LennyBugs{,All} -> lenny-bugs{,-all}.mdwn
authorGreg Price <price@mit.edu>
Mon, 21 Sep 2009 01:53:52 +0000 (21:53 -0400)
committerGreg Price <price@mit.edu>
Mon, 21 Sep 2009 01:53:52 +0000 (21:53 -0400)
doc/LennyBugs [deleted file]
doc/LennyBugsAll [deleted file]
doc/lenny-bugs-all.mdwn [new file with mode: 0644]
doc/lenny-bugs.mdwn [new file with mode: 0644]

diff --git a/doc/LennyBugs b/doc/LennyBugs
deleted file mode 100644 (file)
index 803b7f4..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-= SIPB Bug-Squashing Hackathon for Lenny =
-
-SIPB is running a '''bug-squashing hackathon''' for release-critical bugs in Debian Lenny.
-
-Place: '''W20-557''', the SIPB office[[BR]]
-Date: '''Saturday''', 2008-12-13, between end-of-classes and finals week[[BR]]
-Time: starting '''2 PM''', running to about 10 PM; come for any portion
-
-Contact the SIPB Chair, Greg Price (`price@mit.edu`), or Vice-Chair, Nelson Elhage (`nelhage@mit.edu`), with any questions.  During the hackathon just call the office at (617) 253-7788.
-
-
-== FAQ ==
-
-'''Q''': What's Lenny?[[BR]]
-'''A''': Lenny is the '''upcoming next stable release''' of Debian GNU/Linux.  It was scheduled for September 2008 but has slipped to spring 2009.  The last release was Etch in spring 2007, so Debian users are eagerly awaiting a new release.
-
-'''Q''': What's a release-critical bug?[[BR]]
-'''A''': A '''release-critical (RC) bug''' is a Debian bug of any of the highest levels of severity.  RC bugs break a program completely, break some users' systems, or do similarly bad things.  At last count there were 109 bugs (below) affecting Lenny.  ('''Update''': After the hackathon it's 105, with more fixes in the pipeline.  Excellent.)  Every one of those bugs has to be dealt with one way or another before Lenny will release.
-
-'''Q''': How is this list of bugs different from [http://bugs.debian.org/release-critical/other/testing.html]?[[BR]]
-'''A''': The list on `bugs.debian.org` includes bugs which have been fixed, but haven't passed a requisite waiting period before being introduced into Lenny. Our list is only bugs for which there is no fix.
-
-'''Q''': I use '''Ubuntu'''.  Why do I care about Debian releases?[[BR]]
-'''A''': Because Lenny is in the final, "freeze", stage of the cycle, many Debian contributors are holding off new versions of the software they maintain in order to focus on stabilizing and bugfixing Lenny.  Since Ubuntu depends on Debian for >90% of its packaging work, that means less new software for Ubuntu until Lenny releases.
-
-'''Q''': I have '''no experience hacking on Debian'''.[[BR]]
-'''A''': No problem, we have three Debian Developers pledged to attend, plus Debian-packaging experts from SIPB's Debathena and XVM projects.  They'll all be focussed on helping newer people find a good bug, make progress and stay unstuck on solving it, and get the fixes applied in Debian.  Just come ready to help with the skills you have; you'll be sure to learn something.
-
-'''Q''': I don't have a lot of programming experience.[[BR]]
-'''A''': No problem, '''not every bug requires programming''' to fix.  Some bugs concern documentation or copyright issues, and anyone willing to track stuff down and write in English precisely can help.  You'll still get experience with the issues software in the real world has to deal with, and probably read some code along the way.
-
-== Useful Resources ==
-
-[http://www.debian.org/doc/debian-policy/ Debian Policy Manual]: There will be people at the hackathon to help you with the packaging and policy aspects of updating Debian packages, but the Debian Policy Manual is a good reference.
-
-[http://www.us.debian.org/doc/maint-guide/ Debian New Maintainers' Guide]: Where the Policy Manual is a fairly declarative document, this is more of a tutorial on how to build packages that comply with Debian policy
-
-[http://debathena.mit.edu/packaging/ tabbott's Packaging Tutorial]: A summary of building Debian packages with CDBS, Tim's tutorial also includes a long list of useful commands for any sort of 
-package development, as well as a list of useful sites
-
-[http://stuff.mit.edu/iap/2009/#debian SIPB IAP class on Debian]: A workshop where you can learn more about Debian packaging (the easy way!  some of the packages you may have dealt with go through unnecessary complexity), with lots of hands-on examples.
-
-== Useful Packages ==
-
-The following Debian packages are useful for doing Debian development: `build-essential cdbs debhelper wdiff devscripts dh-make dpatch dpkg-awk dpkg-dev equivs fakeroot lintian quilt`
-
-If you're an emacs user, you may also want: `debian-el devscripts-el dpkg-dev-el`
-
-== The Bugs ==
-
-See LennyBugsAll for a complete list.  Attack one of the bugs that look good, or read through the unclassified ones to find the good ones.
diff --git a/doc/LennyBugsAll b/doc/LennyBugsAll
deleted file mode 100644 (file)
index 5cdc680..0000000
+++ /dev/null
@@ -1,571 +0,0 @@
-= Open RC Bugs in Lenny =
-
-These are bugs to consider at SIPB's [LennyBugs RC-bug-squashing hackathon] for Lenny.
-
-Bug list dumped early 2008-12-12.  The pipeline was
- `$ cd /mit/debathena/debian-bts && ./get_bugs | sort | ./bugs-format-trac`
-
-Please sort into useful/not useful, add notes, etc.
-
-----
-
-= Juicy? =
-
-All acted on!  See the "Stuff we did" sections below.
-
-
-
-----
-
-= Stuff we did =
-
-== Fixed by SIPB! ==
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436140 436140]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"cdrom: Most of the system's files have a future timestamp causing at least update/config problems."
-(closed by wdaher)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476525 476525] 
-in [http://packages.debian.org/lenny/python-hid python-hid] 
-"python-hid: hid module will not import since python policy transition" 
-(tabbott)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507071 507071] 
-[http://packages.debian.org/lenny/racoon racoon] 
-"racoon - Fails after upgrade: symbol lookup error: /usr/sbin/racoon: undefined symbol: libipsec_opt" 
-(fixed by broder)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507072 507072] 
-in [http://packages.debian.org/lenny/ipsec-tools ipsec-tools] 
-"libipsec0 packaged in ipsec-tools without development headers" 
-(downgraded by hartmans)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504626 504626] 
-in [http://packages.debian.org/lenny/nvidia-glx nvidia-glx] 
-"[nvidia-glx] Quietly drops support for several chipsets" 
-(downgraded by nelhage)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502845 502845]
-in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
-"open-iscsi: no login using amd64"
-(quentin reassigned; Bastian Blank then lowered priority)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265]
-in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source]
-"sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)"
-(patch added by andersk)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506057 506057]
-in [http://packages.debian.org/lenny/splashy splashy]
-"splashy: Splashy fails to install due to missing default theme"
-(fix suggestion added by ecprice with help from tabbott and fawkes)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748]
-in [http://packages.debian.org/lenny/rtorrent rtorrent]
-"crash rtorrent by scgi-interface (function: 'fi.get_filename_last')"
-(submitted patch that disables broken RPC; leaving to maintainer to decide if this is what he wants to do)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465]
-in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools]
-"/init exports MODPROBE_OPTIONS=-qb"
-[[BR]](patch added by price)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489501 489501]
-in [http://packages.debian.org/lenny/zekr zekr]
-"zekr depends on libxul0d"
-[[BR]](mako tweaked and sponsored fix by Asheesh Laroia)
-
-== Waiting on feedback ==
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502140 502140]
-in [http://packages.debian.org/lenny/pam pam]
-"cannot unlock screen during etch -> lenny transition"
-(hartmans added comment)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072]
-in [http://packages.debian.org/lenny/dk-filter dk-filter]
-"dk-filter reliably crashes upon connection from postfix"
-[[BR]](quentin couldn't reproduce)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507883 507883]
-in [http://packages.debian.org/lenny/asterisk asterisk]
-"asterisk: Very frequent segfaults on startup"
-(quentin couldn't reproduce)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456037 456037]
-in [http://packages.debian.org/lenny/fenix fenix]
-"fenix: not 64 bit clean"[[BR]]
-(ezyang observed upstream's website looks ~dead)
-
-
-
-
-----
-
-= Fun stuff to read =
-
-== Flamewars ==
-
-You might enjoy reading these, but they may not be good targets to fix.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475737 475737]
-in [http://packages.debian.org/lenny/otrs2 otrs2]
-"otrs2 - makes files in /usr writable by non-root"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
-in [http://packages.debian.org/lenny/wordpress wordpress]
-"wordpress can be subject of delayed attacks via cookies"
-
-For this one, the actual flameware is off the bug report log.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"longstanding DFSG violations in linux-2.6 package"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504747 504747]
-in [http://packages.debian.org/lenny/gnu-fdisk gnu-fdisk]
-"gnu-fdisk: wipes out MBR when used on GPT partitions"
-
-
-== Would have been fun ==
-
-Entertaining to read but sadly already fixed.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506961 506961]
-in auctex
-"auctex: reuses old logfile on emacsen upgrades, enabling symlink attack"
-
-
-== Examples to live up to ==
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954 496954]
-in [http://packages.debian.org/lenny/bind9 bind9]
-"bind9: Fails to start due to SIGSEGV"
-[[BR]]This bug sat unfixed for months.  Then someone attacked it in a bug-squashing party,
-got the first reproducible testcase, and sent that upstream, which swiftly produced a fix.
-
-
-== Puzzling ==
-
-Someone please explain what's going on (Debian Project-wise) in these bugs.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323473 323473]
-in [http://packages.debian.org/lenny/wnpp wnpp]
-"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux"
-[[BR]](Note: The bug is for someone to take over maintainership.  They did.  Then when the bug gets automatically archived, they reply saying to keep it?  I (price) don't understand.)
-
-
-
-
-----
-
-= Not so ripe for us to fix =
-
-== Specific hardware ==
-
-If you have the relevant hardware you could help a lot.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394963 394963]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"installation: Problems with dual booting Dell D600 with winXP pro in the first partition (hd0, 0). After installing the Dell Etch Beta 3, Windows fails to boot and I get the blue screen of death."
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418972 418972]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"cdrom: Etch does not detect CD-ROM on Acer Aspire 7100"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478717 478717]
-in [http://packages.debian.org/lenny/ruby1.9 ruby1.9]
-"ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499078 499078]
-in [http://packages.debian.org/lenny/jfsutils jfsutils]
-"jfsutils: Bus Error when running fsck.jfs on sparc"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501804 501804]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"installation-reports: Lenny b2 install on ThinkPad X61 - fails to detect hard disk"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495603 495603]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"grub-installer fails on a FSC Primergy RX300 with a level 5 RAID"
-
-
-== May be a lot of work ==
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490171 490171]
-in [http://packages.debian.org/lenny/rtorrent rtorrent]
-"rtorrent: random crash"
-[[BR]](Reproducing this seems to require runnin 20+ torrents for a ~day)
-
-
-== Unclassified ==
-
-Please read these reports and figure out what category they belong in.  Or make a new category.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504661 504661]
-in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legacy-96xx-dev]
-"nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504918 504918]
-in [http://packages.debian.org/lenny/network-manager network-manager]
-"Updating to lenny failed when NetworkManager got updated"
-
-== Unclassified Security ==
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
-in [http://packages.debian.org/lenny/icedove icedove]
-"Mozilla Thunderbird Multiple Vulnerabilities"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507165 507165]
-in [http://packages.debian.org/lenny/xine-lib xine-lib]
-"xine-lib: CVE-2008-5242 heap-based buffer overflow"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507184 507184]
-in [http://packages.debian.org/lenny/xine-lib xine-lib]
-"xine-lib: CVE-2008-5246 heap overflow"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504977 504977]
-in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
-"ffmpeg-debian: Several security issues"
-
-== Fresh bugs ==
-
-These are very recent and presumably will get dealt with by the package maintainers without help.
