as it used to be...
Marek
-BEGIN PGP SIGNED MESSAGE-
Format: 1.5
Date: Sun, 15 Jun 1997 11:38:23 +0200
Source: ncpfs
Binary: ncpfs
Architecture: source i386
Version: 2.0.10-1
Distribution: unstable
Urgency: low
Maintainer: Marek Michalkiewicz [EMAIL PROTECTED]
Description:
ncpfs
Hi,
Mark Eichin:
2) the xdm shadow support doesn't fall back in any sane way,
and it's more than just dropping a check -- a bunch of code needs
rearrangement. (If you run xdm-shadow on a non-shadow system, you *lose*...)
Well, I just did that with xbase-3.2-6:
# mv
The latest release (shadow-970502-2) has a bug in libmisc/mail.c
that causes login to segfault when checking for new mail. Yes,
I have tested this version before releasing it (really!), but
unfortunately I had MAIL_CHECK_ENAB disabled (by mistake) on my
machine and the bug didn't show up.
Package: lynx
Version: 2.4-FM-960316-1
Lynx 2.6 is out, and version 2.5 has been available for quite some
time now - but we still have the outdated, pre-release version.
One user here needed a newer version (improved ISO-8859-2 support
etc.), so I packaged it myself, fixing two of the numerous
Owen Dunn:
I'm currently trying to clear some of Steve Early's backlog of X
package bugs; this'll be among them (though it may be a while longer
before the packages get converted to the new source format.)
Thanks. One suggestion: this particular bug is a quite serious
one (uid 0 exploit for
Dale Scheetz wrote:
The copyright is quite clear. You can not distribute this package for a
fee without first getting permission from the pine developers. According
to our policy this requires it go into non-free.
Now I noticed that the copyright has changed, the new one (same in
version 3.94
Package: ssh
Version: 1.2.14-1
The binaries in this package are not stripped, and they should
according to the packaging guidelines.
Marek
David Engel wrote:
About the best I can do, without further guidance, is make libc not
echo the problem lines to stderr. Is that acceptable?
I'm not sure. Someone could still read special files as root
(they would not see the contents, but merely reading them might
sometimes cause troubles
AFAIK it is along the line wit
site exec tar cvzf -rsh-command blafasel host:tar.tgz
Probably something else - I don't believe Red Hat would have that
nice old _PATH_EXECPATH bug for so long :-). It might be related
to the feature that wu-ftpd can send you a tar of a directory if
you do get
Package: wu-ftpd
Version: 2.4-23
I don't know the exploit, but tar in the anon ftp area is the
same as the normal one, so I think Debian systems may have this
problem too. Two messages from the linux-security list (the
second one includes a patch for tar - only for anon ftp, not
for the normal
Package: xlib
Version: 3.1.2-7
It seems there is a buffer overrun in libXt, which may be a security
hole (some programs using libXt, such as xterm, are setuid root).
I haven't tried to exploit it, but xterm -fg very_long_string
segfaults, so it might be exploitable (stack overwrite). See the
Hi,
is there any way to change the subject line of an already existing
bug report? This hole is a really *serious* (not moderate) one -
it lets any local and remote users read any file on the system.
I think there are two possible ways to fix it:
(1) ignore the dangerous environment variables
Package: netstd
Version: 2.06-1
Right now, telnetd checks for a few dangerous environment variables.
I think it should do what telnetd in NetKit-0.08 does: only allow
a few variables which are known to be safe, and don't allow any
others. The problem is that you never know that the list of the
Package: squid
Version: 1.0.beta16-1
In the default configuration, squid runs as root. While it can be
changed in the config file, someone might forget to configure it
after installation, so I think the default should be secure. The
permissions/ownerships in /var/squid and /var/log/squid should
Package: ssh
Version: 1.2.14-1
sshd writes to the file /etc/ssh/ssh_random_seed during normal
operation - the file should be moved to /var according to the
FSSTND recommendations.
Marek
Package: ssh
Version: 1.2.14-1
The package is compiled with the -g -O flags (autoconf default)
- this results in larger and slower binaries. It might be a good
idea to use -O2 instead (no -g) and maybe strip the binaries too.
