Preparation of Debian GNU/Linux 2.2r5 =====================================
Up-to-date version on http://master.debian.org/~joey/2.2r5/ I am preparing 2.2r5 and will send reports so people can actually comment on it. The plan is to get this revision of Debian GNU/Linux 2.2 (codename `potato') it out within the first week of January 2002. James Troup will have to give the final approval for each package. However, I will try to make his work as easy as possible in the hope to get the next revision out properly. Thanks for your attention. My requirements for packages to go into stable: 1. The package fixes a security problem. An advisory by our own Security Team would be quite helpful. 2. The package fixes a critical bug which can lead into data loss, data corruption or an overly broken system. 3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts 4. The package gets all architectures in stable in sync. 5. All released architectures have to be in sync. Packages which I will most probably reject: . Package which fix non-critical bugs . Misplaced uploads, i.e. packages that were uploaded to 'stable unstable' or `frozen unstable' . Packages for which its binary packages are out of sync wrt. our different architectures. . Binary packages for which the source got lost somehow Accepted packages ----------------- These packages should be installed into stable and be part of the next revision. bb stable 1.2-9 i386, powerpc bb stable 1.2-9.0.1 alpha bb updates 1.2-9 sparc Package was missing from stable. catsboot updates 0.2.2 arm Boot glue for ARM CATS systems Required on some ARM systems current stable boot-floppies Build-Depend on it. freewnn-common stable 1.1.0+1.1.1-a016-1 all freewnn-common updates 1.1.0+1.1.1-a016-1.potato.3 all freewnn-cserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-cserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-cserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-cserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-jserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-jserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-jserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-jserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-kserver-dev stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-kserver-dev updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc freewnn-kserver stable 1.1.0+1.1.1-a016-1 alpha, arm, i386, m68k, powerpc, sparc freewnn-kserver updates 1.1.0+1.1.1-a016-1.potato.3 alpha, arm, i386, m68k, powerpc, sparc * [security fix] backport from freewnn 1.1.0+1.1.1-a017-6.4 - adduser wnn, kwnn, cwnn for jserver,kserver,cserver respectively instead of running as root user - restrict upload/create path under jserver_dir The 2nd upload is required to make the package installable *sigh* At least, it is proved to be tested now... imp stable 2:2.2.3-0.potato.4 all imp updates 2:2.2.6-0.potato.3 all DSA 073, though it mentioned imp 2.2.6-0.potato.1 The maintainer, Ola Lundqvist, commented: "The potato.1 version (the real security fix) was broken. :( I uploaded it too fast, without testing the postgres part. It also had some other minor issues because I forgot to apply one patch. So if any new packages of horde and imp should go to a new revision only the latest version should go there (from proposed-updates)." .4: SECURITY FIX, backport from 2.2.7, closes: #118986 kernel-image-2.2.19-netwinder stable 20010414 arm kernel-image-2.2.19-netwinder updates 20011103 arm kernel-image-2.2.19-riscpc stable 20010414 arm kernel-image-2.2.19-riscpc updates 20011109 arm kernel-patch-2.2.19-arm stable 20010414 all kernel-patch-2.2.19-arm updates 20011109 all Rebuilt with current kernel that has security fixes incorporated, was supposed for 2.2r4 but uploaded too late. ARM 20011109: Build against kernel-source 2.2.19.1-2 and latest ARM patch. ssh-askpass-gnome stable 1:1.2.3-9.3 alpha, arm, i386, m68k, powerpc, sparc ssh-askpass-gnome updates 1:1.2.3-9.4 alpha, arm, i386, m68k, powerpc, sparc ssh-askpass-ptk stable 1:1.2.3-9.3 all ssh-askpass-ptk updates 1:1.2.3-9.4 all ssh stable 1:1.2.3-9.3 alpha, arm, i386, m68k, powerpc, sparc ssh updates 1:1.2.3-9.4 alpha, arm, i386, m68k, powerpc, sparc Security Fix, DSA 091 postfix stable 0.0.19991231pl11-1 alpha, arm, i386, m68k, powerpc, sparc postfix updates 0.0.19991231pl11-2 alpha, arm, i386, m68k, powerpc, sparc * Fix 'smtpd command log memory exhaustion' problem. * Fix dhelp dangling symlink problem. Closes: #91877, #97332. * Rebuild on current potato. Closes: #102388, #99220. Security Fix: DSA 093 xtel stable 3.2.1-4 alpha, arm, i386, m68k, powerpc, sparc xtel updates 3.2.1-4.potato.1 