-
-If you're bored you might look through and see if some are interesting anyway.  Also feel free to draw the line at some other time; I (price) picked December 1, arbitrarily.
-
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=239111 239111]
-in [http://packages.debian.org/lenny/grub grub]
-"Freeze when installing GRUB on XFS boot partition"
-[[BR]](Note: just re-opened 2008-12-12)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507558 507558]
-in [http://packages.debian.org/lenny/hibernate hibernate]
-"ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen)"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507579 507579]
-in [http://packages.debian.org/lenny/yocto-reader yocto-reader]
-"Package installation results in license violation"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507706 507706]
-in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]
-"Missing sources for d-i components/kernel of etch-n-half images"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507721 507721]
-in [http://packages.debian.org/lenny/cryptsetup cryptsetup]
-"cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507818 507818]
-in [http://packages.debian.org/lenny/mldonkey-server mldonkey-server]
-"mldonkey-server: mlnet does not start, logs syntax error in downloads.ini"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507865 507865]
-in [http://packages.debian.org/lenny/openoffice.org-writer openoffice.org-writer]
-"openoffice.org-writer: OOo 2.4.x openinig OOo 3 files doesn't show text (2.x implements standard wrong)"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507889 507889]
-in [http://packages.debian.org/lenny/mdadm mdadm]
-"mdadm: initramfs-tools script is broken, system with root on RAID won't boot"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507996 507996]
-in [http://packages.debian.org/lenny/uim-tcode uim-tcode]
-"mazegaki conversion cannot be used"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133 508133]
-in [http://packages.debian.org/lenny/libmad0 libmad0]
-"audacity: munmap_chunk(): invalid pointer: 0x00000000026f4eb0"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508194 508194]
-in [http://packages.debian.org/lenny/sun-java5 sun-java5]
-"sun-java5: New upstream release fixes several security issues"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508313 508313]
-in [http://packages.debian.org/lenny/xine-lib xine-lib]
-"xine-lib: CVE-2008-5234 heap overflow in atom parsing"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508322 508322]
-in [http://packages.debian.org/lenny/wodim wodim]
-"wodim: Cannot load media.  Cannot init drive."
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508324 508324]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"ftp.debian.org: gcc-4.2-base is not really required"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508434 508434]
-in [http://packages.debian.org/lenny/ipmitool ipmitool]
-"ipmitool: Several init script problems due to wrong pidfile name"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508443 508443]
-in [http://packages.debian.org/lenny/imagemagick imagemagick]
-"convert crash on sparc during compilation of djvulibre (work on x86-64)"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508480 508480]
-in [http://packages.debian.org/lenny/iodbc iodbc]
-"iodbc: Segfaults when asking for the available DSNs"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508392 508392]
-in [http://packages.debian.org/lenny/dpkg dpkg]
-"Handling of conflicting conffiles broken"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508565 508565]
-in [http://packages.debian.org/lenny/f2c f2c]
-"f2c: does not translate properly in EMT64 machines"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508551 508551]
-in [http://packages.debian.org/lenny/merkaartor merkaartor]
-"merkaartor: crash on startup: QPaintEngine::setSystemClip: Should not be change
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508589 508589]
-in [http://packages.debian.org/lenny/linux-2.6 linux-2.6]
-"ppp: USB Modem removal after PPP exits kills keyboard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508660 508660]
-in [http://packages.debian.org/lenny/autopkgtest-xenlvm autopkgtest-xenlvm]
-"adtxenlvm: initscript assumes eth0"
-
-== Mostly solved? ==
-
-These look like good progress is being made and they'll get fixed
-soon. Do we need a DD to do an NMU on any of these?
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283]
-in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
-"CVE-2007-3215: phpmailer issue (embedded code-copy)"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508510 508510]
-in [http://packages.debian.org/lenny/debget debget]
-"Can't parse packages.debian.org output anymore"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332782 332782]
-in [http://packages.debian.org/lenny/release-notes release-notes]
-"release-notes: Where's the license?"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475958 475958]
-in [http://packages.debian.org/lenny/release-notes release-notes]
-"document procedure to recover from "/dev/hda became /dev/sda" boot failure"
-[[BR]](Note: looks done, just not closed.)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506883 506883]
-in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
-"tuxguitar: hard-codes dependencies on libraries"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495178 495178]
-in [http://packages.debian.org/lenny/libjs-jquery libjs-jquery]
-"libjs-jquery: Should compile jquery.min.js and jquery.pack.js from jquery.js"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507059 507059]
-in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools]
-"initramfs-tools: Wrong check for udevadm in functions"
-[[BR]](No maintainer activity since it was reported 2 weeks ago; One-line patch attached.)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496334 496334]
-in [http://packages.debian.org/lenny/mdadm mdadm]
-"mdadm segfault on --assemble --force with raid10"
-[[BR]]Seems to be fixed and uploaded, but got reopened for some reason?
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374644 374644] in [http://packages.debian.org/lenny/xine-ui xine-ui]
-"xine-ui: ctrl/shift key press emulation implementation broken"
-[[BR]](Note: There's a patch that may be good enough -- blocking on some guy responding)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505237 505237]
-in [http://packages.debian.org/lenny/snmpd snmpd]
-"/etc/init.d/snmpd start reports error if already running"
-(Note: fixed, waiting on an upload?)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257 508257]
-in [http://packages.debian.org/lenny/twiki twiki]
-"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 508026]
-in [http://packages.debian.org/lenny/phppgadmin phppgadmin]
-"phpPgAdmin: Local File Inclusion Vulnerability"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800 501800]
-in [http://packages.debian.org/lenny/bind9 bind9]
-"bind9: bind crashes with a list for allow-update"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 503532]
-in [http://packages.debian.org/lenny/dbus dbus]
-"send_requested_reply="true" allows all non-reply messages"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741]
-in [http://packages.debian.org/lenny/wireshark wireshark]
-"wireshark: DoS caused by sending a SMTP request with large content"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503303 503303]
-in [http://packages.debian.org/lenny/upgrade-reports upgrade-reports]
-"etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504524 504524]
-in [http://packages.debian.org/lenny/sun-java6 sun-java6]
-"AWT_TOOLKIT=MToolkit causes java to segfault on amd64"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503712 503712]
-in [http://packages.debian.org/lenny/ghostscript ghostscript]
-"etch->lenny upgrade left the system in broken state"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508635 508635]
-in [http://packages.debian.org/lenny/libexif-gtk-dev libexif-gtk-dev]
-"libexif-gtk-dev: References no longer existing libXcursor.la"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500460 500460]
-in [http://packages.debian.org/lenny/oss-compat oss-compat]
-"oss-compat: modules are not loaded"
-
-
-== Not much of use one can do ==
-
-(waiting on reporter to reproduce)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494293 494293]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"installation-reports: Grub error: not a regular file..."
-
-(this one looks like it'll be removed from Lenny or have amd64 disabled)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507021 507021]
-in [http://packages.debian.org/lenny/helpdeco helpdeco]
-"Fails to work on amd64"
-
-(this one looks the maintainer has labeled unreproducible)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507242 507242]
-in [http://packages.debian.org/lenny/amule-daemon amule-daemon]
-"amule-daemon: causes OOM's by leaking lots of memory"
-
-(waiting on upstream)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506652 506652]
-in [http://packages.debian.org/lenny/xml2rfc xml2rfc]
-"Yet another boilerplate change"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490999 490999]
-in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt]
-"kicker: crashes on startup"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947 507947]
-in [http://packages.debian.org/lenny/moodle moodle]
-"moodle: html2text.php is not DFSG-free"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495232 495232]
-in [http://packages.debian.org/lenny/quagga quagga]
-"quagga: zebra ignores routes added via command line"
-
-(misc)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091]
-in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
-"maintainer address bounces"
-
-(trivial fix may cause regression, may punt)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003]
-in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
-"initiatorname.iscsi should maybe not be in /etc"
-
-(legal issue involving non-free file)
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751]
-in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles]
-"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 506353]
-in [http://packages.debian.org/lenny/mailscanner mailscanner]
-"CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316]
-in [http://packages.debian.org/lenny/smarty smarty]
-"smarty: Non-free logo included in package"
-
-
-== Special team bugs ==
-
-These bugs are probably not good targets because the work involved with them at this point is to be done by someone on a special Debian team.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451628 451628]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"Packages might enter the archive from security without source"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506152 506152]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libept0 should have priority important"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507675 507675]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"python2.5 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507678 507678]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libsqlite3-0 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507775 507775]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libkeyutils1 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507778 507778]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libldap-2.4-2 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507779 507779]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"[Priorities] libustr-1.0-1 -> standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507780 507780]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"python-sepolgen should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507783 507783]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libxml2 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507784 507784]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"python2.5-minimal should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507796 507796]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libisccfg40 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507797 507797]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libisccc40 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507798 507798]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libedit2 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507799 507799]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libgssglue1 must have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507800 507800]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"ucf must have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507801 507801]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libpci3 must have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497471 497471]
-in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]
-
-"sarge images have syslinux binaries without source"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506977 506977]
-in [http://packages.debian.org/lenny/release.debian.org release.debian.org]
-"FPC: copyright infringement in pre 2.2.2 sources"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507239 507239]
-in [http://packages.debian.org/lenny/release.debian.org release.debian.org]
-"RM: astrolog/stable -- RoQA; orphaned long time, non-free, contains potentially undistributable code"
-
-This one is fixed in experimental:
-
-
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503907 503907]
-in [http://packages.debian.org/lenny/libwebkit-1.0-1 libwebkit-1.0-1]
-"epiphany-webkit: Crashes at startup whenever I go to a site."
-
-
diff --git a/doc/lenny-bugs-all.mdwn b/doc/lenny-bugs-all.mdwn
new file mode 100644 (file)
index 0000000..beec178
--- /dev/null
@@ -0,0 +1,572 @@
+[[!meta title="Open RC Bugs in Lenny"]]
+
+These are bugs to consider at SIPB's [[RC-bug-squashing hackathon|lenny-bugs]] for Lenny.
+
+Bug list dumped early 2008-12-12.  The pipeline was
+ `$ cd /mit/debathena/debian-bts && ./get_bugs | sort | ./bugs-format-trac`
+
+Please sort into useful/not useful, add notes, etc.
+
+----
+
+# Juicy?
+
+All acted on!  See the "Stuff we did" sections below.
+
+
+
+----
+
+# Stuff we did
+
+## Fixed by SIPB!
+[436140](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436140)
+in [installation-reports](http://packages.debian.org/lenny/installation-reports)
+"cdrom: Most of the system's files have a future timestamp causing at least update/config problems."
