![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 26 Aug 1999 15:12:31 +0200
From: Martin Schulze <joey@finlandia.Infodrom.North.DE>
To: Debian Development <debian-devel@lists.debian.org>
Subject: Re: RfD: Preparing Debian 2.1r3
--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Hi folks,
as you should have noticed, I'm preparing a new subrelease of Slink
alias Debian 2.1. It will be called Debian 2.1r3. Only
security-related or very important updates will make it into another
stable release. The proposed-updates directory contains about 150MB
of packages. Not all of them were accepted for the next stable
release.
I've asked for your comments before, this is the result that is likely
to be included in 2.1r3. If you want to comment on it, be quick. If
you want to convince me, use good arguments.
0. Changelog
------------
. Move tkdesk to remaining, doesn't compile on alpha+sparc
. Move makedev to rejected, no important changes only, many changes though
. Move libdb to remaining, why should it go into stable?
. Move selfhtml to reject, package broken
. Move egcs to remaining
. Move libc6 to accept
. Move lsof to accepted
. Move lprng to accepted
. Move dpkg to accepted
. Move kernel-source-2.2.5 to remaining
. Alphabetically sorted, at least tried that
1. Packages selected for stable
-------------------------------
Security fixes:
package: cfingerd
version: 1.3.2-18.1
architectures: source, alpha, i386, m68k, sparc
update type: security
backported securityfix
package: epic4
version: pre2.003-0slink2
architectures: source, i386, m68k, alpha, sparc
update type: security
potential DoS in the ANSI parser
package: epic4-help
version: pre2.003-0slink1
architectures: source, all
update type: semi-security
documentation for epic fix
package: imap
version: 4.5-0slink3
architectures: source, alpha, m68k, sparc, i386
update type: security
fixed security-fix for remote exploit
package: isdnutils
version: 1:3.0-12slink13
architectures: source, alpha, i386, sparc
update type: security
xmonisdn called scripts were insecurely
package: lpr
version: 1:0.33-3
architectures: m68k
update type: security
security-fix (switch to different lpr fork with a better codebase)
m68k had the wrong version
package: mailman
version: 1.0rc2-5
architectures: source, alpha, i386, m68k, sparc
update type: security
fixed version of security-fix (remote exploit iirc)
package: man-db
version: 2.3.10-69FIX.1
architectures: source, i386, m68k, alpha, sparc
update type: security
open temporary files safely
package: procmail
version: 3.13.1-1
architectures: source, alpha, i386, m68k, sparc
update type: security
various nasty security fixes
package: rsync
versin: 2.3.1-0.slink.1
architectures: source, i386, m68k
update type: security
fix security problem with updates in some conditions
package: smtp-refuser
version: 1.0.1
architectures: source, i386, alpha, m68k, sparc
update type: security
fix logging which allowed deleting arbitraty files
package: termcap-compat
version: 1.1.1.1.0slink1
architectures: source, alpha, i386, m68k, sparc
update type: security
fixes buffer overflow
package: man2html
version: 1.5-18.1
architectures: source, i386, m68k, alpha, sparc
update type: security
Fixes /tmp race
package: trn
version: 3.6-9.3.1
architectures: source, i386, m68k, alpha, sparc
update type: security
Fixes /tmp race
package: lsof
version: 4.37-4
architectures: i386, m68k
update type: semi-security
a fix for a previous security update, binary package for
default kernel 2.0.36. Slink has lsof-2.0.35_4.37-3 and
lsof-2.0.36_4.37-4 is in proposed updates, should be an
addition.
package: lprng
version: 3.5.2-2
architectures: source, m68k, sparc, i386, alpha
update type: security
don't allow connections from unprivilidged by default
Broken packages fixes:
package: apt
version: 0.3.11
architectures: source, i386, m68k, alpha, sparc
update type: upgrade/install updates
fixes a bunch of bugs, probably very useful for people doing upgrades.
Check with Jason on how to fix the apt-removes-bash-bug first though
package: boot-floppies
version: 2.1.9.1
architectures: m68k (others aren't changed)
update type: fixed install
update various bugs in the m68k install
package: dpkg
version: 1.4.0.35
Disabled included gettext and used the one from libc.
package: exim
version: 2.05-2
architectures: source, i386, m68k, alpha, sparc
update type: grave bug
fix two major bugs in slink version, one of which caused mail lossage
packge: jadetex
version: 2.2-1
architectures: source, all
update type: important bugfix
slink version was quite broken..
package: lam
version: 6.1-9
architectures: source, i386, m68k, sparc, alpha
update type: important bugfix
slink version was quite useless..
package: libc6
version: 2.0.7.19981211-6.1
architectures: m68k (only m68k updates)
update type: bugfix
update m68k support, fixes hwclock amongs other things, use
2.0.36 headers, to bring it into line with the other
architectures in slink.
package: open
version: 1.4-10.1
architectures: source, i386, m68k, alpha, sparc
update type: important bugfix
undo previous changes which broke open in slink
package: remembrance-agent
version: 1.41-6
architectures: source, i386, m68k, alpha, sparc
update type: copyright
move to non-free (needs ftpmaster intervention for the overridefile)
package: sendmail
version: 8.9.3-3
architectures: source, alpha, i386, m68k, sparc
update type: important bugfix
allow .forward to work on group-writeable homedirs by default. otherwise
no user could use .forward files since homedirs are made groupwriteable
2. Packages removed from proposed-updates
-----------------------------------------
These packages are rejected for stable and will also be removed from
the proposed-updates directory.
package: ascdc
version: 0.3-5.1
minor bugfix, doesn't fit update criteria
package: auto-pgp
version: 1.04-2
minor bugfix, doesn't fit update criteria
package: bsdgames-nonfree
version: 2.5-2
minor bugfix, doesn't fit update criteria
package: dhcpcd
version: 1:0.70-5
minor bugfix (tokenring support fixed), doesn't fit update criteria
package: dmalloc
version: 3.3.1-3
minor bugfix (small manpage update), doesn't fit update criteria
package: fidogate
version: 4.2.8-4
bugfixes meant for unstable
package: frotz
version: 2.32r2-12
recompile only to remove the versioned libc dependency, which
doesn't hurt
us anyway
package: ftape
version: 4.03pre2.1999.04.25-1
major update over slink, don't think it meets the update criteria
package: fvwm2
version: 2.0.46-BETA-3.1
some alpha update, but I'm not convinced we need to include it. We
should probably check with some alpha people for this one
package: gdb
version: 4.17-4.m68k.objc.threads.hwwp.fpu.gnat.3.1
some sparc update, but I'm not convinced we need to include it. We
should probably check with some sparc people for this one
package: gettyps
version: 2.0.7j-7
fixes a normal bug, ie doesn't fit update criteria
package: infocom
version: 4.01pl2-7
should have only been uploaded to unstable, doesn't fix anything
important
package: inform
version: 6.14-4
should have only been uploaded to unstable, doesn't fix anything
package: kdrill
version: 4.0-1
new package, should have been uploaded only to unstable
package: kernel-image-2.0.36-amiga
version: 2.0.36-2
only fixes broken driver, is available in potato as well
package: libpcap
version: 0.4a6-2.1
update for a non-released architecture only
package: linuxlogo
version: various
minor updates only
package: makedev
version: 2.3.1-23
architectures: source, all
update type: important bugfix
fix some stupid and really nasty bugs, especially for sparc
package: mingetty
version: 0.9.4-3.2
update for a non-released architecture only
package: nana
version: 2.3-1
new upstream version, no bugfixes
package: selfhtml
version: 7.0-2
architectures: source, all
update type: security
Fixes patent problem
WARNING: Contains a bug, doesn't run on Slink.
Question: How does one make an upload of it for stable that uses a
version between 7.0-2 and 7.0-2?
package: yorick
version: 1.4-12
changelog doesn't say enough to warrant inclusion imho
3. Packages remain in proposed-updates
------------------------------------
package: kernel-source-2.2.5
version: 2.2.5-2
bugfixes, according to netgod: "To replace kernel-source-2.2.1,
which has a number of serious issues. And even 2.2.5 dates back
to April and has a known DoS exploit now."
package: egcs
version: 1.1.2-0slink2
architectures: i386, m68k
update type nonbeta release
final 1.1.2 release, small update from beta version in slink
package: tkdesk
version: 1.1-2
architectures: source, i386, m68k
update type: security
fix symlink attack, doesn't compile out of the box on alpha+sparc
package: libdb
version: 1.85.4-4
architectures: alpha
update type: security
don't build broken snprintf, which ignores the bounds check, making p=
rograms
which just *happen* to use libdb vulnerable...
Regards,
Joey
Debian Security Team
--=20
The only stupid question is the unasked one.
Please always Cc to me when replying to me on the lists.
--DocE+STaALJfprDB
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBN8U9PRRNm5Suj3z1AQGnqQP+PUxFo4W4T2TTT9MuCTmPHX1KbXIT5gI2
Qy+z8tYqp+mv/uW7SFQC0UVQFJ2l1MCLi+hhaJUqV2R++5sfdIfEMKsPjDXyTdax
3FWmIpLlIgxtiAF+hnUTBinS4RXkt9OrSRrLE3cmvX/P2mNKjKMzRBXsSy5skCCJ
M+ieE3PCpGY=
=f/dE
-----END PGP SIGNATURE-----
--DocE+STaALJfprDB--
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org