alpha, arm, i386, m68k, powerpc, sparc * New maintainer * Security fixes: - symlink vulnerability in xteld (see #87787). - symlink vulnerability in xtel while printing harcopy of screen. - run xteld under control of tcpd to be able to restrict access to the service from network. * Backport of annoying and easy to fix bugs from woody version of xtel: - Fixed segfaults (see #43566). - Fixed a little typo in the /etc/xtel/lignes file. - Fixed creation of the symlink to french doc directory (see #55131). * Other annoying fixes: - bad X resource in Xtel[m].ad (missing '-o -' in a2ps printing command). DSA 090 Further investigation --------------------- These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment. Another reason could be that released and updated architectures are not in sync yet. apache stable 1.3.9-13.2 alpha, arm, i386, m68k, powerpc, sparc apache testing 1.3.19-1 alpha, arm, i386, m68k, powerpc, sparc apache unstable 1.3.19-1 hurd-i386 apache unstable 1.3.20-1.1 alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sh, sparc apache updates 1.3.9-14 alpha, arm, i386, m68k, powerpc, sparc * Non-maintainer upload on behalf of Simon Huggins <[EMAIL PROTECTED]> * Applied patch from Martin Kraemer to fix mod_negotiation bug to prevent revealing of directory contents. This looks like a half security update, right? DSA 067-1 is a broken security upload and requires an update. [further] bwbasic stable 2.20pl2-3 alpha, i386, m68k, powerpc bwbasic stable 2.20pl2-3.1 sparc bwbasic updates 2.20pl2-3.2 arm, m68k, powerpc, sparc * New maintainer. * Recompile. Due to strange interactions with libc6, functions weren't interpreted, and the package was practically unusable. Closes: #108924. MISSING alpha MISSING i386 icecast-server stable 1.0.0-1 alpha, arm, i386, m68k, powerpc, sparc icecast-server updates 1.3.10-1 alpha, arm, m68k, powerpc, sparc icecast-server updates 1.3.10-1.1 i386 Alleged security update. Changelog says: * Several security exploits found to icecast. No simple way to patch * old version, so upgrade to latest stable version from icecast.org * If questions or assistance needed join #icecast on openprojects.net IRC Do you have a documentation about said security exploits? That's still pending Is it something different than this one? "icecast" is a server used to distribute audio streams to compatible clients such as winamp, mpg123, xmms and many others. Matt Messier ([EMAIL PROTECTED]) and John Viega ([EMAIL PROTECTED]) have identified several buffer overflow and format strings problems in Icecast that could be remotely exploited. Our latest update to this software changes the package to use an unprivileged user ("icecast") for the daemon, so the impact of this vulnerability is not as high. Recent distributions (CL >= 5.1) have this package compiled with StackGuard to make it more difficult to exploit buffer overflows. It's said to be. Clarification appreciated. To make it worse, there is now Version: 1.3.10-1.1 * Binary-only recompile by security team * Rebuild with potato libc6 inn2-dev updates 2.2.2.2000.01.31-4.1 arm inn2-dev updates 2.2.2.2000.01.31-5 alpha, i386, m68k, sparc inn2-inews updates 2.2.2.2000.01.31-4.1 arm inn2-inews updates 2.2.2.2000.01.31-5 alpha, i386, m68k, sparc inn2 updates 2.2.2.2000.01.31-4.1 arm inn2 updates 2.2.2.2000.01.31-5 alpha, i386, m68k, sparc task-news-server updates 2.2.2.2000.01.31-5 all Security Update, DSA 023 [further] Bdale reports a serious problem with this upload, it broke some functionality. He's going to upload a fixed version, so this will have to wait for 2.2r5 (formerly 2.2r4) then. Fixed for 2.2.2.2000.01.31-5. MISSING arm MISSING powerpc mailman stable 1.1-8 alpha, arm, i386, m68k, powerpc, sparc mailman updates 1.1-10 i386 Security Fix? Related to DSA 094? Changelog for 1.1-9: * Cross site scripting (CSS) fixes, backported from Mailman 2.0.8. * Support list names with spaces in them. Changelog for 1.1-10: * Add missing paranthesis in Mailman/Cgi/edithtml.py, line 88 MISSING alpha MISSING arm MISSING m68k MISSING powerpc MISSING sparc man2html stable 1.5-23 alpha, arm, i386, m68k, powerpc, sparc man2html updates 1.5-23.1 i386, m68k, powerpc * Recompiled with correct CGIBASE to avoid bad links; closes: #104474. Grave bug, warrants inclusion into stable. MISSING alpa MISSING arm MISSING sparc nedit updates 1:5.1.1-3 alpha, arm, i386, m68k, powerpc nedit is now Free Software. MISSING sparc telnetd stable 0.16-4 alpha telnetd stable 0.16-4potato.1 arm, i386, m68k, powerpc, sparc telnetd updates 0.16-4potato.3 arm, i386, powerpc telnet stable 0.16-4 alpha telnet stable 0.16-4potato.1 arm, i386, m68k, powerpc, sparc telnet updates 0.16-4potato.3 arm, i386, powerpc Changelog says: * Fixed same overflow with minimal change. DSA 070 mentioned version 0.16-4potato.2 [further] MISSING alpha MISSING m68k MISSING sparc ldap-rfc stable 1:1.2.12-1 all ldap-rfc updates 1:1.2.12-2 all libopenldap-dev stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc libopenldap-dev updates 1:1.2.12-2 i386 libopenldap-runtime stable 1:1.2.12-1 all libopenldap-runtime updates 1:1.2.12-2 all libopenldap1 stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc libopenldap1 updates 1:1.2.12-2 i386 openldap-gateways stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc openldap-gateways updates 1:1.2.12-2 i386 openldap-utils stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc openldap-utils updates 1:1.2.12-2 i386 openldapd stable 1:1.2.12-1 alpha, arm, i386, m68k, powerpc, sparc openldapd updates 1:1.2.12-2 i386 Minor bugfix: * Include backport of billion second bug. MISSING alpha MISSING arm MISSING m68k MISSING powerpc MISSING sparc php4-cgi-gd updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi-gd updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-cgi-imap updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi-imap updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-cgi-ldap updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi-ldap updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-cgi-mhash updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi-mhash updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-cgi-mysql updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi-mysql updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-cgi-pgsql updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi-pgsql updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-cgi-snmp updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi-snmp updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-cgi-xml updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi-xml updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-cgi updates 4.0.3pl1-0potato1.1 alpha, sparc php4-cgi updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-dev updates 4.0.3pl1-0potato2 all php4-gd updates 4.0.3pl1-0potato1.1 alpha, sparc php4-gd updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-imap updates 4.0.3pl1-0potato1.1 alpha, sparc php4-imap updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-ldap updates 4.0.3pl1-0potato1.1 alpha, sparc php4-ldap updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-mhash updates 4.0.3pl1-0potato1.1 alpha, sparc php4-mhash updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-mysql updates 4.0.3pl1-0potato1.1 alpha, sparc php4-mysql updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-pgsql updates 4.0.3pl1-0potato1.1 alpha, sparc php4-pgsql updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-snmp updates 4.0.3pl1-0potato1.1 alpha, sparc php4-snmp updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4-xml updates 4.0.3pl1-0potato1.1 alpha, sparc php4-xml updates 4.0.3pl1-0potato2 i386, m68k, powerpc php4 updates 4.0.3pl1-0potato1.1 alpha, sparc php4 updates 4.0.3pl1-0potato2 i386, m68k, powerpc Security Update (DSA 020 mentions 4.0.3pl1-0potato1.1) [further] Roland Bauerschmidt reports "php4-cgi broken". Look at #89431. /usr/lib/cgi-bin/php4 is a symlink to debian/php4-cgi/usr/bin/php4 which of course doesn't exist. MISSING alpha MISSING sparc ecpg stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc ecpg updates 6.5.3-27 arm, i386, m68k, powerpc libpgperl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc libpgperl updates 6.5.3-27 arm, i386, m68k, powerpc libpgsql2 stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc libpgsql2 updates 6.5.3-27 arm, i386, m68k, powerpc libpgtcl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc libpgtcl updates 6.5.3-27 arm, i386, m68k, powerpc odbc-postgresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc odbc-postgresql updates 6.5.3-27 arm, i386, m68k, powerpc pgaccess stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc pgaccess updates 6.5.3-27 arm, i386, m68k, powerpc postgresql-client stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-client updates 6.5.3-27 arm, i386, m68k, powerpc postgresql-contrib stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-contrib updates 6.5.3-27 arm, i386, m68k, powerpc postgresql-dev stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-dev updates 6.5.3-27 arm, i386, m68k, powerpc postgresql-doc stable 6.5.3-26 all postgresql-doc updates 6.5.3-27 all postgresql-pl stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-pl updates 6.5.3-27 arm, i386, m68k, powerpc postgresql-test stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql-test updates 6.5.3-27 arm, i386, m68k, powerpc postgresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc postgresql updates 6.5.3-27 arm, i386, m68k, powerpc python-pygresql stable 6.5.3-26 alpha, arm, i386, m68k, powerpc, sparc python-pygresql updates 6.5.3-27 arm, i386, m68k, powerpc * postgresql: applied patch from Ben Pfaff <[EMAIL PROTECTED]> to cure problem with segfault in pg_dump. High urgency because pg_dump is essential for transferring data when upgrading postgresql. Closes: #101940 No security update but something that is anticipated to prevent data loss, I'm convinced. MISSING alpha MISSING sparc ssh-askpass-nonfree stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc ssh-askpass-nonfree updates 1.2.27-6.2 alpha, i386, m68k, powerpc, sparc ssh-nonfree stable 1.2.27-3 m68k ssh-nonfree stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc ssh-nonfree updates 1.2.27-6.2 alpha, i386, m68k, powerpc, sparc ssh-socks stable 1.2.27-3 m68k ssh-socks stable 1.2.27-6.1 alpha, arm, i386, powerpc, sparc ssh-socks updates 1.2.27-6.2 alpha, i386, m68k, powerpc, sparc * Urgency high because this addresses a well-known vulnerability which is being exploited. * Add security fixes from -7. * Add build-depends. * Remove client's setuid bit; people who need it can turn it back on, and everyone else will be safer. MISSING arm tkseti stable 2.10-1 arm tkseti stable 2.12-1 powerpc tkseti stable 2.12-2 alpha, i386, sparc tkseti updates 2.12-2 arm Get versions back in sync. MISSING powerpc wu-ftpd-academ stable 2.6.0-5.3 all wu-ftpd-academ updates 2.6.0-6 all wu-ftpd stable 2.6.0-5.3 alpha, arm, i386, m68k, powerpc, sparc wu-ftpd updates 2.6.0-6 alpha, i386, m68k, powerpc, sparc Security upload, DSA 087 MISSING arm xxgdb stable 1.12-9.3 alpha, arm, i386, m68k, powerpc, sparc xxgdb updates 1.12-9.4potato i386, m68k, powerpc * Applied a patch from Massimo Dal Zotto <[EMAIL PROTECTED]>. This is a workaround for a serious bug (#94892) in libXaw. Seems this bug makes xxgdb useless in stable MISSING alpha MISSING arm MISSING sparc yabasic stable 2.42-1 arm yabasic stable 2.53-1 alpha, i386, m68k, powerpc, sparc yabasic updates 2.53-2 arm, m68k, powerpc, sparc * New maintainer. * yabasic.c: Fixed a /tmp race condition. * Completed the FHS transition to allow building with a recent debhelper. Closes: #98875. No DSA assigned, maintainer, please get in touch with the Security Team MISSING alpha MISSING i386 Rejected packages ----------------- These packages don't meet the requirements. dvi2ps-fontdata-a2n stable 1.0-5 all dvi2ps-fontdata-a2n updates 1.0-6 all dvi2ps-fontdata-bsr stable 1.0-5 all dvi2ps-fontdata-bsr updates 1.0-6 all dvi2ps-fontdata-ja stable 1.0-5 all dvi2ps-fontdata-ja updates 1.0-6 all dvi2ps-fontdata-n2a stable 1.0-5 all dvi2ps-fontdata-n2a updates 1.0-6 all dvi2ps-fontdata-ptexfake stable 1.0-5 all dvi2ps-fontdata-ptexfake updates 1.0-6 all dvi2ps-fontdata-rrs stable 1.0-5 all dvi2ps-fontdata-rrs updates 1.0-6 all dvi2ps-fontdata-rsp stable 1.0-5 all dvi2ps-fontdata-rsp updates 1.0-6 all dvi2ps-fontdata-tbank stable 1.0-5 all dvi2ps-fontdata-tbank updates 1.0-6 all dvi2ps-fontdata-three stable 1.0-5 all dvi2ps-fontdata-three updates 1.0-6 all Misplaced upload to 'stable unstable' groff stable 1.15.2-2 alpha, arm, i386, m68k, powerpc, sparc groff updates 1.15.2-3 i386 Changelog says: * Use lpr as the print spooler, even if it happens not to be installed on the build system. Version 1.15.2-2 broke 'groff -l', which worked with previous versions of groff in stable (thanks, Mike Fontenot). Since I can't even find a single bug report that says 'groff -l' is broken in stable, I guess it will only be used on accident. Hence, I don't think this justifies an update to stable. MISSING alpha MISSING arm MISSING m68k MISSING powerpc MISSING sparc roxen-doc stable 1.3.122-13 all roxen-doc updates 1.3.122-22 all roxen-ssl stable 1.3.122-13 all roxen-ssl updates 1.3.122-22 all roxen stable 1.3.122-11 arm roxen stable 1.3.122-13 alpha, i386, m68k, sparc roxen updates 1.3.122-22 i386 Misplaced upload: Distribution: stable unstable * Dropping the 'task-webserver-roxen2' package... * Updating config.{sub|guess} Closes: #111546 Disclaimer ---------- This list intends to help the ftp-masters releasing 2.2r5. They have the final power to accept a package or not. If you want to comment on this list, please send a mail to Martin Schulze <[EMAIL PROTECTED]>. -- All language designers are arrogant. Goes with the territory... -- Larry Wall Please always Cc to me when replying to me on the lists.
pgpB3BP4gliZ0.pgp
Description: PGP signature
