X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/blobdiff_plain/b0d314a07d44e164a6eb416fbf9b3e2a2853579f..a9581b648dcfbf75919cf4197d35772cb1515b90:/doc/LennyBugsAll diff --git a/doc/LennyBugsAll b/doc/LennyBugsAll index dd522b7..1ff4011 100644 --- a/doc/LennyBugsAll +++ b/doc/LennyBugsAll @@ -9,26 +9,59 @@ Please sort into useful/not useful, add notes, etc. = Juicy? = -Try these! +All dealt with! See the section "Fixed by SIPB" below. -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465] -in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools] -"/init exports MODPROBE_OPTIONS=-qb" -[[BR]](Note: real bug report is near bottom.) -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072] -in [http://packages.debian.org/lenny/dk-filter dk-filter] -"dk-filter reliably crashes upon connection from postfix" -[[BR]](Note: bug report, little followup. Test, reproduce, debug, fix.) += Flamewars = -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506057 506057] -in [http://packages.debian.org/lenny/splashy splashy] -"splashy: Splashy fails to install due to missing default theme" +You might enjoy reading these, but they may not be good targets to fix. + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475737 475737] +in [http://packages.debian.org/lenny/otrs2 otrs2] +"otrs2 - makes files in /usr writable by non-root" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771] +in [http://packages.debian.org/lenny/wordpress wordpress] +"wordpress can be subject of delayed attacks via cookies" + +For this one, the actual flameware is off the bug report log. + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823] +in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org] +"longstanding DFSG violations in linux-2.6 package" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504747 504747] +in [http://packages.debian.org/lenny/gnu-fdisk gnu-fdisk] +"gnu-fdisk: wipes out MBR when used on GPT partitions" + + += Would have been fun = + +Entertaining to read but sadly already fixed. + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506961 506961] +in auctex +"auctex: reuses old logfile on emacsen upgrades, enabling symlink attack" + + += Examples to live up to = + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954 496954] +in [http://packages.debian.org/lenny/bind9 bind9] +"bind9: Fails to start due to SIGSEGV" +[[BR]]This bug sat unfixed for months. Then someone attacked it in a bug-squashing party, +got the first reproducible testcase, and sent that upstream, which swiftly produced a fix. + + += Puzzling = + +Someone please explain what's going on (Debian Project-wise) in these bugs. + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323473 323473] +in [http://packages.debian.org/lenny/wnpp wnpp] +"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux" +[[BR]](Note: The bug is for someone to take over maintainership. They did. Then when the bug gets automatically archived, they reply saying to keep it? I (price) don't understand.) -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748] -in [http://packages.debian.org/lenny/rtorrent rtorrent] -"crash rtorrent by scgi-interface (function: 'fi.get_filename_last')" -[[BR]]This is fixed in experimental, but in a newer, less-stable version; Someone might be able to backport the fix. = Specific hardware = @@ -58,34 +91,14 @@ in [http://packages.debian.org/lenny/installation-reports installation-reports] in [http://packages.debian.org/lenny/installation-reports installation-reports] "grub-installer fails on a FSC Primergy RX300 with a level 5 RAID" -= Examples = - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954 496954] -in [http://packages.debian.org/lenny/bind9 bind9] -"bind9: Fails to start due to SIGSEGV" -[[BR]]This bug sat unfixed for months. Then someone attacked it in a bug-squashing party, -got the first reproducible testcase, and sent that upstream, which swiftly produced a fix. - = May be a lot of work = -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456037 456037] -in [http://packages.debian.org/lenny/fenix fenix] -"fenix: not 64 bit clean" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490171 490171] in [http://packages.debian.org/lenny/rtorrent rtorrent] "rtorrent: random crash" [[BR]](Reproducing this seems to require runnin 20+ torrents for a ~day) -= Puzzling = - -Someone please explain what's going on (Debian Project-wise) in these bugs. - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323473 323473] -in [http://packages.debian.org/lenny/wnpp wnpp] -"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux" -[[BR]](Note: The bug is for someone to take over maintainership. They did. Then when the bug gets automatically archived, they reply saying to keep it? I (price) don't understand.) = Unclassified = @@ -169,10 +182,6 @@ in [http://packages.debian.org/lenny/libmad0 libmad0] in [http://packages.debian.org/lenny/sun-java5 sun-java5] "sun-java5: New upstream release fixes several security issues" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265] -in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source] -"sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508313 508313] in [http://packages.debian.org/lenny/xine-lib xine-lib] "xine-lib: CVE-2008-5234 heap overflow in atom parsing" @@ -226,10 +235,6 @@ soon. Do we need a DD to do an NMU on any of these? in [http://packages.debian.org/lenny/egroupware-core egroupware-core] "CVE-2007-3215: phpmailer issue (embedded code-copy)" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316] -in [http://packages.debian.org/lenny/smarty smarty] -"smarty: Non-free logo included in package" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508510 508510] in [http://packages.debian.org/lenny/debget debget] "Can't parse packages.debian.org output anymore" @@ -375,35 +380,9 @@ in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles] in [http://packages.debian.org/lenny/mailscanner mailscanner] "CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack" -= Flamewars = - -You might enjoy reading these, but they may not be good targets to fix. - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475737 475737] -in [http://packages.debian.org/lenny/otrs2 otrs2] -"otrs2 - makes files in /usr writable by non-root" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771] -in [http://packages.debian.org/lenny/wordpress wordpress] -"wordpress can be subject of delayed attacks via cookies" - -For this one, the actual flameware is off the bug report log. - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823] -in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org] -"longstanding DFSG violations in linux-2.6 package" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504747 504747] -in [http://packages.debian.org/lenny/gnu-fdisk gnu-fdisk] -"gnu-fdisk: wipes out MBR when used on GPT partitions" - -= Would have been fun = - -Entertaining to read but sadly already fixed. - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506961 506961] -in auctex -"auctex: reuses old logfile on emacsen upgrades, enabling symlink attack" +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316] +in [http://packages.debian.org/lenny/smarty smarty] +"smarty: Non-free logo included in package" = Special team bugs = @@ -476,6 +455,7 @@ in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org] [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497471 497471] in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org] + "sarge images have syslinux binaries without source" [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506977 506977] @@ -488,6 +468,8 @@ in [http://packages.debian.org/lenny/release.debian.org release.debian.org] This one is fixed in experimental: + + [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503907 503907] in [http://packages.debian.org/lenny/libwebkit-1.0-1 libwebkit-1.0-1] "epiphany-webkit: Crashes at startup whenever I go to a site." @@ -500,11 +482,21 @@ in [http://packages.debian.org/lenny/pam pam] "cannot unlock screen during etch -> lenny transition" (hartmans added comment) +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072] +in [http://packages.debian.org/lenny/dk-filter dk-filter] +"dk-filter reliably crashes upon connection from postfix" +[[BR]](quentin couldn't reproduce) + [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507883 507883] in [http://packages.debian.org/lenny/asterisk asterisk] "asterisk: Very frequent segfaults on startup" (quentin couldn't reproduce) +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456037 456037] +in [http://packages.debian.org/lenny/fenix fenix] +"fenix: not 64 bit clean"[[BR]] +(ezyang observed upstream's website looks ~dead) + = Fixed by SIPB! = [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436140 436140] in [http://packages.debian.org/lenny/installation-reports installation-reports] @@ -534,4 +526,28 @@ in [http://packages.debian.org/lenny/nvidia-glx nvidia-glx] [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502845 502845] in [http://packages.debian.org/lenny/open-iscsi open-iscsi] "open-iscsi: no login using amd64" -(quentin) \ No newline at end of file +(quentin reassigned; Bastian Blank then lowered priority) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265] +in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source] +"sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)" +(patch added by andersk) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506057 506057] +in [http://packages.debian.org/lenny/splashy splashy] +"splashy: Splashy fails to install due to missing default theme" +(fix suggestion added by ecprice with help from tabbott and fawkes) + + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748] +in [http://packages.debian.org/lenny/rtorrent rtorrent] +"crash rtorrent by scgi-interface (function: 'fi.get_filename_last')" +(submitted patch that disables broken RPC; leaving to maintainer to decide if this is what he wants to do) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465] +in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools] +"/init exports MODPROBE_OPTIONS=-qb" +[[BR]](patch added by price) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489501] in [http://packages.debian.org/lenny/zekr zekr] "zekr depends on libxul0d" +[[BR]](tweaked and sponsored fix by Asheesh Laroia)