Re: New virtual package names.
On Wed, 21 Aug 1996, Ian Jackson wrote: Dale Scheetz writes (Re: New virtual package names. ): On Fri, 9 Aug 1996, Ian Jackson wrote: ... Noone is going to deinstall all the editors on their system and not notice what they've done wrong and how to fix it - this is not the kind of `mistake' our dependency scheme should try to address. It was my understanding that this was EXACTLY what dependancies were designed for; Protecting the installer from removing functionality that other packages need. Surely this is only useful if this is a mistake the user will be likely to make, and then not know how to undo ? The only possible consequences of creating an `editor' virtual package and having things depend on it are: * Needless updates to packages to add dependencies and Provides This is not a technical argument. It is an economic one, and should not be listed as a primary point. (all change takes work) Your assertion that it is needless is not yet backed up by technical arguments. In addition, the modification of other editor packages to encorporate this new VPN are not on any critical path, so they can happen as need arrises. I can't prove that it's needless. You're shifting the burden of proof. It's up to you to show that it's needed. The burden I am trying to shift onto your shoulders is for you to have read the complete thread of this discussion. It is not clear that you have done so. You declared the needlessness but gave no explanation of why this was so. The rest of us, as a group, have discussed this, at some length, and come to the conclusion that the editor virtual package name was a viable solution. As a late arrival to this discussion it is your responsibility to have, at least, read the complete discussion, and speak to the points raised and settled there. Blanket assertions without supporting arguments are neither constructive, nor informative. * Some person installs their own favourite editor in /usr/local and wants to remove all ours but can't. This is true for any package that has others that depend on it. If I want to put a qmail of my own into /usr/local, I will still need to keep some Debian mail-delivery-agent installed to satisfy other packages dependance on an MDA. A way to tell dpkg about non-package provides would fix this problem in general, but I don't necessarily think that it is needed, or even desirable. The difference is that an editor is such a fundamental and striaghtforward thing that it will be obvious to the user what they're doing without the dependency scheme having to tell them. You're using a sledgehammer to crack a probably-nonexistent nut. Well, if you read the foundation postings on this subject, the nut does exist. I still think that we are using the right sized wrench. Later, Dwarf -- aka Dale Scheetz Phone: 1 (904) 877-0257 Flexible Software Fax: NONE Black Creek Critters e-mail: [EMAIL PROTECTED] If you don't see what you want, just ask --
Bug#4236: ftp(1) barfs on QUOTE command
Package: netstd
Version: 2.06-1
muskogee:richard$ uname -a
Linux muskogee 2.0.13 #1 Tue Aug 20 18:45:22 BST 1996 i486
muskogee:richard$ ftp wigwam
Connected to wigwam.elmail.co.uk.
220 wigwam.elmail.co.uk CheckPoint FireWall-1 authenticated ftp server ready
Name (wigwam:richard): richard
331-aftpd: SKEY CHALLENGE: 92 richard
331 aftpd: you can use [EMAIL PROTECTED] string
Password: I type my mojave password
200 aftpd: Enter SKEY string: you can use 'quote SKEY string' or Account
command ('ACCT')
ftp quote my skey string 92
Not connected.
ftp quit
This happens consistently. I don't know why the ftp client thinks
there's no connection - if deeper investigation is required I let me
know.
FWIW compare this with telnetting to the ftp port:
muskogee:richard$ telnet wigwam ftp
Trying 193.112.20.200...
Connected to wigwam.elmail.co.uk.
Escape character is '^]'.
220 wigwam.elmail.co.uk CheckPoint FireWall-1 authenticated ftp server ready
user richard
331-aftpd: SKEY CHALLENGE: 91 richard
331 aftpd: you can use [EMAIL PROTECTED] string
pass my password
200 aftpd: Enter SKEY string: you can use 'quote SKEY string' or Account
command ('ACCT')
my skey string 91
200-aftpd: User richard authenticated by S/Key system.
200 aftpd: Host: (use 'quote ')
mojave
421-aftpd: Connected to mojave. Logging in...
421 aftpd: aborted
Connection closed by foreign host.
muskogee:richard$
(mojave was down when I did all this but it serves to illustrate the
point...)
With Sunos 4.1.3's ftp client:
[EMAIL PROTECTED]:richard$ uname -a
SunOS tlingit 4.1.3_U1 2 sun4m
[EMAIL PROTECTED]:richard$ ftp wigwam
Connected to wigwam.
220 wigwam.elmail.co.uk CheckPoint FireWall-1 authenticated ftp server ready
Name (wigwam:richard): richard
331-aftpd: SKEY CHALLENGE: 90 richard
331 aftpd: you can use [EMAIL PROTECTED] string
Password:
200 aftpd: Enter SKEY string: you can use 'quote SKEY string' or Account
command ('ACCT')
ftp quote skey string 90
200-aftpd: User richard authenticated by S/Key system.
200 aftpd: Host: (use 'quote ')
ftp quote muskogee
421-aftpd: User [EMAIL PROTECTED] is not allowed for service ftp on muskogee.
421 aftpd: aborted
ftp
(again, this serves to illustrate the point, even if it didn't
actually work fully.)
--
Richard Kettlewell [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.elmail.co.uk/staff/richard/
Re: libpaper 1.0 on master
I haven't been following the discussion (sorry!). Please present me with a proposal, and counter-proposals if necessary. Thanks Bruce
Re: libpaper 1.0 on master
Never mind. Wrong message.
Re: Bruce - fiat required to end discussion on lyx/copyright ?
Let's assume the packages that depend on Motif will eventually get better as LessTif matures (by the way, someone should package LessTif _now_). I don't have a problem with your proposal. Can counter-argument be directed to me, please? Thanks Bruce
Bug#4237: lpd remote printing problem
Package: lpr Version: 5.9-12 When receiving files as a remote printer server (from a MS-DOG box) files got spooled but not printed. lpq gives message Warning: no daemon present Rank Owner Job Files Total Size 1stnobody 209 C:\TMP\~lpt1D12.TMP 839 bytes The version of PC TCP we used is 4.1. Thanks Bela
Bug#4233: startx does not initialize X cookies
I wrote: xauth add :0 . `dd if=/dev/urandom count=1 bs=16 | md5sum` This is an incomplete fix to the problem; the serverargs also need to be set: serverargs=-auth $HOME/.Xauthority -- Thomas Koenig, [EMAIL PROTECTED], [EMAIL PROTECTED] The joy of engineering is to find a straight line on a double logarithmic diagram.
Bug#4239: xbmbrowser recommends pbmplus
Package: xbmbrowser Version: 4.2-2 Recommends: pbmplus It should also allow netpbm to suffice as that's what I (and perhaps most others today) have installed. Bill Wohler [EMAIL PROTECTED] ph: +1-415-854-1857 fax: +1-415-854-3195 Say it with MIME. Maintainer of comp.mail.mh and news.software.nn FAQs. If you're passed on the right, you're in the wrong lane.
Bug#4240: mfdcfnt setup error
Package: gs Version: 4.01-2 Config-Version: 3.53-4 Package: gsfonts Version: 3.53-3 Interestingly enough, these dependencies (shown below) did not surface during dselect's selection process, but waited until the configuration process. I just ran dselect again to double-check, and I see the dependency on gsfonts in the status window for gs, but it doesn't appear in a conflicts screen (see further below). Here's the output from dselect doing the setup. I had at first thought that this problem was with mfdcfnt, but the maintainer of mfdcfnt set me straight. There should be a Setting up gs... prompt for gs. Setting up mfdcfnt (1.0-1) ... dpkg: dependency problems prevent configuration of gs: gs depends on gsfonts (= 4.01); however: Version of gsfonts on system is 3.53-3. gs depends on libpaper (= 1.0-1); however: Package libpaper is not installed. dpkg: error processing gs (--install): dependency problems - leaving unconfigured In case it matters, although dpkg 1.2.13elf was selected to be installed, it was 1.2.11 that ran the above. System info: Debian rex Linux 2.0.0 /lib/libc.so.5.2.18 Current conflicts screen (gs nowhere in sight): *** Std mail mpackTools for encoding/decoding MIME messages. *** Opt graphics xpaint XPaint is a reasonably versatile bitmap/pixmap ed *** Xtr x11 xbmbrowser Browser for Pixmaps and Bitmaps ___ Opt news inewsA replacement for the C News inews program. __* Opt news inewsinn `inews': NNTP client news injector, from InterNet ___ Opt news inn News transport system `InterNetNews' by Rich Salz Bill Wohler [EMAIL PROTECTED] ph: +1-415-854-1857 fax: +1-415-854-3195 Say it with MIME. Maintainer of comp.mail.mh and news.software.nn FAQs. If you're passed on the right, you're in the wrong lane.
