Preparation of Debian GNU/Linux 2.2r4

Up-to-date version on http://master.debian.org/~joey/2.2r4/

I'm currently preparing 2.2r4 and will send reports so people can actually comment on it. The plan is to get it out within the first week of November 2001. James Troup will have to give the final approval for each package. I, however, can and will try to make his work as easy as possible in the hope to get the next release out real soon now.

My requirements for packages to go into stable:

1. The package fixes a security problem. Quite helpful would be an advisory issued by the Security Team already.

2. The package fixes a critical bug which can lead into data loss, data corruption or an overly broken system.

3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts

4. The package gets all architectures in stable in sync.

5. All released architectures have to be in sync.

Packages that I will most probably reject:

. Package that fixes non-critical bugs

. Misplaced uploads, i.e. packages that were uploaded to 'stable unstable'

. Packages for which its binary packages are out of sync wrt. our different architectures.

Accepted packages

These packages should make it into stable.

2.2.25: Important ARM fixes

2.2.26: Important PowerPC fixes

Not sure if we should demand architectures to be in sync...

cfingerdupdates1.4.1-1.2alpha, arm, i386, m68k, powerpc, sparc

Security Update, DSA 049, DSA 066

cfsstable1.3.3-7powerpc, sparc
cfsstable1.3.3-8alpha, arm, i386, m68k
cfsupdates1.3.3-8powerpc, sparc

Get architectures in sync

This is non-US.

cronupdates3.0pl1-57.3alpha, arm, i386, m68k, powerpc, sparc

Security Update, DSA 054

cslatexupdates1.2.3all

Showstopper, ChangeLog:

* Grr, really fix the installation stop now (closes: #94346)

Note from the Editor: Petr, you are a moron...

Fixed cslatex stops installation (closes: #67214, #69224)

devscriptsupdates2.5.8.2all

Fix insecure regex's in debian.procmail example filter

comerr-devupdates2.0-1.18-3.0potato1alpha, arm, i386, m68k, powerpc, sparc
e2fslibs-devupdates1.18-3.0potato1alpha, arm, i386, m68k, powerpc, sparc
e2fsprogsupdates1.18-3.0potato1alpha, arm, i386, m68k, powerpc, sparc
ss-devupdates2.0-1.18-3.0potato1alpha, arm, i386, m68k, powerpc, sparc
uuid-devupdates1.2-1.18-3.0potato1alpha, arm, i386, m68k, powerpc, sparc

Fix for serial console installs.

eximonstable3.12-10alpha, arm, i386, m68k, powerpc, sparc
eximonupdates3.12-10.1alpha, arm, i386, m68k, powerpc, sparc
eximstable3.12-10alpha, arm, i386, m68k, powerpc, sparc
eximupdates3.12-10.1alpha, arm, i386, m68k, powerpc, sparc

Fixed format string vulnerability in accept.c.

DSA 058

exuberant-ctagsstable1:3.2.4-0.1alpha, arm, i386, m68k, powerpc, sparc
exuberant-ctagsupdates1:3.2.4-0.1.1sparc

Rebuilt for sparc, security update otherwise, DSA 046

fetchmailstable5.3.3-1.1alpha, arm, i386, m68k, powerpc, sparc
fetchmailupdates5.3.3-3alpha, arm, i386, m68k, powerpc, sparc

DSA 060, 071

gftpstable2.0.6a-3alpha, arm, i386, m68k, powerpc, sparc
gftpupdates2.0.6a-3.2alpha, arm, i386, m68k, powerpc, sparc

Security update, DSA 057

Security update, DSA 084

glibc-docstable2.1.3-18all
i18ndatastable2.1.3-18all
libc6-dbgstable2.1.3-18arm, i386, m68k, powerpc, sparc
libc6-devstable2.1.3-18arm, i386, m68k, powerpc, sparc
libc6-picstable2.1.3-18arm, i386, m68k, powerpc, sparc
libc6-profstable2.1.3-18arm, i386, m68k, powerpc, sparc
libc6stable2.1.3-18arm, i386, m68k, powerpc, sparc
localesstable2.1.3-18alpha, arm, i386, m68k, powerpc, sparc
nscdstable2.1.3-18alpha, arm, i386, m68k, powerpc, sparc
glibc-docupdates2.1.3-19all
i18ndataupdates2.1.3-19all
libc6-dbgupdates2.1.3-19arm, i386, m68k, powerpc, sparc
libc6-devupdates2.1.3-19arm, i386, m68k, powerpc, sparc
libc6-picupdates2.1.3-19arm, i386, m68k, powerpc, sparc
libc6-profupdates2.1.3-19arm, i386, m68k, powerpc, sparc
libc6updates2.1.3-19arm, i386, m68k, powerpc, sparc
localesupdates2.1.3-19alpha, arm, i386, m68k, powerpc, sparc
nscdupdates2.1.3-19alpha, arm, i386, m68k, powerpc, sparc
libc6.1-dbgstable2.1.3-18alpha
libc6.1-devstable2.1.3-18alpha
libc6.1-picstable2.1.3-18alpha
libc6.1-profstable2.1.3-18alpha
libc6.1stable2.1.3-18alpha
libc6.1updates2.1.3-19alpha
libc6.1-dbgupdates2.1.3-19alpha
libc6.1-devupdates2.1.3-19alpha
libc6.1-picupdates2.1.3-19alpha
libc6.1-profupdates2.1.3-19alpha

fts/chdir vulnerability fix.

No DSA assigned though

gnupgupdates1.0.6-0potato1alpha, arm, i386, m68k, powerpc, sparc

Security Update, DSA 061

groffstable1.15.2-1alpha, arm, i386, m68k, powerpc, sparc
groffupdates1.15.2-2alpha, arm, i386, m68k, powerpc, sparc

* Security upload by new maintainer, backported from unstable. * src/preproc/pic/pic.y: Fix format string vulnerability that could allow the -S flag to be disabled (closes: #107459). Patch adapted from one by Zenith Parsec <zen-parse@gmx.net>.

DSA 072

htdigstable3.1.5-2alpha, arm, i386, m68k, powerpc, sparc
htdigupdates3.1.5-2.0potato.1alpha, arm, i386, m68k, powerpc, sparc

DSA 080

hordestable2:1.2.3-0.potato.4all
hordeupdates2:1.2.6-0.potato.4all
impstable2:2.2.3-0.potato.4all
impupdates2:2.2.6-0.potato.3all

DSA 073, though it mentioned horde 1.2.6-0.potato.1 and imp 2.2.6-0.potato.1

The maintainer, Ola Lundqvist, commented:

"The potato.1 version (the real security fix) was broken. :(

I uploaded it too fast, without testing the postgres part. It also had some other minor issues because I forgot to apply one patch.

So if any new packages of horde and imp should go to a new revision only the latest version should go there (from proposed-updates)."

kernel-doc-2.2.19stable2.2.19-2all
kernel-doc-2.2.19updates2.2.19.1-1all
kernel-headers-2.2.19-compactstable2.2.19-2i386
kernel-headers-2.2.19-compactupdates2.2.19-4potato.4i386
kernel-headers-2.2.19-idepcistable2.2.19-2i386
kernel-headers-2.2.19-idepciupdates2.2.19-4potato.4i386
kernel-headers-2.2.19-idestable2.2.19-2i386
kernel-headers-2.2.19-ideupdates2.2.19-4potato.4i386
kernel-headers-2.2.19-sparcstable6all
kernel-headers-2.2.19-sparcupdates8all
kernel-headers-2.2.19stable2.2.19-1alpha
kernel-headers-2.2.19stable2.2.19-2i386, powerpc
kernel-headers-2.2.19updates2.2.19-1potato.2alpha
kernel-headers-2.2.19updates2.2.19-2m68k
kernel-headers-2.2.19updates2.2.19-2.0potato1powerpc
kernel-headers-2.2.19updates2.2.19-4potato.4i386
kernel-image-2.2.19-amigaupdates2.2.19-9m68k
kernel-image-2.2.19-atariupdates2.2.19-6m68k
kernel-image-2.2.19-bvme6000updates2.2.19-7m68k
kernel-image-2.2.19-compactstable2.2.19-2i386
kernel-image-2.2.19-compactupdates2.2.19-4potato.4i386
kernel-image-2.2.19-chrpstable2.2.19-2powerpc
kernel-image-2.2.19-chrpupdates2.2.19-2.0potato1powerpc
kernel-image-2.2.19-genericstable2.2.19-1alpha
kernel-image-2.2.19-genericupdates2.2.19-1potato.2alpha
kernel-image-2.2.19-idepcistable2.2.19-2i386
kernel-image-2.2.19-idepciupdates2.2.19-4potato.4i386
kernel-image-2.2.19-idestable2.2.19-2i386
kernel-image-2.2.19-ideupdates2.2.19-4potato.4i386
kernel-image-2.2.19-jensenstable2.2.19-1alpha
kernel-image-2.2.19-jensenupdates2.2.19-1potato.2alpha
kernel-image-2.2.19-macupdates2.2.19-7m68k
kernel-image-2.2.19-mvme147updates2.2.19-6m68k
kernel-image-2.2.19-mvme16xupdates2.2.19-7m68k
kernel-image-2.2.19-nautilusstable2.2.19-1alpha
kernel-image-2.2.19-nautilusupdates2.2.19-1potato.2alpha
kernel-image-2.2.19-netwinderupdates20010414arm
kernel-image-2.2.19-pmacstable2.2.19-2powerpc
kernel-image-2.2.19-pmacupdates2.2.19-2.0potato1powerpc
kernel-image-2.2.19-prepstable2.2.19-2powerpc
kernel-image-2.2.19-prepupdates2.2.19-2.0potato1powerpc
kernel-image-2.2.19-riscpcupdates20010414arm
kernel-image-2.2.19-smpstable2.2.19-1alpha
kernel-image-2.2.19-smpupdates2.2.19-1potato.2alpha
kernel-image-2.2.19-sun4cdmstable6sparc
kernel-image-2.2.19-sun4cdmupdates8sparc
kernel-image-2.2.19-sun4dm-pcistable6sparc
kernel-image-2.2.19-sun4dm-pciupdates8sparc
kernel-image-2.2.19-sun4dm-smpstable6sparc
kernel-image-2.2.19-sun4dm-smpupdates8sparc
kernel-image-2.2.19-sun4u-smpstable6sparc
kernel-image-2.2.19-sun4u-smpupdates8sparc
kernel-image-2.2.19-sun4ustable6sparc
kernel-image-2.2.19-sun4uupdates8sparc
kernel-image-2.2.19stable2.2.19-2i386
kernel-image-2.2.19updates2.2.19-4potato.4i386
kernel-patch-2.2.19-armupdates20010414all
kernel-patch-2.2.19-idestable20010325-1all
kernel-patch-2.2.19-ideupdates20010504-2all
kernel-patch-2.2.19-m68kupdates2.2.19-9all
kernel-patch-2.2.19-powerpcstable2.2.19-2all
kernel-patch-2.2.19-powerpcupdates2.2.19-2.0potato1all
kernel-source-2.2.19stable2.2.19-2all
kernel-source-2.2.19updates2.2.19.1-1all

(source) 2.2.19_2.2.19.1 - Current security patch

(i386) 2.2.19-4 - Corrected flavour

(arm) First version of 2.2.19, security patch missing

(m68k) First version of 2.2.19, security patch applied

(sparc) Update of 2.2.19, security patch missing

(alpha) Update of 2.2.19, security patch applied

(powerpc) First version of 2.2.19, security patch applied

kernel-doc-2.0.36stable2.0.36-3all
kernel-headers-2.0.36stable2.0.36-3i386
kernel-doc-2.2.10stable2.2.10-1all
kernel-headers-2.2.10stable2.2.10-1i386
kernel-headers-2.2.10stable19990716arm
kernel-doc-2.2.12stable2.2.12-4all
kernel-headers-2.2.12stable2.2.12-4i386
kernel-headers-2.2.12stable19991019arm
kernel-doc-2.2.13stable2.2.13-2all
kernel-headers-2.2.13stable2.2.13-2i386
kernel-doc-2.2.15stable1:2.2.15-3all
kernel-headers-2.2.15stable1:2.2.15-2alpha, i386
kernel-headers-2.2.15stable2.2.16pre4-1powerpc
kernel-doc-2.2.17stable2.2.17pre6-1all
kernel-headers-2.2.17stable2.2.17pre6-1i386
kernel-headers-2.2.17stable2.2.17pre11-2powerpc
kernel-doc-2.2.18pre21stable2.2.18pre21-1all
kernel-headers-2.2.18pre21stable2.2.18pre21-1alpha, i386
kernel-headers-2.2.18pre21stable2.2.18pre21-2powerpc
kernel-doc-2.2.18stable2.2.18-1all
kernel-doc-2.2.19pre17stable2.2.19pre17-1all
kernel-image-2.2.10-netwinderstable19990716arm
kernel-image-2.2.12-netwinderstable19991019arm
kernel-image-2.2.10-amigastable2.2.10-4m68k
kernel-image-2.2.10-ataristable2.2.10-4m68k
kernel-image-2.2.10-bvme6000stable2.2.10-8m68k
kernel-image-2.2.10-mvme147stable2.2.10-8m68k
kernel-image-2.2.10-mvme16xstable2.2.10-8m68k
kernel-image-2.2.15-genericstable1:2.2.15-2alpha
kernel-image-2.2.15-jensenstable1:2.2.15-2alpha
kernel-image-2.2.15-nautilusstable1:2.2.15-2alpha
kernel-image-2.2.15-smpstable1:2.2.15-2alpha
kernel-image-2.2.15-chrpstable2.2.16pre4-1powerpc
kernel-image-2.2.15-pmacstable2.2.16pre4-1powerpc
kernel-image-2.2.15-prepstable2.2.16pre4-1powerpc
kernel-image-2.2.17-compactstable2.2.17pre6-1i386
kernel-image-2.2.17-idepcistable2.2.17pre6-1i386
kernel-image-2.2.17-idestable2.2.17pre6-1i386
kernel-image-2.2.17stable2.2.17pre6-1i386
kernel-image-2.2.17-chrpstable2.2.17pre11-2powerpc
kernel-image-2.2.17-pmacstable2.2.17pre11-2powerpc
kernel-image-2.2.17-prepstable2.2.17pre11-2powerpc
kernel-image-2.2.18pre21-genericstable2.2.18pre21-1alpha
kernel-image-2.2.18pre21-jensenstable2.2.18pre21-1alpha
kernel-image-2.2.18pre21-nautilusstable2.2.18pre21-1alpha
kernel-image-2.2.18pre21-smpstable2.2.18pre21-1alpha
kernel-image-2.2.18pre21-chrpstable2.2.18pre21-2powerpc
kernel-image-2.2.18pre21-pmacstable2.2.18pre21-2powerpc
kernel-image-2.2.18pre21-prepstable2.2.18pre21-2powerpc
kernel-image-2.2.18pre21-compactstable2.2.18pre21-1i386
kernel-image-2.2.18pre21-idepcistable2.2.18pre21-2i386
kernel-image-2.2.18pre21-idestable2.2.18pre21-1i386
kernel-image-2.2.18pre21stable2.2.18pre21-1i386
kernel-image-2.2.17-sun4cdmstable2sparc
kernel-image-2.2.17-sun4dm-pcistable2sparc
kernel-image-2.2.17-sun4dm-smpstable2sparc
kernel-image-2.2.17-sun4u-smpstable2sparc
kernel-image-2.2.17-sun4ustable2sparc
kernel-image-2.2.18pre21-sun4cdmstable3sparc
kernel-image-2.2.18pre21-sun4dm-pcistable3sparc
kernel-image-2.2.18pre21-sun4dm-smpstable3sparc
kernel-image-2.2.18pre21-sun4u-smpstable3sparc
kernel-image-2.2.18pre21-sun4ustable3sparc
kernel-image-2.2.19pre17-chrpstable2.2.19pre17-1powerpc
kernel-image-2.2.19pre17-pmacstable2.2.19pre17-1powerpc
kernel-image-2.2.19pre17-prepstable2.2.19pre17-1powerpc
kernel-source-2.0.36stable2.0.36-3all
kernel-source-2.2.10stable2.2.10-1all
kernel-source-2.2.12stable2.2.12-4all
kernel-source-2.2.13stable2.2.13-2all
kernel-source-2.2.15stable1:2.2.15-3all
kernel-source-2.2.17stable2.2.17pre6-1all
kernel-source-2.2.18pre21stable2.2.18pre21-1all
kernel-source-2.2.18stable2.2.18-1all
kernel-source-2.2.19pre17stable2.2.19pre17-1all
kernel-patch-2.2.10-kdbstable0.5-2i386
kernel-patch-2.2.10-m68kstable2.2.10-12all
kernel-patch-2.2.10-pc9800stable2.2.10.0.002pre.19990627-2all
kernel-patch-2.2.12-netwinderstable19991019all
kernel-patch-2.2.15-idestable20000405-1all
kernel-patch-2.2.17-idestable20000625-1all
kernel-patch-2.2.18pre21-idestable20001118-1all
kernel-patch-2.2.19pre17-idestable20001221-1all
kernel-patch-2.2.15-powerpcstable20000422-2.2.16pre4-1all
kernel-patch-2.2.17-powerpcstable20000714-2.2.17pre11-2all
kernel-patch-2.2.18pre21-powerpcstable20001119-2.2.18pre21-2all
kernel-patch-2.2.19pre17-powerpcstable20010304-2.2.19pre17-1all

