The Hamm Bugs Stamp-Out List for 1998-06-10
Major changes since the previous list:
- Rich Sahlender took dhcp-beta (which generates dhcp-client-beta)
- Taught my script about merged bugs (count corrected by 8 bugs)
- New bugs against ftp.debian.org, guavac, and lambdamoo (3 new)
- Bug #21288 against hwtools was set to 'normal' by Joel Klecker (1 down)
- David Frey took over p3nfs and fixed it, but the fixed version
was sent to unstable.
- Fixes were uploaded for lpr, php3, and msqld (1 closed, 2 can be closed)
There are now 25 bugs marked 'FIX', leaving 73 bugs to be looked at.
Richard Braakman
------------------------------------------------------------------------------
Wed, 10 Jun 1998 21:23:31 GMT: 98 release-critical bugs in hamm.
Package: afbackup
Maintainer: Christian Meder <meder@isr.uni-stuttgart.de>
23250 afbackup: insecure use of /tmp/*$$*
[STRATEGY] A fixed version is ready to be uploaded.
Package: apache
Maintainer: Johnie Ingram <johnie@debian.org>
23221 apache: wrong perl path in apxs
23277 apache: should conflict with php3 (<= 3.0rc4-2)
Package: bitchx
Maintainer: Johnie Ingram <johnie@debian.org>
22980 bitchx: Bitchx is "non-free"
[FIX] The ircii license issue has been resolved.
Package: boot-floppies
Maintainer: Enrique Zanardi <sr1-boot-floppies@debian.org>
23167 uncaught error in unpacking modules
Package: bootdisk (pseudo)
Maintainer: Maintainer Group <sr1-boot-floppies@debian.org>
20779 Debian 2.0 won't boot of a hard disk after install
[STRATEGY] Enrique: "This is a hardware-specific bug too. I have asked
the submitter to try to install after disabling the 128KB cache
as stated in the docs (he has a Cyrix CPU). He is going to try it
and will report back."
23171 PCMCIA modules don't match kernel version on boot disks
[STRATEGY] Luis Francisco Gonzalez: "This bug is not in the
boot-floppies. The idea was to make sure we knew that there
is need to wait for the new pcmcia-packages but the bug is
in those packages as we only use the standard
kernel/pcmcia-modules."
Package: crafty
Maintainer: olet@debian.org (Ole J. Tetlie)
22493 crafty is not DFSG free software
[FIX] install crafty 14.11-3 in Incoming, which goes to non-free, and
remove the version from main.
Package: cwnn
Maintainer: Keita Maehara <maehara@debian.org>
20539 Overlap between cwnn, wnn, and kwnn
[FIX] install wnn 4.2-4, which is currently in Incoming.
Package: dhcp
Maintainer: Rich Sahlender <rsahlen@debian.org>
23087 dhcp stopped working after upgrade
Package: dhcp-client-beta
Maintainer: Rich Sahlender <rsahlen@debian.org>
[FIX] Handle bug#22757 ("remove dhcp-client-beta from hamm") reported to
ftp.debian.org.
18322 dhclient-script problem with "EXPIRE"
19767 dhcp-client-beta has no /usr/doc directory
Package: dpkg
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
1797 upgrade/downgrade dependency calculation problem
17381 dpkg: please add --force-overwrite-inexistant-files and def
17624 dpkg: installs regular dir when .deb contains symlink !
20401 Problems updating bo -> hamm
21182 dpkg: dpkg can go into an infinite loop with --force-config
Package: dpkg-dev
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
20776 dpkg-dev: dpkg-dev does not use emacsen-commen method of in
21186 dpkg-dev: dpkg-dev has a file also provided in dpkg
Package: dpkg-python
Maintainer: Klee Dienes <klee@debian.org>
23059 .py files must not install files into /usr/lib/python
[FIX] Fixing this would break other packages in hamm. Gregor Hoffleit
(python maintainer) said he would change the severity level of
the bug to 'normal'. Matthias Klose will fix it in slink.
Package: dwww
Maintainer: Jim Pick <jim@jimpick.com>
[FIX] Handle bug#22635, "please remove dwww from hamm/frozen", reported
to ftp.debian.org.
[STRATEGY] Joost Kooij has created a non-maintainer release of dwww and
has offered it to the testing group.
16212 dwww: dwww tries to update-menus every day
22018 dwww: can't find _anything_
Package: file-rc
Maintainer: Martin Schulze <joey@debian.org>
23057 file-rc: rcS fails to complete startup
Package: ftp.debian.org (pseudo)
Maintainer: Guy Maor <ftpmaster@debian.org>
16652 javalex: bad dependencies
21819 sinuskey-login: libc5 version in hamm!