Marek
Package: ssh
Version: 1.2.14-1
If compiled on a system which has no /etc/shadow file, sshd
doesn't support shadow passwords when using the password
authentication. All the necessary code is already there (will
work with both shadow and non-shadow passwords) - all that is
needed is to hack the
Package: ftp.debian.org
The current version of pine is in non-free because the copyright
is not clear. We really should talk to the maintainers - perhaps
we can get permission to distribute the package as part of the
distribution? (FYI, it's in Red Hat, and those guys are quite
careful about
Package: (bootdisk)
Version: 1996_6_16
APM support is enabled in the 2.0 kernel on this bootdisk. Some
green motherboards have problems with this, resulting in kernel
oops every time during kernel startup (before mounting the root
filesystem). Turning off power management in BIOS setup doesn't
Buddha Buck:
Pine requires explicit permission for redistribution by for-profit
organisations, which means that Bruce can put it on his CD-ROMs,
Software in the Public Interest (Debian) can put it on their CD-ROMs,
but Yggdrisil or SSC (Linux Journal) can't. That's too unfree to not
be
Hi,
different sources and systems. Non-free packages and optional
support for shadow passwords are also available, making Debian a
It might be a good idea to call the support for shadow passwords
experimental or beta just to be safe (not all packages support
them yet). I'll
If you're creating a Debian package you need to be root on the system
you're going to install it on to test it. Even if you're using some
shared environment in which you don't have root on the main
development machine, is it really that problematic to make the
`binary' target on the test
[EMAIL PROTECTED]:
I have reported this to the upstream maintainer. He promised me new acct code
(last is part of acct) about six months ago, so don't hold your breath.
How about using last from util-linux? It has the standard BSD copyright,
there are no patent issues that I know of, it knows
Package: (base)
The default /etc/issue and /etc/issue.net files contain the copyright
notice. The /etc/motd file contains another copyright notice. I know
copyrights are very important, but I think only one (/etc/motd) should
be enough for most users :-).
It would be more useful to put the
Package: last
Version: 5-12
The GNU version of last doesn't make use of the ut_addr utmp field which
is supposed to contain the IP address for remote logins. The size of
ut_host (16 chars) is too small and host names are often truncated. The
IP address is the only reliable way to identify the
From: [EMAIL PROTECTED] (Ian Jackson)
Responsibility for it has been taken by one of the developers, namely
Anders Chrigstrom [EMAIL PROTECTED].
You should be hearing from them with a substantive response shortly, if
you have not already done so. If not, please contact them directly,
OK,
) id EAA12128; Wed, 22 Nov 1995 04:18:22
-0800 (PST)
Old-Return-Path: [EMAIL PROTECTED]
Subject: Bug#1656: etc/ntp.drift should be somewhere in /var (FSSTND)
Reply-To: Marek Michalkiewicz [EMAIL PROTECTED],
[EMAIL PROTECTED]
Resent-From: Marek Michalkiewicz [EMAIL PROTECTED]
Resent-To: [EMAIL
Bruce Perens:
I was sort of hoping that compress would be replaced by gzip throughout
the world, and thus we would not have to deal with its hassles.
That would be the case if gzip was in the public domain, but it is under
the GPL which may be too restrictive for commercial UNIX vendors...
Andrew Howell:
Does anyone have any suggestions for this? Should I leave ntp.drift in
/etc or move it to /var/run or /var/lib/xntp?
... or /var/log/xntp - xntpd can generate some statistics logs if this
feature is enabled in the config file, so a separate directory might be
a good idea.
Marek
Package: base? gzip?
I can't find the compress program on the system. I know, gzip is better,
and can decompress *.Z files, but can't create *.Z files if I want to give
something compressed to someone who doesn't have gzip (many non-Linux
systems come with compress but not gzip).
Source can be
Package: xbase
Version: 3.1.2-4
The /etc/init.d/xdm (and xfs) scripts still source /etc/init.d/functions
- known problem, just yet another package to fix...
Marek
Package: at
Version: 2.8a-2
The at command sometimes has problems with date parsing which result
in a SEGV. For example:
$ at tomorrow
Segmentation fault
But if I try this as root, it works...
Marek
Package: xbase
Version: 3.1.2-4
The default tty permissions in xterm are still 622. They should be
changed to 620 or 600 (depending what should be the default: mesg y
or n), group tty.
Marek
I think we could use tar man page from Slackware. The only problem:
it has no copyright on it. Is this the reason for not including it
in Debian?
Marek
Bruce Perens:
I think there was a copyright problem with setterm that caused us to
remove it from the distribution a long time ago. If I recall correctly,
it didn't allow distribution for a fee, which is of course essential to
our CD-ROM redistributors.
Hmm, setterm is distributed on
Package: miscutils
I can't find the setterm program (distributed as part of util-linux)
anywhere in the distribution (the output from grep setterm Contents
is empty, and this program is not on my freshly installed, fairly
complete Debian system at home).
It is not currently part of any package,
36 matches
Mail list logo