remove all packages from the above list

I plan to request removal for these kernel headers images, patches and source files from the stable distribution. Please drop me a line with a reason if you object.

2.0.36: There is still 2.0.38 which contains some security fixes.

2.2.10/i386: There will be 2.2.19-4 in 2.2r4

2.2.10/arm: There will be 2.2.13/19991215 left over

2.2.10/m68k: There will be 2.2.17/2.2.17-1 and 2.2.10/m68k/-mac left over. This needs to be discussed because a) 2.2.10 contained a -mac image which would be pulled out of the other 2.2.10 kernels and b) 2.2.17 doesn't contain that image anymore.

2.2.12/i386: There will be 2.2.19-4 in 2.2r4

2.2.12/arm: There will be 2.2.13/19991215 left over

2.2.13/i386: There will be 2.2.19-4 in 2.2r4

2.2.15/i386: There will be 2.2.19-4 in 2.2r4

2.2.15/powerpc: There will be 2.2.17 left over

2.2.15/sparc: There will be 2.2.19 left over

2.2.17/i386: There will be 2.2.19-4 in 2.2r4

2.2.17/powerpc: There will be 2.2.19 left over

2.2.17/sparc: There will be 2.2.19 left over

2.2.18pre21/i386: There will be 2.2.19-4 in 2.2r4

2.2.18pre21/alpha: There will be 2.2.19 left over

2.2.18pre21/powerpc: There will be 2.2.19 left over

2.2.18pre21/sparc: There will be 2.2.19 left over

2.2.19pre17/i386: There will be 2.2.19-4 in 2.2r4. These pkgs must not be removed since boot-floppies/i386 in potato are only buildable with these.

2.2.19pre17/powerpc: There will be 2.2.19 left over

libpapergstable1.0.3-13alpha, sparc
libpapergstable1.0.3-13.potato1arm, i386, m68k, powerpc
libpapergupdates1.0.3-13.potato1alpha, sparc
libpaperstable1.0.3-13sparc
libpaperstable1.0.3-13.potato1i386, m68k
libpaperupdates1.0.3-13.potato1sparc

Broken sync upload.

If there would be libpaper *and* libpaperg version 1.0.3-13.potato1 for sparc, I'd be convinced to accept the package.

I have prepared an upload for libpaper *and* libpaperg binary packages sitting on auric, waiting for a free path to proposed-updates.

Sparc missing

lyxstable1.1.4-3powerpc
lyxstable1.1.4-7alpha, i386, m68k
lyxupdates1.1.4-7powerpc

Get powerpc back in sync

mac-fdiskstable0.1-3m68k, powerpc
mac-fdiskupdates0.1-6.0potato1powerpc
pmac-fdiskstable0.1-3powerpc
pmac-fdiskupdates0.1-6.0potato1powerpc

* Feature added: menu option to create bootstrap partition needed for powerpc NewWorld machines with the proper type and size (patch supplied by Ethan Benson). This should help newbies that won't read the docs anyway. Closes: #99660.

* Bugfix: mac-fdisk used to get the disk size wrong when brute force probing for end-of-disk by seek&read. Turns out gcc did not cope with arithmetics on long long types without explicit cast. Closes: #99700.

I wonder why there was an m68k version of mac-fdisk.

mailcryptstable3.5.5-6all
mailcryptupdates3.5.5-6.2all

3.5.5-6.1: * Non-maintainer upload. * mc-gpg.el: one character fix to regex so it will parse output from GnuPG >= 1.0.5.

3.5.5-6.2: * Aknowledge James Troup non-maintainer upload. (Closes: #100930) * One character fix from James Troup to cope with GNU PG >= 1.0.5.

That's required, since GnuPG 1.0.6 will get into stable (DSA 061)

mailmanstable1.1-6alpha, arm, i386, m68k, powerpc, sparc
mailmanupdates1.1-8alpha, arm, i386, m68k, powerpc, sparc

* Fix possible (but rare) security problem if site password was blank * Fix maintainer field * Completely fix previous security flaw * Fix dedent in Mailman/SecurityManager.py (closes: #107768)

DSA missing, it seems

man-dbstable2.3.16-1.1arm, i386, m68k, powerpc, sparc
man-dbstable2.3.16-1.1.1alpha
man-dbupdates2.3.16-4alpha, arm, i386, m68k, powerpc, sparc

* Backport another security fix from unstable. * Count how many times privileges have been dropped, and don't regain them until regain_effective_privs() is called the same number of times. The lack of nesting meant it was still possible to create files owned by uid man (thanks, Luki R.; closes: #99624).