21938 xarchie is not DFSG free software
22390 Please move slink gcc packages to frozen
[FIX] This bug can be closed; it is obsolete since gcc 2.7.2.3-4.3 has
been installed in hamm.
22417 Please move premail to contrib.
22438 binkd: libc5 package in hamm
22490 two versions of base_passwd in hamm
22548 jdk1.1-docdemo: obsolete?
22554 ftp.deb.org: ssg-dev still here
22635 ftp.debian.org: Please remove dwww from hamm/frozen
22757 ftp.debian.org: remove dhcp-client-beta from hamm
22808 ftp.debian.org: pine396-src and pine396-diffs
22832 ftp.debian.org: m68k Packages files not being updated
22885 ftp.debian.org: files to be removed
22939 Please remove old unixcw in hamm/main
22978 Please move ircii from main to non-free
23034 Remove cxhextris from binary-powerpc
23108 ftp.debian.org: Please move sniffit from main to non-free
23327 Please remove javalex from hamm
Package: gcc
Maintainer: Galen Hazelwood <galenh@micron.net>
Ray Dassen is non-maintaining gcc, with help from Matthias Klose.
23123 gcc creates lots of empty files in /tmp
[HELP] Ray: "I'm currently very limited in time available for Debian work."
[STRATEGY] Ray: "The modifications introduced in -4.4 were security
improvements preventing a symlink attack (based on gcc making
predictable tempfiles). The current solution uses mkstemp(3)
which is secure. mkstemp(3) opens the tempfile immediately (so
there's no race condition). All tempfile names are now
individually generated (using the %g directive in gcc's specs
(gcc/gcc.c)) and marked for deletion on completion (using the %d
directive). My current guess is that the %g-generated tempfile
names aren't included in the list of file to be deleted."
(Note that this bug probably applies to egcs and altgcc as well)
Package: gstep-make (i386 contrib)
Maintainer: Gregor Hoffleit <flight@debian.org>
22328 gstep-make configuration / gstep-* new versions
[FIX] This has been fixed by the gstep-* 0.5.0.980520-1 versions, which
have been installed in hamm.
Package: guavac
Maintainer: Hamish Moffatt <hamish@debian.org>
23325 Unsatisfiable suggests to non-existing java-virtual-machine
[NOTE] This bug is currently being discussed on debian-devel.
Package: ircii
Maintainer: Bernd Eckenfels <ecki@debian.org>
21683 ircii: ircii is non-free!
[FIX] The ircii license issue has been resolved :)
Package: kdeadmin (i386 contrib)
Maintainer: Stephan Kulow <coolo@kde.org>
[FIX] Bug #22233 to ftp.debian.org requests removal of this package
from hamm and slink.
22060 kuser removes all passwords and disables root account
Package: kterm
Maintainer: Yoshiaki Yanagihara <yochi@debian.or.jp>
23209 kterm needs to have xterm's security patch applied.
Package: lambdamoo
Maintainer: Joey Hess <joeyh@master.debian.org>
23314 lambdamoo: /etc/init.d/lambdamoo start doesn't close all fd
Package: libc5-dbg
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>
21039 ftp.debian.org: libc5-dbg probably shouldn't be in frozen
[FIX] Dale Scheetz: "While this should be cleaned up, it represents
no problem for the release, as dselect and friends will not try to
install it." (Also see #19347)
Package: libc5-dev (m68k main)
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>
19347 libc5-dev: no-copyright-file LI#82
Dale Scheetz: "This appears to only apply to the m68k version, so it
is probably only a symlink missing, as the dev package has the same
copyright as the runtime."
(I think what happened here is that libc5-dev got removed from hamm
at freeze time, but only from the i386 tree.)
[STRATEGY] I have made a non-maintainer release for libc5, which does
not generate the packages libc5-dev and libc5-dbg. That
will allow libc5-dev and libc5-dbg to be removed from
the archive. It will fix #21039 as well as this one.
Package: libc6
Maintainer: Dale Scheetz <dwarf@polaris.net>
20714 Current libc6 is a beta.
[STRATEGY] "Depending on Ulrich's schedule we may have to release with
a beta version. I am working currently from the CVS archive,
and will soon be able to produce a package from the latest
upstream patches. At some point we will need to bite the
bullet and release the best library we have a that time."
20799 getgrnam does not return when group name does not exist
[HELP] "This has been worked on. If someone could test the -pre3-1
release in unstable and verify it as fixed, we can probably
close this one."
