Preparation of Debian GNU/Linux 2.2r5

install apache_1.3.9-14_alpha.changes
install apache_1.3.9-14_arm.changes
install apache_1.3.9-14_i386.changes
install apache_1.3.9-14_m68k.changes
install apache_1.3.9-14_powerpc.changes
install apache_1.3.9-14_sparc.changes

* Non-maintainer upload on behalf of Simon Huggins <huggie@earth.li> * Applied patch from Martin Kraemer to fix mod_negotiation bug to prevent revealing of directory contents.

This looks like a half security update, right?

DSA 067-1

2002-01-02: It would be nice if somebody could tell me why I tagged this version 'broken'. I don't think it's because of a missing fix for Bug#73013, so I don't remember anymore. *sigh*

sync-install base-config_0.33.2_alpha.changes

Sync with other architectures

ChangeLog also says:

* Corrected stupid typo in templates file, Closes: #74785, #74815, #74828

* This problem makes it impossible to install the package, so it is important and must go in.

sync-install bb_1.2-9_sparc.changes

Package was missing from stable.

install bwbasic_2.20pl2-3.2_m68k.changes
install bwbasic_2.20pl2-3.2_sparc.changes
install bwbasic_2.20pl2-3.2_arm.changes
install bwbasic_2.20pl2-3.2_powerpc.changes
install bwbasic_2.20pl2-3.2_alpha.changes
install bwbasic_2.20pl2-3.2_i386.changes

* New maintainer.

* Recompile. Due to strange interactions with libc6, functions weren't interpreted, and the package was practically unusable. Closes: #108924.

install catsboot_0.2.2_arm.changes

Boot glue for ARM CATS systems

Required on some ARM systems

current stable boot-floppies Build-Depend on it.

install dtaus_0.6-0potato1_alpha.changes
install dtaus_0.6-0potato1_arm.changes
install dtaus_0.6-0potato1_i386.changes
install dtaus_0.6-0potato1_m68k.changes
install dtaus_0.6-0potato1_powerpc.changes
install dtaus_0.6-0potato1_sparc.changes

* Repackaged for potato because the version of dtaus in potato isn't able to create DTAUS files using the Euro currency which is the one and only official currency in Germany since yesterday. Hence, the version in potato is entirely useless since yesterday and has to be updated if people are using it for their money management.

install exim_3.12-10.2_alpha.changes
install exim_3.12-10.2_arm.changes
install exim_3.12-10.2_i386.changes
install exim_3.12-10.2_m68k.changes
install exim_3.12-10.2_powerpc.changes
install exim_3.12-10.2_sparc.changes

Security Update, DSA 097

install-u freewnn_1.1.0+1.1.1-a016-1.potato.1_i386.changes
install-u freewnn_1.1.0+1.1.1-a016-1.potato.1_m68k.changes
install freewnn_1.1.0+1.1.1-a016-1.potato.3_alpha.changes
install freewnn_1.1.0+1.1.1-a016-1.potato.3_i386.changes
install freewnn_1.1.0+1.1.1-a016-1.potato.3_m68k.changes
install freewnn_1.1.0+1.1.1-a016-1.potato.3_arm.changes
install freewnn_1.1.0+1.1.1-a016-1.potato.3_powerpc.changes
install freewnn_1.1.0+1.1.1-a016-1.potato.3_sparc.changes

* [security fix] backport from freewnn 1.1.0+1.1.1-a017-6.4 - adduser wnn, kwnn, cwnn for jserver,kserver,cserver respectively instead of running as root user - restrict upload/create path under jserver_dir

The 2nd upload is required to make the package installable *sigh* At least, it is proved to be tested now...

remove gpg-rsaidea
remore gpg-rsaref

GnuPG provides this functionality already, it replaces these packages just fine, they are not needed anymore. Even worse, they are not even installable anymore, since they depend on gnupg but gnupg conflicts with them.