+(closed by wdaher)
+
+[476525](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476525) 
+in [python-hid](http://packages.debian.org/lenny/python-hid) 
+"python-hid: hid module will not import since python policy transition" 
+(tabbott)
+
+[507071](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507071) 
+[racoon](http://packages.debian.org/lenny/racoon) 
+"racoon - Fails after upgrade: symbol lookup error: /usr/sbin/racoon: undefined symbol: libipsec_opt" 
+(fixed by broder)
+
+[507072](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507072) 
+in [ipsec-tools](http://packages.debian.org/lenny/ipsec-tools) 
+"libipsec0 packaged in ipsec-tools without development headers" 
+(downgraded by hartmans)
+
+[504626](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504626) 
+in [nvidia-glx](http://packages.debian.org/lenny/nvidia-glx) 
+"[nvidia-glx] Quietly drops support for several chipsets" 
+(downgraded by nelhage)
+
+[502845](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502845)
+in [open-iscsi](http://packages.debian.org/lenny/open-iscsi)
+"open-iscsi: no login using amd64"
+(quentin reassigned; Bastian Blank then lowered priority)
+
+[508265](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265)
+in [sysprof-module-source](http://packages.debian.org/lenny/sysprof-module-source)
+"sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)"
+(patch added by andersk)
+
+[506057](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506057)
+in [splashy](http://packages.debian.org/lenny/splashy)
+"splashy: Splashy fails to install due to missing default theme"
+(fix suggestion added by ecprice with help from tabbott and fawkes)
+
+[506748](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748)
+in [rtorrent](http://packages.debian.org/lenny/rtorrent)
+"crash rtorrent by scgi-interface (function: 'fi.get_filename_last')"
+(submitted patch that disables broken RPC; leaving to maintainer to decide if this is what he wants to do)
+
+[426465](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465)
+in [initramfs-tools](http://packages.debian.org/lenny/initramfs-tools)
+"/init exports MODPROBE_OPTIONS=-qb"  
+(patch added by price)
+
+[489501](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489501)
+in [zekr](http://packages.debian.org/lenny/zekr)
+"zekr depends on libxul0d"  
+(mako tweaked and sponsored fix by Asheesh Laroia)
+
+## Waiting on feedback
+
+[502140](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502140)
+in [pam](http://packages.debian.org/lenny/pam)
+"cannot unlock screen during etch -> lenny transition"
+(hartmans added comment)
+
+[481072](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072)
+in [dk-filter](http://packages.debian.org/lenny/dk-filter)
+"dk-filter reliably crashes upon connection from postfix"  
+(quentin couldn't reproduce)
+
+[507883](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507883)
+in [asterisk](http://packages.debian.org/lenny/asterisk)
+"asterisk: Very frequent segfaults on startup"
+(quentin couldn't reproduce)
+
+[456037](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456037)
+in [fenix](http://packages.debian.org/lenny/fenix)
+"fenix: not 64 bit clean"  
+(ezyang observed upstream's website looks ~dead)
+
+
+
+
+----
+
+# Fun stuff to read
+
+## Flamewars
+
+You might enjoy reading these, but they may not be good targets to fix.
+
+[475737](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475737)
+in [otrs2](http://packages.debian.org/lenny/otrs2)
+"otrs2 - makes files in /usr writable by non-root"
+
+[504771](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771)
+in [wordpress](http://packages.debian.org/lenny/wordpress)
+"wordpress can be subject of delayed attacks via cookies"
+
+For this one, the actual flamewar is off the bug report log.
+
+[497823](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"longstanding DFSG violations in linux-2.6 package"
+
+[504747](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504747)
+in [gnu-fdisk](http://packages.debian.org/lenny/gnu-fdisk)
+"gnu-fdisk: wipes out MBR when used on GPT partitions"
+
+
+## Would have been fun
+
+Entertaining to read but sadly already fixed.
+
+[506961](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506961)
+in auctex
+"auctex: reuses old logfile on emacsen upgrades, enabling symlink attack"
+
+
+## Examples to live up to
+
+[496954](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954)
+in [bind9](http://packages.debian.org/lenny/bind9)
+"bind9: Fails to start due to SIGSEGV"  
+This bug sat unfixed for months.  Then someone attacked it in a bug-squashing party,
+got the first reproducible testcase, and sent that upstream, which swiftly produced a fix.
+
+
+## Puzzling
+
+Someone please explain what's going on (Debian Project-wise) in these bugs.
+
+[323473](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323473)
+in [wnpp](http://packages.debian.org/lenny/wnpp)
+"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux"  
+(Note: The bug is for someone to take over maintainership.  They did.  Then when the bug gets automatically archived, they reply saying to keep it?  I (price) don't understand.)
+
+
+
+
+----
+
+# Not so ripe for us to fix
+
+## Specific hardware
+
+If you have the relevant hardware you could help a lot.
+
+[394963](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394963)
+in [installation-reports](http://packages.debian.org/lenny/installation-reports)
+"installation: Problems with dual booting Dell D600 with winXP pro in the first partition (hd0, 0). After installing the Dell Etch Beta 3, Windows fails to boot and I get the blue screen of death."
+
+[418972](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418972)
+in [installation-reports](http://packages.debian.org/lenny/installation-reports)
+"cdrom: Etch does not detect CD-ROM on Acer Aspire 7100"
+
+[478717](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478717)
+in [ruby1.9](http://packages.debian.org/lenny/ruby1.9)
+"ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault"
+
+[499078](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499078)
+in [jfsutils](http://packages.debian.org/lenny/jfsutils)
+"jfsutils: Bus Error when running fsck.jfs on sparc"
+
+[501804](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501804)
+in [installation-reports](http://packages.debian.org/lenny/installation-reports)
+"installation-reports: Lenny b2 install on ThinkPad X61 - fails to detect hard disk"
+
+[495603](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495603)
+in [installation-reports](http://packages.debian.org/lenny/installation-reports)
+"grub-installer fails on a FSC Primergy RX300 with a level 5 RAID"
+
+
+## May be a lot of work
+
+[490171](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490171)
+in [rtorrent](http://packages.debian.org/lenny/rtorrent)
+"rtorrent: random crash"  
+(Reproducing this seems to require runnin 20+ torrents for a ~day)
+
+
+## Unclassified
+
+Please read these reports and figure out what category they belong in.  Or make a new category.
