X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/blobdiff_plain/b8689af49613595b0ead5af167cd5877cbc2c0c4..5a98cbbd638684fe24415f24eee4a2259c7cb1bd:/doc/LennyBugsAll diff --git a/doc/LennyBugsAll b/doc/LennyBugsAll index 0f17c6e..1ec0ff1 100644 --- a/doc/LennyBugsAll +++ b/doc/LennyBugsAll @@ -11,20 +11,11 @@ Please sort into useful/not useful, add notes, etc. Try these! -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374644 374644] in [http://packages.debian.org/lenny/xine-ui xine-ui] -"xine-ui: ctrl/shift key press emulation implementation broken" -[[BR]](Note: have patch but it's broken. Test? Find a fix?) - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465] in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools] "/init exports MODPROBE_OPTIONS=-qb" [[BR]](Note: real bug report is near bottom.) -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476525 476525] -in [http://packages.debian.org/lenny/python-hid python-hid] -"python-hid: hid module will not import since python policy transition" -[[BR]](Note: have patch, looks messy, looks like not-too-hard bug to fix well.) - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072] in [http://packages.debian.org/lenny/dk-filter dk-filter] "dk-filter reliably crashes upon connection from postfix" @@ -34,15 +25,10 @@ in [http://packages.debian.org/lenny/dk-filter dk-filter] in [http://packages.debian.org/lenny/splashy splashy] "splashy: Splashy fails to install due to missing default theme" -These ones are only about 2 weeks old: - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507071 507071] -in [http://packages.debian.org/lenny/racoon racoon] -"racoon - Fails after upgrade: symbol lookup error: /usr/sbin/racoon: undefined symbol: libipsec_opt" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507072 507072] -in [http://packages.debian.org/lenny/ipsec-tools ipsec-tools] -"libipsec0 packaged in ipsec-tools without development headers" +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748] +in [http://packages.debian.org/lenny/rtorrent rtorrent] +"crash rtorrent by scgi-interface (function: 'fi.get_filename_last')" +[[BR]]This is fixed in experimental, but in a newer, less-stable version; Someone might be able to backport the fix. = Specific hardware = @@ -68,6 +54,10 @@ in [http://packages.debian.org/lenny/jfsutils jfsutils] in [http://packages.debian.org/lenny/installation-reports installation-reports] "installation-reports: Lenny b2 install on ThinkPad X61 - fails to detect hard disk" +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495603 495603] +in [http://packages.debian.org/lenny/installation-reports installation-reports] +"grub-installer fails on a FSC Primergy RX300 with a level 5 RAID" + = Examples = [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954 496954] @@ -97,6 +87,11 @@ in [http://packages.debian.org/lenny/wnpp wnpp] "ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux" [[BR]](Note: The bug is for someone to take over maintainership. They did. Then when the bug gets automatically archived, they reply saying to keep it? I (price) don't understand.) += Vaguely tedious = + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502140 502140] +in [http://packages.debian.org/lenny/pam pam] +"cannot unlock screen during etch -> lenny transition" = Unclassified = @@ -106,10 +101,6 @@ Please read these reports and figure out what category they belong in. Or make in [http://packages.debian.org/lenny/installation-reports installation-reports] "cdrom: Most of the system's files have a future timestamp causing at least update/config problems." -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490999 490999] -in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt] -"kicker: crashes on startup" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494293 494293] in [http://packages.debian.org/lenny/installation-reports installation-reports] "installation-reports: Grub error: not a regular file..." @@ -118,46 +109,14 @@ in [http://packages.debian.org/lenny/installation-reports installation-reports] in [http://packages.debian.org/lenny/quagga quagga] "quagga: zebra ignores routes added via command line" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495603 495603] -in [http://packages.debian.org/lenny/installation-reports installation-reports] -"grub-installer fails on a FSC Primergy RX300 with a level 5 RAID" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500460 500460] in [http://packages.debian.org/lenny/oss-compat oss-compat] "oss-compat: modules are not loaded" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800 501800] -in [http://packages.debian.org/lenny/bind9 bind9] -"bind9: bind crashes with a list for allow-update" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502140 502140] -in [http://packages.debian.org/lenny/pam pam] -"cannot unlock screen during etch -> lenny transition" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751] -in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles] -"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503303 503303] -in [http://packages.debian.org/lenny/upgrade-reports upgrade-reports] -"etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 503532] -in [http://packages.debian.org/lenny/dbus dbus] -"send_requested_reply="true" allows all non-reply messages" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503712 503712] in [http://packages.debian.org/lenny/ghostscript ghostscript] "etch->lenny upgrade left the system in broken state" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504524 504524] -in [http://packages.debian.org/lenny/sun-java6 sun-java6] -"AWT_TOOLKIT=MToolkit causes java to segfault on amd64" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504626 504626] -in [http://packages.debian.org/lenny/nvidia-glx nvidia-glx] -"[nvidia-glx] Quietly drops support for several chipsets" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504661 504661] in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legacy-96xx-dev] "nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken" @@ -166,22 +125,6 @@ in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legac in [http://packages.debian.org/lenny/network-manager network-manager] "Updating to lenny failed when NetworkManager got updated" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505237 505237] -in [http://packages.debian.org/lenny/snmpd snmpd] -"/etc/init.d/snmpd start reports error if already running" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748] -in [http://packages.debian.org/lenny/rtorrent rtorrent] -"crash rtorrent by scgi-interface (function: 'fi.get_filename_last')" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506853 506853] -in [http://packages.debian.org/lenny/libgnutls26 libgnutls26] -"libgnutls26: 2.4.2-3 breaks OpenLDAP access" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003] -in [http://packages.debian.org/lenny/open-iscsi open-iscsi] -"initiatorname.iscsi should maybe not be in /etc" - = Unclassified Security = [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563] @@ -200,22 +143,10 @@ in [http://packages.debian.org/lenny/xine-lib xine-lib] in [http://packages.debian.org/lenny/xine-lib xine-lib] "xine-lib: CVE-2008-5246 heap overflow" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741] -in [http://packages.debian.org/lenny/wireshark wireshark] -"wireshark: DoS caused by sending a SMTP request with large content" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504977 504977] in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian] "ffmpeg-debian: Several security issues" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771] -in [http://packages.debian.org/lenny/wordpress wordpress] -"wordpress can be subject of delayed attacks via cookies" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283] -in [http://packages.debian.org/lenny/egroupware-core egroupware-core] -"CVE-2007-3215: phpmailer issue (embedded code-copy)" - = Fresh bugs = These are very recent and presumably will get dealt with by the package maintainers without help. @@ -260,22 +191,10 @@ in [http://packages.debian.org/lenny/asterisk asterisk] in [http://packages.debian.org/lenny/mdadm mdadm] "mdadm: initramfs-tools script is broken, system with root on RAID won't boot" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947 507947] -in [http://packages.debian.org/lenny/moodle moodle] -"moodle: html2text.php is not DFSG-free" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507996 507996] in [http://packages.debian.org/lenny/uim-tcode uim-tcode] "mazegaki conversion cannot be used" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 508026] -in [http://packages.debian.org/lenny/phppgadmin phppgadmin] -"phpPgAdmin: Local File Inclusion Vulnerability" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091] -in [http://packages.debian.org/lenny/tuxguitar tuxguitar] -"maintainer address bounces" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508124 508124] in [http://packages.debian.org/lenny/python-m2crypto python-m2crypto] "Yum crashes when setting-up a CentOS chroot OS" @@ -288,10 +207,6 @@ in [http://packages.debian.org/lenny/libmad0 libmad0] in [http://packages.debian.org/lenny/sun-java5 sun-java5] "sun-java5: New upstream release fixes several security issues" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257 508257] -in [http://packages.debian.org/lenny/twiki twiki] -"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265] in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source] "sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)" @@ -353,6 +268,10 @@ in [http://packages.debian.org/lenny/libexif-gtk-dev libexif-gtk-dev] These look like good progress is being made and they'll get fixed soon. Do we need a DD to do an NMU on any of these? +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283] +in [http://packages.debian.org/lenny/egroupware-core egroupware-core] +"CVE-2007-3215: phpmailer issue (embedded code-copy)" + [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316] in [http://packages.debian.org/lenny/smarty smarty] "smarty: Non-free logo included in package" @@ -384,6 +303,43 @@ in [http://packages.debian.org/lenny/mdadm mdadm] "mdadm segfault on --assemble --force with raid10" [[BR]]Seems to be fixed and uploaded, but got reopened for some reason? +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374644 374644] in [http://packages.debian.org/lenny/xine-ui xine-ui] +"xine-ui: ctrl/shift key press emulation implementation broken" +[[BR]](Note: There's a patch that may be good enough -- blocking on some guy responding) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505237 505237] +in [http://packages.debian.org/lenny/snmpd snmpd] +"/etc/init.d/snmpd start reports error if already running" +(Note: fixed, waiting on an upload?) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257 508257] +in [http://packages.debian.org/lenny/twiki twiki] +"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 508026] +in [http://packages.debian.org/lenny/phppgadmin phppgadmin] +"phpPgAdmin: Local File Inclusion Vulnerability" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800 501800] +in [http://packages.debian.org/lenny/bind9 bind9] +"bind9: bind crashes with a list for allow-update" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 503532] +in [http://packages.debian.org/lenny/dbus dbus] +"send_requested_reply="true" allows all non-reply messages" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741] +in [http://packages.debian.org/lenny/wireshark wireshark] +"wireshark: DoS caused by sending a SMTP request with large content" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503303 503303] +in [http://packages.debian.org/lenny/upgrade-reports upgrade-reports] +"etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504524 504524] +in [http://packages.debian.org/lenny/sun-java6 sun-java6] +"AWT_TOOLKIT=MToolkit causes java to segfault on amd64" + = Not much of use one can do = (this one looks like it'll be removed from Lenny or have amd64 disabled) @@ -404,6 +360,32 @@ in [http://packages.debian.org/lenny/amule-daemon amule-daemon] in [http://packages.debian.org/lenny/xml2rfc xml2rfc] "Yet another boilerplate change" +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490999 490999] +in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt] +"kicker: crashes on startup" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947 507947] +in [http://packages.debian.org/lenny/moodle moodle] +"moodle: html2text.php is not DFSG-free" + +(misc) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091] +in [http://packages.debian.org/lenny/tuxguitar tuxguitar] +"maintainer address bounces" + +(trivial fix may cause regression, may punt) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003] +in [http://packages.debian.org/lenny/open-iscsi open-iscsi] +"initiatorname.iscsi should maybe not be in /etc" + +(legal issue involving non-free file) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751] +in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles] +"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading" + = Flamewars = You might enjoy reading these, but they may not be good targets to fix. @@ -412,6 +394,10 @@ You might enjoy reading these, but they may not be good targets to fix. in [http://packages.debian.org/lenny/otrs2 otrs2] "otrs2 - makes files in /usr writable by non-root" +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771] +in [http://packages.debian.org/lenny/wordpress wordpress] +"wordpress can be subject of delayed attacks via cookies" + For this one, the actual flameware is off the bug report log. [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]