install gpm_1.17.8-18.1_alpha.changes
install gpm_1.17.8-18.1_arm.changes
install gpm_1.17.8-18.1_i386.changes
install gpm_1.17.8-18.1_m68k.changes
install gpm_1.17.8-18.1_powerpc.changes
install gpm_1.17.8-18.1_sparc.changes

Security upload: DSA 095

install groff_1.15.2-3_i386.changes
install groff_1.15.2-3_sparc.changes
install groff_1.15.2-3_alpha.changes
install groff_1.15.2-3_powerpc.changes
install groff_1.15.2-3_m68k.changes
install groff_1.15.2-3_arm.changes

Changelog says:

* Use lpr as the print spooler, even if it happens not to be installed on the build system. Version 1.15.2-2 broke 'groff -l', which worked with previous versions of groff in stable (thanks, Mike Fontenot).

Since I can't even find a single bug report that says 'groff -l' is broken in stable, I guess it will only be used on accident. Hence, I don't think this justifies an update to stable.

I rethought my decision again. 2.2r3 had a working version, 2.2r4 unfortunately broke it. We should tryto fix that. Upgrading from r3 or older to the next current version should not break more things but fix them. *sigh*

install-u imp_2.2.6-0.potato.3_i386.changes
install imp_2.2.6-0.potato.4_i386.changes

DSA 073, though it mentioned imp 2.2.6-0.potato.1

The maintainer, Ola Lundqvist, commented:

"The potato.1 version (the real security fix) was broken. :(

I uploaded it too fast, without testing the postgres part. It also had some other minor issues because I forgot to apply one patch.

So if any new packages of horde and imp should go to a new revision only the latest version should go there (from proposed-updates)."

.4: SECURITY FIX, backport from 2.2.7, closes: #118986

install inn2_2.2.2.2000.01.31-5_i386.changes
install inn2_2.2.2.2000.01.31-5_m68k.changes
install inn2_2.2.2.2000.01.31-5_source.changes
install inn2_2.2.2.2000.01.31-5_sparc.changes
install inn2_2.2.2.2000.01.31-5_alpha.changes
install inn2_2.2.2.2000.01.31-5_arm.changes
install inn2_2.2.2.2000.01.31-5_powerpc.changes

Security Update, DSA 023

Bdale reports a serious problem with this upload, it broke some functionality. He's going to upload a fixed version, so this will have to wait for 2.2r5 (formerly 2.2r4) then. Fixed for 2.2.2.2000.01.31-5.

install kernel-image-2.2.19-netwinder_20011103_arm.changes
install-u kernel-patch-2.2.19-arm_20011103_i386.changes
install kernel-patch-2.2.19-arm_20011109_i386.changes
install-u kernel-image-2.2.19-riscpc_20011103_arm.changes
install kernel-image-2.2.19-riscpc_20011109_arm.changes
install kernel-image-2.2.19-riscpc_20011109_source.changes
remove kernel-image-2.2.13-netwinder
install kernel-image-sparc-2.2_9_sparc.changes

Rebuilt with current kernel that has security fixes incorporated, was supposed for 2.2r4 but uploaded too late.

ARM 20011109: Build against kernel-source 2.2.19.1-2 and latest ARM patch.

Sparc: BenC says that it actually fixes an oops on sun4u when mounting nfs partitions (Bug#98755).

install libgtop_1.0.6-1.1_multi.changes

DSA 098

* Non-maintainer upload by security team

* Fix buffer overflow in src/daemon/gnuserv.c:permitted() Patch from Flavio Veloso <flaviovs@magnux.com>

* Fix printf format attacks in src/daemon/gnuserv.c logging functions

install mac-fdisk_0.1-6.0potato1_m68k.changes

Get m68k and powerpc back in sync, package is required for installation of NewWorld powerpc machines.

install-u mailman_1.1-9_i386.changes
install mailman_1.1-10_i386.changes
install mailman_1.1-10_arm.changes
install mailman_1.1-10_powerpc.changes
install mailman_1.1-10_sparc.changes
install mailman_1.1-10_alpha.changes
install mailman_1.1-10_multi.changes

Security Fix. Related to DSA 094?

Changelog for 1.1-9:

* Cross site scripting (CSS) fixes, backported from Mailman 2.0.8.

* Support list names with spaces in them. Changelog for 1.1-10:

* Add missing paranthesis in Mailman/Cgi/edithtml.py, line 88

sync-install make_3.79.1-1.potato.1_alpha.changes

Get versions in sync

install modconf_0.2.26.14.1_i386.changes

Included patch for secure tempfile handling, see #117283 for details

install mutt_1.2.5-5_alpha.changes
install mutt_1.2.5-5_arm.changes
install mutt_1.2.5-5_i386.changes
install mutt_1.2.5-5_m68k.changes
install mutt_1.2.5-5_powerpc.changes
install mutt_1.2.5-5_sparc.changes

Security update: DSA 096

* Applied patch-1.2.5.tlr.terminate.1 to fix a remotely exploitable buffer overflow.

install nedit_5.1.1-3_alpha.changes
install nedit_5.1.1-3_arm.changes
install nedit_5.1.1-3_i386.changes
install nedit_5.1.1-3_m68k.changes
install nedit_5.1.1-3_powerpc.changes
install nedit_5.1.1-3_sparc.changes

nedit is now Free Software.

install netkit-telnet_0.16-4potato.3_i386.changes
install netkit-telnet_0.16-4potato.3_arm.changes
install netkit-telnet_0.16-4potato.3_powerpc.changes
install netkit-telnet_0.16-4potato.3_m68k.changes
install netkit-telnet_0.16-4potato.3_sparc.changes
install netkit-telnet_0.16-4potato.3_alpha.changes

Changelog says: * Fixed same overflow with minimal change.

DSA 070 mentioned version 0.16-4potato.2 [further]

install openssh_1.2.3-9.4_all.changes
install openssh_1.2.3-9.4_sparc.changes

Security Fix, DSA 091

install php4_4.0.3pl1-0potato2_i386.changes
install php4_4.0.3pl1-0potato2_m68k.changes
install php4_4.0.3pl1-0potato2_powerpc.changes
install php4_4.0.3pl1-0potato2_alpha.changes
install php4_4.0.3pl1-0potato2_sparc.changes

Security Update (DSA 020 mentions 4.0.3pl1-0potato1.1) [further]

Roland Bauerschmidt reports "php4-cgi broken". Look at #89431. /usr/lib/cgi-bin/php4 is a symlink to debian/php4-cgi/usr/bin/php4 which of course doesn't exist.

install postfix_0.0.19991231pl11-2_alpha.changes
install postfix_0.0.19991231pl11-2_arm.changes
install postfix_0.0.19991231pl11-2_i386.changes
install postfix_0.0.19991231pl11-2_m68k.changes
install postfix_0.0.19991231pl11-2_powerpc.changes
install postfix_0.0.19991231pl11-2_sparc.changes

* Fix 'smtpd command log memory exhaustion' problem.

* Fix dhelp dangling symlink problem. Closes: #91877, #97332.

* Rebuild on current potato. Closes: #102388, #99220.

Security Fix: DSA 093

install postgresql_6.5.3-27_i386.changes
install postgresql_6.5.3-27_m68k.changes
install postgresql_6.5.3-27_arm.changes
install postgresql_6.5.3-27_powerpc.changes
install postgresql_6.5.3-27_alpha.changes
install postgresql_6.5.3-27_sparc.changes

* postgresql: applied patch from Ben Pfaff <pfaffben@msu.edu> to cure problem with segfault in pg_dump. High urgency because pg_dump is essential for transferring data when upgrading postgresql. Closes: #101940

No security update but something that is anticipated to prevent data loss, I'm convinced.

sync-install skkinput_2.03-3.potato.1_alpha.changes

Get versions back in sync

install ssh-nonfree_1.2.27-6.2_i386.changes
install ssh-nonfree_1.2.27-6.2_alpha.changes
install ssh-nonfree_1.2.27-6.2_m68k.changes
install ssh-nonfree_1.2.27-6.2_powerpc.changes
install ssh-nonfree_1.2.27-6.2_sparc.changes
install ssh-nonfree_1.2.27-6.2_arm.changes

DSA 086

* Urgency high because this addresses a well-known vulnerability which is being exploited.

* Add security fixes from -7.

* Add build-depends.

* Remove client's setuid bit; people who need it can turn it back on, and everyone else will be safer.

sync-install tkseti_2.12-2_arm.changes
sync-install tkseti_2.12-2_powerpc.changes

Get versions back in sync.

install wu-ftpd_2.6.0-6_alpha.changes
install wu-ftpd_2.6.0-6_i386.changes
install wu-ftpd_2.6.0-6_m68k.changes
install wu-ftpd_2.6.0-6_powerpc.changes
install wu-ftpd_2.6.0-6_sparc.changes
install wu-ftpd_2.6.0-6_arm.changes

Security upload, DSA 087

install xtel_3.2.1-4.potato.1_i386.changes
install xtel_3.2.1-4.potato.1_m68k.changes
install xtel_3.2.1-4.potato.1_arm.changes
install xtel_3.2.1-4.potato.1_powerpc.changes
install xtel_3.2.1-4.potato.1_sparc.changes
install xtel_3.2.1-4.potato.1_alpha.changes

* New maintainer

* Security fixes: - symlink vulnerability in xteld (see #87787). - symlink vulnerability in xtel while printing harcopy of screen. - run xteld under control of tcpd to be able to restrict access to the service from network.

* Backport of annoying and easy to fix bugs from woody version of xtel: - Fixed segfaults (see #43566). - Fixed a little typo in the /etc/xtel/lignes file. - Fixed creation of the symlink to french doc directory (see #55131).

* Other annoying fixes: - bad X resource in Xtel[m].ad (missing '-o -' in a2ps printing command).

DSA 090

install xxgdb_1.12-9.4potato_i386.changes
install xxgdb_1.12-9.4potato_m68k.changes
install xxgdb_1.12-9.4potato_powerpc.changes
install xxgdb_1.12-9.4potato_arm.changes
install xxgdb_1.12-9.4potato_sparc.changes
install xxgdb_1.12-9.4potato_alpha.changes

* Applied a patch from Massimo Dal Zotto <dz@cs.unitn.it>. This is a workaround for a serious bug (#94892) in libXaw.

Seems this bug makes xxgdb useless in stable

install yabasic_2.53-2_m68k.changes
install yabasic_2.53-2_powerpc.changes
install yabasic_2.53-2_sparc.changes
install yabasic_2.53-2_arm.changes
install yabasic_2.53-2_alpha.changes
install yabasic_2.53-2_i386.changes

* New maintainer.

* yabasic.c: Fixed a /tmp race condition.

* Completed the FHS transition to allow building with a recent debhelper. Closes: #98875.

No DSA assigned, maintainer, please get in touch with the Security Team

install zip-crypt_2.30-1_alpha.changes

Sync with other architectures

sync-install zsh_3.1.9.dev6-7_alpha.changes

Get versions more in sync

delay-install dump_0.4b25-0.potato.1_i386.changes
delay-install dump_0.4b25-0.potato.1_m68k.changes
delay-install dump_0.4b25-0.potato.1_powerpc.changes

* back-port dump current version to potato at the request of Martin Schulze. The 0.4b22 upstream version included important fixes for data corruption that can occur with the version that was released with potato.

MISSING alpha
MISSING arm
MISSING sparc

delay-install glibc_2.1.3-20_multi.changes

Glob security patch. DSA missing

MISSING alpha
MISSING arm
MISSING m68k
MISSING powerpc

delay-install man2html_1.5-23.1_arm.changes
delay-install man2html_1.5-23.1_i386.changes
delay-install man2html_1.5-23.1_m68k.changes
delay-install man2html_1.5-23.1_powerpc.changes
delay-install man2html_1.5-23.1_sparc.changes

* Recompiled with correct CGIBASE to avoid bad links; closes: #104474. Grave bug, warrants inclusion into stable.

MISSING alpa

delay-install nfs-utils_0.1.9.1-1.potato1_sparc.changes
delay-install nfs-utils_0.1.9.1-1.potato1_m68k.changes
delay-install nfs-utils_0.1.9.1-1.potato1_i386.changes
delay-install nfs-utils_0.1.9.1-1.potato1_powerpc.changes

Support statd callbacks from later 2.2 kernels. (Bug#111990)

It seems that this upload fixes a disparity between late 2.2 kernels and the older nfs-utils package from stable in connection with statd/lockd.

MISSING alpha
MISSING arm

delay-sync-install xcin_2.5.2-1_alpha.changes
delay-sync-install xcin_2.5.2-1_powerpc.changes

Get versions back in sync

Beware: change the distribution to stable only.

MISSING arm

reject dvi2ps-fontdata_1.0-6_i386.changes

Misplaced upload to 'stable unstable'

reject icecast-server_1.3.10-1_i386.changes
reject icecast-server_1.3.10-1_m68k.changes
reject icecast-server_1.3.10-1_powerpc.changes
reject icecast-server_1.3.10-1_alpha.changes
reject icecast-server_1.3.10-1_arm.changes
reject icecast-server_1.3.10-1_sparc.changes
reject icecast-server_1.3.10-1.1_i386.changes

Alleged security update.

Changelog says:

* Several security exploits found to icecast. No simple way to patch

* old version, so upgrade to latest stable version from icecast.org

* If questions or assistance needed join #icecast on openprojects.net IRC

Do you have a documentation about said security exploits? That's still pending

Is it something different than this one?

"icecast" is a server used to distribute audio streams to compatible clients such as winamp, mpg123, xmms and many others. Matt Messier (mmessier@prilnari.com) and John Viega (viega@list.org) have identified several buffer overflow and format strings problems in Icecast that could be remotely exploited.

Our latest update to this software changes the package to use an unprivileged user ("icecast") for the daemon, so the impact of this vulnerability is not as high. Recent distributions (CL >= 5.1) have this package compiled with StackGuard to make it more difficult to exploit buffer overflows.

It's said to be.

Clarification appreciated.

To make it worse, there is now Version: 1.3.10-1.1

* Binary-only recompile by security team

* Rebuild with potato libc6

reject openldap_1.2.12-2_i386.changes
reject openldap_1.2.12-2_arm.changes
reject openldap_1.2.12-2_alpha.changes
reject openldap_1.2.12-2_m68k.changes
reject openldap_1.2.12-2_powerpc.changes
reject openldap_1.2.12-2_sparc.changes

Minor bugfix: * Include backport of billion second bug.

reject roxen_1.3.122-22_i386.changes

Misplaced upload:

Distribution: stable unstable

* Dropping the 'task-webserver-roxen2' package... * Updating config.{sub|guess} Closes: #111546

reject samba_2.0.7-4_alpha.changes
reject samba_2.0.7-4_arm.changes
reject samba_2.0.7-4_i386.changes
reject samba_2.0.7-4_powerpc.changes
reject samba_2.0.7-4_m68k.changes
reject samba_2.0.7-4_sparc.changes

ChangeLog says:

* Permanently fix problem with NMU's being built against incorrect kernel interfaces (closes: #94380, #95015, #102226)

* add uploaders: header to control file

This upload most probably fixes the problem with the old alpha version not being able to run properly due to a bad build environment. This problem may be solved by a general change... may be... Steve Langasek should speak up...

He said:

Samba upstream takes advantage of the best system facilities (libc/kernel) available at compile time. Because Debian releases usually include a baseline kernel and an 'experimental' kernel, Eloy and I have introduced packaging code in unstable that prevents Samba from detecting facilities that it should not be compiled against. The 2.0.7-4 upload backports these packaging mods to potato, both correcting the problems with past alpha security NMUs and safeguarding against the possibility of future problems with security NMUs in potato.

Rejecting on behalf of the maintainer, see Bug#127444:

Upgrading from samba 2.0.7-3.4 to 2.0.7-4 broke printing (from windows clients) on our misc server [..]