Security Update, DSA 056, DSA 059

moststable4.9.0-2alpha, arm, i386, m68k, powerpc, sparc
mostupdates4.9.0-2.1alpha, arm, i386, m68k, powerpc, sparc

DSA 076

communicatorupdates1:4.77-1i386
navigatorupdates1:4.77-1i386
netscape-base-4-libc5updates1:4.77-1i386
netscape-base-4updates1:4.77-1i386
netscapeupdates1:4.77-1i386
communicator-base-477updates4.77-2i386
communicator-nethelp-477updates4.77-2all
communicator-smotif-477updates4.77-2i386
communicator-spellchk-477updates4.77-2all
navigator-base-477updates4.77-2i386
navigator-nethelp-477updates4.77-2all
navigator-smotif-477updates4.77-2i386
netscape-base-477updates4.77-2i386
netscape-ja-resource-477updates4.77-2all
netscape-java-477updates4.77-2all
netscape-ko-resource-477updates4.77-2all
netscape-smotif-477updates4.77-2i386
netscape-zh-resource-477updates4.77-2all

Security Update, DSA 051

nvi-m17n-cannastable2:1.79+19991117-2.2alpha, arm, i386, m68k, powerpc, sparc
nvi-m17n-cannaupdates2:1.79+19991117-2.3alpha, arm, i386, powerpc, sparc
nvi-m17n-cannaupdates2:1.79+19991117-2.3.1m68k
nvi-m17n-commonstable2:1.79+19991117-2.2all
nvi-m17n-commonupdates2:1.79+19991117-2.3all
nvi-m17nstable2:1.79+19991117-2.2alpha, arm, i386, m68k, powerpc, sparc
nvi-m17nupdates2:1.79+19991117-2.3alpha, arm, i386, powerpc, sparc
nvi-m17nupdates2:1.79+19991117-2.3.1m68k
nvistable1.79-16aalpha, arm, i386, m68k, powerpc, sparc
nviupdates1.79-16a.1alpha, arm, i386, powerpc, sparc
nviupdates1.79-16a.1.1m68k

DSA 085

The m68k version is a binary-NMU since the build system was turned into unstable without notification.

ldap-rfcstable1:1.2.11-1all
ldap-rfcupdates1:1.2.12-1all
libopenldap-devstable1:1.2.11-1alpha, arm, i386, m68k, powerpc, sparc
libopenldap-devupdates1:1.2.12-1alpha, arm, i386, m68k, powerpc, sparc
libopenldap-runtimestable1:1.2.11-1all
libopenldap-runtimeupdates1:1.2.12-1all
libopenldap1stable1:1.2.11-1alpha, arm, i386, m68k, powerpc, sparc
libopenldap1updates1:1.2.12-1alpha, arm, i386, m68k, powerpc, sparc
openldap-gatewaysstable1:1.2.11-1alpha, arm, i386, m68k, powerpc, sparc
openldap-gatewaysupdates1:1.2.12-1alpha, arm, i386, m68k, powerpc, sparc
openldap-utilsstable1:1.2.11-1alpha, arm, i386, m68k, powerpc, sparc
openldap-utilsupdates1:1.2.12-1alpha, arm, i386, m68k, powerpc, sparc
openldapdstable1:1.2.11-1alpha, arm, i386, m68k, powerpc, sparc
openldapdupdates1:1.2.12-1alpha, arm, i386, m68k, powerpc, sparc

Upstream bug-fix release for security problems

DSA 068

pcmcia-modules-2.2.19-compactupdates3.1.22-0.2potatok4potato.4i386
pcmcia-modules-2.2.19-idepciupdates3.1.22-0.2potatok4potato.4i386
pcmcia-modules-2.2.19-ideupdates3.1.22-0.2potatok4potato.4i386
pcmcia-modules-2.2.19-pmacupdates3.1.22-0.2potatok2.0potato1powerpc
pcmcia-modules-2.2.19updates3.1.22-0.2potatok4potato.4i386

Update for kernel-source-2.2.19pre17. There are no packages compiled for 2.2.19.1 which would be required for them to work.

Now: When I let the new kernel slip in, there won't be working pcmcia-cs modules. I guess I'll have to move the entire kernel and modules crap on hold for 2.2r4 then.

Need further info, why aren't pcmcia-modules-2.2.19pre17-idepci and the like sufficient? Herbert has mail.

Herbert says: For i386, only kernel-image 2.2.19-4 should be kept. They correspond to the pcmcia modules listed above (3.1.22-0.2potatok4).

However, there is a kernel-image 2.2.19-4, but it has no security patch.

NOTE to self: For i386: Either reject all kernel + pcmcia crap so it has to be resorted for 2.2r5, or install kernel 2.2.19-4 + pcmcia 3.1.22-0.2potatok4 for ia32 and gods sake or wait for new pcmcia packages.

Current configuration: install kernel-with-security-patch, but reject all pcmcia crap

Herbert Xu: These pcmcia modules (3.1.22-0.2potatok4potato.4) correspond to kernel-image 2.2.19-4potato.4, which does have the security patch.

pipsecdstable1:19990511-14i386
pipsecdstable1:19990511-18alpha, m68k, powerpc, sparc
pipsecdupdates1:19990511-18i386

Get architectures back in sync

procmailstable3.13.1-3alpha
procmailstable3.13.1-4arm, i386, m68k, powerpc, sparc
procmailupdates3.15.2-1alpha, arm, i386, m68k, powerpc, sparc

Changelog for 3.15.2-1:

* New upstream release, with improved security and robustness involving signal handlers. Author recommends upgrading to this version on any system where it is installed setuid or setgid. * This release fixes also Bug #108417: procmail -p -m resets PATH.

Changelog for 3.20.1-1:

* New upstream release, with improved security and robustness involving signal handlers. Author recommends upgrading to version 3.20 on any system where it is installed setuid or setgid.

Changelog for 3.21.1-1:

* New upstream release, with improved security and robustness involving signal handlers. Author recommends upgrading to this version on any system where it is installed setuid or setgid. Note: In 3.20 the INCLUDERC directive was broken on some archs.

DSA 083

The rejected .changes files don't have binaries associated with it...

quikstable2.0e-0.1powerpc
quikupdates2.0e-0.5.0potato.1powerpc

Fixes several probles that occur after booting of a PowerMac box after basic potato installation.

100127: quik and quikconfig runs unconditionally during installation, defaulting to yes which causes a new quik bootblock to be installed when running non-interactively (during boot-floppy installation for instance). This bug is even niftier when combined with quik.conf not getting installed as a conffile, so being replaced automatically with a default, broken file.

93871: quik vs. glibc setjmp implementation issues.

93980: quik doesn't pass kernel args correctly causing a kernel oops after IDE setup.

libreadline2-altdevstable2.1-12sparc
libreadline2-altdevstable2.1-20m68k
libreadline2-altdevstable2.1-21i386
libreadline2-altdevupdates2.1-21m68k
libreadline2stable2.1-12sparc
libreadline2stable2.1-20m68k
libreadline2stable2.1-21i386
libreadline2updates2.1-21m68k
libreadlineg2stable2.1-17sparc
libreadlineg2stable2.1-19alpha, arm, powerpc
libreadlineg2stable2.1-20m68k
libreadlineg2stable2.1-21i386
libreadlineg2updates2.1-21alpha, arm, m68k, powerpc, sparc

Get architectures back in sync

rxvt-mlstable1:2.6.2-2alpha, arm, i386, m68k, powerpc, sparc
rxvt-mlupdates1:2.6.2-2.1alpha, arm, i386, m68k, powerpc, sparc
rxvtstable1:2.6.2-2alpha, arm, i386, m68k, powerpc, sparc
rxvtupdates1:2.6.2-2.1alpha, arm, i386, m68k, powerpc, sparc

DSA 062

samba-commonexperimental2.2.0.cvs20010416-1i386
samba-commonstable2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
samba-commontesting2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
samba-commonunstable2.0.7-5arm, m68k, mips
samba-commonunstable2.2.0.final-2alpha, hppa, i386, powerpc, sparc
samba-commonupdates2.0.7-3.3alpha, arm, i386, m68k, powerpc, sparc
samba-docexperimental2.2.0.cvs20010416-1all
samba-docstable2.0.7-3all
samba-doctesting2.0.7-3all
samba-docunstable2.2.0.final-2all
samba-docupdates2.0.7-3.3all
sambaexperimental2.2.0.cvs20010416-1i386
sambastable2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
sambatesting2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
sambaunstable2.0.7-5arm, m68k, mips
sambaunstable2.2.0.final-2alpha, hppa, i386, powerpc, sparc
sambaupdates2.0.7-3.3alpha, arm, i386, m68k, powerpc, sparc
smbclientexperimental2.2.0.cvs20010416-1i386
smbclientstable2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
smbclienttesting2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
smbclientunstable2.0.7-5arm, m68k, mips
smbclientunstable2.2.0.final-2alpha, hppa, i386, powerpc, sparc
smbclientupdates2.0.7-3.3alpha, arm, i386, m68k, powerpc, sparc
smbfsexperimental2.2.0.cvs20010416-1i386
smbfsstable2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
smbfstesting2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
smbfsunstable2.0.7-5arm, m68k, mips
smbfsunstable2.2.0.final-2alpha, hppa, i386, powerpc, sparc
smbfsupdates2.0.7-3.3alpha, arm, i386, m68k, powerpc, sparc
swatexperimental2.2.0.cvs20010416-1i386
swatstable2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
swattesting2.0.7-3alpha, arm, i386, m68k, powerpc, sparc
swatunstable2.0.7-5arm, m68k, mips
swatunstable2.2.0.final-2alpha, hppa, i386, powerpc, sparc
swatupdates2.0.7-3.3alpha, arm, i386, m68k, powerpc, sparc

Security Update, DSA 048, DSA 065

sendfileupdates2.1-20.3alpha, arm, i386, m68k, powerpc, sparc

Security Update, DSA 050, 052

slrnpullstable0.9.6.2-9potato1alpha, arm, i386, m68k, powerpc, sparc
slrnpullupdates0.9.6.2-9potato2alpha, arm, i386, m68k, powerpc, sparc
slrnstable0.9.6.2-9potato1alpha, arm, i386, m68k, powerpc, sparc
slrnupdates0.9.6.2-9potato2alpha, arm, i386, m68k, powerpc, sparc

DSA 078

squid-cgistable2.2.5-3.1alpha, arm, i386, m68k, powerpc, sparc
squid-cgiupdates2.2.5-3.2alpha, arm, i386, m68k, powerpc, sparc
squidclientstable2.2.5-3.1alpha, arm, i386, m68k, powerpc, sparc
squidclientupdates2.2.5-3.2alpha, arm, i386, m68k, powerpc, sparc
squidstable2.2.5-3.1alpha, arm, i386, m68k, powerpc, sparc
squidupdates2.2.5-3.2alpha, arm, i386, m68k, powerpc, sparc

* Fix DoS problem with invalid handling of mkdir-only PUT requests, squid bugzilla #233

DSA 077

ssltelnetupdates0.16.3-1.1alpha, arm, i386, m68k, powerpc
ssltelnetupdates0.16.3-1.2sparc
telnet-sslupdates0.16.3-1.1alpha, arm, i386, m68k, powerpc
telnet-sslupdates0.16.3-1.2sparc
telnetd-sslupdates0.16.3-1.1alpha, arm, i386, m68k, powerpc
telnetd-sslupdates0.16.3-1.2sparc

Security Update, DSA 075

unzip-cryptstable5.32-1m68k
unzip-cryptstable5.40-1.0alpha, arm, i386, powerpc, sparc
unzip-cryptupdates5.40-1.0m68k

Get architectures back in sync

uucpstable1.06.1-11alpha, arm, i386, m68k, powerpc, sparc
uucpupdates1.06.1-11potato1alpha, arm, i386, m68k, powerpc, sparc

* Fixed exploit that allowed to gain uid.guid uucp.uucp: Applied patch that blocks the long arg variants of -I -u -g in uuxqt (taken from Calderas security update; From: Jeff Johnson <jbj@redhat.com>) * Changed maintainer to weasel@debian.org

DSA 079

w3mstable0.1.10+0.1.11pre+kokb23-1alpha, arm, i386, sparc
w3mstable0.1.6-4powerpc
w3mupdates0.1.10+0.1.11pre+kokb23-4alpha, arm, i386, powerpc, sparc

* [SECURITY FIX] backport fix of mime header buffer overflow SNS Advisory No.32 w3m malformed MIME header Buffer Overflow Vulnerability http://www.lac.co.jp/security/snsadv/32.html (Japanese) * dont install w3m.el in emacs dir because it wont work well. closes: Bug#96385

It's an unknown security fix, but w3m security advisories tend to be in Japanese only, so we can't handle them properly anyway. However, even all architectures are in sync, wow.

This security advisory is already translated in English http://www.lac.co.jp/security/english/snsadv_e/32_e.html

FTP-Masters: Please remove the powerpc version somehow, it is compiled against unstable libraries and thus is not installable on potato.

DSA 081

w3m-sslstable0.1.10+0.1.11pre+kokb23-1alpha, arm, i386, sparc
w3m-sslupdates0.1.10+0.1.11pre+kokb23-4alpha, arm, i386, sparc

DSA 081

webalizerstable1.30.4-3alpha, arm, i386, m68k, powerpc, sparc
webalizerupdates1.30.4-3.1alpha, arm, i386, m68k, powerpc, sparc

* Patched with upstream v1.30-epoch patch. Webalizer stopped working on Oct 5th, 2001, which is fixed with this patch. Closes: #114828, #114832

A serious problem, rendering the program useless

webrtstable1.0.1-3arm, powerpc
webrtstable1.0.1-4alpha, i386, m68k, sparc
webrtupdates1.0.1-4arm, powerpc

* Security fix: /etc/rt/config.pm was world readable (closes: #62383)

Get architectures back in sync

libdockapp-devstable0.61.1-4alpha, arm, i386, m68k, powerpc
libdockapp-devstable0.61.1-4.0.1sparc
libdockapp-devupdates0.61.1-4.1alpha, arm, i386, m68k, powerpc, sparc
libwings-devstable0.61.1-4alpha, arm, i386, m68k, powerpc
libwings-devstable0.61.1-4.0.1sparc
libwings-devupdates0.61.1-4.1alpha, arm, i386, m68k, powerpc, sparc
libwmaker0-devstable0.61.1-4alpha, arm, i386, m68k, powerpc
libwmaker0-devstable0.61.1-4.0.1sparc
libwmaker0-devupdates0.61.1-4.1alpha, arm, i386, m68k, powerpc, sparc
libwraster1-devstable0.61.1-4alpha, arm, i386, m68k, powerpc
libwraster1-devstable0.61.1-4.0.1sparc
libwraster1-devupdates0.61.1-4.1alpha, arm, i386, m68k, powerpc, sparc
libwraster1stable0.61.1-4alpha, arm, i386, m68k, powerpc
libwraster1stable0.61.1-4.0.1sparc
libwraster1updates0.61.1-4.1alpha, arm, i386, m68k, powerpc, sparc
wmakerstable0.61.1-4alpha, arm, i386, m68k, powerpc
wmakerstable0.61.1-4.0.1sparc
wmakerupdates0.61.1-4.1alpha, arm, i386, m68k, powerpc, sparc

* Fix buffer overflow in titlebar handling

DSA 074

xcalstable4.1-8alpha, arm, i386, m68k, powerpc, sparc
xcalupdates4.1-9alpha, arm, i386, m68k, powerpc, sparc

aj: a calendar program getting days of a month wrong seems a decent thing to fix.

The alpha version is compiled against unstable, bummer.

xinetdstable1:2.1.8.8.p3-1alpha, arm, i386, m68k, powerpc, sparc
xinetdupdates1:2.1.8.8.p3-1.1alpha, arm, i386, m68k, powerpc, sparc

* Non-maintainer upload by security team * Fix buffer overflow in svc_logprint() * Set default umask to 022 in init_common()

DSA 063

xloadimagestable4.1-5alpha, arm, i386, m68k, powerpc, sparc
xloadimageupdates4.1-5potato1alpha, arm, i386, m68k, powerpc, sparc

* config.c, faces.c, imagetypes.c, options.c, packtar.c: fix unsafe str{cpy,cat} usage. Seen in http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=46186

DSA 069

xpvmstable1.2.5-5arm
xpvmstable1.2.5-6alpha, i386, m68k, powerpc, sparc
xpvmupdates1.2.5-6arm

Get architectures back in sync

xqfstable0.9.3-1alpha, arm, i386, m68k, sparc
xqfupdates0.9.3-1powerpc

Get architectures in sync

xvtstable2.1-11alpha, arm, i386, m68k, powerpc, sparc
xvtupdates2.1-13.0potato.1alpha, arm, i386, powerpc, sparc
xvtupdates2.1-13.0potato.1.1m68k

xvt (2.1-13) stable unstable; urgency=HIGH . * Fix a yada bug which prevented the package building in some situations. Closes:Bug#102744. . xvt (2.1-12) unstable; urgency=HIGH . * Fix a couple of buffer overflows which could result in a local root compromise. Thanks to Christophe Bailleux <cb@t-online.fr> for finding them.

DSA 082

The m68k version is a binary-NMU since the build system was turned into unstable without notification.

zopestable2.1.6-5alpha
zopestable2.1.6-5.2arm, i386, m68k, powerpc, sparc
zopeupdates2.1.6-10alpha, arm, i386, m68k, powerpc, sparc

Security upload, DSA 006, DSA 007, DSA 043

Zope 2.1.6-7 indeed had two problems with two of the Hotfixes included, so I prepared a new version 2.1.6-8 and uploaded that to Incoming (target 'stable'):

First, Hotfix_2000-10-02 broke some stuff in 2.1.6 (the README said that this Hotfox_2000-10-02 would apply to 2.2.x and later, which is obviously correct). Therefore 2000-10-02 was removed in 2.1.6-8. Obviously, the vulnerability fixed by this Hotfix was only introduced in Zope 2.2.0.

Then, Hotfix_2000-10-11 wouldn't work with 2.1.6 out of the box, but since 2.1.6 was affected by the vulnerability nonetheless, I had to apply a fix to the Hotfix. Included in 2.1.6-8 as well.

This time, 2.1.6-8 has been tested on a potato system to a moderate degree.

zope (2.1.6-10) stable; urgency=high

* Include Hotfix_2001-05-01 ("ZClass permission mappings"), which addresses an important issue with ZClasses in that any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.

Wow... finally even all architectures are in sync...

zsh-docstable3.1.9.dev6-7all
zshstable3.1.9.dev6-2alpha
zshstable3.1.9.dev6-7arm, i386, m68k, powerpc, sparc
zshupdates3.1.9.dev6-7.0.1arm

* Binary-only non-maintainer upload for arm; no source changes. * rebuild against current libc, which doesn't have LFS support.

Get architectures back in sync

Need further investigation

These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment. Another reason could be that released and updated architectures are not in sync yet.

apachestable1.3.9-13.2alpha, arm, i386, m68k, powerpc, sparc
apachetesting1.3.19-1alpha, arm, i386, m68k, powerpc, sparc
apacheunstable1.3.19-1hurd-i386
apacheunstable1.3.20-1.1alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sh, sparc
apacheupdates1.3.9-14alpha, arm, i386, m68k, powerpc, sparc

* Non-maintainer upload on behalf of Simon Huggins <huggie@earth.li> * Applied patch from Martin Kraemer to fix mod_negotiation bug to prevent revealing of directory contents.

This looks like a half security update, right?

DSA 067-1 is a broken security upload and requires an update. [further]

bwbasicstable2.20pl2-3alpha, i386, m68k, powerpc
bwbasicstable2.20pl2-3.1sparc
bwbasicupdates2.20pl2-3.2arm, m68k, powerpc, sparc

* New maintainer. * Recompile. Due to strange interactions with libc6, functions weren't interpreted, and the package was practically unusable. Closes: #108924.

Architectures missing: alpha and i386

freewnn-commonstable1.1.0+1.1.1-a016-1all
freewnn-commonupdates1.1.0+1.1.1-a016-1.potato.3all
freewnn-cserver-devstable1.1.0+1.1.1-a016-1alpha, arm, i386, m68k, powerpc, sparc
freewnn-cserver-devupdates1.1.0+1.1.1-a016-1.potato.3arm, i386, m68k, powerpc, sparc
freewnn-cserverstable1.1.0+1.1.1-a016-1alpha, arm, i386, m68k, powerpc, sparc
freewnn-cserverupdates1.1.0+1.1.1-a016-1.potato.3arm, i386, m68k, powerpc, sparc
freewnn-jserver-devstable1.1.0+1.1.1-a016-1alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserver-devupdates1.1.0+1.1.1-a016-1.potato.3arm, i386, m68k, powerpc, sparc
freewnn-jserverstable1.1.0+1.1.1-a016-1alpha, arm, i386, m68k, powerpc, sparc
freewnn-jserverupdates1.1.0+1.1.1-a016-1.potato.3arm, i386, m68k, powerpc, sparc
freewnn-kserver-devstable1.1.0+1.1.1-a016-1alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserver-devupdates1.1.0+1.1.1-a016-1.potato.3arm, i386, m68k, powerpc, sparc
freewnn-kserverstable1.1.0+1.1.1-a016-1alpha, arm, i386, m68k, powerpc, sparc
freewnn-kserverupdates1.1.0+1.1.1-a016-1.potato.3arm, i386, m68k, powerpc, sparc

* [security fix] backport from freewnn 1.1.0+1.1.1-a017-6.4 - adduser wnn, kwnn, cwnn for jserver,kserver,cserver respectively instead of running as root user - restrict upload/create path under jserver_dir

The 2nd upload is required to make the package installable *sigh* At least, it is proved to be tested now...

However: alpha is missing

icecast-clientstable1.0.0-1alpha, arm, i386, m68k, powerpc, sparc
icecast-serverstable1.0.0-1alpha, arm, i386, m68k, powerpc, sparc
icecast-serverupdates1.3.10-1i386, m68k, powerpc

Alleged security update.

Changelog says:

* Several security exploits found to icecast. No simple way to patch

* old version, so upgrade to latest stable version from icecast.org

* If questions or assistance needed join #icecast on openprojects.net IRC

Do you have a documentation about said security exploits? That's still pending

Is it something different than this one?

"icecast" is a server used to distribute audio streams to compatible clients such as winamp, mpg123, xmms and many others. Matt Messier (mmessier@prilnari.com) and John Viega (viega@list.org) have identified several buffer overflow and format strings problems in Icecast that could be remotely exploited. Our latest update to this software changes the package to use an unprivileged user ("icecast") for the daemon, so the impact of this vulnerability is not as high. Recent distributions (CL >= 5.1) have this package compiled with StackGuard to make it more difficult to exploit buffer overflows.

It's said to be.

