY] Joel Klecker has sent in some patches to fix this.
  21884  libc6-dev: relative links between top-level dirs
  23458  cdwrite: unable to build from source
[STRATEGY] Dale is investigating this and will contact the upstream author.

Package: libdb1-dev           (alpha main)
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>                       
[FIX] Handle bug#23245 to ftp.debian.org, which requests removal of libdb
      from hamm.
  19351  libdb1-dev: no-copyright-file LI#86

Package: libpaperg            
Maintainer: Marco Pistore <pistore@di.unipi.it>                         
  23636  libpaperg: cant upgrade
[HELP] Marco Pistore could not reprodduce this one, he needs someone
       to help him with this one.

Package: libreadline2         
Maintainer: Guy Maor <maor@debian.org>                                  
  22941  libreadline2 depends on libc6

Package: libreadlineg2        
Maintainer: Guy Maor <maor@debian.org>                                  
  23035  bash: Not 8-bit clean.

Package: libsocks4            
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>            
  22469  libsocks4: no shared library .so link
[FIX] Christoph Martin uploaded a fixed version on June 18.

Package: libssl08             (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>            
  23169  libssl08 hangs while waiting randomness from /dev/random
[STRATEGY] "For the solution: I have to exchange /dev/random with
            /dev/urandom and recompile."

Package: login                
Maintainer: Guy Maor <maor@debian.org>                                  
  22191  login: does not chown /dev/vcs* anymore
[NOTE] This was recently discussed on debian-devel.

Package: metamail             
Maintainer: Herbert Xu <herbert@debian.org>                             
  23595  metamail [showpartial]: insecure use of /tmp/
[FIX] Install metamail 2.7-28, uploaded on June 18

Package: modutils             
Maintainer: Wichert Akkerman <wakkerma@debian.org>                      
  22612  modutils package is difficult to upgrade from bo
[HELP] Need people to upgrade from bo machines, try to reproduce.
       Wichert: "I can't reproduce that one.  I found a glitch in the
       postinst though which I fixed.  I guess I have to wait for some
       people to upgrade more bo machines to check if it works."
	   Update: 1 success report received.

Package: mtools               
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>                       
  23604  mtools: insecure use of /tmp

Package: nonus.debian.org     (pseudo)
Maintainer: Sven Rudolph <sr1@inf.tu-dresden.de>                        
This is being maintained by Heiko Schlittermann <heiko@lotte.sax.de>.
  18572  nonus.debian.org: remove des-solnet_1.03-5.deb
  18785  nonus.debian.org: incoming backlog
  20773  nonus.debian.org: please remove gnupg from frozen
  21423  Dpkg-ftp can't handle alternative distributions
[HELP] Yann Dirson: "This used to work until some date I don't know
       exactly. I guess that non-us has changed the paths they use
       in the Packages file."  (more info, and workaround, in the bug
       entry itself)
       (Bug has been reassigned from dpkg-ftp to nonus.debian.org)
  22287  nonus.debian.org with incorrect layout

Package: passwd               
Maintainer: Guy Maor <maor@debian.org>                                  
  21275  passwd: useradd violates base-passwd's rules

Package: python-dev           
Maintainer: Gregor Hoffleit <flight@debian.org>                         
  23168  Error in Python's Makefile.pre.in 
[STRATEGY] "I'm currently evaluating one of the following solutions:
   a) Again, only provide the upstream Makefile.pre.in. This won't make
      life easier for users who don't want to build Debian packages,
      but want to install the extension locally in /usr/local.
   b) Provide both the upstream Makefile.pre.in for building Debian
      packages and a modified Makefile-local.pre.in for installing
      extensions locally.
   c) Fix the problem in the modified Makefile.pre.in and provide both
      a boot as well as a boot-deb target for preparing extensions for
      local installation as well as for Debian packaging."
[HELP] "Feedback wanted!"

Package: ssh                  (i386 non-us)
Maintainer: Philip Hands <phil@hands.com>                               
[FIX] Philip Hands uploaded 1.2.25-1 on June 18, which fixes both the debug
      message and the security fix.
  22470  ssh: ssh spits out debugging messages because of socks4
[FIX] "I just uploaded 1.2.23-1 without socks support.  I'll wait for
       the problem to be resolved in libsocks before putting it back
       in again."

Package: ssleay               (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>            
  19410  ssleay: md5sums-lists-nonexisting-file LI#146
[STRATEGY] "As ssleay is not in the main distribution, I delayed the
            fix of this (which consists mainly of a repacking) in
            favor of tetex-*."

Package: svgalib-bin          
Maintainer: Andy Mortimer <andy.mortimer@poboxes.com>                   
  23601  svgalib-bin: insecure use of /tmp
[FIX] Install 1.2.13-3.3

Package: tetex-bin            
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>            
  23605  tetex-bin (texi2dvi): insecure use of /tmp
[FIX] Install tetex-bin 0.9-7, uploaded on June 18

Package: wu-ftpd-academ       
Maintainer: Heiko Schlittermann <heiko@lotte.sax.de>                    
  17401  netstd overwrites ftpd.8.gz
  20355  wu-ftpd: contains ftpd.8.gz which is also present in netstd

Package: xbase                
Maintainer: Branden Robinson <branden@debian.org>                       
[HELP] See http://master.debian.org/~branden/xsf.html for detailed
       discussion of these problems and ways you can help.
  22329  Patch for #20685 prevents talk working
[HELP] Please see the XSF page for more information.
  22668  TERM=xterm meaning has changed incompatibly
[STRATEGY] "Coordinate with ncurses-base maintainer to use XFree86's xterm
     entry for xterm, put our modified version into a new terminal type
     called xterm-debian, and change XTerm's app-defaults file to use 
     xterm-debian by default.  See the XSF page for more information."
  22877  xbase: xdm port, and X applications
[HELP] "These have been forwarded upstream but I haven't heard anything
        from XFree86 about them to date.  Fixing them is beyond my knowledge."
  22928  New upstream security fix release
[STRATEGY] The patches have been applied, but a build has not yet been done.
  23002  Problem With Fresh Install
[HELP] "I need some advice on this one."
       (The rest is too long to quote.  See Branden's mail at

Package: xlib6g               
Maintainer: Branden Robinson <branden@debian.org>                       
  23122  typo in debian/rules
[STRATEGY] "Already applied to the source tree, but no package has been built
  23274  xlib6g: Upgrading to breaks keyboard
[STRATEGY] "I think I have already fixed it.  I'll find out when I do
            another build."
  23441  xlib6g is not thread-safe
[STRATEGY] "I think I have already fixed it.  I'll find out when I do
            another build. Probably the same bug as #23274"

Package: xviewg-dev           
Maintainer: Martin Buck <mbuck@debian.org>                              
  23598  xviewg-dev (cv2xview): insecure use of /tmp

To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: