Preparation of Debian GNU/Linux 2.2r5 ===================================== An up-to-date version is at http://master.debian.org/~joey/2.2r5/ I am preparing 2.2r5 and will send reports so people can actually comment on it. The plan is to get this revision of Debian GNU/Linux 2.2 (codename `potato') out real soon now. James Troup still has to give the final approval for each package. However, I will try to make his work as easy as possible in the hope to get the next revision out properly. Thanks for your attention. Development for 2.2r5 is near being finished ready to be released. This may also be the last version of the 2.2 series, depending on how well the woody release is going. There is, however, still a possibility 2.2r6 (to be scheduled at the beginning of March) has to be released before 3.0. My requirements for packages to go into stable: 1. The package fixes a security problem. An advisory by our own Security Team would be quite helpful. 2. The package fixes a critical bug which can lead into data loss, data corruption, or an overly broken system, or the package is broken or not usable (anymore). 3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts 4. The package gets all architectures in stable in sync. 5. All released architectures have to be in sync. Packages which I will most probably reject: . Package which fix non-critical bugs . Misplaced uploads, i.e. packages that were uploaded to 'stable unstable' or `frozen unstable' . Packages for which its binary packages are out of sync with regard to all supported architectures in the stable distribution. . Binary packages for which the source got lost somehow Accepted packages ----------------- These packages should be installed into stable and be part of the next revision. apache stable 1.3.9-13.2 alpha, arm, i386, m68k, powerpc, sparc apache testing 1.3.19-1 alpha, arm, i386, m68k, powerpc, sparc apache unstable 1.3.19-1 hurd-i386 apache unstable 1.3.20-1.1 alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sh, sparc apache updates 1.3.9-14 alpha, arm, i386, m68k, powerpc, sparc * Non-maintainer upload on behalf of Simon Huggins <huggie@earth.li> * Applied patch from Martin Kraemer to fix mod_negotiation bug to prevent revealing of directory contents. This looks like a half security update, right? DSA 067-1 is a broken security upload and requires an update. [further] 2002-01-02: It would be nice if somebody could tell me why I tagged this version 'broken'. I don't think it's because of a missing fix for Bug#73013, so I don't remember anymore. *sigh* base-config stable 0.32 alpha base-config stable 0.33.2 arm, i386, m68k, powerpc, sparc base-config updates 0.33.2 alpha Sync with other architectures ChangeLog also says: * Corrected stupid typo in templates file, Closes: #74785, #74815, #74828 * This problem makes it impossible to install the package, so it is important and must go in. bb stable 1.2-9 i386, powerpc bb stable 1.2-9.0.1 alpha bb updates 1.2-9 sparc Package was missing from stable. bwbasic stable 2.20pl2-3 alpha, i386, m68k, powerpc bwbasic stable 2.20pl2-3.1 sparc bwbasic updates 2.20pl2-3.2 alpha, arm, i386, m68k, powerpc, sparc * New maintainer. * Recompile. Due to strange interactions with libc6, functions weren't interpreted, and the package was practically unusable. Closes: #108924. catsboot updates 0.2.2 arm Boot glue for ARM CATS systems Required on some ARM systems current stable boot-floppies Build-Depend on it. dtaus stable 0.4-1 alpha, arm, i386, m68k, powerpc, sparc dtaus updates 0.6-0potato1 alpha, arm, i386, m68k, powerpc, sparc * Repackaged for potato because the version of dtaus in potato isn't able to create DTAUS files using the Euro currency which is the one and only official currency in Germany since yesterday. Hence, the version in potato is entirely useless since yesterday and has to be updated if people are using it for their money management. eximon stable 3.12-10.1 alpha, arm, i386, m68k, powerpc, sparc eximon updates 3.12-10.2 alpha, arm, i386, m68k, powerpc, sparc exim stable 3.12-10.1 alpha, arm, i386, m68k, powerpc, sparc exim updates 3.12-10.2 alpha, arm, i386, m68k, powerpc, sparc Security Update, DSA 097 freewnn-common stable 1.1.0+1.1.1-a016-1 all freewnn-common updates 1.1.0+1.1.1-a016-1.potato.3 all freewnn-cserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-cserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-cserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-cserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-jserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-jserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-jserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-jserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-kserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-kserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-kserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-kserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc * [security fix] backport from freewnn 1.1.0+1.1.1-a017-6.4 - adduser wnn, kwnn, cwnn for jserver,kserver,cserver respectively instead of running as root user - restrict upload/create path under jserver_dir The 2nd upload is required to make the package installable *sigh* At least, it is proved to be tested now... gpg-idea stable 2 m68k gpg-idea stable 2.1.1 alpha, i386, powerpc, sparc gpg-rsaref stable 1.1-1 alpha gpg-rsaref stable 1.1-2 arm, i386, powerpc, sparc gpg-rsa stable 2 m68k gpg-rsa stable 2.1.1 alpha, i386, powerpc, sparc GnuPG provides this functionality already, it replaces these packages just fine, they are not needed anymore. Even worse, they are not even installable anymore, since they depend on gnupg but gnupg conflicts with them. gpm stable 1.17.8-18 alpha, arm, i386, m68k, powerpc, sparc gpm updates 1.17.8-18.1 alpha, arm, i386, m68k, powerpc, sparc libgpm1-altdev stable 1.17.8-18 i386, m68k libgpm1-altdev stable 1.17.8-9 sparc libgpm1-altdev updates 1.17.8-18.1 i386, m68k libgpm1 stable 1.17.8-18 i386, m68k libgpm1 stable 1.17.8-9 sparc libgpm1 updates 1.17.8-18.1 i386, m68k libgpmg1-dev stable 1.17.8-18 alpha, arm, i386, m68k, powerpc, sparc libgpmg1-dev updates 1.17.8-18.1 alpha, arm, i386, m68k, powerpc, sparc libgpmg1 stable 1.17.8-18 alpha, arm, i386, m68k, powerpc, sparc libgpmg1 updates 1.17.8-18.1 alpha, arm, i386, m68k, powerpc, sparc Security upload: DSA 095 groff stable 1.15.2-2 alpha, arm, i386, m68k, powerpc, sparc groff updates 1.15.2-3 alpha, arm, i386, m68k, powerpc, sparc * Use lpr as the print spooler, even if it happens not to be installed on the build system. Version 1.15.2-2 broke 'groff -l', which worked with previous versions of groff in stable (thanks, Mike Fontenot). Since I can't even find a single bug report that says 'groff -l' is broken in stable, I guess it will only be used on accident. Hence, I don't think this justifies an update to stable. I rethought my decision again. 2.2r3 had a working version, 2.2r4 unfortunately broke it. We should tryto fix that. Upgrading from r3 or older to the next current version should not break more things but fix them. *sigh* imp stable 2:2.2.3-0.potato.4 all imp updates 2:2.2.6-0.potato.3 all DSA 073, though it mentioned imp 2.2.6-0.potato.1 The maintainer, Ola Lundqvist, commented: "The potato.1 version (the real security fix) was broken. :( I uploaded it too fast, without testing the postgres part. It also had some other minor issues because I forgot to apply one patch. So if any new packages of horde and imp should go to a new revision only the latest version should go there (from proposed-updates)." .4: SECURITY FIX, backport from 2.2.7, closes: #118986 inn2-dev stable 2.2.2.2000.01.31-2 arm inn2-dev stable 2.2.2.2000.01.31-4 alpha, i386, m68k, powerpc, sparc inn2-dev updates 2.2.2.2000.01.31-5 alpha, arm, i386, m68k, powerpc, sparc inn2-inews stable 2.2.2.2000.01.31-2 arm inn2-inews stable 2.2.2.2000.01.31-4 alpha, i386, m68k, powerpc, sparc inn2-inews updates 2.2.2.2000.01.31-5 alpha, arm, i386, m68k, powerpc, sparc inn2 stable 2.2.2.2000.01.31-2 arm inn2 stable 2.2.2.2000.01.31-4 alpha, i386, m68k, powerpc, sparc inn2 updates 2.2.2.2000.01.31-5 alpha, arm, i386, m68k, powerpc, sparc task-news-server stable 2.2.2.2000.01.31-4 all task-news-server updates 2.2.2.2000.01.31-5 all Security Update, DSA 023 Bdale reports a serious problem with this upload, it broke some functionality. He's going to upload a fixed version, so this will have to wait for 2.2r5 (formerly 2.2r4) then. Fixed for 2.2.2.2000.01.31-5. kernel-image-2.2.19-netwinder stable 20010414 arm kernel-image-2.2.19-netwinder updates 20011103 arm kernel-image-2.2.19-riscpc stable 20010414 arm kernel-image-2.2.19-riscpc updates 20011109 arm kernel-patch-2.2.19-arm stable 20010414 all kernel-patch-2.2.19-arm updates 20011109 all Rebuilt with current kernel that has security fixes incorporated, was supposed for 2.2r4 but uploaded too late. ARM 20011109: Build against kernel-source 2.2.19.1-2 and latest ARM patch. mac-fdisk stable 0.1-3 m68k mac-fdisk stable 0.1-6.0potato1 powerpc mac-fdisk updates 0.1-6.0potato1 m68k pmac-fdisk-cross stable 0.1-3 m68k pmac-fdisk-cross updates 0.1-6.0potato1 m68k Get m68k and powerpc back in sync, package is required for installation of NewWorld powerpc machines. mailman stable 1.1-8 alpha, arm, i386, m68k, powerpc, sparc mailman updates 1.1-10 alpha, arm, i386, m68k, powerpc, sparc Security Fix. Related to DSA 094? Changelog for 1.1-9: * Cross site scripting (CSS) fixes, backported from Mailman 2.0.8. * Support list names with spaces in them. Changelog for 1.1-10: * Add missing paranthesis in Mailman/Cgi/edithtml.py, line 88 make-doc stable 3.79.1-1.potato.1 all make stable 3.78.1-8 alpha make stable 3.79.1-1.potato.1 arm, i386, m68k, powerpc, sparc make updates 3.79.1-1.potato.1 alpha Get versions in sync modconf stable 0.2.26.14 all modconf updates 0.2.26.14.1 all Included patch for secure tempfile handling, see #117283 for details mutt stable 1.2.5-4 alpha, arm, i386, m68k, powerpc, sparc mutt updates 1.2.5-5 alpha, arm, i386, m68k, powerpc, sparc Security update: DSA 096 * Applied patch-1.2.5.tlr.terminate.1 to fix a remotely exploitable buffer overflow. nedit updates 1:5.1.1-3 alpha, arm, i386, m68k, powerpc, sparc nedit is now Free Software. telnetd stable 0.16-4 alpha telnetd stable 0.16-4potato.1 arm, i386, m68k, powerpc, sparc telnetd updates 0.16-4potato.3 alpha, arm, i386, m68k, powerpc, sparc telnet stable 0.16-4 alpha telnet stable 0.16-4potato.1 arm, i386, m68k, powerpc, sparc telnet updates 0.16-4potato.3 alpha, arm, i386, m68k, powerpc, sparc Changelog says: * Fixed same overflow with minimal change. DSA 070 mentioned version 0.16-4potato.2 [further] ldap-rfc stable 1:1.2.12-1 all ldap-rfc updates 1:1.2.12-2 all libopenldap-dev stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc libopenldap-dev updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc libopenldap-runtime stable 1:1.2.12-1 all libopenldap-runtime updates 1:1.2.12-2 all libopenldap1 stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc libopenldap1 updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc openldap-gateways stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc openldap-gateways updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc openldap-utils stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc openldap-utils updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc openldapd stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc openldapd updates 1:1.2.12-2 alpha, arm, i386, m68k, powerpc, sparc Minor bugfix: * Include backport of billion second bug. ssh-askpass-gnome stable 1:1.2.3-9.3 alpha, arm, i386, m68k, powerpc, sparc ssh-askpass-gnome updates 1:1.2.3-9.4 alpha, arm, i386, m68k, powerpc, sparc ssh-askpass-ptk stable 1:1.2.3-9.3 all ssh-askpass-ptk updates 1:1.2.3-9.4 all ssh stable 1:1.2.3-9.3 alpha, arm, i386, m68k, powerpc, sparc ssh updates 1:1.2.3-9.4 alpha, arm, i386, m68k, powerpc, sparc Security Fix, DSA 091 php4-cgi-gd stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi-gd updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-imap stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi-imap updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-ldap stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi-ldap updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-mhash stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi-mhash updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-mysql stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi-mysql updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-pgsql stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi-pgsql updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-snmp stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi-snmp updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi-xml stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi-xml updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-cgi stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-cgi updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-dev stable 4.0.3pl1-0potato1 all php4-dev updates 4.0.3pl1-0potato2 all php4-gd stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-gd updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-imap stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-imap updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-ldap stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-ldap updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-mhash stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-mhash updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-mysql stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-mysql updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-pgsql stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-pgsql updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-snmp stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-snmp updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4-xml stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4-xml updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc php4 stable 4.0.3pl1-0potato1 alpha, i386, m68k, powerpc, sparc php4 updates 4.0.3pl1-0potato2 alpha, i386, m68k, powerpc, sparc Security Update (DSA 020 mentions 4.0.3pl1-0potato1.1) [further] Roland Bauerschmidt reports "php4-cgi broken". Look at #89431. /usr/lib/cgi-bin/php4 is a symlink to debian/php4-cgi/usr/bin/php4 which of course doesn't exist. postfix stable 0.0.19991231pl11-1 alpha, arm, i386, m68k, powerpc, sparc postfix updates 0.0.19991231pl11-2 alpha, arm, i386, m68k, powerpc, sparc * Fix 'smtpd command log memory exhaustion' problem. * Fix dhelp dangling symlink problem. Closes: #91877, #97332. * Rebuild on current potato. Closes: #102388, #99220. Security Fix: DSA 093 ecpg stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc ecpg updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc libpgperl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc libpgperl updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc libpgsql2 stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc libpgsql2 updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc libpgtcl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc libpgtcl updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc odbc-postgresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc odbc-postgresql updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc pgaccess stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc pgaccess updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc postgresql-client stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-client updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc postgresql-contrib stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-contrib updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc postgresql-dev stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-dev updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc postgresql-doc stable 6.5.3-26 all postgresql-doc updates 6.5.3-27 all postgresql-pl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-pl updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc postgresql-test stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-test updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc postgresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc python-pygresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc python-pygresql updates 6.5.3-27 alpha, arm, i386, m68k, powerpc, sparc * postgresql: applied patch from Ben Pfaff <pfaffben@msu.edu> to cure problem with segfault in pg_dump. High urgency because pg_dump is essential for transferring data when upgrading postgresql. Closes: #101940 No security update but something that is anticipated to prevent data loss, I'm convinced. skkinput stable 1:2.03-2 alpha skkinput stable 1:2.03-3.potato.1 arm, i386, m68k, powerpc, sparc skkinput updates 1:2.03-3.potato.1 alpha Get versions back in sync ssh-askpass-nonfree stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc ssh-askpass-nonfree updates 1.2.27-6.2 alpha, arm, i386, m68k, powerpc, sparc ssh-nonfree stable 1.2.27-3 m68k ssh-nonfree stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc ssh-nonfree updates 1.2.27-6.2 alpha, arm, i386, m68k, powerpc, sparc ssh-socks stable 1.2.27-3 m68k ssh-socks stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc ssh-socks updates 1.2.27-6.2 alpha, arm, i386, m68k, powerpc, sparc * Urgency high because this addresses a well-known vulnerability which is being exploited. * Add security fixes from -7. * Add build-depends. * Remove client's setuid bit; people who need it can turn it back on, and everyone else will be safer. tkseti stable 2.10-1 arm tkseti stable 2.12-1 powerpc tkseti stable 2.12-2 alpha, i386, sparc tkseti updates 2.12-2 arm, powerpc Get versions back in sync. wu-ftpd-academ stable 2.6.0-5.3 all wu-ftpd-academ updates 2.6.0-6 all wu-ftpd stable 2.6.0-5.3 alpha, arm, i386, m68k, powerpc, sparc wu-ftpd updates 2.6.0-6 alpha, arm, i386, m68k, powerpc, sparc Security upload, DSA 087 xtel stable 3.2.1-4 alpha, arm, i386, m68k, powerpc, sparc xtel updates 3.2.1-4.potato.1 alpha, arm, i386, m68k, powerpc, sparc * New maintainer * Security fixes: - symlink vulnerability in xteld (see #87787). - symlink vulnerability in xtel while printing harcopy of screen. - run xteld under control of tcpd to be able to restrict access to the service from network. * Backport of annoying and easy to fix bugs from woody version of xtel: - Fixed segfaults (see #43566). - Fixed a little typo in the /etc/xtel/lignes file. - Fixed creation of the symlink to french doc directory (see #55131). * Other annoying fixes: - bad X resource in Xtel[m].ad (missing '-o -' in a2ps printing command). DSA 090 xxgdb stable 1.12-9.3 alpha, arm, i386, m68k, powerpc, sparc xxgdb updates 1.12-9.4potato alpha, arm, i386, m68k, powerpc, sparc * Applied a patch from Massimo Dal Zotto <dz@cs.unitn.it>. This is a workaround for a serious bug (#94892) in libXaw. Seems this bug makes xxgdb useless in stable yabasic stable 2.42-1 arm yabasic stable 2.53-1 alpha, i386, m68k, powerpc, sparc yabasic updates 2.53-2 alpha, arm, i386, m68k, powerpc, sparc * New maintainer. * yabasic.c: Fixed a /tmp race condition. * Completed the FHS transition to allow building with a recent debhelper. Closes: #98875. No DSA assigned, maintainer, please get in touch with the Security Team zip-crypt stable 2.30-1 arm, i386, m68k, powerpc, sparc zip-crypt updates 2.30-1 alpha Sync with other architectures zsh stable 3.1.9.dev6-2 alpha zsh stable 3.1.9.dev6-7 i386, m68k, powerpc, sparc zsh stable 3.1.9.dev6-7.0.1 arm zsh updates 3.1.9.dev6-7 alpha Get versions more in sync Further investigation --------------------- These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment. Another reason could be that released and updated architectures are not in sync yet. dump stable 0.4b16-1 alpha, arm, i386, m68k, powerpc, sparc dump updates 0.4b25-0.potato.1 i386, m68k * back-port dump current version to potato at the request of Martin Schulze. The 0.4b22 upstream version included important fixes for data corruption that can occur with the version that was released with potato. MISSING alpha MISSING arm MISSING powerpc MISSING sparc man2html stable 1.5-23 alpha, arm, i386, m68k, powerpc, sparc man2html updates 1.5-23.1 arm, i386, m68k, powerpc, sparc * Recompiled with correct CGIBASE to avoid bad links; closes: #104474. Grave bug, warrants inclusion into stable. MISSING alpa nfs-common stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc nfs-common updates 1:0.1.9.1-1.potato1 i386, m68k, sparc nfs-kernel-server stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc nfs-kernel-server updates 1:0.1.9.1-1.potato1 i386, m68k, sparc nhfsstone stable 1:0.1.9.1-1 alpha, arm, i386, m68k, powerpc, sparc nhfsstone updates 1:0.1.9.1-1.potato1 i386, m68k, sparc Support statd callbacks from later 2.2 kernels. (closes: #111990) It seems that this upload fixes a disparity between late 2.2 kernels and the older nfs-utils package from stable in connection with statd/lockd. MISSING alpha MISSING arm MISSING powerpc xcin stable 2.3.04-1 arm xcin stable 2.5.1.3-1 powerpc xcin stable 2.5.1.99.pre6.1-1 alpha xcin stable 2.5.2-1 i386, m68k, sparc xcin updates 2.5.2-1 alpha Get versions back in sync Beware: change the distribution to stable only. MISSING arm MISSING powerpc Rejected packages ----------------- These packages don't meet the requirements. dvi2ps-fontdata-a2n stable 1.0-5 all dvi2ps-fontdata-a2n updates 1.0-6 all dvi2ps-fontdata-bsr stable 1.0-5 all dvi2ps-fontdata-bsr updates 1.0-6 all dvi2ps-fontdata-ja stable 1.0-5 all dvi2ps-fontdata-ja updates 1.0-6 all dvi2ps-fontdata-n2a stable 1.0-5 all dvi2ps-fontdata-n2a updates 1.0-6 all dvi2ps-fontdata-ptexfake stable 1.0-5 all dvi2ps-fontdata-ptexfake updates 1.0-6 all dvi2ps-fontdata-rrs stable 1.0-5 all dvi2ps-fontdata-rrs updates 1.0-6 all dvi2ps-fontdata-rsp stable 1.0-5 all dvi2ps-fontdata-rsp updates 1.0-6 all dvi2ps-fontdata-tbank stable 1.0-5 all dvi2ps-fontdata-tbank updates 1.0-6 all dvi2ps-fontdata-three stable 1.0-5 all dvi2ps-fontdata-three updates 1.0-6 all Misplaced upload to 'stable unstable' icecast-server stable 1.0.0-1 alpha, arm, i386, m68k, powerpc, sparc icecast-server updates 1.3.10-1 alpha, arm, m68k, powerpc, sparc icecast-server updates 1.3.10-1.1 i386 Alleged security update. Changelog says: * Several security exploits found to icecast. No simple way to patch * old version, so upgrade to latest stable version from icecast.org * If questions or assistance needed join #icecast on openprojects.net IRC Do you have a documentation about said security exploits? That's still pending Is it something different than this one? "icecast" is a server used to distribute audio streams to compatible clients such as winamp, mpg123, xmms and many others. Matt Messier (mmessier@prilnari.com) and John Viega (viega@list.org) have identified several buffer overflow and format strings problems in Icecast that could be remotely exploited. Our latest update to this software changes the package to use an unprivileged user ("icecast") for the daemon, so the impact of this vulnerability is not as high. Recent distributions (CL >= 5.1) have this package compiled with StackGuard to make it more difficult to exploit buffer overflows. It's said to be. Clarification appreciated. To make it worse, there is now Version: 1.3.10-1.1 * Binary-only recompile by security team * Rebuild with potato libc6 roxen-doc stable 1.3.122-13 all roxen-doc updates 1.3.122-22 all roxen-ssl stable 1.3.122-13 all roxen-ssl updates 1.3.122-22 all roxen stable 1.3.122-11 arm roxen stable 1.3.122-13 alpha, i386, m68k, sparc roxen updates 1.3.122-22 i386 Misplaced upload: Distribution: stable unstable * Dropping the 'task-webserver-roxen2' package... * Updating config.{sub|guess} Closes: #111546 samba-common stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc samba-common updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc samba stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc samba updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc smbclient stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc smbclient updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc smbfs stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc smbfs updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc swat stable 2.0.7-3.4 alpha, arm, i386, m68k, powerpc, sparc swat updates 2.0.7-4 alpha, arm, i386, m68k, powerpc, sparc ChangeLog says: * Permanently fix problem with NMU's being built against incorrect kernel interfaces (closes: #94380, #95015, #102226) * add uploaders: header to control file This upload most probably fixes the problem with the old alpha version not being able to run properly due to a bad build environment. This problem may be solved by a general change... may be... Steve Langasek should speak up... He said: Samba upstream takes advantage of the best system facilities (libc/kernel) available at compile time. Because Debian releases usually include a baseline kernel and an 'experimental' kernel, Eloy and I have introduced packaging code in unstable that prevents Samba from detecting facilities that it should not be compiled against. The 2.0.7-4 upload backports these packaging mods to potato, both correcting the problems with past alpha security NMUs and safeguarding against the possibility of future problems with security NMUs in potato. Rejecting on behalf of the maintainer, see Bug#127444: Upgrading from samba 2.0.7-3.4 to 2.0.7-4 broke printing (from windows clients) on our misc server [..] Disclaimer ---------- This list intends to help the ftp-masters releasing 2.2r5. They have the final power to accept a package or not. If you want to comment on this list, please send a mail to Martin Schulze <joey@debian.org>. -- The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin Please always Cc to me when replying to me on the lists.
Attachment:
pgpTpRTbX3tyb.pgp
Description: PGP signature