Bug#4238: mirror requires perl
Package: mirror Version: 2.8-6 The control file for mirror should be changed to show that it requires the installation of the full Perl package, not just the small package included in the base system (what's missing is a timezone.pl file). Alternatively, the perl package in the base system needs to have the timezone.pl file added to it. Susan Kleinmann
Bug#4241: Connect with nothing to do
Package: dpkg-ftp Version: 1.4.2 Andy, Here is the output from running dselect's Install with the ftp method right after a successful install (e.g., there is nothing new to download). Processing status file... Processing Package files... stable... non-free... contrib... unstable... Constructing list of files to get... already got: unstable/binary-i386/net/netbase_2.05-1.deb already got: unstable/binary-i386/net/netscape_3.0-beta7-1.deb already got: unstable/binary-i386/net/lpr_5.9-12.deb Approximate total space required: 0k Do you want to select the files to get [n]: Do you want to download the required files [y]: Downloading files... use ^C to stop Connecting to ftp.debian.org... Login as anonymous... Setting transfer mode to binary... Cd to /pub/debian...
Re: devel directory reorg?
On Tue, 13 Aug 1996, Lars Wirzenius wrote: My memory is going, my archives have bit rot... Did we reach any conclusion on reorganizing the devel directory? No, the suggestions got a bit silly at the end though. I'd prefer a non-hierarchical reorganization personally. While none of the ten thousand scripts that run on master should break, I'm sure they all will. (except for the ones I wrote of course) ;-b Guy
Re: Bug#4153: recent mount/umount vulnerability
On Wed, 14 Aug 1996, Alexander O. Yuriev wrote: I trust you are all aware of the information released to bugtraq/linux-security and linux-alert mailing lists about the vulnerability of mount/umount utilities in Linux. I'd really appreciate if you provide some official information on your distribution specific fixes for the upcoming Linux Security FAQ Update... Hmmm, it appears that everybody was expecting somebody else to officially answer this. Anyway, after rapid installations of mount 2.5j-1.1, mount 2.5k-1, Debian 1.1.6 contains the latest: mount 2.5l-1. Debian users can upgrade by simply pointing the dpkg-ftp method of dselect at `ftp.debian.org:/debian/stable'. Alternatively they can download the file `ftp.debian.org:/debian/stable/binary-i386/base/mount_2.5l-1.deb' and install it by hand with `dpkg -i mount_2.5l-1.deb'. Alex, in the future please direct these questions to '[EMAIL PROTECTED]'. (closing the bug)
Bug#4233: startx does not initialize X cookies
On Thu, 22 Aug 1996, Thomas Koenig wrote: I would suggest adding a line like xauth add :0 . `dd if=/dev/urandom count=1 bs=16 | md5sum` util-linux 2.5-5, includes mcookie, a small c program which does this, so the line should really be: xauth add :0 . `mcookie` Incidentally, mcookie tries /dev/random, /dev/urandom, some files in /proc, and /dev/audio as a last resort. Guy
Re: Bruce - fiat required to end discussion on lyx/copyright ?
I think the you must rename the file if you change it restriction of the LaTeX style sheet files is one that we _can_ live with. This should not require them to go in contrib or non-free. Ian, I don't know how you'd say this in the policy manual. Thanks Bruce
Re: New package standards - LAST CALL
Otmar Lendl writes in private email which I'm sure he won't mind me posting: ... What I would appreciate is, that all the Developer Ressources (Guidelines, Hints, Virtual Names, FSSTD co.) have a central WWW page where I can easily look up the currently valid standards. Could you please arrange something like that ? It makes life a LOT easier for part-time packagers. I think this would be a good idea. We already have a central FTP area, so it may be just a matter of writing the HTML page and making the dpkg SGML documentation available. What do I need to do to make the dpkg SGML documentation available ? I can cause releases of the dpkg package to upload formatted versions of the manual, but how should I package these for shipment ? The HTML versions in particular come in many files ... Ian.
Re: installing elisp .el files
Mark Eichin writes (Re: installing elisp .el files): ... Byte-compilation depends much more on *speed* than size. The changelog mode doesn't do enough (I assume) to merit the speed improvement... gnus, for example, really really needs to be byte compiled. mailcrypt, w3, vm, probably all do as well. They also happen to be big, but that's not the main issue, though there's some correlation. Generally, if a package includes an elisp helper file, it probably doesn't need to be byte-compiled. If the package is *written* primarily in emacs, it's probably complex enough that speed is an issue and should be byte compiled. In between it's a convenience issue. Right. I'd like to put that last paragraph in the policy manual, if I may (lightly edited, probably). Is that OK ? It would also be good if something like the GNU people's byte-compilation helper elisp-comp which Erick Branderhorst sent me could be included in some appropriate package, so that packages can just use it at build-time. Let me know if and when this happens so that I can mention it in the policy manual too. Text fragments appreciated, or I might get it wrong. Ian.
Re: Bug#4051: access permissions for /usr/bin/fdmount
Ian Jackson writes: Damn, it looks like my comment Before anyone changes anything, please read the appropriate part of the new policy manual. went unheeded. I see that the change that Daniel Quinlan requested Oops. has been made. It's a shame that I didn't get around to writing this more detailed response to the situation sooner. Yes, I waited for some time without getting one reply. There is nothing wrong with having an executable mode 4754 setuid root, owned by some particular group. This is the right way to solve this problem. Aynway the file was in the wrong group. Compiling names of groups or even worse group ids into binaries is a bad idea. Why? Because it's not easy to change? I talked to Alain (upstream maintainer) about my changes and he's going to included them into 4.4. I don't see the problem right now, since you're able to put everyone in group floppy who shall be able to use fdmount. On the other hand this group coding (which is ifdef'ed btw so it's not much work to create a new version) adds security. How many systems have wrong permissions on some files? In particular a file with s.bit should be as secure as possible IMHO. I'm going to reopen this bug report. Sorry, Michael Meskes (but you should have heeded my warning). No problem Ian. But then I'm not so sure if it's a bug now. Michael -- Michael Meskes |_ __ [EMAIL PROTECTED] | / ___// / // / / __ \___ __ [EMAIL PROTECTED] | \__ \/ /_ / // /_/ /_/ / _ \/ ___/ ___/ [EMAIL PROTECTED]| ___/ / __/ /__ __/\__, / __/ / (__ ) Use Debian Linux!| //_/ /_/ //\___/_/ //
Re: 96 New Debian i386 Packages
[EMAIL PROTECTED] writes:
These i386 packages were installed into the Debian hierarchy.
Unfortunately, the version number changes and locations are incorrect
in a few cases. The bug has since been fixed.
[...]
I've scanned through this list and found quite a lot of packages I never
read an announcement of. I usually read debian-{devel,changes,user,private}
so I take it I should have found this announcements. But I never have. Did I
just miss them? Or is there a problem with the announcements?
Michael
--
Michael Meskes |_ __
[EMAIL PROTECTED] | / ___// / // / / __ \___ __
[EMAIL PROTECTED] | \__ \/ /_ / // /_/ /_/ / _ \/ ___/ ___/
[EMAIL PROTECTED]| ___/ / __/ /__ __/\__, / __/ / (__ )
Use Debian Linux!| //_/ /_/ //\___/_/ //
Re: Bruce - fiat required to end discussion on lyx/copyright ?
Ian Jackson writes: 2. Package copyright Please study the copyright of your submission *carefully* and understand it before proceeding. If you have doubts or questions, please ask. The aims of the policy detailed below are: * That any user be able to rebuild any package in the official Debian distribution from the original source plus our patches. Ahem, this isn't exact enough IMO. With a standard Debian system I am able to rebuild LyX. [...] All packages in the Debian distribution proper must be freely useable, modifiable and redistributable in both source and binary form. It must be possible for anyone to distribute and use modified source code and their own own compiled binaries, at least when they do so as part of a ^^^ Debian distribution. That's exactly the point. I cannot recompile any package that uses Motif since I don't have it. But I can recompile LyX since we have an xforms package available. Michael -- Michael Meskes |_ __ [EMAIL PROTECTED] | / ___// / // / / __ \___ __ [EMAIL PROTECTED] | \__ \/ /_ / // /_/ /_/ / _ \/ ___/ ___/ [EMAIL PROTECTED]| ___/ / __/ /__ __/\__, / __/ / (__ ) Use Debian Linux!| //_/ /_/ //\___/_/ //
Re: devel directory reorg?
I'd prefer a non-hierarchical reorganization personally. While none of the ten thousand scripts that run on master should break, I'm sure they all will. I prefer a non-hierarchical reorganization as well but I suggest that the section directories are listed in one file per Distribution and that all scripts read this file first before doing anything. Adding the name of that one new section will work for all scripts relying on the information about what sections exist. This is kind of similar how the Packages file are right now (in a way). Erick
which packages need update for shadow?
I just scanned through the packages list to see which ones need to be updated. Here's a list I found: xdm Stephen Early [EMAIL PROTECTED] xtrlock Stephen Early [EMAIL PROTECTED] adduser Steve Phillips [EMAIL PROTECTED] Also I'm not sure about the following: netatalkKlee Dienes [EMAIL PROTECTED] samba Andrew Howell [EMAIL PROTECTED] Needs update, though not part of the official distribution: ssh Dominik Kubla [EMAIL PROTECTED] Needs update, but I don't know how: imapd Dale Scheetz [EMAIL PROTECTED] Are there more? I recommend the maintainers have a look at ftp://ftp.icm.edu.pl//mnt/340/shadow/src for help. Michael -- Michael Meskes |_ __ [EMAIL PROTECTED] | / ___// / // / / __ \___ __ [EMAIL PROTECTED] | \__ \/ /_ / // /_/ /_/ / _ \/ ___/ ___/ [EMAIL PROTECTED]| ___/ / __/ /__ __/\__, / __/ / (__ ) Use Debian Linux!| //_/ /_/ //\___/_/ //
New shadow packages
They are still on ftp://feivel.informatik.rwth-aachen.de/pub/debian.local/binary-i386/local. Please test them out! I'd like to finalize the packages as soon as possible (that'll be next week). -BEGIN PGP SIGNED MESSAGE- Date: 23 Aug 96 10:44 UT Format: 1.6 Distribution: unstable Urgency: Low Maintainer: Michael Meskes [EMAIL PROTECTED] Source: shadow Version: 960810-1 Binary: shadow-passwd shadow-su shadow-login Architecture: i386 source Description: shadow-passwd: Manage shadow password and group files shadow-su: su binary from the shadow password suite shadow-login: Login utility from the shadow password suite Changes: shadow (960810-1) base; urgency=LOW . * Added useradd default file so that default group is no longer 1 * Also corrected the useradd manpage * Replaced grpunconv script by real binary which does correct locking. * Added 'source' field control file to control files * Changed version naming in debian.rules * New upstream version Files: be393f1c42a8de16dc0ce3b76696dd84 343134 - shadow_960810-1.tar.gz 239245eb73208cc4dbf23ca32278c729 14977 - shadow_960810-1.diff.gz 71000f57d0a87dc1d23020505c8ff225 255326 base required shadow-passwd_960810-1_i386.deb c599ae2734242b101e22f48dcb46a88d 19846 admin optional shadow-su_960810-1_i386.deb d049d52dea150351758815ff6ed94d52 44862 base required shadow-login_960810-1_i386.deb -BEGIN PGP SIGNATURE- Version: 2.6.2i iQCVAwUBMh2L4CpaNcQEtuj1AQE7lwQA2L/USJ+kvhh47DrToKsSDfL2ogZWllEK 2R5qd7fUBclLRWJ9Yhez62xOypFbXmlCHKm2HB8jRv7/K5ubhCfbaiJaMzzWkeDu LPCZArGTAa3QJYACLLYiz6wFo+XHXDYUd7GPb9AcRg3BIOcqezXn0T7awpvY66kN YQT5uw5mJkI= =3Of2 -END PGP SIGNATURE- Michael -- Michael Meskes |_ __ [EMAIL PROTECTED] | / ___// / // / / __ \___ __ [EMAIL PROTECTED] | \__ \/ /_ / // /_/ /_/ / _ \/ ___/ ___/ [EMAIL PROTECTED]| ___/ / __/ /__ __/\__, / __/ / (__ ) Use Debian Linux!| //_/ /_/ //\___/_/ //
manual updates (0.2.1.0)
I propose to post here the changelog entries for the package builders' manuals as and when I release new versions of them. So, here goes: debian-manuals (0.2.1.0) unstable; * Policy says when and how to include original source in upload. * Need -sa on dpkg-genchanges/dpkg-buildpackage when converting. * Use minor patchlevel for meaning changes which don't affect packages. * More verbosity about netiquette. * Reorganised participation and upload policy: merged with mailing lists. -- Ian Jackson [EMAIL PROTECTED] Fri, 23 Aug 1996 12:48:09 +0100 debian-manuals (0.2.0.1) experimental; * Said that system administrators' manual does not exist. -- Ian Jackson [EMAIL PROTECTED] Fri, 23 Aug 1996 04:05:36 +0100
New source package uploads to `unstable' allowed
You may now upload packages in the new source format to `unstable'. Packages in `stable' will continue to be in the old format. Note that the caveats in my release announcement on debian-changes for 1.3.8 apply: * The new source tools have not been very well tested and will have bugs, some probably serious. * The source format is not entirely fixed yet. You may need to make significant changes. You _will_ need to keep up with minor documentation changes and _will_ need to make at least one further release when the format is finalised as the Standards-Version value will be changed. However, building releases is a lot easier now :-) and you don't have to re-upload the original source tarfile part of the source more than once per upstream version. I shall probably declare the new format official on Sunday. Ian.
html2latex_0.9c-1
I just needed this one: -BEGIN PGP SIGNED MESSAGE- Date: 23 Aug 96 13:40 UT Format: 1.6 Distribution: unstable Urgency: Low Maintainer: Michael Meskes [EMAIL PROTECTED] Source: html2latex Version: 0.9c-1 Binary: html2latex Architecture: i386 source Description: html2latex: Convert HTML markup to LaTeX markup Changes: html2latex (0.9c-1) tex; urgency=LOW . * Added debian files Files: 9a01ed0686a1bbf4ea972a2550dd291b 14234 tex - html2latex_0.9c-1.tar.gz 720ddb071a5a227158ee04def2da8ee0 1951 tex - html2latex_0.9c-1.diff.gz dafeb6d8a2a94cb200809ec0e2db0994 11444 tex optional html2latex_0.9c-1_i386.deb -BEGIN PGP SIGNATURE- Version: 2.6.2i iQCVAwUBMh205SpaNcQEtuj1AQEo/gP9GpfjpMwa0QwuenXGrIC2cDUXhBR2IYT3 aiGbytO/zjp+LCrv/ImD6G5RMyiQCCNLA9dsafV4B26DsJfO7MC3ZbgHn3eSsCgY rahHdZfLqoTjQb+Lo2ZemTKje9W7iE5QgAmkKL6Ek2ZxUKTOSxjZ2xG+QNwCXPDs Xk9BqOhJ8ZQ= =pzU7 -END PGP SIGNATURE- -- Michael Meskes |_ __ [EMAIL PROTECTED] | / ___// / // / / __ \___ __ [EMAIL PROTECTED] | \__ \/ /_ / // /_/ /_/ / _ \/ ___/ ___/ [EMAIL PROTECTED]| ___/ / __/ /__ __/\__, / __/ / (__ ) Use Debian Linux!| //_/ /_/ //\___/_/ //
Re: Bruce - fiat required to end discussion on lyx/copyright ?
On Thu, 22 Aug 1996, Michael Meskes wrote: All packages in the Debian distribution proper must be freely useable, modifiable and redistributable in both source and binary form. It must be possible for anyone to distribute and use modified source code and their own own compiled binaries, at least when they do so as part of a ^^^ Debian distribution. That's exactly the point. I cannot recompile any package that uses Motif since I don't have it. But I can recompile LyX since we have an xforms package available. Folks that buy my CD can too, but that's because xforms is improperly located in contrib instead of non-free where it belongs (because source is not distributed). Non-free is not part of the Debian distribution (in the most technical use of the term) and programs that depend on them belong in contrib (or non-free if they have distribution restrictions). Luck, Dwarf -- aka Dale Scheetz Phone: 1 (904) 877-0257 Flexible Software Fax: NONE Black Creek Critters e-mail: [EMAIL PROTECTED] If you don't see what you want, just ask --
mfbasfnt 1.0-6 uploaded (Urgency: HIGH)
-BEGIN PGP SIGNED MESSAGE- Date: 23 Aug 96 16:34 UT Format: 1.6 Distribution: unstable Urgency: High Maintainer: Erick Branderhorst [EMAIL PROTECTED] Source: mfbasfnt Version: 1.0-6 Binary: mfbasfnt Architecture: all source Description: mfbasfnt: TeX's default fonts and a few others. Changes: Fri Aug 23 18:12:19 1996 Erick Branderhorst [EMAIL PROTECTED] . * added black, committee, gray, half, logo, manualfonts, mfbook, slant from ftp.tex.ac.uk /pub/tex/archive/fonts/cm/utilityfonts/ * manfnt.mf was missing in previous relaease causing initex going bezurk when generating .fmt files . Files: 4103e616a218b77baa4bfaa07cfbbf99 202020 tex - mfbasfnt-1.0-6.tar.gz 4fbf5dc5a00b2156305d9a3d5483ceb5 168724 tex standard mfbasfnt_1.0-6_all.deb -BEGIN PGP SIGNATURE- Version: 2.6.2i iQCVAwUBMh3d3aXl16B8emrRAQE9tAP/UdIgEVJw53lSUsETi/TPOS2DDUleqUvW V2crLkLDdaLCXiTusVAJ0+PIASmnPJzJbcZzGNYBQh+tKwe8x6xm5zm3p8roiiyp jBEVDBQmkf9T4p4qChmATeZYo/vP9SuN8kNC+oMADS9SdCRQLkWS4JHoD6xX0q6/ TfsQM+YkM8A= =sLD3 -END PGP SIGNATURE-
Re: 96 New Debian i386 Packages
On Thu, 22 Aug 1996, Michael Meskes wrote:
I've scanned through this list and found quite a lot of packages I never
read an announcement of. I usually read debian-{devel,changes,user,private}
so I take it I should have found this announcements. But I never have. Did I
just miss them? Or is there a problem with the announcements?
The 'xx New Debian i386 Packages' mail *is* the announcement I
mentioned earlier. Some developers also post the .changes file when
they upload it, but that's at their option. It really isn't
necessary.
I plan to make several improvements to the announcement format this
weekend:
- description given for new packages
- urgency field prominent
- better summary paragraph which lists packages of high urgency
- sorted by stable, unstable, contrib, non-free
Any other suggestions?
Guy
Re: Bruce - fiat required to end discussion on lyx/copyright ?
On Thu, 22 Aug 1996, Michael Meskes wrote: Ian Jackson writes: The aims of the policy detailed below are: * That any user be able to rebuild any package in the official Debian distribution from the original source plus our patches. Ahem, this isn't exact enough IMO. With a standard Debian system I am able to rebuild LyX. But not from the original source plus our patches. That's the crucial point. That's exactly the point. I cannot recompile any package that uses Motif since I don't have it. But I can recompile LyX since we have an xforms package available. We don't have an xforms package *freely* available. If some Motif vendor decided to start selling packages called motif and motif-dev, we certainly wouldn't consider moving motif apps into the main distribution. Those new packages wouldn't be freely available. Guy
Re: devel directory reorg?
On Fri, 23 Aug 1996 [EMAIL PROTECTED] wrote: I prefer a non-hierarchical reorganization as well but I suggest that the section directories are listed in one file per Distribution and that all scripts read this file first before doing anything. The scripts which do operations on the hierarchy discover all the .deb files with find. The filenames are then stored in the Packages file, which other scripts read. A few of my scripts have to make more constraining assumptions of the hierarchy because they must deal with source files and new packages. It's true that the new .dsc files provide a more formal mechansism for associating source files with binary files, but nothing uses them yet Really the key point is that using a section of devel/scripting_languages should in principle work, but I don't have time to fix my scripts if it doesn't. Guy
Bug#4253: [SECURITY] BoS: BUG in /bin/bash (fwd)
Package: bash Version: 1.14.6-4 I've confirmed that this is a problem on i386. Resent-Date: Fri, 23 Aug 1996 05:42:28 +1000 Date: Thu, 22 Aug 1996 15:35:51 -0400 (EDT) From: Brian Mitchell [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] To: Best of Security [EMAIL PROTECTED] MIME-Version: 1.0 Resent-From: [EMAIL PROTECTED] X-Mailing-List: [EMAIL PROTECTED] archive/latest/248 X-Loop: [EMAIL PROTECTED] Precedence: list Resent-Sender: [EMAIL PROTECTED] Subject: BoS: BUG in /bin/bash (fwd) Status: Brian Mitchell [EMAIL PROTECTED] I never give them hell. I just tell the truth and they think it's hell - H. Truman --ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT--ERS-ALERT-- ---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE--- === == == === == === === === === == == === === === === === === === === === === === === = === === == = === = === === EMERGENCY RESPONSE SERVICE SECURITY VULNERABILITY ALERT 21 August 1996 13:00 GMT Number: ERS-SVA-E01-1996:004.1 === VULNERABILITY SUMMARY VULNERABILITY: A variable declaration error in bash allows the character with value 255 decimal to be used as a command separator. PLATFORMS: Bash 1.14.6 and earlier versions. SOLUTION: Apply the patch provided below. THREAT: When used in environments where users provide strings to be used as commands or arguments to commands, bash can be tricked into executing arbitrary commands. === DETAILED INFORMATION I. Description A. Introduction The GNU Project's Bourne Again SHell (bash) is a drop-in replacement for the UNIX Bourne shell (/bin/sh). It offers the same syntax as the standard shell, but also includes additional functionality such as job control, command line editing, and history. Although bash can be compiled and installed on almost any UNIX platform, its most prevalent use is on free versions of UNIX such as Linux, where it has been installed as /bin/sh (the default shell for most uses). The bash source code is freely available from many sites on the Internet. B. Vulnerability Details There is a variable declaration error in the yy_string_get() function in the parser.y module of the bash source code. This function is responsible for parsing the user-provided command line into separate tokens (commands, special characters, arguments, etc.). The error involves the variable string, which has been declared to be of type char *. The string variable is used to traverse the character string containing the command line to be parsed. As characters are retrieved from this pointer, they are stored in a variable of type int. On systems/compilers where the char type defaults to signed char, this vaule will be sign-extended when it is assigned to the int variable. For character code 255 decimal (-1 in two's complement form), this sign extension results in the value (-1) being assigned to the integer. However, (-1) is used in other parts of the parser to indicate the end of a command. Thus, the character code 255 decimal (377 octal) will serve as an unintended command separator for commands given to bash via the -c option. For example, bash -c 'ls\377who' (where \377 represents the single character with value 255 decimal) will execute two commands, ls and who. II. Impact This unexpected command separator can be dangerous, especially on systems such as Linux where bash has been installed as /bin/sh, when a program executes a command with a string provided by a user as an argument using the system() or popen() functions (or by calling /bin/sh -c string directly).. This is especially true for the CGI programming interface in World Wide Web servers, many of which do not strip out characters with value 255 decimal. If a user sending data to the server can specify the character code 255 in a string that is passed to a shell, and that shell is bash, the user can execute any arbitrary command with the user-id and permissions of the user running the server (frequently root). The bash built-in commands eval, source, and fc are also potentially vulnerable to this problem.