Clarification appreciated.

inn2-devupdates2.2.2.2000.01.31-4.1arm
inn2-devupdates2.2.2.2000.01.31-5alpha, i386, m68k, sparc
inn2-inewsupdates2.2.2.2000.01.31-4.1arm
inn2-inewsupdates2.2.2.2000.01.31-5alpha, i386, m68k, sparc
inn2updates2.2.2.2000.01.31-4.1arm
inn2updates2.2.2.2000.01.31-5alpha, i386, m68k, sparc
task-news-serverupdates2.2.2.2000.01.31-5all

Security Update, DSA 023 [further]

Bdale reports a serious problem with this upload, it broke some functionality. He's going to upload a fixed version, so this will have to wait for 2.2r4 then. Fixed for 2.2.2.2000.01.31-5.

arm and powerpc missing

man2htmlstable1.5-23alpha, arm, i386, m68k, powerpc, sparc
man2htmlupdates1.5-23.1i386, m68k, powerpc

* Recompiled with correct CGIBASE to avoid bad links; closes: #104474. Grave bug, warrants inclusion into stable.

3/6 architectures missing

neditupdates1:5.1.1-3alpha, arm, i386, m68k, powerpc

nedit is now Free Software.

sparc missing

telnetdstable0.16-4alpha
telnetdstable0.16-4potato.1arm, i386, m68k, powerpc, sparc
telnetdupdates0.16-4potato.3arm, i386, powerpc
telnetstable0.16-4alpha
telnetstable0.16-4potato.1arm, i386, m68k, powerpc, sparc
telnetupdates0.16-4potato.3arm, i386, powerpc

Changelog says: * Fixed same overflow with minimal change.

3/6 architectures are still missing

DSA 070 mentioned version 0.16-4potato.2 [further]

php4-cgi-gdupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgi-gdupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-cgi-imapupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgi-imapupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-cgi-ldapupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgi-ldapupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-cgi-mhashupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgi-mhashupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-cgi-mysqlupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgi-mysqlupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-cgi-pgsqlupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgi-pgsqlupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-cgi-snmpupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgi-snmpupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-cgi-xmlupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgi-xmlupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-cgiupdates4.0.3pl1-0potato1.1alpha, sparc
php4-cgiupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-devupdates4.0.3pl1-0potato2all
php4-gdupdates4.0.3pl1-0potato1.1alpha, sparc
php4-gdupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-imapupdates4.0.3pl1-0potato1.1alpha, sparc
php4-imapupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-ldapupdates4.0.3pl1-0potato1.1alpha, sparc
php4-ldapupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-mhashupdates4.0.3pl1-0potato1.1alpha, sparc
php4-mhashupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-mysqlupdates4.0.3pl1-0potato1.1alpha, sparc
php4-mysqlupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-pgsqlupdates4.0.3pl1-0potato1.1alpha, sparc
php4-pgsqlupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-snmpupdates4.0.3pl1-0potato1.1alpha, sparc
php4-snmpupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4-xmlupdates4.0.3pl1-0potato1.1alpha, sparc
php4-xmlupdates4.0.3pl1-0potato2i386, m68k, powerpc
php4updates4.0.3pl1-0potato1.1alpha, sparc
php4updates4.0.3pl1-0potato2i386, m68k, powerpc

Security Update (DSA 020 mentions 4.0.3pl1-0potato1.1) [further]

Roland Bauerschmidt reports "php4-cgi broken". Look at #89431. /usr/lib/cgi-bin/php4 is a symlink to debian/php4-cgi/usr/bin/php4 which of course doesn't exist.

Rebuild for 4.0.3pl1-0potato2 issued. Missing: alpha, sparc

Updated packages should be uploaded soon.

ecpgstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
ecpgupdates6.5.3-27arm, i386, m68k, powerpc
libpgperlstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
libpgperlupdates6.5.3-27arm, i386, m68k, powerpc
libpgsql2stable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
libpgsql2updates6.5.3-27arm, i386, m68k, powerpc
libpgtclstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
libpgtclupdates6.5.3-27arm, i386, m68k, powerpc
odbc-postgresqlstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
odbc-postgresqlupdates6.5.3-27arm, i386, m68k, powerpc
pgaccessstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
pgaccessupdates6.5.3-27arm, i386, m68k, powerpc
postgresql-clientstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
postgresql-clientupdates6.5.3-27arm, i386, m68k, powerpc
postgresql-contribstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
postgresql-contribupdates6.5.3-27arm, i386, m68k, powerpc
postgresql-devstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
postgresql-devupdates6.5.3-27arm, i386, m68k, powerpc
postgresql-docstable6.5.3-26all
postgresql-docupdates6.5.3-27all
postgresql-plstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
postgresql-plupdates6.5.3-27arm, i386, m68k, powerpc
postgresql-teststable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
postgresql-testupdates6.5.3-27arm, i386, m68k, powerpc
postgresqlstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
postgresqlupdates6.5.3-27arm, i386, m68k, powerpc
python-pygresqlstable6.5.3-26alpha, arm, i386, m68k, powerpc, sparc
python-pygresqlupdates6.5.3-27arm, i386, m68k, powerpc

* postgresql: applied patch from Ben Pfaff <pfaffben@msu.edu> to cure problem with segfault in pg_dump. High urgency because pg_dump is essential for transferring data when upgrading postgresql. Closes: #101940

No security update but something that is anticipated to prevent data loss, I'm convinced.

But anyway, some architectures are missing: alpha, sparc

samba-commonupdates2.0.7-3.2alpha, arm, i386, m68k, powerpc, sparc
samba-docupdates2.0.7-3.2all
sambaupdates2.0.7-3.2alpha, arm, i386, m68k, powerpc, sparc
smbclientupdates2.0.7-3.2alpha, arm, i386, m68k, powerpc, sparc
smbfsupdates2.0.7-3.2alpha, arm, i386, m68k, powerpc, sparc
swatupdates2.0.7-3.2alpha, arm, i386, m68k, powerpc, sparc

Security update, DSA 048 [further]

Broken on sparc and alpha, needs a new upload

tksetistable2.10-1arm
tksetistable2.12-1powerpc
tksetistable2.12-2alpha, i386, sparc
tksetiupdates2.12-2arm

Get versions back in sync.

PowerPC missing

unzip-cryptstable5.32-1m68k
unzip-cryptstable5.40-1.0alpha, i386, powerpc, sparc
unzip-cryptupdates5.40-1.0arm

Get architectures in sync.

m68k missing

This is non-US.

xtelstable3.2.1-4alpha, arm, i386, m68k, powerpc, sparc
xtelupdates3.2.1-4.potato.1arm, i386, m68k, powerpc

* New maintainer * Security fixes: - symlink vulnerability in xteld (see #87787). - symlink vulnerability in xtel while printing harcopy of screen. - run xteld under control of tcpd to be able to restrict access to the service from network. * Backport of annoying and easy to fix bugs from woody version of xtel: - Fixed segfaults (see #43566). - Fixed a little typo in the /etc/xtel/lignes file. - Fixed creation of the symlink to french doc directory (see #55131). * Other annoying fixes: - bad X resource in Xtel[m].ad (missing '-o -' in a2ps printing command).

No DSA, Architectures missing: alpha, powerpc and sparc

xxgdbstable1.12-9.3alpha, arm, i386, m68k, powerpc, sparc
xxgdbtesting1.12-10alpha, arm, i386, m68k, powerpc, sparc
xxgdbunstable1.12-10alpha, arm, hppa, i386, ia64, m68k, powerpc, sparc
xxgdbupdates1.12-9.4potatoi386, m68k, powerpc

* Applied a patch from Massimo Dal Zotto <dz@cs.unitn.it>. This is a workaround for a serious bug (#94892) in libXaw.

Seems this bug makes xxgdb useless in stable

alpha, arm and sparc missing

yabasicstable2.42-1arm
yabasicstable2.53-1alpha, i386, m68k, powerpc, sparc
yabasicupdates2.53-2arm, m68k, powerpc, sparc

* New maintainer. * yabasic.c: Fixed a /tmp race condition. * Completed the FHS transition to allow building with a recent debhelper. Closes: #98875.

Architectures missing: alpha, i386

No DSA assigned, maintainer, please get in touch with the Security Team

Rejected packages

Packages that don't meet the requirements

afbackup-clientstable3.1beta1-1.1alpha, arm, i386, m68k, powerpc, sparc
afbackupstable3.1beta1-1.1alpha, arm, i386, m68k, powerpc, sparc

New upstream version

Files lost, only .changes are left over, huh?

barcodestable0.94-1alpha, arm, i386, m68k, powerpc, sparc
barcodetesting0.95.1-4alpha, hppa, i386, ia64, m68k, powerpc, sparc
barcodeunstable0.95.1-4alpha, hppa, hurd-i386, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc
barcodeupdates0.95.1-4sparc

Misplaced upload

catsboottesting0.2arm
catsbootunstable0.2.1arm
catsbootupdates0.2.1arm

No reason to go into stable. ChangeLog:

* No code change, just bump the version for upload to stable.

Maintainer: Philip Blundell <pb@debian.org>

everybuddystable0.0.7-3alpha, arm, i386, m68k, powerpc, sparc

* Potato build for stable upload * Last version in stable was 0.0.7 ... significant performance, security, and stability fixes. Also, this one actually works.

Only i386 uploaded

The files are lost anyway...

freetype-toolsstable1.3.1-1alpha, arm, i386, m68k, powerpc, sparc
freetype-toolsupdates1.4-0potato2alpha
freetype2-devstable1.3.1-1alpha, arm, i386, m68k, powerpc, sparc
freetype2-devupdates1.4-0potato2alpha
freetype2stable1.3.1-1alpha, arm, i386, m68k, powerpc, sparc
freetype2updates1.4-0potato2alpha

* The configure options for kpathsea support in ttf2pk has been changed upstream, and 1.4-0potato1 was inadvertently built without kpathsea support. Thanks to Philipp Lehman for the bug report! :-) Closes: Bug#83403.

* Oops, I didn't know that debhelper (>= 2.1.0) and libtools (>= 1.3.4-1) aren't in potato yet. Fixed Build-Depends line. Thanks to fellow Debian developer Dan Jacobowitz for letting me know.

There is no version 1.4-0potato1 in potato, so there doesn't need to be an update. Apart from that, where are the other architectures? However, the most interesting question to day is; where is the source?

g2stable0.40-1alpha, arm, i386, m68k, powerpc, sparc
g2testing0.40-1alpha, arm, i386, m68k, powerpc, sparc
g2updates0.40-2alpha

Distribution: stable

* New maintainer.

* Updated description - g2 site moved since last release.

* Added dependency on libgd-gif1. Closes: Bug#61124

Apparently somebody forgot the whole idea about stable and unstable as well as source and binary packages. Well...

hzttytesting2.0-3powerpc
hzttytesting2.0-5alpha, arm, i386, m68k, sparc
hzttyunstable2.0-3powerpc
hzttyunstable2.0-5alpha, arm, hppa, i386, ia64, m68k, sparc
hzttyupdates2.0-3potato4alpha

Well... we should probably keep silence about this package...

ftpdstable0.11-8potato.1alpha, arm, i386, m68k, powerpc, sparc
ftpdupdates0.11-8potato.2i386, m68k

* Register sessions with PAM. * Use pam_limits by default. * Documented the procedure to counter globbing attacks.

Doesn't sound like a requirement for inclusion in stable to me.

modconfstable0.2.26.14all
modconftesting0.2.37all
modconfunstable0.2.37all
modconfupdates0.2.37all

Misplaced upload(s), to "stable unstable"

The diff between the stable and 0.2.37 is 6k lines, that's a NOGO.

realplayerupdates8.0.1.potato.3i386

realplayer (8.0.1.potato.1) stable; urgency=medium

* The about-bloody-time release, heh, sigh.. * New version (again) (Closes: #98751, #95272) * Made some changes, should help with borkedness (Closes: #95768) * added realplayer icon (Closes: #96318) * I have a feeling 89658 may still pop-up. * There's nothing I can do about this, upstream's fault and they don't seem to care *shrug* (Closes: #86837) Nothing gained from keeping it in BTS. * Probably still see more of these bugs popup again.. but _I_ can't duplicate them now.. of course they're pretty much all related to the legal nature of this stupid non-free software. realplayer (8.0.1.potato.2) stable; urgency=low

* .. And they go and release a new RPM on me, heh heh... * Added german templates for the hell of it. realplayer (8.0.1.potato.3) stable; urgency=medium

* Basically the same as the version in unstable, except dependency on xlib6g/xlibs difference. * fixed version in debian/config, * General cleanup in postinst/config/etc. * s/isdefault true/seen false/ * Silenced cpio, no 'nnnn blocks' output. * Working stable version (Closes: #95272)

Why am I not convinced? And no, there is no version in stable.

sashstable3.4-6alpha, arm, i386, m68k, powerpc, sparc
sashupdates3.4-8i386, m68k, sparc

* incorporated workaround for dpkg breakage on /usr/doc -> /usr/share/doc (fixes #91634) * adopted adrian bunk's suggestions for build-depends (fixes #94329) * this version being new, will be newer than that in potato (fixes #97561) * no Section: problem was apparently caused by build tools -- a test build shows that 3.4-7 has Section: shells (fixes #84494) * not fixed: no debconf support yet. I'm still considering legacy issues. * not fixed: support for -- as end of options indicator. Meaningless, as sash takes no non-options arguments (it's not designed for scripts).

Not convinced this should go into stable. Besides, packages for alpha, arm and powerpc are missing.

screenstable3.9.5-9alpha, arm, i386, m68k, powerpc, sparc
screenupdates3.9.8-1m68k

New upstream version --> misplaced upload

tamastable1.0-5alpha, arm, i386, m68k, powerpc, sparc
tamaupdates1.0-5.1arm, i386, m68k, powerpc, sparc

Changelog says: * Applied patch to status.c, which fixes a segmentation fault when the tamagotchi was older than 99 hours or so.

C'mon people, get serious!

Apart from that alpha missing

trueprintstable5.1-1alpha, arm, i386, m68k, powerpc, sparc
trueprintupdates5.1-8alpha

Another piece from the forget-this-please department.

xemacs21-basesupportstable1999.12.15-1all
xemacs21-basesupportupdates1999.12.15-1.2all

* Non-maintainer release to fix previous upload. * Another hack in debian/rules to force the .elc files I had to remove to be rebuilt (Closes: #86990). This should really be done in a Better Way, but this package does not seem to provide support for compiling elc files. * Removed psgml-other.* from MANIFEST.psgml.

libhz-devupdates0.3.9-1potato1.2alpha, m68k, powerpc
libhz0updates0.3.9-1potato1.2alpha, m68k, powerpc
zh-autoconvertupdates0.3.9-1potato1.2alpha, m68k, powerpc

Broken or misplaced upload. No source, no arm, i386 and sparc.

Disclaimer

This list intends to help the ftp-masters releasing 2.2r4. They have the final power to accept a package or not. If you want to comment on this list, please send a mail to Martin Schulze <joey@debian.org>.
Last updated 2001/11/03 23:22