+
+[504661](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504661)
+in [nvidia-glx-legacy-96xx-dev](http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev)
+"nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken"
+
+[504918](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504918)
+in [network-manager](http://packages.debian.org/lenny/network-manager)
+"Updating to lenny failed when NetworkManager got updated"
+
+## Unclassified Security
+
+[505563](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563)
+in [icedove](http://packages.debian.org/lenny/icedove)
+"Mozilla Thunderbird Multiple Vulnerabilities"
+
+[507165](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507165)
+in [xine-lib](http://packages.debian.org/lenny/xine-lib)
+"xine-lib: CVE-2008-5242 heap-based buffer overflow"
+
+[507184](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507184)
+in [xine-lib](http://packages.debian.org/lenny/xine-lib)
+"xine-lib: CVE-2008-5246 heap overflow"
+
+[504977](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504977)
+in [ffmpeg-debian](http://packages.debian.org/lenny/ffmpeg-debian)
+"ffmpeg-debian: Several security issues"
+
+## Fresh bugs
+
+These are very recent and presumably will get dealt with by the
+package maintainers without help.
+
+If you're bored you might look through and see if some are interesting
+anyway.  Also feel free to draw the line at some other time; I (price)
+picked December 1, arbitrarily.
+
+
+[239111](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=239111)
+in [grub](http://packages.debian.org/lenny/grub)
+"Freeze when installing GRUB on XFS boot partition"  
+(Note: just re-opened 2008-12-12)
+
+[507558](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507558)
+in [hibernate](http://packages.debian.org/lenny/hibernate)
+"ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen)"
+
+[507579](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507579)
+in [yocto-reader](http://packages.debian.org/lenny/yocto-reader)
+"Package installation results in license violation"
+
+[507706](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507706)
+in [cdimage.debian.org](http://packages.debian.org/lenny/cdimage.debian.org)
+"Missing sources for d-i components/kernel of etch-n-half images"
+
+[507721](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507721)
+in [cryptsetup](http://packages.debian.org/lenny/cryptsetup)
+"cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it"
+
+[507818](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507818)
+in [mldonkey-server](http://packages.debian.org/lenny/mldonkey-server)
+"mldonkey-server: mlnet does not start, logs syntax error in downloads.ini"
+
+[507865](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507865)
+in [openoffice.org-writer](http://packages.debian.org/lenny/openoffice.org-writer)
+"openoffice.org-writer: OOo 2.4.x openinig OOo 3 files doesn't show text (2.x implements standard wrong)"
+
+[507889](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507889)
+in [mdadm](http://packages.debian.org/lenny/mdadm)
+"mdadm: initramfs-tools script is broken, system with root on RAID won't boot"
+
+[507996](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507996)
+in [uim-tcode](http://packages.debian.org/lenny/uim-tcode)
+"mazegaki conversion cannot be used"
+
+[508133](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133)
+in [libmad0](http://packages.debian.org/lenny/libmad0)
+"audacity: munmap_chunk(): invalid pointer: 0x00000000026f4eb0"
+
+[508194](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508194)
+in [sun-java5](http://packages.debian.org/lenny/sun-java5)
+"sun-java5: New upstream release fixes several security issues"
+
+[508313](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508313)
+in [xine-lib](http://packages.debian.org/lenny/xine-lib)
+"xine-lib: CVE-2008-5234 heap overflow in atom parsing"
+
+[508322](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508322)
+in [wodim](http://packages.debian.org/lenny/wodim)
+"wodim: Cannot load media.  Cannot init drive."
+
+[508324](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508324)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"ftp.debian.org: gcc-4.2-base is not really required"
+
+[508434](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508434)
+in [ipmitool](http://packages.debian.org/lenny/ipmitool)
+"ipmitool: Several init script problems due to wrong pidfile name"
+
+[508443](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508443)
+in [imagemagick](http://packages.debian.org/lenny/imagemagick)
+"convert crash on sparc during compilation of djvulibre (work on x86-64)"
+
+[508480](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508480)
+in [iodbc](http://packages.debian.org/lenny/iodbc)
+"iodbc: Segfaults when asking for the available DSNs"
+
+[508392](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508392)
+in [dpkg](http://packages.debian.org/lenny/dpkg)
+"Handling of conflicting conffiles broken"
+
+[508565](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508565)
+in [f2c](http://packages.debian.org/lenny/f2c)
+"f2c: does not translate properly in EMT64 machines"
+
+[508551](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508551)
+in [merkaartor](http://packages.debian.org/lenny/merkaartor)
+"merkaartor: crash on startup: QPaintEngine::setSystemClip: Should not be change
+
+[508589](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508589)
+in [linux-2.6](http://packages.debian.org/lenny/linux-2.6)
+"ppp: USB Modem removal after PPP exits kills keyboard"
+
+[508660](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508660)
+in [autopkgtest-xenlvm](http://packages.debian.org/lenny/autopkgtest-xenlvm)
+"adtxenlvm: initscript assumes eth0"
+
+## Mostly solved?
+
+These look like good progress is being made and they'll get fixed
+soon. Do we need a DD to do an NMU on any of these?
+
+[504283](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283)
+in [egroupware-core](http://packages.debian.org/lenny/egroupware-core)
+"CVE-2007-3215: phpmailer issue (embedded code-copy)"
+
+[508510](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508510)
+in [debget](http://packages.debian.org/lenny/debget)
+"Can't parse packages.debian.org output anymore"
+
+[332782](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332782)
+in [release-notes](http://packages.debian.org/lenny/release-notes)
+"release-notes: Where's the license?"
+
+[475958](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475958)
+in [release-notes](http://packages.debian.org/lenny/release-notes)
+"document procedure to recover from "/dev/hda became /dev/sda" boot failure"  
+(Note: looks done, just not closed.)
