[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Preparing another stable revision (r6)



An up-to-date version is at <http://master.debian.org/~joey/2.2r6/>

In another quixotic attempt, I am preparing another revision of the
stable Debian distribution (r6) and will infrequently send reports so
people can actually comment on it and intervene whenever this is
required.

The plan is to get this revision of Debian GNU/Linux 2.2 (codename
`potato') out within the first week of March this year (2002).  James
Troup still has to give the final approval for each package since he
is the ftpmaster involved with stable revisions.  However, I will try
to make his work as easy as possible in the hope to get the next
revision out properly.  Thanks for your attention.

This may also be the last version of the 2.2 series, depending on how
well the woody release is making progress.  There is, however, still a
possibility 2.2r7 (to be scheduled at the beginning of May) has to be
released before 3.0.

My requirements for packages to go into stable:

 1. The package fixes a security problem.  An advisory by our own
    Security Team would be quite helpful.  I really should make this a
    requirement for security uploads.

 2. The package fixes a critical bug which can lead into data loss,
    data corruption, or an overly broken system, or the package is
    broken or not usable (anymore).

 3. The stable version of the package is not installable at all due to
    broken or unmet dependencies or broken installation scripts.

 4. All released architectures have to be in sync.

Packages, which I will most probably reject:

  . Package which fix non-critical bugs.

  . Misplaced uploads, i.e. packages that were uploaded to 'stable
    unstable' or `frozen unstable'.

  . Packages for which its binary packages are out of sync with regard
    to all supported architectures in the stable distribution.

  . Binary packages for which the source got lost somehow.

Accepted packages
-----------------

These packages should be installed into stable and be part of the next
revision.

adjtimex    stable    1.10-1      alpha, i386
adjtimex    stable    1.5-1       sparc
adjtimex    stable    1.5-3       powerpc
adjtimex    stable    1.7-1       arm
adjtimex    stable    1.8.1-1     m68k
adjtimex    updates   1.10-1      arm, m68k, powerpc, sparc

	Get versions in sync, apart from that:

	* New upstream release - security fix: use popen() to recover output from
	  ntpdate, instead of an unsafe temporary file (thanks to Colin Phipps
	  <crp22@cam.ac.uk>) (closes:bug#56752)

at          stable    3.1.8-10    alpha, arm, i386, m68k, powerpc, sparc
at          updates   3.1.8-10.2  alpha, arm, i386, m68k, powerpc, sparc

	Security Upload, DSA 102

cupsys-bsd      stable    1.0.4-9     alpha, arm, i386, m68k, powerpc, sparc
cupsys-bsd      updates   1.0.4-10    alpha, arm, i386, m68k, powerpc, sparc
cupsys          stable    1.0.4-9     alpha, arm, i386, m68k, powerpc, sparc
cupsys          updates   1.0.4-10    alpha, arm, i386, m68k, powerpc, sparc
libcupsys1-dev  stable    1.0.4-9     alpha, arm, i386, m68k, powerpc, sparc
libcupsys1-dev  updates   1.0.4-10    alpha, arm, i386, m68k, powerpc, sparc
libcupsys1      stable    1.0.4-9     alpha, arm, i386, m68k, powerpc, sparc
libcupsys1      updates   1.0.4-10    alpha, arm, i386, m68k, powerpc, sparc

	Security upload: DSA 110, Buffer overflow


dump        stable    0.4b16-1           alpha, arm, i386, m68k, powerpc, sparc
dump        updates   0.4b25-0.potato.1  alpha, arm, i386, m68k, powerpc, sparc


	* back-port dump current version to potato at the request of
          Martin Schulze.  The 0.4b22 upstream version included
          important fixes for data corruption that can occur with the
          version that was released with potato.

faqomatic   stable    2.603-1.1   all
faqomatic   updates   2.603-1.2   all

	Security upload, DSA 109, cross-site scripting vulnerability

fml         stable    3.0+beta.20000106-1  all
fml         updates   3.0+beta.20000106-5  all

	DSA 088, improper character escaping

gcc         stable    1:2.95.2-13    alpha, i386, powerpc, sparc
gcc         stable    1:2.95.2-13.1  arm, m68k
gcc         updates   1:2.95.2-13.1  alpha, i386, powerpc, sparc

	Changelog says:

	* Non-maintainer upload

	* Add new patch for ARM (closes #75801)

	Clarification required.  Doko queried.  He approved, the patch
	is conditionalized so gets only applied on ARM.

glibc-doc     stable    2.1.3-19    all
glibc-doc     updates   2.1.3-20    all
i18ndata      stable    2.1.3-19    all
i18ndata      updates   2.1.3-20    all
libc6-dbg     stable    2.1.3-19    arm, i386, m68k, powerpc, sparc
libc6-dbg     updates   2.1.3-20    arm, i386, m68k, powerpc, sparc
libc6-dev     stable    2.1.3-19    arm, i386, m68k, powerpc, sparc
libc6-dev     updates   2.1.3-20    arm, i386, m68k, powerpc, sparc
libc6-pic     stable    2.1.3-19    arm, i386, m68k, powerpc, sparc
libc6-pic     updates   2.1.3-20    arm, i386, m68k, powerpc, sparc
libc6-prof    stable    2.1.3-19    arm, i386, m68k, powerpc, sparc
libc6-prof    updates   2.1.3-20    arm, i386, m68k, powerpc, sparc
libc6.1-dbg   stable    2.1.3-19    alpha
libc6.1-dbg   updates   2.1.3-20    alpha
libc6.1-dev   stable    2.1.3-19    alpha
libc6.1-dev   updates   2.1.3-20    alpha
libc6.1-pic   stable    2.1.3-19    alpha
libc6.1-pic   updates   2.1.3-20    alpha
libc6.1-prof  stable    2.1.3-19    alpha
libc6.1-prof  updates   2.1.3-20    alpha
libc6.1       stable    2.1.3-19    alpha
libc6.1       updates   2.1.3-20    alpha
libc6         stable    2.1.3-19    arm, i386, m68k, powerpc, sparc
libc6         updates   2.1.3-20    arm, i386, m68k, powerpc, sparc
locales       stable    2.1.3-19    alpha, arm, i386, m68k, powerpc, sparc
locales       updates   2.1.3-20    alpha, arm, i386, m68k, powerpc, sparc
nscd          stable    2.1.3-19    alpha, arm, i386, m68k, powerpc, sparc
nscd          updates   2.1.3-20    alpha, arm, i386, m68k, powerpc, sparc

	Glob security patch.  DSA 103

icecast-server  stable    1.0.0-1     alpha, arm, i386, m68k, powerpc, sparc
icecast-server  updates   1.3.10-1    alpha, arm, m68k, powerpc, sparc
icecast-server  updates   1.3.10-1.1  i386

	DSA 089

jgroff      stable    1.15+ja-3.2  alpha, arm, i386, m68k, powerpc, sparc
jgroff      updates   1.15+ja-3.4  alpha, arm, i386, m68k, powerpc, sparc

	DSA 107

pgp4pine       stable    1.71b-5       alpha, arm, i386, m68k, powerpc
pine396-diffs  stable    5             all
pine396-src    stable    3             all
pine4-diffs    stable    2             all
pine4-src      stable    1             all

	These PINE packages contain security problems and the
	maintainer agrees that it would be best to remove them from
	the stable directory entirely.  People who still want to use
	PINE should check the pine-tracker package.

	pine: Bad url handling exploit

	pgp4pine: Buffer overflow

samba-common  stable    2.0.7-3.4   alpha, arm, i386, m68k, powerpc, sparc
samba-common  updates   2.0.7-5     alpha, arm, i386, m68k, powerpc, sparc
samba-doc     stable    2.0.7-3.4   all
samba-doc     updates   2.0.7-5     all
samba         stable    2.0.7-3.4   alpha, arm, i386, m68k, powerpc, sparc
samba         updates   2.0.7-5     alpha, arm, i386, m68k, powerpc, sparc
smbclient     stable    2.0.7-3.4   alpha, arm, i386, m68k, powerpc, sparc
smbclient     updates   2.0.7-5     alpha, arm, i386, m68k, powerpc, sparc
smbfs         stable    2.0.7-3.4   alpha, arm, i386, m68k, powerpc, sparc
smbfs         updates   2.0.7-5     alpha, arm, i386, m68k, powerpc, sparc
swat          stable    2.0.7-3.4   alpha, arm, i386, m68k, powerpc, sparc
swat          updates   2.0.7-5     alpha, arm, i386, m68k, powerpc, sparc

	ChangeLog says:

	* Permanently fix problem with NMU's being built against incorrect
	  kernel interfaces (closes: #94380, #95015, #102226)

	* add uploaders: header to control file

	This upload most probably fixes the problem with the old alpha
	version not being able to run properly due to a bad build
	environment.  This problem may be solved by a general
	change...  may be...  Steve Langasek should speak up...

	He said:

	Samba upstream takes advantage of the best system facilities
	(libc/kernel) available at compile time.  Because Debian
	releases usually include a baseline kernel and an
	'experimental' kernel, Eloy and I have introduced packaging
	code in unstable that prevents Samba from detecting facilities
	that it should not be compiled against.  The 2.0.7-4 upload
	backports these packaging mods to potato, both correcting the
	problems with past alpha security NMUs and safeguarding
	against the possibility of future problems with security NMUs
	in potato.

	New Changelog says (2.0.7-5):

	* Add Build-Depends line; the previous upload was missing
	  potentially
	  important library linkage on some architectures.

	* Fix debian/rules to use xxx-linux instead of xxx-linux-gnu;
	  config.sub doesn't grok the latter, causing printing to break
	  (closes: #127444)

	According to Steve Langasek this version is fine and suited
	for stable.

sudo        stable    1.6.2p2-2    alpha, arm, i386, m68k, powerpc, sparc
sudo        updates   1.6.2p2-2.1  alpha, arm, i386, m68k, powerpc, sparc

	Security Upload, DSA 101

uucp        stable    1.06.1-11potato1  alpha, arm, i386, m68k, powerpc, sparc
uucp        updates   1.06.1-11potato2  alpha, arm, i386, m68k, powerpc, sparc

	Security Upload, DSA 079-2, uucp uid/gid access

wmtv        stable    0.6.5-2         alpha, arm, i386, m68k, powerpc
wmtv        stable    0.6.5-2.0.1     sparc
wmtv        updates   0.6.5-2potato2  alpha, arm, i386, m68k, powerpc, sparc

	Security Upload, DSA 108, symlink vulnerability

xchat-common  stable    1.4.3-0.1    all
xchat-common  updates   1.4.3-1      all
xchat-gnome   stable    1.4.3-0.1    arm, i386, m68k, powerpc, sparc
xchat-gnome   stable    1.4.3-0.1.1  alpha
xchat-gnome   updates   1.4.3-1      alpha, arm, i386, m68k, powerpc, sparc
xchat-text    stable    1.4.3-0.1    arm, i386, m68k, powerpc, sparc
xchat-text    stable    1.4.3-0.1.1  alpha
xchat-text    updates   1.4.3-1      alpha, arm, i386, m68k, powerpc, sparc
xchat         stable    1.4.3-0.1    arm, i386, m68k, powerpc, sparc
xchat         stable    1.4.3-0.1.1  alpha
xchat         updates   1.4.3-1      alpha, arm, i386, m68k, powerpc, sparc

	* Fixed "Xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability",
	  (http://www.securityfocus.com/archive/1/249113); patch
	  provided by upstream author, Peter Zelezny <zed@linux.com>.

	DSA 099

xcin        stable    2.3.04-1           arm
xcin        stable    2.5.1.3-1          powerpc
xcin        stable    2.5.1.99.pre6.1-1  alpha
xcin        stable    2.5.2-1            i386, m68k, sparc
xcin        updates   2.5.2-1            alpha, arm, powerpc

	Get versions back in sync


Further investigation
---------------------

These packages need further investigation.  One reason the package is
listed here could be that I'm not yet convinced this package should go
into stable, but don't want to reject it entirely at the moment.
Another reason could be that released and updated architectures are
not in sync yet.

man2html    stable    1.5-23      alpha, arm, i386, m68k, powerpc, sparc
man2html    updates   1.5-23.1    arm, i386, m68k, powerpc, sparc

	* Recompiled with correct CGIBASE to avoid bad links; closes: #104474.
	  Grave bug, warrants inclusion into stable.

	MISSING alpa

nfs-common         stable    1:0.1.9.1-1          alpha, arm, i386, m68k, powerpc, sparc
nfs-common         updates   1:0.1.9.1-1.potato1  alpha, i386, m68k, powerpc, sparc
nfs-kernel-server  stable    1:0.1.9.1-1          alpha, arm, i386, m68k, powerpc, sparc
nfs-kernel-server  updates   1:0.1.9.1-1.potato1  alpha, i386, m68k, powerpc, sparc
nhfsstone          stable    1:0.1.9.1-1          alpha, arm, i386, m68k, powerpc, sparc
nhfsstone          updates   1:0.1.9.1-1.potato1  alpha, i386, m68k, powerpc, sparc

	Support statd callbacks from later 2.2 kernels. (Bug#111990)

	It seems that this upload fixes a disparity between late 2.2
	kernels and the older nfs-utils package from stable in
	connection with statd/lockd.  Problem seems to exist for
	non-Linux clients at least.

	MISSING arm


Rejected packages
-----------------

These packages don't meet the requirements.

dvi2ps-fontdata-a2n       stable    1.0-5       all
dvi2ps-fontdata-a2n       updates   1.0-7       all
dvi2ps-fontdata-bsr       stable    1.0-5       all
dvi2ps-fontdata-bsr       updates   1.0-7       all
dvi2ps-fontdata-ja        stable    1.0-5       all
dvi2ps-fontdata-ja        updates   1.0-7       all
dvi2ps-fontdata-n2a       stable    1.0-5       all
dvi2ps-fontdata-n2a       updates   1.0-7       all
dvi2ps-fontdata-ptexfake  stable    1.0-5       all
dvi2ps-fontdata-ptexfake  updates   1.0-7       all
dvi2ps-fontdata-rrs       stable    1.0-5       all
dvi2ps-fontdata-rrs       updates   1.0-7       all
dvi2ps-fontdata-rsp       stable    1.0-5       all
dvi2ps-fontdata-rsp       updates   1.0-7       all
dvi2ps-fontdata-tbank     stable    1.0-5       all
dvi2ps-fontdata-tbank     updates   1.0-7       all
dvi2ps-fontdata-three     stable    1.0-5       all
dvi2ps-fontdata-three     updates   1.0-7       all

       Misplaced upload to 'stable unstable'

rsync       stable    2.3.2-1.2   alpha, arm, i386, m68k, powerpc, sparc
rsync       updates   2.3.2-1.3   alpha, arm, i386, m68k, powerpc, sparc

	DSA 106

	Broken packages, hence rejecting


Disclaimer
----------

This list intends to help the ftp-masters releasing 2.2r6.  They have the
final power to accept a package or not.  If you want to comment on
this list, please send a mail to Martin Schulze <joey@debian.org>.

Attachment: pgpUyUnaV8W3Q.pgp
Description: PGP signature


Reply to: