Preparation of Debian GNU/Linux 2.2r7

An up-to-date version is at

I am preparing another revision of the stable Debian distribution (r7) and will infrequently send reports so people can actually comment on it and intervene whenever this is required.

The plan is to get this revision of Debian GNU/Linux 2.2 (codename `potato') out at the beginning of July this year (2002). James Troup still has to give the final approval for each package since he is the ftpmaster involved with stable revisions. However, I will try to make his work as easy as possible in the hope to get the next revision out properly. Thanks for your attention.

This may also be the last version of the 2.2 series, depending on how well the woody release is making progress. There is, however, still a possibility another update (r8, to be scheduled at the beginning of August) has to be released before Debian 3.0.

My requirements for packages to go into stable:

1. The package fixes a security problem. An advisory by our own Security Team would be quite helpful. I really should make this a requirement for security uploads.

2. The package fixes a critical bug which can lead into data loss, data corruption, or an overly broken system, or the package is broken or not usable (anymore).

3. The stable version of the package is not installable at all due to broken or unmet dependencies or broken installation scripts.

4. All released architectures have to be in sync.

Packages, which I will most probably reject:

. Package which fix non-critical bugs.

. Misplaced uploads, i.e. packages that were uploaded to 'stable unstable' or `frozen unstable'.

. Packages for which its binary packages are out of sync with regard to all supported architectures in the stable distribution.

. Binary packages for which the source got lost somehow.

Accepted packages

These packages should be installed into stable and be part of the next revision.

analogstable2:5.22-0potato3alpha, arm, i386, m68k, powerpc, sparc, source
analogupdates2:5.22-0potato4alpha, arm, i386, m68k, powerpc, sparc, source

install analog_5.22-0potato4_alpha.changes
install analog_5.22-0potato4_arm.changes
install analog_5.22-0potato4_m68k.changes
install analog_5.22-0potato4_powerpc.changes
install analog_5.22-0potato4_sparc.changes

DSA 125, backport of 5.22 for security reasons. The advisory mentions version 5.22-0potato1, though.

apache-commonstable1.3.9-14alpha, arm, i386, m68k, powerpc, sparc
apache-commonupdates1.3.9-14.1alpha, arm, i386, m68k, powerpc, sparc
apache-devstable1.3.9-14alpha, arm, i386, m68k, powerpc, sparc
apache-devupdates1.3.9-14.1alpha, arm, i386, m68k, powerpc, sparc
apachestable1.3.9-14alpha, arm, i386, m68k, powerpc, sparc, source
apacheupdates1.3.9-14.1alpha, arm, i386, m68k, powerpc, sparc, source

install apache_1.3.9-14.1_m68k.changes
install apache_1.3.9-14.1_multi.changes

DSA 131

apache-perlstable1.3.9-13.1-1.21.20000309-1alpha, arm, i386, m68k, powerpc, sparc, source
apache-perlupdates1.3.9-14.1-1.21.20000309-1alpha, arm, i386, m68k, powerpc, sparc, source

install apache-perl_1.3.9-14.1-1.21.20000309-1_alpha.changes
install apache-perl_1.3.9-14.1-1.21.20000309-1_arm.changes
install apache-perl_1.3.9-14.1-1.21.20000309-1_i386.changes
install apache-perl_1.3.9-14.1-1.21.20000309-1_m68k.changes
install apache-perl_1.3.9-14.1-1.21.20000309-1_powerpc.changes
install apache-perl_1.3.9-14.1-1.21.20000309-1_sparc.changes

DSA 133

apache-sslupdates1.3.9.13-4.1alpha, arm, i386, m68k, powerpc, sparc, source

install apache-ssl_1.3.9.13-4.1_multi.changes

DSA 132

snake4stable1.0.10-1alpha, arm, i386, m68k, powerpc, sparc, source

install snake4_1.0.10-1.0.1_alpha.changes

Binary-only non-maintainer upload for alpha; no source changes. (See Bug#103300)

cupsys-bsdstable1.0.4-9alpha, arm, i386, m68k, powerpc, sparc
cupsys-bsdupdates1.0.4-12alpha, arm, i386, m68k, powerpc, sparc
cupsysstable1.0.4-9alpha, arm, i386, m68k, powerpc, sparc, source
cupsysupdates1.0.4-12alpha, arm, i386, m68k, powerpc, sparc, source
libcupsys1-devstable1.0.4-9alpha, arm, i386, m68k, powerpc, sparc
libcupsys1-devupdates1.0.4-12alpha, arm, i386, m68k, powerpc, sparc
libcupsys1stable1.0.4-9alpha, arm, i386, m68k, powerpc, sparc
libcupsys1updates1.0.4-12alpha, arm, i386, m68k, powerpc, sparc

install-u cupsys_1.0.4-10_alpha.changes
install-u cupsys_1.0.4-10_arm.changes
install-u cupsys_1.0.4-10_i386.changes
install-u cupsys_1.0.4-10_m68k.changes
install-u cupsys_1.0.4-10_powerpc.changes
install-u cupsys_1.0.4-10_sparc.changes
install-u cupsys_1.0.4-11_alpha.changes
install-u cupsys_1.0.4-11_arm.changes
install-u cupsys_1.0.4-11_i386.changes
install-u cupsys_1.0.4-11_powerpc.changes
install-u cupsys_1.0.4-11_sparc.changes
install-u cupsys_1.0.4-11_m68k.changes
install cupsys_1.0.4-12_arm.changes
install cupsys_1.0.4-12_i386.changes
install cupsys_1.0.4-12_powerpc.changes
install cupsys_1.0.4-12_sparc.changes
install cupsys_1.0.4-12_alpha.changes
install cupsys_1.0.4-12_m68k.changes

-10: Security upload: DSA 110, Buffer overflow

-11: More security fixes: more complete patch for attribute buffer handling and a more correct path validation check to prevent ".." attacks.

-12: Remove lpd backend for security reasons.

customstable1.9962-2all, source
customupdates1.9962-3all, source

install custom_1.9962-3_all.changes

New upload to fix a maintainer-side time warp (Fixes Bug#103300)

erlangstable49.1-10i386, powerpc, sparc, source
erlangupdates49.1-10.1i386, powerpc, sparc, source

install erlang_49.1-10.1_i386.changes
install erlang_49.1-10.1_powerpc.changes
install erlang_49.1-10.1_sparc.changes

Probably from the zlib fuckup

* Non-maintainer upload by the Security Team * Apply patch for double-free bug to included copy of zlib

etherealstable0.8.0-2potatoalpha, arm, i386, m68k, powerpc, sparc, source
etherealupdates0.8.0-3potatoalpha, arm, i386, m68k, powerpc, sparc, source

install ethereal_0.8.0-3potato_alpha.changes
install ethereal_0.8.0-3potato_arm.changes
install ethereal_0.8.0-3potato_i386.changes
install ethereal_0.8.0-3potato_m68k.changes
install ethereal_0.8.0-3potato_powerpc.changes
install ethereal_0.8.0-3potato_sparc.changes

Security upload (backports of 0.9.3) - DSA 130

- asn1.c: fixes zero-length g_malloc that could have caused problems.

- asn1.c: fixes possible buffer overflow.

hordestable2:1.2.6-0.potato.4all, source
hordeupdates2:1.2.6-0.potato.5all, source
impstable2:2.2.6-0.potato.4all, source
impupdates2:2.2.6-0.potato.5all, source

install horde_1.2.6-0.potato.5_i386.changes
install imp_2.2.6-0.potato.5_i386.changes

DSA 126

libapache-mod-sslstable2.4.10-1.3.9-1potato1alpha, arm, i386, m68k, powerpc, sparc, source
libapache-mod-sslupdates2.4.10-1.3.9-1potato2alpha, arm, i386, m68k, powerpc, sparc, source

install libapache-mod-ssl_2.4.10-1.3.9-1potato2.changes
install libapache-mod-ssl_2.4.10-1.3.9-1potato2_arm.changes
install libapache-mod-ssl_2.4.10-1.3.9-1potato2_i386.changes
install libapache-mod-ssl_2.4.10-1.3.9-1potato2_m68k.changes
install libapache-mod-ssl_2.4.10-1.3.9-1potato2_powerpc.changes
install libapache-mod-ssl_2.4.10-1.3.9-1potato2_sparc.changes

DSA 135 (non-US)

listar-cgistable0.129a-2.potato1alpha, arm, i386, m68k, powerpc, sparc
listar-cgiupdates0.129a-2.potato2alpha, arm, i386, m68k, powerpc, sparc
listarstable0.129a-2.potato1alpha, arm, i386, m68k, powerpc, sparc, source
listarupdates0.129a-2.potato2alpha, arm, i386, m68k, powerpc, sparc, source

install listar_0.129a-2.potato2_alpha.changes
install listar_0.129a-2.potato2_arm.changes
install listar_0.129a-2.potato2_i386.changes
install listar_0.129a-2.potato2_m68k.changes
install listar_0.129a-2.potato2_sparc.changes
install listar_0.129a-2.potato2_powerpc.changes

DSA 123 - covers 0.129a-2.potato1, though. This one adds:

* SECURITY: Applied argv security fixes from the Ecartis tree.

qpopperstable2.53-5alpha, arm, i386, m68k, powerpc, sparc, source
qpopperupdates2.53-7alpha, arm, i386, m68k, powerpc, sparc, source

reject qpopper_2.53-6_i386.changes
reject qpopper_2.53-6_powerpc.changes
reject qpopper_2.53-6_sparc.changes
install qpopper_2.53-7_alpha.changes
install qpopper_2.53-7_arm.changes
install qpopper_2.53-7_i386.changes
install qpopper_2.53-7_m68k.changes
install qpopper_2.53-7_powerpc.changes
install qpopper_2.53-7_sparc.changes

Fix a bug that can cause lost data and DoS. (closes:#140784, #114300) This only affected qpoper-2.23 and before. Thank for Masaki Ikeda <>'s patch.

!!! Not yet verified !!!

sudostable1.6.2p2-2.1alpha, arm, i386, m68k, powerpc, sparc, source
sudoupdates1.6.2p2-2.2alpha, arm, i386, m68k, powerpc, sparc, source

install sudo_1.6.2p2-2.2_multi.changes

DSA 128

uucpstable1.06.1-11potato2alpha, arm, i386, m68k, powerpc, sparc, source
uucpupdates1.06.1-11potato3alpha, arm, i386, m68k, powerpc, sparc, source

install uucp_1.06.1-11potato3_alpha.changes
install uucp_1.06.1-11potato3_arm.changes
install uucp_1.06.1-11potato3_i386.changes
install uucp_1.06.1-11potato3_m68k.changes
install uucp_1.06.1-11potato3_powerpc.changes
install uucp_1.06.1-11potato3_sparc.changes

DSA 129

vrwebstable1.5-5alpha, arm, i386, m68k, powerpc, sparc, source
vrwebupdates1.5-5.1alpha, arm, i386, m68k, powerpc, sparc, source

install vrweb_1.5-5.1_alpha.changes
install vrweb_1.5-5.1_arm.changes
install vrweb_1.5-5.1_i386.changes
install vrweb_1.5-5.1_m68k.changes
install vrweb_1.5-5.1_powerpc.changes
install vrweb_1.5-5.1_sparc.changes

* Non-maintainer upload by the security team * Upgrade zlib to 1.1.3 and apply patch for double-free bug

Cleaning bits from the zlib disaster

wmtvstable0.6.5-2potato2alpha, arm, i386, m68k, powerpc, source
wmtvupdates0.6.5-3potato3alpha, arm, i386, m68k, powerpc, sparc, source

install wmtv_0.6.5-3potato3_security.changes

Security Upload, DSA 108, symlink vulnerability. This upload fixes the sparc foobarness.

xsanestable0.50-5alpha, arm, i386, m68k, powerpc, sparc, source
xsaneupdates0.50-5.1alpha, arm, i386, m68k, powerpc, sparc, source

install xsane_0.50-5.1_security.changes

DSA 118 - insecure temporary files

Need further investigation

These packages need further investigation. One reason the package is listed here could be that I'm not yet convinced this package should go into stable, but don't want to reject it entirely at the moment. Another reason could be that released and updated architectures are not in sync yet.

cfenginestable1.5.3-6arm, i386, m68k, powerpc, sparc, source
cfengineupdates1.5.3-7alpha, arm, i386, m68k, powerpc, sparc, source

delay-install cfengine_1.5.3-7_alpha.changes
delay-install cfengine_1.5.3-7_arm.changes
delay-install cfengine_1.5.3-7_i386.changes
delay-install cfengine_1.5.3-7_m68k.changes
delay-install cfengine_1.5.3-7_powerpc.changes
delay-install cfengine_1.5.3-7_sparc.changes

Changelog says: fix stat -> lstat in src/image.c, else a symlink might be followed if we are purging. This is security bug!

Requires attention from the security team

dns-browsestable1.6-4all, source
dns-browseupdates1.6-5all, source

delay-install dns-browse_1.6-5_i386.changes

Changelog says: Fixed dns_tree so that it uses the HOME directory for cache files (Closes: #146591)

This requires action by the Security Team

fetchmailstable5.3.3-3alpha, arm, i386, m68k, powerpc, sparc, source
fetchmailupdates5.3.3-4alpha, i386, m68k, powerpc, sparc, source

delay-install fetchmail_5.3.3-4_alpha.changes
delay-install fetchmail_5.3.3-4_i386.changes
delay-install fetchmail_5.3.3-4_m68k.changes
delay-install fetchmail_5.3.3-4_powerpc.changes
delay-install fetchmail_5.3.3-4_sparc.changes

* SECURITY FIX: avoid buffer overflow on 64bit archs (imap.c) This is a remote-expolitable buffer overflow, if the imap server is hostile (backported from new upstream 5.9.12). Bug discovery and fix by Nalin Dahyabai

DSA missing


freeampstable1.3.1-5m68k, powerpc
freeampstable2.0.6-2alpha, i386, sparc, source
freeampupdates2.0.6-2.1alpha, i386, powerpc, sparc, source
libfreeamp-alsastable2.0.6-2alpha, i386, sparc
libfreeamp-alsaupdates2.0.6-2.1alpha, i386, powerpc, sparc
libfreeamp-esoundstable2.0.6-2alpha, i386, sparc
libfreeamp-esoundupdates2.0.6-2.1alpha, i386, powerpc, sparc

delay-install freeamp_2.0.6-2.1_alpha.changes
delay-install freeamp_2.0.6-2.1_i386.changes
delay-install freeamp_2.0.6-2.1_powerpc.changes
delay-install freeamp_2.0.6-2.1_sparc.changes

* Non-maintainer upload by the security team * Apply patch for zlib double-free bug

Looks like a leaf of the zlib disaster


photopcstable3.02-2alpha, i386, sparc, source

delay-install photopc_3.02-2_powerpc.changes

Get versions in sync.


unixcwstable1.1a-5alpha, i386, source
unixcwupdates1.1a-5powerpc, sparc

delay-install unixcw_1.1a-5_powerpc.changes
delay-install unixcw_1.1a-5_sparc.changes

Get package in sync through all architectures.


zlib-binstable1:1.1.3-5alpha, arm, i386, powerpc, sparc
zlib-binupdates1:1.1.3-5.1alpha, arm, i386, m68k, powerpc, sparc

zlib1-altdev stable 1:1.1.3-3 sparc
zlib1-altdev stable 1:1.1.3-5 i386
zlib1-altdev stable 1:1.1.3-5.0.1 m68k
zlib1-altdev updates 1:1.1.3-5.1 i386, m68k

zlib1g-dev stable 1:1.1.3-5 alpha, arm, i386, powerpc, sparc zlib1g-dev stable 1:1.1.3-5.0.1 m68k zlib1g-dev updates 1:1.1.3-5.1 alpha, arm, i386, m68k, powerpc, sparc

zlib1g stable 1:1.1.3-5 alpha, arm, i386, powerpc, sparc zlib1g stable 1:1.1.3-5.0.1 m68k zlib1g updates 1:1.1.3-5.1 alpha, arm, i386, m68k, powerpc, sparc

zlib1 stable 1:1.1.3-3 sparc zlib1 stable 1:1.1.3-5 i386 zlib1 stable 1:1.1.3-5.0.1 m68k zlib1 updates 1:1.1.3-5.1 i386, m68k

zlib stable 1:1.1.3-5 source zlib updates 1:1.1.3-5.1 source

delay-install zlib_1.1.3-5.1_alpha.changes delay-install zlib_1.1.3-5.1_arm.changes delay-install zlib_1.1.3-5.1_i386.changes delay-install zlib_1.1.3-5.1_powerpc.changes delay-install zlib_1.1.3-5.1_sparc.changes delay-install zlib_1.1.3-5.1_m68k.changes

DSA 122 - zlib strikes back

No zlib1 package for sparc anymore? Is that intentional? Query debian-sparc

Rejected packages

These packages don't meet the requirements.


reject dvi2ps-fontdata_1.0-7_i386.changes

Misplaced upload to 'stable unstable'

efingerdstable1.3alpha, arm, i386, m68k, powerpc, sparc, source
efingerdupdates1.3.2alpha, arm, i386, m68k, powerpc, sparc, source

reject efingerd_1.3.1_alpha.changes
reject efingerd_1.3.1_arm.changes
reject efingerd_1.3.1_i386.changes
reject efingerd_1.3.1_m68k.changes
reject efingerd_1.3.1_powerpc.changes
reject efingerd_1.3.2_alpha.changes
reject efingerd_1.3.2_arm.changes
reject efingerd_1.3.2_i386.changes
reject efingerd_1.3.2_m68k.changes
reject efingerd_1.3.2_powerpc.changes
reject efingerd_1.3.2_sparc.changes

Alleged security update, .1 and .2 are broken, though.

Joey is discussion the issue with the maintainer.

jtex-basestable1.8-6all, source
jtex-baseupdates1.8-7all, source

reject jtex-base_1.8-7_i386.changes

Misplaced upload, stable+unstable

rsyncstable2.3.2-1.2alpha, arm, i386, m68k, powerpc, sparc
rsyncupdates2.3.2-1.3alpha, arm, i386, m68k, powerpc, sparc

reject rsync_2.3.2-1.3_multi.changes

DSA 106

Broken packages, hence rejecting


This list intends to help the ftp-masters releasing 2.2r7. They have the final power to accept a package or not. If you want to comment on this list, please send a mail to Martin Schulze <>.
Last updated 2002/07/04 12:01 MET