+
+[506883](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506883)
+in [tuxguitar](http://packages.debian.org/lenny/tuxguitar)
+"tuxguitar: hard-codes dependencies on libraries"
+
+[495178](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495178)
+in [libjs-jquery](http://packages.debian.org/lenny/libjs-jquery)
+"libjs-jquery: Should compile jquery.min.js and jquery.pack.js from jquery.js"
+
+[507059](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507059)
+in [initramfs-tools](http://packages.debian.org/lenny/initramfs-tools)
+"initramfs-tools: Wrong check for udevadm in functions"  
+(No maintainer activity since it was reported 2 weeks ago; One-line patch attached.)
+
+[496334](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496334)
+in [mdadm](http://packages.debian.org/lenny/mdadm)
+"mdadm segfault on --assemble --force with raid10"  
+Seems to be fixed and uploaded, but got reopened for some reason?
+
+[374644](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374644) in [xine-ui](http://packages.debian.org/lenny/xine-ui)
+"xine-ui: ctrl/shift key press emulation implementation broken"  
+(Note: There's a patch that may be good enough -- blocking on some guy responding)
+
+[505237](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505237)
+in [snmpd](http://packages.debian.org/lenny/snmpd)
+"/etc/init.d/snmpd start reports error if already running"
+(Note: fixed, waiting on an upload?)
+
+[508257](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257)
+in [twiki](http://packages.debian.org/lenny/twiki)
+"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution"
+
+[508026](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026)
+in [phppgadmin](http://packages.debian.org/lenny/phppgadmin)
+"phpPgAdmin: Local File Inclusion Vulnerability"
+
+[501800](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800)
+in [bind9](http://packages.debian.org/lenny/bind9)
+"bind9: bind crashes with a list for allow-update"
+
+[503532](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532)
+in [dbus](http://packages.debian.org/lenny/dbus)
+"send_requested_reply="true" allows all non-reply messages"
+
+[506741](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741)
+in [wireshark](http://packages.debian.org/lenny/wireshark)
+"wireshark: DoS caused by sending a SMTP request with large content"
+
+[503303](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503303)
+in [upgrade-reports](http://packages.debian.org/lenny/upgrade-reports)
+"etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop"
+
+[504524](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504524)
+in [sun-java6](http://packages.debian.org/lenny/sun-java6)
+"AWT_TOOLKIT=MToolkit causes java to segfault on amd64"
+
+[503712](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503712)
+in [ghostscript](http://packages.debian.org/lenny/ghostscript)
+"etch->lenny upgrade left the system in broken state"
+
+[508635](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508635)
+in [libexif-gtk-dev](http://packages.debian.org/lenny/libexif-gtk-dev)
+"libexif-gtk-dev: References no longer existing libXcursor.la"
+
+[500460](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500460)
+in [oss-compat](http://packages.debian.org/lenny/oss-compat)
+"oss-compat: modules are not loaded"
+
+
+## Not much of use one can do
+
+(waiting on reporter to reproduce)
+
+[494293](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494293)
+in [installation-reports](http://packages.debian.org/lenny/installation-reports)
+"installation-reports: Grub error: not a regular file..."
+
+(this one looks like it'll be removed from Lenny or have amd64 disabled)
+
+[507021](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507021)
+in [helpdeco](http://packages.debian.org/lenny/helpdeco)
+"Fails to work on amd64"
+
+(this one looks the maintainer has labeled unreproducible)
+
+[507242](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507242)
+in [amule-daemon](http://packages.debian.org/lenny/amule-daemon)
+"amule-daemon: causes OOM's by leaking lots of memory"
+
+(waiting on upstream)
+
+[506652](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506652)
+in [xml2rfc](http://packages.debian.org/lenny/xml2rfc)
+"Yet another boilerplate change"
+
+[490999](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490999)
+in [libqt3-mt](http://packages.debian.org/lenny/libqt3-mt)
+"kicker: crashes on startup"
+
+[507947](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947)
+in [moodle](http://packages.debian.org/lenny/moodle)
+"moodle: html2text.php is not DFSG-free"
+
+[495232](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495232)
+in [quagga](http://packages.debian.org/lenny/quagga)
+"quagga: zebra ignores routes added via command line"
+
+(misc)
+
+[508091](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091)
+in [tuxguitar](http://packages.debian.org/lenny/tuxguitar)
+"maintainer address bounces"
+
+(trivial fix may cause regression, may punt)
+
+[507003](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003)
+in [open-iscsi](http://packages.debian.org/lenny/open-iscsi)
+"initiatorname.iscsi should maybe not be in /etc"
+
+(legal issue involving non-free file)
+
+[502751](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751)
+in [clamav-getfiles](http://packages.debian.org/lenny/clamav-getfiles)
+"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
+
+[506353](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353)
+in [mailscanner](http://packages.debian.org/lenny/mailscanner)
+"CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack"
+
+[507316](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316)
+in [smarty](http://packages.debian.org/lenny/smarty)
+"smarty: Non-free logo included in package"
+
+
+## Special team bugs
+
+These bugs are probably not good targets because the work involved with them at this point is to be done by someone on a special Debian team.
+
+[451628](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451628)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"Packages might enter the archive from security without source"
+
+[506152](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506152)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libept0 should have priority important"
+
+[507675](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507675)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"python2.5 should have priority standard"
+
+[507678](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507678)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libsqlite3-0 should have priority standard"
+
+[507775](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507775)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libkeyutils1 should have priority standard"
+
+[507778](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507778)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libldap-2.4-2 should have priority standard"
+
+[507779](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507779)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"[Priorities] libustr-1.0-1 -> standard"
+
+[507780](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507780)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"python-sepolgen should have priority standard"
+
+[507783](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507783)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libxml2 should have priority standard"
+
+[507784](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507784)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"python2.5-minimal should have priority standard"
+
+[507796](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507796)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libisccfg40 should have priority standard"
+
+[507797](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507797)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libisccc40 should have priority standard"
+
+[507798](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507798)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libedit2 should have priority standard"
+
+[507799](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507799)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libgssglue1 must have priority standard"
+
+[507800](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507800)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"ucf must have priority standard"
+
+[507801](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507801)
+in [ftp.debian.org](http://packages.debian.org/lenny/ftp.debian.org)
+"libpci3 must have priority standard"
+
+[497471](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497471)
+in [cdimage.debian.org](http://packages.debian.org/lenny/cdimage.debian.org)
+
+"sarge images have syslinux binaries without source"
+
+[506977](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506977)
+in [release.debian.org](http://packages.debian.org/lenny/release.debian.org)
+"FPC: copyright infringement in pre 2.2.2 sources"
+
+[507239](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507239)
+in [release.debian.org](http://packages.debian.org/lenny/release.debian.org)
+"RM: astrolog/stable -- RoQA; orphaned long time, non-free, contains potentially undistributable code"
+
+This one is fixed in experimental:
+
+
+
+[503907](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503907)
+in [libwebkit-1.0-1](http://packages.debian.org/lenny/libwebkit-1.0-1)
+"epiphany-webkit: Crashes at startup whenever I go to a site."
diff --git a/doc/lenny-bugs.mdwn b/doc/lenny-bugs.mdwn
new file mode 100644 (file)
index 0000000..0401a82
--- /dev/null
@@ -0,0 +1,96 @@
+[[!meta title="SIPB Bug-Squashing Hackathon for Lenny"]]
+
+SIPB is running a **bug-squashing hackathon** for release-critical
+bugs in Debian Lenny.
+
+Place: **W20-557**, the SIPB office  
+Date: **Saturday**, 2008-12-13, between end-of-classes and finals week  
+Time: starting **2 PM**, running to about 10 PM; come for any portion
+
+Contact the SIPB Chair, Greg Price (`price@mit.edu`), or Vice-Chair,
+Nelson Elhage (`nelhage@mit.edu`), with any questions.  During the
+hackathon just call the office at (617) 253-7788.
+
+
+## FAQ
+
+**Q**: What's Lenny?  
+**A**: Lenny is the **upcoming next stable release** of Debian
+GNU/Linux.  It was scheduled for September 2008 but has slipped to
+spring 2009.  The last release was Etch in spring 2007, so Debian
+users are eagerly awaiting a new release.
+
+**Q**: What's a release-critical bug?  
+**A**: A **release-critical (RC) bug** is a Debian bug of any of
+the highest levels of severity.  RC bugs break a program completely,
+break some users' systems, or do similarly bad things.  At last count
+there were 109 bugs (below) affecting Lenny.  (**Update**: After the
+hackathon it's 105, with more fixes in the pipeline.  Excellent.)
+Every one of those bugs has to be dealt with one way or another before
+Lenny will release.
+
+**Q**: How is this list of bugs different from
+[http://bugs.debian.org/release-critical/other/testing.html]?  
+**A**: The list on `bugs.debian.org` includes bugs which have been
+fixed, but haven't passed a requisite waiting period before being
+introduced into Lenny. Our list is only bugs for which there is no
+fix.
+
+**Q**: I use **Ubuntu**.  Why do I care about Debian releases?  
+**A**: Because Lenny is in the final, "freeze", stage of the cycle,
+many Debian contributors are holding off new versions of the software
+they maintain in order to focus on stabilizing and bugfixing Lenny.
+Since Ubuntu depends on Debian for >90% of its packaging work, that
+means less new software for Ubuntu until Lenny releases.
+
+**Q**: I have **no experience hacking on Debian**.  
+**A**: No problem, we have three Debian Developers pledged to
+attend, plus Debian-packaging experts from SIPB's Debathena and XVM
+projects.  They'll all be focussed on helping newer people find a good
+bug, make progress and stay unstuck on solving it, and get the fixes
+applied in Debian.  Just come ready to help with the skills you have;
+you'll be sure to learn something.
+
+**Q**: I don't have a lot of programming experience.  
+**A**: No problem, **not every bug requires programming** to fix.
+Some bugs concern documentation or copyright issues, and anyone
+willing to track stuff down and write in English precisely can help.
+You'll still get experience with the issues software in the real world
+has to deal with, and probably read some code along the way.
+
+## Useful Resources
+
+[Debian Policy Manual](http://www.debian.org/doc/debian-policy/): There
+will be people at the hackathon to help you with the packaging and
+policy aspects of updating Debian packages, but the Debian Policy
+Manual is a good reference.
+
+[Debian New Maintainers'
+Guide](http://www.us.debian.org/doc/maint-guide/): Where the Policy Manual is a fairly declarative document, this
+is more of a tutorial on how to build packages that comply with Debian
+policy
+
+[tabbott's Packaging Tutorial](http://debathena.mit.edu/packaging/): A
+summary of building Debian packages with CDBS, Tim's tutorial also
+includes a long list of useful commands for any sort of package
+development, as well as a list of useful sites
+
+[SIPB IAP class on Debian](http://stuff.mit.edu/iap/2009/#debian): A
+workshop where you can learn more about Debian packaging (the easy
+way!  some of the packages you may have dealt with go through
+unnecessary complexity), with lots of hands-on examples.
+
+## Useful Packages
+
+The following Debian packages are useful for doing Debian development:
+`build-essential cdbs debhelper wdiff devscripts dh-make dpatch
+dpkg-awk dpkg-dev equivs fakeroot lintian quilt`
+
+If you're an emacs user, you may also want: `debian-el devscripts-el
+dpkg-dev-el`
+
+## The Bugs
+
+See LennyBugsAll for a complete list.  Attack one of the bugs that
+look good, or read through the unclassified ones to find the good
+ones.