Bug#4195: dpkg-source and new tar package don't mix
Bruce Perens writes (Bug#4195: dpkg-source and new tar package don't mix): Package: dpkg Version: 1.3.5 The latest iteration of the tar package unfortunately is not able to understand the -- flag. I suggest you not use that flag in dpkg-source for now. Thanks for pointing out what was wrong. I have worked around this in 1.3.6 by removing the `--' argument. However, this will cause dpkg-source to break if the next argument ever starts with a `-' so I do not propose to leave this workaround in permanently. I shall leave this bug report open against dpkg so that I do not forget to change it. Ian.
netscape 3.0-1 (stable) released
-BEGIN PGP SIGNED MESSAGE- Date: 23 Aug 96 20:02 UT Format: 1.6 Distribution: unstable Urgency: Low Maintainer: Brian White [EMAIL PROTECTED] Source: netscape Version: 3.0-1 Binary: netscape Architecture: i386 source Description: netscape: Popular World-Wide-Web browser software (installer) - Netscape (pronounced Mozilla) is a graphical World-Wide-Web browser - with many features. It supports advanced features of HTML and new - technologies such as Java from Sun Microsystems. - . - Netscape Communications Corporation does not allow redistribution of - their software. Therefore, this package requires the user to fetch - the netscape archive seperately and place it in the directory pointed - to by the TMPDIR environment variable (or /tmp if TMPDIR not defined) - before attempting to install this package. You can get the linux - packages via anonymous ftp from ftp[1-9].netscape.com. - . - Do NOT try to install any version of Netscape other than 3.0 with - this package! - . - Netscape Communications Corporation does not support the Linux release - in the slightest, even for paying customers. It has been made available - purely as a courtesy, so please do not send them questions about Linux. - . - This installer package has been placed in the public domain! Changes: - STABLE release of Navigator v3.0 Files: bc8440a0ffec5282a5bcbca379ff0ffd 3843 net-netscape_3.0-1.tar.gz 453d1b7a9d9be1c5065cf999bc1d080c 3472 net extra netscape_3.0-1_i386.deb -BEGIN PGP SIGNATURE- Version: 2.6.2i iQCVAwUBMh4OmbwRa6IPcXgFAQHnCgP+LH+kdwCl3BIEPFgM30CTnu6809jxTsVz bzerothxqfViffANzAr1cMkPlf4riJKgM/X/fafs3B1yVptUt+STPIdnZJRuXsUg kDf9SoUYa9sEFbPhENalWqE5Uwj5rOWHL4ieOs2+jsVQvcvCX44knm2ll/z7l1o1 UJQn8TmdORY= =8c8h -END PGP SIGNATURE-
Bug#4254: msql config problems
Package: msqld Version: 1.0.16-2 After upgrading from v1.0.14... The /var/log/msql directory is: drwxr-x--- 2 operator msql 1024 Aug 23 15:11 /var/log/msql/ It should be owned by root.msql and have the permissions 775. The /etc/msql.acl file is: -rwx-- 1 operator msql 300 Aug 23 15:08 /etc/msql.acl* It should be owned by msql.msql and have the permissions 775. *** The install script removed the existing msql.acl file I had made. Good thing I make backups! Fixing these and restarting using /etc/init.d/msqld start gives the following error (repeatedly)... Subject:Minerva Daemon Crash Report Date:Fri, 23 Aug 96 15:46 EDT From:msql (Mini SQL Database Manager) To:root Program : msqld Time : Fri Aug 23 15:46:58 EDT 1996 Program Output -- Can't start server : UNIX Bind : Permission denied mSQL Server 1.0.16 starting ... The unix socket is: srwxrwxrwx 1 root root0 Aug 21 15:52 /dev/msql= This should probably be owned by root.msql, but shouldn't be the cause of this problem. Trying to stop these repeated message by doing /etc/init.d/msqld stop gives the following error: callandor:/etc# /etc/init.d/msqld stop ERROR : Can't connect to local MSQL server rm: /var/run/msqld/shutdown: Permission denied rm: /var/run/msqld/shutdown: Permission denied The shutdown file is: -rw-r- 1 root root5 Aug 23 15:52 /var/run/msqld/shutdown Since I ran the stop command as root, the only thing I can think of here is that something is running as user/group msql and could thus not access the shutdown file. Brian ( [EMAIL PROTECTED] ) --- In theory, theory and practice are the same. In practice, they're not.