22626 netbase: bugtraq says: RPC services are subject to Denial o
[HELP] "This has also been worked on upstream and needs some testing."
22790 libc6: login(3) does not reuse dead entries
[STRATEGY] "This one is fixed in my current, unreleased version,
coming soon ;-)"
Package: libc6-dev
Maintainer: Dale Scheetz <dwarf@polaris.net>
[HELP] Dale Scheetz: "I have not had a chance to even read these
reports yet. Some outside help determining what should, or
shouldn't change would be helpful here."
(My translation: send him patches :-)
19797 libc6-dev: use of /tmp/*$$ in an insecure fashion
21884 libc6-dev: relative links between top-level dirs
Package: libdb1-dev (alpha main)
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>
[FIX] Handle bug#23245 to ftp.debian.org, which requests removal of libdb
from hamm.
19351 libdb1-dev: no-copyright-file LI#86
Package: libpaper
Maintainer: Marco Pistore <pistore@di.unipi.it>
22942 libpaper depends on libpaperg
[HELP] The maintainer asked for advice on debian-devel. Details are
in the archive for this bug report.
Package: libreadline2
Maintainer: Guy Maor <maor@debian.org>
22941 libreadline2 depends on libc6
Package: libreadlineg2
Maintainer: Guy Maor <maor@debian.org>
23035 bash: Not 8-bit clean.
Package: libssl08 (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
23169 libssl08 hangs while waiting randomness from /dev/random
[STRATEGY] "For the solution: I have to exchange /dev/random with
/dev/urandom and recompile."
Package: lilo
Maintainer: Bernd Eckenfels <ecki@debian.org>
19821 lilo: liloconfig doesn't make the system bootable
[STRATEGY] "AFAIK this Bug was in the old boot-floppies, I can't
reproduce it. If nobody objects I will close it."
Package: login
Maintainer: Guy Maor <maor@debian.org>
22191 login: does not chown /dev/vcs* anymore
[NOTE] This is currently being discussed on debian-devel.
Package: lpr
Maintainer: Adam Klein <aklein@debian.org>
22837 lpd dies without trace (severe!)
[FIX] This has been fixed by lpr 5.9-27, which has already been installed.
Package: modutils
Maintainer: Wichert Akkerman <wakkerma@debian.org>
22612 modutils package is difficult to upgrade from bo
[HELP] Need people to upgrade from bo machines, try to reproduce.
Wichert: "I can't reproduce that one. I found a glitch in the
postinst though which I fixed. I guess I have to wait for some
people to upgrade more bo machines to check if it works."
Package: nonus.debian.org (pseudo)
Maintainer: Sven Rudolph <sr1@inf.tu-dresden.de>
This is being maintained by Heiko Schlittermann <heiko@lotte.sax.de>.
15764 ftp.debian.org: Non-US Packages files are broken
18572 nonus.debian.org: remove des-solnet_1.03-5.deb
18785 nonus.debian.org: incoming backlog
20773 nonus.debian.org: please remove gnupg from frozen
21423 Dpkg-ftp can't handle alternative distributions
[HELP] Yann Dirson: "This used to work until some date I don't know
exactly. I guess that non-us has changed the paths they use
in the Packages file." (more info, and workaround, in the bug
entry itself)
(Bug has been reassigned from dpkg-ftp to nonus.debian.org)
22287 nonus.debian.org with incorrect layout
Package: p2c
Maintainer: Andrew Howell <andrew@it.com.au>
[HELP] This package is orphaned.
Andrew: "Already tried to get rid of this package 3 times,
the last 2 or 3 releases have been not by me. I don't have time
at present to work on packages. This bug wouldn't exist with
my version of the package as I never created shared library
for it when I had it :)"
21036 p2c: depends on libp2c1 which seems to have been fed to the
Package: p3nfs
Maintainer: David Frey <dfrey@debian.org>
21488 p3nfs: still linked with libc5
[FIX] Copy the version in slink to hamm, or remove the one in hamm.
Package: passwd
Maintainer: Guy Maor <maor@debian.org>
21275 passwd: useradd violates base-passwd's rules
Package: php3
Maintainer: Gergely Madarasz <gorgo@caesar.elte.hu>
23279 php3: Requires apache 1.3b6 while apache 1.3b6 requires php
[FIX] Install php3 3.0-1, which is currently in Incoming.
Package: premail (i386 non-free)
Maintainer: Karl Sackett <krs@debian.org>
15680 Insecure /tmp file usage
[FIX] Install premail 0.45-4, currently in Incoming.
Package: python-dev
Maintainer: Gregor Hoffleit <flight@debian.org>
23168 Error in Python's Makefile.pre.in
[STRATEGY] "I'm currently evaluating one of the following solutions:
a) Again, only provide the upstream Makefile.pre.in. This won't make
life easier for users who don't want to build Debian packages,
but want to install the extension locally in /usr/local.
b) Provide both the upstream Makefile.pre.in for building Debian
packages and a modified Makefile-local.pre.in for installing
extensions locally.
c) Fix the problem in the modified Makefile.pre.in and provide both
a boot as well as a boot-deb target for preparing extensions for
local installation as well as for Debian packaging."
[HELP] "Feedback wanted!"
Package: python-doc
Maintainer: Gregor Hoffleit <flight@debian.org>
22944 python-doc in hamm refers to an ancient version of python
[FIX] This has been fixed by python-doc 1.5.1-2, which has been installed
in hamm.
Package: rat
Maintainer: Chu-yeon Park <kokids@doit.ajou.ac.kr>
21935 rat is not free software
[FIX] Install rat 3.0.23-1, currently in Incoming, which moves it from
main to non-free.
Package: sinuskey-login
Maintainer: Skuli Davidsson <skuli@hi.is>
21446 sinuskey-login: depends on libc5 but doesn't report that
Package: smail
Maintainer: Soenke Lange <soenke@escher.north.de>
23218 Smail refuses to configure on dynamic-IP machine
23294 Smail 3.2.0.101-4.3 *important* typo in smailconfig
[FIX] This has been fixed in smail 3.2.0.101-4.4, which is already in hamm.
Package: sniffit
Maintainer: Damjan Marion <dmarion@debian.org>
21832 sniffit is not DFSG free software
[FIX] install the sniffit 0.3.5-3 in Incoming, which goes to non-free, and
remove the version in main.
Package: ssh (i386 non-us)
Maintainer: Philip Hands <phil@hands.com>
22470 ssh: ssh spits out debugging messages because of socks4
[FIX] "I just uploaded 1.2.23-1 without socks support. I'll wait for
the problem to be resolved in libsocks before putting it back
in again."
Package: ssleay (i386 non-us)
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
19410 ssleay: md5sums-lists-nonexisting-file LI#146
[STRATEGY] "As ssleay is not in the main distribution, I delayed the
fix of this (which consists mainly of a repacking) in
favor of tetex-*."
Package: tetex-bin
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
23111 tetex-bin: cron.daily script falls over when /usr/local/is
[FIX] "I don't consider this release-critical. It just sends an annoying
email from the cron.daily script if /usr/local is readonly. The
script does not really "fall over" as the bug report says.
It finishes correctly just without updating the ls-R file in
/usr/local."
[STRATEGY] "I'll try to make this file a link to somewhere in /var to
fix this and hope that mktexlsr works on a symlink."
Package: wxxt1-dev
Maintainer: Brian Bassett <brian@butterfly.ml.org>
[HELP] Mail to the maintainer was returned as undeliverable.
21707 wxxt1-dev depends on deprecated libg++-dev
Package: xadmin
Maintainer: Turbo Fredriksson <turbo@debian.org>
23053 xadmin does not set perms correctly for /etc/shadow
[FIX] This is fixed in xadmin 1.0.15-2, which has been installed in hamm.
Package: xbase
Maintainer: Branden Robinson <branden@debian.org>
[HELP] See http://master.debian.org/~branden/xsf.html for detailed
discussion of these problems and ways you can help.
22329 Patch for #20685 prevents talk working
22668 TERM=xterm meaning has changed incompatibly
[STRATEGY] "There needs to be a new terminal type, xterm-debian, which
tracks the latest XFree86 xterm entry but incorporates our keyboard
policy (and anything else we want to customize). I need to
coordinate with the ncurses-base maintainer and some other folks
about this."
22877 xbase: xdm port, and X applications
22928 New upstream security fix release
23002 Problem With Fresh Install
Package: xexec (i386 contrib)
Maintainer: Zed Pobre <zed@debian.org>
22927 xexec: unsatisfiable dependency
[STRATEGY] This is being worked on, "The status is solvable".
Package: xinetd (i386 non-free)
Maintainer: "Adam Heath" <adam.heath@usa.net>
This package was taken over by Norbert Veber <nveber@debian.org>.
20705 xinetd: samba 1.9.18p3-1 don't work from xinetd (from inetd
[NOTE] This bug is currently being discussed on debian-devel.
Package: xlib6g
Maintainer: Branden Robinson <branden@debian.org>
23122 typo in debian/rules
23274 xlib6g: Upgrading to 3.3.2.1-1 breaks keyboard
--
To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: