Re: New virtual package names.

1996-08-23 Thread Dale Scheetz
On Wed, 21 Aug 1996, Ian Jackson wrote:

 Dale Scheetz writes (Re: New virtual package names. ):
  On Fri, 9 Aug 1996, Ian Jackson wrote:
 ...
   Noone is going to deinstall all the editors on their system and not
   notice what they've done wrong and how to fix it - this is not the
   kind of `mistake' our dependency scheme should try to address.
  
  It was my understanding that this was EXACTLY what dependancies were
  designed for; Protecting the installer from removing functionality that
  other packages need.
 
 Surely this is only useful if this is a mistake the user will be
 likely to make, and then not know how to undo ?
 
   The only possible consequences of creating an `editor' virtual package
   and having things depend on it are:
* Needless updates to packages to add dependencies and Provides
  
  This is not a technical argument. It is an economic one, and should not be
  listed as a primary point. (all change takes work) Your assertion that it
  is needless is not yet backed up by technical arguments. In addition, the
  modification of other editor packages to encorporate this new VPN are not
  on any critical path, so they can happen as need arrises.
 
 I can't prove that it's needless.  You're shifting the burden of
 proof.  It's up to you to show that it's needed.

The burden I am trying to shift onto your shoulders is for you to have
read the complete thread of this discussion. It is not clear that you have
done so. You declared the needlessness but gave no explanation of why this
was so.
The rest of us, as a group, have discussed this, at some length, and come
to the conclusion that the editor virtual package name was a viable
solution. As a late arrival to this discussion it is your responsibility
to have, at least, read the complete discussion, and speak to the points
raised and settled there. Blanket assertions without supporting arguments
are neither constructive, nor informative.

 
* Some person installs their own favourite editor in /usr/local
  and wants to remove all ours but can't.
  
  This is true for any package that has others that depend on it. If I want
  to put a qmail of my own into /usr/local, I will still need to keep some
  Debian mail-delivery-agent installed to satisfy other packages dependance
  on an MDA. A way to tell dpkg about non-package provides would fix this
  problem in general, but I don't necessarily think that it is needed, or
  even desirable.
 
 The difference is that an editor is such a fundamental and
 striaghtforward thing that it will be obvious to the user what they're
 doing without the dependency scheme having to tell them.
 
 You're using a sledgehammer to crack a probably-nonexistent nut.
 

Well, if you read the foundation postings on this subject, the nut does
exist. I still think that we are using the right sized wrench.

Later,

Dwarf

  --

aka   Dale Scheetz   Phone:   1 (904) 877-0257
  Flexible Software  Fax: NONE 
  Black Creek Critters   e-mail:  [EMAIL PROTECTED]

 If you don't see what you want, just ask --




Bug#4236: ftp(1) barfs on QUOTE command

1996-08-23 Thread Richard Kettlewell Richard Kettlewell
Package: netstd
Version: 2.06-1

muskogee:richard$ uname -a
Linux muskogee 2.0.13 #1 Tue Aug 20 18:45:22 BST 1996 i486
muskogee:richard$ ftp wigwam
Connected to wigwam.elmail.co.uk.
220 wigwam.elmail.co.uk CheckPoint FireWall-1 authenticated ftp server ready
Name (wigwam:richard): richard
331-aftpd: SKEY CHALLENGE: 92 richard
331 aftpd: you can use [EMAIL PROTECTED] string
Password: I type my mojave password
200 aftpd: Enter SKEY string: you can use 'quote SKEY string' or Account 
command ('ACCT')
ftp quote my skey string 92
Not connected.
ftp quit

This happens consistently.  I don't know why the ftp client thinks
there's no connection - if deeper investigation is required I let me
know.

FWIW compare this with telnetting to the ftp port:

muskogee:richard$ telnet wigwam ftp
Trying 193.112.20.200...
Connected to wigwam.elmail.co.uk.
Escape character is '^]'.
220 wigwam.elmail.co.uk CheckPoint FireWall-1 authenticated ftp server ready
user richard
331-aftpd: SKEY CHALLENGE: 91 richard
331 aftpd: you can use [EMAIL PROTECTED] string
pass my password
200 aftpd: Enter SKEY string: you can use 'quote SKEY string' or Account 
command ('ACCT')
my skey string 91
200-aftpd: User richard authenticated by S/Key system.
200 aftpd: Host: (use 'quote ')
mojave
421-aftpd: Connected to mojave. Logging in...
421 aftpd: aborted
Connection closed by foreign host.
muskogee:richard$ 

(mojave was down when I did all this but it serves to illustrate the
point...)

With Sunos 4.1.3's ftp client:

[EMAIL PROTECTED]:richard$ uname -a
SunOS tlingit 4.1.3_U1 2 sun4m
[EMAIL PROTECTED]:richard$ ftp wigwam
Connected to wigwam.
220 wigwam.elmail.co.uk CheckPoint FireWall-1 authenticated ftp server ready
Name (wigwam:richard): richard
331-aftpd: SKEY CHALLENGE: 90 richard
331 aftpd: you can use [EMAIL PROTECTED] string
Password:
200 aftpd: Enter SKEY string: you can use 'quote SKEY string' or Account 
command ('ACCT')
ftp quote skey string 90
200-aftpd: User richard authenticated by S/Key system.
200 aftpd: Host: (use 'quote ')
ftp quote muskogee
421-aftpd: User [EMAIL PROTECTED] is not allowed for service ftp on muskogee.
421 aftpd: aborted
ftp

(again, this serves to illustrate the point, even if it didn't
actually work fully.)

-- 
Richard Kettlewell  [EMAIL PROTECTED]  [EMAIL PROTECTED]
   http://www.elmail.co.uk/staff/richard/




Re: libpaper 1.0 on master

1996-08-23 Thread Bruce Perens
I haven't been following the discussion (sorry!). Please present me with
a proposal, and counter-proposals if necessary.

Thanks

Bruce




Re: libpaper 1.0 on master

1996-08-23 Thread Bruce Perens
Never mind. Wrong message.




Re: Bruce - fiat required to end discussion on lyx/copyright ?

1996-08-23 Thread Bruce Perens
Let's assume the packages that depend on Motif will eventually get better as
LessTif matures (by the way, someone should package LessTif _now_).

I don't have a problem with your proposal. Can counter-argument be directed
to me, please?

Thanks

Bruce




Bug#4237: lpd remote printing problem

1996-08-23 Thread Bela Kis

Package: lpr
Version: 5.9-12

When receiving files as a remote printer server (from a MS-DOG box) files
got spooled but not printed. lpq gives message

Warning: no daemon present
Rank   Owner  Job  Files Total Size
1stnobody 209  C:\TMP\~lpt1D12.TMP   839 bytes

The version of PC TCP we used is 4.1.


Thanks

Bela




Bug#4233: startx does not initialize X cookies

1996-08-23 Thread Thomas Koenig
I wrote:

 xauth add :0 . `dd if=/dev/urandom count=1 bs=16 | md5sum`

This is an incomplete fix to the problem; the serverargs also need
to be set:

serverargs=-auth $HOME/.Xauthority
-- 
Thomas Koenig, [EMAIL PROTECTED], [EMAIL PROTECTED]
The joy of engineering is to find a straight line on a double
logarithmic diagram.




Bug#4239: xbmbrowser recommends pbmplus

1996-08-23 Thread Bill Wohler
Package: xbmbrowser
Version: 4.2-2

Recommends: pbmplus

  It should also allow netpbm to suffice as that's what I (and perhaps
  most others today) have installed.

Bill Wohler [EMAIL PROTECTED]   ph: +1-415-854-1857  fax: +1-415-854-3195
Say it with MIME.  Maintainer of comp.mail.mh and news.software.nn FAQs.
If you're passed on the right, you're in the wrong lane.




Bug#4240: mfdcfnt setup error

1996-08-23 Thread Bill Wohler
Package: gs
Version: 4.01-2

Config-Version: 3.53-4

Package: gsfonts
Version: 3.53-3

  Interestingly enough, these dependencies (shown below) did not
  surface during dselect's selection process, but waited until the
  configuration process.  I just ran dselect again to double-check,
  and I see the dependency on gsfonts in the status window for gs, but
  it doesn't appear in a conflicts screen (see further below).

  Here's the output from dselect doing the setup.  I had at first
  thought that this problem was with mfdcfnt, but the maintainer of
  mfdcfnt set me straight.  There should be a Setting up gs...
  prompt for gs.

Setting up mfdcfnt (1.0-1) ...
dpkg: dependency problems prevent configuration of gs:
 gs depends on gsfonts (= 4.01); however:
  Version of gsfonts on system is 3.53-3.
 gs depends on libpaper (= 1.0-1); however:
  Package libpaper is not installed.
dpkg: error processing gs (--install):
 dependency problems - leaving unconfigured

  In case it matters, although dpkg 1.2.13elf was selected to be
  installed, it was 1.2.11 that ran the above.

  System info:
Debian rex
Linux 2.0.0
/lib/libc.so.5.2.18

  Current conflicts screen (gs nowhere in sight):

*** Std mail mpackTools for encoding/decoding MIME messages.   
*** Opt graphics xpaint   XPaint is a reasonably versatile bitmap/pixmap ed
*** Xtr x11  xbmbrowser   Browser for Pixmaps and Bitmaps
___ Opt news inewsA replacement for the C News inews program.
__* Opt news inewsinn `inews': NNTP client news injector, from InterNet
___ Opt news inn  News transport system `InterNetNews' by Rich Salz
  
Bill Wohler [EMAIL PROTECTED]   ph: +1-415-854-1857  fax: +1-415-854-3195
Say it with MIME.  Maintainer of comp.mail.mh and news.software.nn FAQs.
If you're passed on the right, you're in the wrong lane.




Bug#4238: mirror requires perl

1996-08-23 Thread Susan G. Kleinmann
Package: mirror
Version: 2.8-6

The control file for mirror should be changed to show that it requires
the installation of the full Perl package, not just the small package
included in the base system (what's missing is a timezone.pl file).

Alternatively, the perl package in the base system needs to have the
timezone.pl file added to it.

Susan Kleinmann




Bug#4241: Connect with nothing to do

1996-08-23 Thread Bill Wohler
Package: dpkg-ftp
Version: 1.4.2

Andy,

  Here is the output from running dselect's Install with the ftp
  method right after a successful install (e.g., there is nothing new
  to download).
  
Processing status file...

Processing Package files...
 stable...
 non-free...
 contrib...
 unstable...

Constructing list of files to get...
already got: unstable/binary-i386/net/netbase_2.05-1.deb
already got: unstable/binary-i386/net/netscape_3.0-beta7-1.deb
already got: unstable/binary-i386/net/lpr_5.9-12.deb

Approximate total space required: 0k
Do you want to select the files to get [n]: 

Do you want to download the required files [y]: 
Downloading files... use ^C to stop
Connecting to ftp.debian.org...
Login as anonymous...
Setting transfer mode to binary...
Cd to /pub/debian...


Re: devel directory reorg?

1996-08-23 Thread Guy Maor
On Tue, 13 Aug 1996, Lars Wirzenius wrote:

 My memory is going, my archives have bit rot...
 
 Did we reach any conclusion on reorganizing the devel directory?

No, the suggestions got a bit silly at the end though.

I'd prefer a non-hierarchical reorganization personally.  While none of
the ten thousand scripts that run on master should break, I'm sure they
all will.

(except for the ones I wrote of course) ;-b


Guy




Re: Bug#4153: recent mount/umount vulnerability

1996-08-23 Thread Guy Maor
On Wed, 14 Aug 1996, Alexander O. Yuriev wrote:

   I trust you are all aware of the information released to
 bugtraq/linux-security and linux-alert mailing lists about the vulnerability
 of mount/umount utilities in Linux.
   I'd really appreciate if you provide some official information on
 your distribution specific fixes for the upcoming Linux Security FAQ
 Update...

Hmmm, it appears that everybody was expecting somebody else to
officially answer this.

Anyway, after rapid installations of mount 2.5j-1.1, mount 2.5k-1,
Debian 1.1.6 contains the latest: mount 2.5l-1.

Debian users can upgrade by simply pointing the dpkg-ftp method of
dselect at `ftp.debian.org:/debian/stable'.

Alternatively they can download the file
`ftp.debian.org:/debian/stable/binary-i386/base/mount_2.5l-1.deb' and
install it by hand with `dpkg -i mount_2.5l-1.deb'.

Alex, in the future please direct these questions to
'[EMAIL PROTECTED]'.

(closing the bug)




Bug#4233: startx does not initialize X cookies

1996-08-23 Thread Guy Maor
On Thu, 22 Aug 1996, Thomas Koenig wrote:

 I would suggest adding a line like
 
 xauth add :0 . `dd if=/dev/urandom count=1 bs=16 | md5sum`

util-linux 2.5-5, includes mcookie, a small c program which does this,
so the line should really be:

xauth add :0 . `mcookie`

Incidentally, mcookie tries /dev/random, /dev/urandom, some files in
/proc, and /dev/audio as a last resort.


Guy




Re: Bruce - fiat required to end discussion on lyx/copyright ?

1996-08-23 Thread Bruce Perens
I think the you must rename the file if you change it restriction of the
LaTeX style sheet files is one that we _can_ live with. This should not
require them to go in contrib or non-free. Ian, I don't know how you'd
say this in the policy manual.

Thanks

Bruce




Re: New package standards - LAST CALL

1996-08-23 Thread Ian Jackson
Otmar Lendl writes in private email which I'm sure he won't mind me
posting:
...
 What I would appreciate is, that all the Developer Ressources
 (Guidelines, Hints, Virtual Names, FSSTD  co.) have a central
 WWW page where I can easily look up the currently valid standards.
 
 Could you please arrange something like that ? It makes life a
 LOT easier for part-time packagers.

I think this would be a good idea.  We already have a central FTP
area, so it may be just a matter of writing the HTML page and making
the dpkg SGML documentation available.

What do I need to do to make the dpkg SGML documentation available ?
I can cause releases of the dpkg package to upload formatted versions
of the manual, but how should I package these for shipment ?  The HTML
versions in particular come in many files ...

Ian.




Re: installing elisp .el files

1996-08-23 Thread Ian Jackson
Mark Eichin writes (Re: installing elisp .el files):
...
 Byte-compilation depends much more on *speed* than size.  The
 changelog mode doesn't do enough (I assume) to merit the speed
 improvement... gnus, for example, really really needs to be byte
 compiled.  mailcrypt, w3, vm, probably all do as well.  They also
 happen to be big, but that's not the main issue, though there's some
 correlation. 
 
 Generally, if a package includes an elisp helper file, it probably
 doesn't need to be byte-compiled. If the package is *written*
 primarily in emacs, it's probably complex enough that speed is an
 issue and should be byte compiled. In between it's a convenience
 issue. 

Right.  I'd like to put that last paragraph in the policy manual, if I
may (lightly edited, probably).  Is that OK ?

It would also be good if something like the GNU people's
byte-compilation helper elisp-comp which Erick Branderhorst sent me
could be included in some appropriate package, so that packages can
just use it at build-time.  Let me know if and when this happens so
that I can mention it in the policy manual too.  Text fragments
appreciated, or I might get it wrong.

Ian.




Re: Bug#4051: access permissions for /usr/bin/fdmount

1996-08-23 Thread Michael Meskes
Ian Jackson writes:
 
 Damn, it looks like my comment
  Before anyone changes anything, please read the appropriate part of
  the new policy manual.
 went unheeded.  I see that the change that Daniel Quinlan requested

Oops.

 has been made.  It's a shame that I didn't get around to writing this
 more detailed response to the situation sooner.

Yes, I waited for some time without getting one reply.

 There is nothing wrong with having an executable mode 4754 setuid
 root, owned by some particular group.  This is the right way to solve
 this problem.

Aynway the file was in the wrong group.

 Compiling names of groups or even worse group ids into binaries is a
 bad idea.

Why? Because it's not easy to change? I talked to Alain (upstream
maintainer) about my changes and he's going to included them into 4.4. I
don't see the problem right now, since you're able to put everyone in group
floppy who shall be able to use fdmount. On the other hand this group coding
(which is ifdef'ed btw so it's not much work to create a new version) adds
security. How many systems have wrong permissions on some files? In
particular a file with s.bit should be as secure as possible IMHO.

 I'm going to reopen this bug report.  Sorry, Michael Meskes (but you
 should have heeded my warning).

No problem Ian. But then I'm not so sure if it's a bug now.

Michael

-- 
Michael Meskes   |_  __  
[EMAIL PROTECTED] |   / ___// / // / / __ \___  __
[EMAIL PROTECTED]  |   \__ \/ /_  / // /_/ /_/ / _ \/ ___/ ___/
[EMAIL PROTECTED]|  ___/ / __/ /__  __/\__, /  __/ /  (__  )
Use Debian Linux!| //_/  /_/  //\___/_/  //




Re: 96 New Debian i386 Packages

1996-08-23 Thread Michael Meskes
[EMAIL PROTECTED] writes:
 
 These i386 packages were installed into the Debian hierarchy.
 Unfortunately, the version number changes and locations are incorrect
 in a few cases.  The bug has since been fixed.
 
 [...] 

I've scanned through this list and found quite a lot of packages I never
read an announcement of. I usually read debian-{devel,changes,user,private}
so I take it I should have found this announcements. But I never have. Did I
just miss them? Or is there a problem with the announcements?

Michael
-- 
Michael Meskes   |_  __  
[EMAIL PROTECTED] |   / ___// / // / / __ \___  __
[EMAIL PROTECTED]  |   \__ \/ /_  / // /_/ /_/ / _ \/ ___/ ___/
[EMAIL PROTECTED]|  ___/ / __/ /__  __/\__, /  __/ /  (__  )
Use Debian Linux!| //_/  /_/  //\___/_/  //




Re: Bruce - fiat required to end discussion on lyx/copyright ?

1996-08-23 Thread Michael Meskes
Ian Jackson writes:
 2. Package copyright
 
 
  Please study the copyright of your submission *carefully* and
  understand it before proceeding. If you have doubts or questions,
  please ask.
 
  The aims of the policy detailed below are: 
 * That any user be able to rebuild any package in the official
   Debian distribution from the original source plus our patches.

Ahem, this isn't exact enough IMO. With a standard Debian system I am able
to rebuild LyX. 

 [...]
  All packages in the Debian distribution proper must be freely useable,
  modifiable and redistributable in both source and binary form. It must
  be possible for anyone to distribute and use modified source code and
  their own own compiled binaries, at least when they do so as part of a
 ^^^
  Debian distribution.

That's exactly the point. I cannot recompile any package that uses Motif
since I don't have it. But I can recompile LyX since we have an xforms
package available. 

Michael

-- 
Michael Meskes   |_  __  
[EMAIL PROTECTED] |   / ___// / // / / __ \___  __
[EMAIL PROTECTED]  |   \__ \/ /_  / // /_/ /_/ / _ \/ ___/ ___/
[EMAIL PROTECTED]|  ___/ / __/ /__  __/\__, /  __/ /  (__  )
Use Debian Linux!| //_/  /_/  //\___/_/  //




Re: devel directory reorg?

1996-08-23 Thread branderh
 I'd prefer a non-hierarchical reorganization personally.  While none of
 the ten thousand scripts that run on master should break, I'm sure they
 all will.

I prefer a non-hierarchical reorganization as well but I suggest that the
section directories are listed in one file per Distribution and that all
scripts read this file first before doing anything.  Adding the name of
that one new section will work for all scripts relying on the information
about what sections exist.  This is kind of similar how the Packages file
are right now (in a way).

Erick





which packages need update for shadow?

1996-08-23 Thread Michael Meskes
I just scanned through the packages list to see which ones need to be
updated. Here's a list I found:

xdm Stephen Early [EMAIL PROTECTED]
xtrlock Stephen Early [EMAIL PROTECTED]
adduser Steve Phillips [EMAIL PROTECTED]

Also I'm not sure about the following:

netatalkKlee Dienes [EMAIL PROTECTED]
samba   Andrew Howell [EMAIL PROTECTED]

Needs update, though not part of the official distribution:

ssh Dominik Kubla [EMAIL PROTECTED]

Needs update, but I don't know how:

imapd   Dale Scheetz [EMAIL PROTECTED]

Are there more? I recommend the maintainers have a look at
ftp://ftp.icm.edu.pl//mnt/340/shadow/src for help.

Michael

-- 
Michael Meskes   |_  __  
[EMAIL PROTECTED] |   / ___// / // / / __ \___  __
[EMAIL PROTECTED]  |   \__ \/ /_  / // /_/ /_/ / _ \/ ___/ ___/
[EMAIL PROTECTED]|  ___/ / __/ /__  __/\__, /  __/ /  (__  )
Use Debian Linux!| //_/  /_/  //\___/_/  //




New shadow packages

1996-08-23 Thread Michael Meskes
They are still on
ftp://feivel.informatik.rwth-aachen.de/pub/debian.local/binary-i386/local.

Please test them out! I'd like to finalize the packages as soon as possible
(that'll be next week).

-BEGIN PGP SIGNED MESSAGE-

Date: 23 Aug 96 10:44 UT
Format: 1.6
Distribution: unstable
Urgency: Low
Maintainer: Michael Meskes [EMAIL PROTECTED]
Source: shadow
Version: 960810-1
Binary:  shadow-passwd shadow-su shadow-login
Architecture:  i386 source
Description: 
 shadow-passwd: Manage shadow password and group files
 shadow-su: su binary from the shadow password suite
 shadow-login: Login utility from the shadow password suite
Changes: 
 shadow (960810-1) base; urgency=LOW
 .
* Added useradd default file so that default group is no longer 1
* Also corrected the useradd manpage
* Replaced grpunconv script by real binary which does correct
  locking.
* Added 'source' field control file to control files
* Changed version naming in debian.rules
* New upstream version
Files:
 be393f1c42a8de16dc0ce3b76696dd84  343134  -   shadow_960810-1.tar.gz
 239245eb73208cc4dbf23ca32278c729  14977  -   shadow_960810-1.diff.gz
 71000f57d0a87dc1d23020505c8ff225  255326  base  required  
shadow-passwd_960810-1_i386.deb
 c599ae2734242b101e22f48dcb46a88d  19846  admin  optional  
shadow-su_960810-1_i386.deb
 d049d52dea150351758815ff6ed94d52  44862  base  required  
shadow-login_960810-1_i386.deb

-BEGIN PGP SIGNATURE-
Version: 2.6.2i

iQCVAwUBMh2L4CpaNcQEtuj1AQE7lwQA2L/USJ+kvhh47DrToKsSDfL2ogZWllEK
2R5qd7fUBclLRWJ9Yhez62xOypFbXmlCHKm2HB8jRv7/K5ubhCfbaiJaMzzWkeDu
LPCZArGTAa3QJYACLLYiz6wFo+XHXDYUd7GPb9AcRg3BIOcqezXn0T7awpvY66kN
YQT5uw5mJkI=
=3Of2
-END PGP SIGNATURE-

Michael

-- 
Michael Meskes   |_  __  
[EMAIL PROTECTED] |   / ___// / // / / __ \___  __
[EMAIL PROTECTED]  |   \__ \/ /_  / // /_/ /_/ / _ \/ ___/ ___/
[EMAIL PROTECTED]|  ___/ / __/ /__  __/\__, /  __/ /  (__  )
Use Debian Linux!| //_/  /_/  //\___/_/  //




manual updates (0.2.1.0)

1996-08-23 Thread Ian Jackson
I propose to post here the changelog entries for the package builders'
manuals as and when I release new versions of them.  So, here goes:

debian-manuals (0.2.1.0) unstable;

  * Policy says when and how to include original source in upload.

  * Need -sa on dpkg-genchanges/dpkg-buildpackage when converting.

  * Use minor patchlevel for meaning changes which don't affect packages.
  * More verbosity about netiquette.
  * Reorganised participation and upload policy: merged with mailing lists.

 -- Ian Jackson [EMAIL PROTECTED]  Fri, 23 Aug 1996 12:48:09 +0100

debian-manuals (0.2.0.1) experimental;

  * Said that system administrators' manual does not exist.

 -- Ian Jackson [EMAIL PROTECTED]  Fri, 23 Aug 1996 04:05:36 +0100




New source package uploads to `unstable' allowed

1996-08-23 Thread Ian Jackson
You may now upload packages in the new source format to `unstable'.
Packages in `stable' will continue to be in the old format.

Note that the caveats in my release announcement on debian-changes for
1.3.8 apply:

* The new source tools have not been very well tested and will have
  bugs, some probably serious.

* The source format is not entirely fixed yet.  You may need to make
  significant changes.  You _will_ need to keep up with minor
  documentation changes and _will_ need to make at least one further
  release when the format is finalised as the Standards-Version value
  will be changed.  However, building releases is a lot easier now :-)
  and you don't have to re-upload the original source tarfile part of
  the source more than once per upstream version.

I shall probably declare the new format official on Sunday.

Ian.




html2latex_0.9c-1

1996-08-23 Thread Michael Meskes
I just needed this one:

-BEGIN PGP SIGNED MESSAGE-

Date: 23 Aug 96 13:40 UT
Format: 1.6
Distribution: unstable
Urgency: Low
Maintainer: Michael Meskes [EMAIL PROTECTED]
Source: html2latex
Version: 0.9c-1
Binary:  html2latex
Architecture:  i386 source
Description: 
 html2latex: Convert HTML markup to LaTeX markup
Changes: 
 html2latex (0.9c-1) tex; urgency=LOW
 .
* Added debian files
Files:
 9a01ed0686a1bbf4ea972a2550dd291b  14234  tex  -  html2latex_0.9c-1.tar.gz
 720ddb071a5a227158ee04def2da8ee0  1951  tex  -  html2latex_0.9c-1.diff.gz
 dafeb6d8a2a94cb200809ec0e2db0994  11444  tex  optional  
html2latex_0.9c-1_i386.deb

-BEGIN PGP SIGNATURE-
Version: 2.6.2i

iQCVAwUBMh205SpaNcQEtuj1AQEo/gP9GpfjpMwa0QwuenXGrIC2cDUXhBR2IYT3
aiGbytO/zjp+LCrv/ImD6G5RMyiQCCNLA9dsafV4B26DsJfO7MC3ZbgHn3eSsCgY
rahHdZfLqoTjQb+Lo2ZemTKje9W7iE5QgAmkKL6Ek2ZxUKTOSxjZ2xG+QNwCXPDs
Xk9BqOhJ8ZQ=
=pzU7
-END PGP SIGNATURE-

-- 
Michael Meskes   |_  __  
[EMAIL PROTECTED] |   / ___// / // / / __ \___  __
[EMAIL PROTECTED]  |   \__ \/ /_  / // /_/ /_/ / _ \/ ___/ ___/
[EMAIL PROTECTED]|  ___/ / __/ /__  __/\__, /  __/ /  (__  )
Use Debian Linux!| //_/  /_/  //\___/_/  //




Re: Bruce - fiat required to end discussion on lyx/copyright ?

1996-08-23 Thread Dale Scheetz
On Thu, 22 Aug 1996, Michael Meskes wrote:

   All packages in the Debian distribution proper must be freely useable,
   modifiable and redistributable in both source and binary form. It must
   be possible for anyone to distribute and use modified source code and
   their own own compiled binaries, at least when they do so as part of a
  ^^^
   Debian distribution.
 
 That's exactly the point. I cannot recompile any package that uses Motif
 since I don't have it. But I can recompile LyX since we have an xforms
 package available. 
 
Folks that buy my CD can too, but that's because xforms is improperly
located in contrib instead of non-free where it belongs (because source is
not distributed). Non-free is not part of the Debian distribution (in the
most technical use of the term) and programs that depend on them belong in
contrib (or non-free if they have distribution restrictions).

Luck,

Dwarf

  --

aka   Dale Scheetz   Phone:   1 (904) 877-0257
  Flexible Software  Fax: NONE 
  Black Creek Critters   e-mail:  [EMAIL PROTECTED]

 If you don't see what you want, just ask --




mfbasfnt 1.0-6 uploaded (Urgency: HIGH)

1996-08-23 Thread branderh
-BEGIN PGP SIGNED MESSAGE-

Date: 23 Aug 96 16:34 UT
Format: 1.6
Distribution: unstable
Urgency: High
Maintainer: Erick Branderhorst [EMAIL PROTECTED]
Source: mfbasfnt
Version: 1.0-6
Binary:  mfbasfnt
Architecture:  all source
Description: 
 mfbasfnt: TeX's default fonts and a few others.
Changes: 
 Fri Aug 23 18:12:19 1996  Erick Branderhorst  [EMAIL PROTECTED]
 .
* added black, committee, gray, half, logo, manualfonts,
mfbook, slant from ftp.tex.ac.uk
/pub/tex/archive/fonts/cm/utilityfonts/
* manfnt.mf was missing in previous relaease causing initex
going bezurk when generating .fmt files
 .
Files:
 4103e616a218b77baa4bfaa07cfbbf99  202020  tex  -  mfbasfnt-1.0-6.tar.gz
 4fbf5dc5a00b2156305d9a3d5483ceb5  168724  tex  standard  mfbasfnt_1.0-6_all.deb

-BEGIN PGP SIGNATURE-
Version: 2.6.2i

iQCVAwUBMh3d3aXl16B8emrRAQE9tAP/UdIgEVJw53lSUsETi/TPOS2DDUleqUvW
V2crLkLDdaLCXiTusVAJ0+PIASmnPJzJbcZzGNYBQh+tKwe8x6xm5zm3p8roiiyp
jBEVDBQmkf9T4p4qChmATeZYo/vP9SuN8kNC+oMADS9SdCRQLkWS4JHoD6xX0q6/
TfsQM+YkM8A=
=sLD3
-END PGP SIGNATURE-




Re: 96 New Debian i386 Packages

1996-08-23 Thread Guy Maor
On Thu, 22 Aug 1996, Michael Meskes wrote:

 I've scanned through this list and found quite a lot of packages I never
 read an announcement of. I usually read debian-{devel,changes,user,private}
 so I take it I should have found this announcements. But I never have. Did I
 just miss them? Or is there a problem with the announcements?

The 'xx New Debian i386 Packages' mail *is* the announcement I
mentioned earlier.  Some developers also post the .changes file when
they upload it, but that's at their option.  It really isn't
necessary.

I plan to make several improvements to the announcement format this
weekend:
- description given for new packages
- urgency field prominent
- better summary paragraph which lists packages of high urgency
- sorted by stable, unstable, contrib, non-free
Any other suggestions?


Guy




Re: Bruce - fiat required to end discussion on lyx/copyright ?

1996-08-23 Thread Guy Maor
On Thu, 22 Aug 1996, Michael Meskes wrote:

 Ian Jackson writes:
   The aims of the policy detailed below are: 
  * That any user be able to rebuild any package in the official
Debian distribution from the original source plus our patches.
 
 Ahem, this isn't exact enough IMO. With a standard Debian system I am able
 to rebuild LyX. 

But not from the original source plus our patches.  That's the
crucial point.

 That's exactly the point. I cannot recompile any package that uses Motif
 since I don't have it. But I can recompile LyX since we have an xforms
 package available. 

We don't have an xforms package *freely* available.  If some Motif
vendor decided to start selling packages called motif and motif-dev, we
certainly wouldn't consider moving motif apps into the main
distribution.  Those new packages wouldn't be freely available.


Guy




Re: devel directory reorg?

1996-08-23 Thread Guy Maor
On Fri, 23 Aug 1996 [EMAIL PROTECTED] wrote:

 I prefer a non-hierarchical reorganization as well but I suggest that the
 section directories are listed in one file per Distribution and that all
 scripts read this file first before doing anything.

The scripts which do operations on the hierarchy discover all the .deb
files with find.  The filenames are then stored in the Packages file,
which other scripts read.

A few of my scripts have to make more constraining assumptions of the
hierarchy because they must deal with source files and new packages.
It's true that the new .dsc files provide a more formal mechansism for
associating source files with binary files, but nothing uses them yet

Really the key point is that using a section of
devel/scripting_languages should in principle work, but I don't have
time to fix my scripts if it doesn't.


Guy




Bug#4253: [SECURITY] BoS: BUG in /bin/bash (fwd)

1996-08-23 Thread Michael Shields
Package: bash
Version: 1.14.6-4

I've confirmed that this is a problem on i386.

Resent-Date: Fri, 23 Aug 1996 05:42:28 +1000
Date: Thu, 22 Aug 1996 15:35:51 -0400 (EDT)
From: Brian Mitchell [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
To: Best of Security [EMAIL PROTECTED]
MIME-Version: 1.0
Resent-From: [EMAIL PROTECTED]
X-Mailing-List: [EMAIL PROTECTED] archive/latest/248
X-Loop: [EMAIL PROTECTED]
Precedence: list
Resent-Sender: [EMAIL PROTECTED]
Subject: BoS: BUG in /bin/bash (fwd)
Status:



Brian Mitchell
[EMAIL PROTECTED]
I never give them hell. I just tell the truth and they think it's hell
- H. Truman

--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--
---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL
RELEASE---

  ===  ==   ==
  ===  ==  === ===
===  === ==   ==
===  === === ===
===  === === === ===
===  === ===  =  ===
  ===  ==  =   ===   =
  ===  ===

   EMERGENCY RESPONSE SERVICE
  SECURITY VULNERABILITY ALERT

21 August 1996 13:00 GMT Number:
ERS-SVA-E01-1996:004.1
===
 VULNERABILITY  SUMMARY

VULNERABILITY:  A variable declaration error in bash allows the character
with value 255 decimal to be used as a command separator.

PLATFORMS:  Bash 1.14.6 and earlier versions.

SOLUTION:   Apply the patch provided below.

THREAT: When used in environments where users provide strings to be
used as commands or arguments to commands, bash can be
tricked into executing arbitrary commands.

===
  DETAILED INFORMATION

I. Description

   A. Introduction

  The GNU Project's Bourne Again SHell (bash) is a drop-in replacement
  for the UNIX Bourne shell (/bin/sh).  It offers the same syntax as the
  standard shell, but also includes additional functionality such as job
  control, command line editing, and history.

  Although bash can be compiled and installed on almost any UNIX
  platform, its most prevalent use is on free versions of UNIX such as
  Linux, where it has been installed as /bin/sh (the default shell for
  most uses).

  The bash source code is freely available from many sites on the
  Internet.

   B. Vulnerability Details

  There is a variable declaration error in the yy_string_get() function
  in the parser.y module of the bash source code.  This function is
  responsible for parsing the user-provided command line into separate
  tokens (commands, special characters, arguments, etc.).  The error
  involves the variable string, which has been declared to be of type
  char *.

  The string variable is used to traverse the character string
  containing the command line to be parsed.  As characters are retrieved
  from this pointer, they are stored in a variable of type int.  On
  systems/compilers where the char type defaults to signed char, this
  vaule will be sign-extended when it is assigned to the int variable.
  For character code 255 decimal (-1 in two's complement form), this sign
  extension results in the value (-1) being assigned to the integer.

  However, (-1) is used in other parts of the parser to indicate the end
  of a command.  Thus, the character code 255 decimal (377 octal) will
  serve as an unintended command separator for commands given to bash
  via the -c option.  For example,

bash -c 'ls\377who'

  (where \377 represents the single character with value 255 decimal)
  will execute two commands, ls and who.

II. Impact

This unexpected command separator can be dangerous, especially on systems such
as Linux where bash has been installed as /bin/sh, when a program executes
a command with a string provided by a user as an argument using the system()
or popen() functions (or by calling /bin/sh -c string directly)..

This is especially true for the CGI programming interface in World Wide Web
servers, many of which do not strip out characters with value 255 decimal.  If
a user sending data to the server can specify the character code 255 in a
string that is passed to a shell, and that shell is bash, the user can
execute any arbitrary command with the user-id and permissions of the user
running the server (frequently root).

The bash built-in commands eval, source, and fc are also potentially
vulnerable to this problem.


Bug#4195: dpkg-source and new tar package don't mix

1996-08-23 Thread Ian Jackson
Bruce Perens writes (Bug#4195: dpkg-source and new tar package don't mix):
 Package: dpkg
 Version: 1.3.5
 
 The latest iteration of the tar package unfortunately is not able to
 understand the -- flag. I suggest you not use that flag in dpkg-source
 for now.

Thanks for pointing out what was wrong.

I have worked around this in 1.3.6 by removing the `--' argument.
However, this will cause dpkg-source to break if the next argument
ever starts with a `-' so I do not propose to leave this workaround in
permanently.

I shall leave this bug report open against dpkg so that I do not
forget to change it.

Ian.




netscape 3.0-1 (stable) released

1996-08-23 Thread Brian C. White
-BEGIN PGP SIGNED MESSAGE-

Date: 23 Aug 96 20:02 UT
Format: 1.6
Distribution: unstable
Urgency: Low
Maintainer: Brian White [EMAIL PROTECTED]
Source: netscape
Version: 3.0-1
Binary:  netscape
Architecture:  i386 source
Description: 
 netscape: Popular World-Wide-Web browser software (installer)
 -  Netscape (pronounced Mozilla) is a graphical World-Wide-Web browser
 -  with many features.  It supports advanced features of HTML and new
 -  technologies such as Java from Sun Microsystems.
 -  .
 -  Netscape Communications Corporation does not allow redistribution of
 -  their software.  Therefore, this package requires the user to fetch
 -  the netscape archive seperately and place it in the directory pointed
 -  to by the TMPDIR environment variable (or /tmp if TMPDIR not defined)
 -  before attempting to install this package.  You can get the linux
 -  packages via anonymous ftp from ftp[1-9].netscape.com.
 -  .
 -  Do NOT try to install any version of Netscape other than 3.0 with
 -  this package!
 -  .
 -  Netscape Communications Corporation does not support the Linux release
 -  in the slightest, even for paying customers.  It has been made available
 -  purely as a courtesy, so please do not send them questions about Linux.
 -  .
 -  This installer package has been placed in the public domain!
Changes:
 -  STABLE release of Navigator v3.0
Files:
 bc8440a0ffec5282a5bcbca379ff0ffd  3843  net-netscape_3.0-1.tar.gz
 453d1b7a9d9be1c5065cf999bc1d080c  3472  net  extra  netscape_3.0-1_i386.deb

-BEGIN PGP SIGNATURE-
Version: 2.6.2i

iQCVAwUBMh4OmbwRa6IPcXgFAQHnCgP+LH+kdwCl3BIEPFgM30CTnu6809jxTsVz
bzerothxqfViffANzAr1cMkPlf4riJKgM/X/fafs3B1yVptUt+STPIdnZJRuXsUg
kDf9SoUYa9sEFbPhENalWqE5Uwj5rOWHL4ieOs2+jsVQvcvCX44knm2ll/z7l1o1
UJQn8TmdORY=
=8c8h
-END PGP SIGNATURE-




Bug#4254: msql config problems

1996-08-23 Thread Brian C. White
Package: msqld
Version: 1.0.16-2


After upgrading from v1.0.14...


The /var/log/msql directory is:

drwxr-x---   2 operator msql 1024 Aug 23 15:11 /var/log/msql/

It should be owned by root.msql and have the permissions 775.


The /etc/msql.acl file is:

-rwx--   1 operator msql  300 Aug 23 15:08 /etc/msql.acl*

It should be owned by msql.msql and have the permissions 775.


*** The install script removed the existing msql.acl file I had made.
Good thing I make backups!


Fixing these and restarting using /etc/init.d/msqld start gives
the following error (repeatedly)...

Subject:Minerva Daemon Crash Report
   Date:Fri, 23 Aug 96 15:46 EDT
   From:msql (Mini SQL Database Manager)
 To:root


Program : msqld
Time : Fri Aug 23 15:46:58 EDT 1996
Program Output
--


Can't start server : UNIX Bind : Permission denied


mSQL Server 1.0.16 starting ...


The unix socket is:

srwxrwxrwx   1 root root0 Aug 21 15:52 /dev/msql=

This should probably be owned by root.msql, but shouldn't be the
cause of this problem.


Trying to stop these repeated message by doing /etc/init.d/msqld stop
gives the following error:

callandor:/etc# /etc/init.d/msqld stop
ERROR : Can't connect to local MSQL server
rm: /var/run/msqld/shutdown: Permission denied
rm: /var/run/msqld/shutdown: Permission denied

The shutdown file is:

-rw-r-   1 root root5 Aug 23 15:52 /var/run/msqld/shutdown

Since I ran the stop command as root, the only thing I can think of here
is that something is running as user/group msql and could thus not access
the shutdown file.

Brian
   ( [EMAIL PROTECTED] )

---
In theory, theory and practice are the same.  In practice, they're not.