Open RC Bugs in Lenny
These are bugs to consider at SIPB's RC-bug-squashing hackathon for Lenny.
Bug list dumped early 2008-12-12. The pipeline was
$ cd /mit/debathena/debian-bts && ./get_bugs | sort | ./bugs-format-trac
Please sort into useful/not useful, add notes, etc.
Juicy?
All acted on! See the "Stuff we did" sections below.
Stuff we did
Fixed by SIPB!
436140 in installation-reports "cdrom: Most of the system's files have a future timestamp causing at least update/config problems." (closed by wdaher)
476525 in python-hid "python-hid: hid module will not import since python policy transition" (tabbott)
507071 racoon "racoon - Fails after upgrade: symbol lookup error: /usr/sbin/racoon: undefined symbol: libipsec_opt" (fixed by broder)
507072 in ipsec-tools "libipsec0 packaged in ipsec-tools without development headers" (downgraded by hartmans)
504626 in nvidia-glx "[nvidia-glx] Quietly drops support for several chipsets" (downgraded by nelhage)
502845 in open-iscsi "open-iscsi: no login using amd64" (quentin reassigned; Bastian Blank then lowered priority)
508265 in sysprof-module-source "sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)" (patch added by andersk)
506057 in splashy "splashy: Splashy fails to install due to missing default theme" (fix suggestion added by ecprice with help from tabbott and fawkes)
506748 in rtorrent "crash rtorrent by scgi-interface (function: 'fi.get_filename_last')" (submitted patch that disables broken RPC; leaving to maintainer to decide if this is what he wants to do)
426465
in initramfs-tools
"/init exports MODPROBE_OPTIONS=-qb"
(patch added by price)
489501
in zekr
"zekr depends on libxul0d"
(mako tweaked and sponsored fix by Asheesh Laroia)
Waiting on feedback
502140 in pam "cannot unlock screen during etch -> lenny transition" (hartmans added comment)
481072
in dk-filter
"dk-filter reliably crashes upon connection from postfix"
(quentin couldn't reproduce)
507883 in asterisk "asterisk: Very frequent segfaults on startup" (quentin couldn't reproduce)
456037
in fenix
"fenix: not 64 bit clean"
(ezyang observed upstream's website looks ~dead)
Fun stuff to read
Flamewars
You might enjoy reading these, but they may not be good targets to fix.
475737 in otrs2 "otrs2 - makes files in /usr writable by non-root"
504771 in wordpress "wordpress can be subject of delayed attacks via cookies"
For this one, the actual flamewar is off the bug report log.
497823 in ftp.debian.org "longstanding DFSG violations in linux-2.6 package"
504747 in gnu-fdisk "gnu-fdisk: wipes out MBR when used on GPT partitions"
Would have been fun
Entertaining to read but sadly already fixed.
506961 in auctex "auctex: reuses old logfile on emacsen upgrades, enabling symlink attack"
Examples to live up to
496954
in bind9
"bind9: Fails to start due to SIGSEGV"
This bug sat unfixed for months. Then someone attacked it in a bug-squashing party,
got the first reproducible testcase, and sent that upstream, which swiftly produced a fix.
Puzzling
Someone please explain what's going on (Debian Project-wise) in these bugs.
323473
in wnpp
"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux"
(Note: The bug is for someone to take over maintainership. They did. Then when the bug gets automatically archived, they reply saying to keep it? I (price) don't understand.)
Not so ripe for us to fix
Specific hardware
If you have the relevant hardware you could help a lot.
394963 in installation-reports "installation: Problems with dual booting Dell D600 with winXP pro in the first partition (hd0, 0). After installing the Dell Etch Beta 3, Windows fails to boot and I get the blue screen of death."
418972 in installation-reports "cdrom: Etch does not detect CD-ROM on Acer Aspire 7100"
478717 in ruby1.9 "ruby1.9: FTBFS on hppa: make[1]: * [all] Segmentation fault"
499078 in jfsutils "jfsutils: Bus Error when running fsck.jfs on sparc"
501804 in installation-reports "installation-reports: Lenny b2 install on ThinkPad X61 - fails to detect hard disk"
495603 in installation-reports "grub-installer fails on a FSC Primergy RX300 with a level 5 RAID"
May be a lot of work
490171
in rtorrent
"rtorrent: random crash"
(Reproducing this seems to require runnin 20+ torrents for a ~day)
Unclassified
Please read these reports and figure out what category they belong in. Or make a new category.
504661 in nvidia-glx-legacy-96xx-dev "nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken"
504918 in network-manager "Updating to lenny failed when NetworkManager got updated"
Unclassified Security
505563 in icedove "Mozilla Thunderbird Multiple Vulnerabilities"
507165 in xine-lib "xine-lib: CVE-2008-5242 heap-based buffer overflow"
507184 in xine-lib "xine-lib: CVE-2008-5246 heap overflow"
504977 in ffmpeg-debian "ffmpeg-debian: Several security issues"
Fresh bugs
These are very recent and presumably will get dealt with by the package maintainers without help.
If you're bored you might look through and see if some are interesting anyway. Also feel free to draw the line at some other time; I (price) picked December 1, arbitrarily.
239111
in grub
"Freeze when installing GRUB on XFS boot partition"
(Note: just re-opened 2008-12-12)
507558 in hibernate "ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen)"
507579 in yocto-reader "Package installation results in license violation"
507706 in cdimage.debian.org "Missing sources for d-i components/kernel of etch-n-half images"
507721 in cryptsetup "cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it"
507818 in mldonkey-server "mldonkey-server: mlnet does not start, logs syntax error in downloads.ini"
507865 in openoffice.org-writer "openoffice.org-writer: OOo 2.4.x openinig OOo 3 files doesn't show text (2.x implements standard wrong)"
507889 in mdadm "mdadm: initramfs-tools script is broken, system with root on RAID won't boot"
507996 in uim-tcode "mazegaki conversion cannot be used"
508133 in libmad0 "audacity: munmap_chunk(): invalid pointer: 0x00000000026f4eb0"
508194 in sun-java5 "sun-java5: New upstream release fixes several security issues"
508313 in xine-lib "xine-lib: CVE-2008-5234 heap overflow in atom parsing"
508322 in wodim "wodim: Cannot load media. Cannot init drive."
508324 in ftp.debian.org "ftp.debian.org: gcc-4.2-base is not really required"
508434 in ipmitool "ipmitool: Several init script problems due to wrong pidfile name"
508443 in imagemagick "convert crash on sparc during compilation of djvulibre (work on x86-64)"
508480 in iodbc "iodbc: Segfaults when asking for the available DSNs"
508392 in dpkg "Handling of conflicting conffiles broken"
508565 in f2c "f2c: does not translate properly in EMT64 machines"
508551 in merkaartor "merkaartor: crash on startup: QPaintEngine::setSystemClip: Should not be change
508589 in linux-2.6 "ppp: USB Modem removal after PPP exits kills keyboard"
508660 in autopkgtest-xenlvm "adtxenlvm: initscript assumes eth0"
Mostly solved?
These look like good progress is being made and they'll get fixed soon. Do we need a DD to do an NMU on any of these?
504283 in egroupware-core "CVE-2007-3215: phpmailer issue (embedded code-copy)"
508510 in debget "Can't parse packages.debian.org output anymore"
332782 in release-notes "release-notes: Where's the license?"
475958
in release-notes
"document procedure to recover from "/dev/hda became /dev/sda" boot failure"
(Note: looks done, just not closed.)
506883 in tuxguitar "tuxguitar: hard-codes dependencies on libraries"
495178 in libjs-jquery "libjs-jquery: Should compile jquery.min.js and jquery.pack.js from jquery.js"
507059
in initramfs-tools
"initramfs-tools: Wrong check for udevadm in functions"
(No maintainer activity since it was reported 2 weeks ago; One-line patch attached.)
496334
in mdadm
"mdadm segfault on --assemble --force with raid10"
Seems to be fixed and uploaded, but got reopened for some reason?
374644 in xine-ui
"xine-ui: ctrl/shift key press emulation implementation broken"
(Note: There's a patch that may be good enough -- blocking on some guy responding)
505237 in snmpd "/etc/init.d/snmpd start reports error if already running" (Note: fixed, waiting on an upload?)
508257 in twiki "CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution"
508026 in phppgadmin "phpPgAdmin: Local File Inclusion Vulnerability"
501800 in bind9 "bind9: bind crashes with a list for allow-update"
503532 in dbus "send_requested_reply="true" allows all non-reply messages"
506741 in wireshark "wireshark: DoS caused by sending a SMTP request with large content"
503303 in upgrade-reports "etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop"
504524 in sun-java6 "AWT_TOOLKIT=MToolkit causes java to segfault on amd64"
503712 in ghostscript "etch->lenny upgrade left the system in broken state"
508635 in libexif-gtk-dev "libexif-gtk-dev: References no longer existing libXcursor.la"
500460 in oss-compat "oss-compat: modules are not loaded"
Not much of use one can do
(waiting on reporter to reproduce)
494293 in installation-reports "installation-reports: Grub error: not a regular file..."
(this one looks like it'll be removed from Lenny or have amd64 disabled)
507021 in helpdeco "Fails to work on amd64"
(this one looks the maintainer has labeled unreproducible)
507242 in amule-daemon "amule-daemon: causes OOM's by leaking lots of memory"
(waiting on upstream)
506652 in xml2rfc "Yet another boilerplate change"
490999 in libqt3-mt "kicker: crashes on startup"
507947 in moodle "moodle: html2text.php is not DFSG-free"
495232 in quagga "quagga: zebra ignores routes added via command line"
(misc)
508091 in tuxguitar "maintainer address bounces"
(trivial fix may cause regression, may punt)
507003 in open-iscsi "initiatorname.iscsi should maybe not be in /etc"
(legal issue involving non-free file)
502751 in clamav-getfiles "clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
506353 in mailscanner "CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack"
507316 in smarty "smarty: Non-free logo included in package"
Special team bugs
These bugs are probably not good targets because the work involved with them at this point is to be done by someone on a special Debian team.
451628 in ftp.debian.org "Packages might enter the archive from security without source"
506152 in ftp.debian.org "libept0 should have priority important"
507675 in ftp.debian.org "python2.5 should have priority standard"
507678 in ftp.debian.org "libsqlite3-0 should have priority standard"
507775 in ftp.debian.org "libkeyutils1 should have priority standard"
507778 in ftp.debian.org "libldap-2.4-2 should have priority standard"
507779 in ftp.debian.org "[Priorities] libustr-1.0-1 -> standard"
507780 in ftp.debian.org "python-sepolgen should have priority standard"
507783 in ftp.debian.org "libxml2 should have priority standard"
507784 in ftp.debian.org "python2.5-minimal should have priority standard"
507796 in ftp.debian.org "libisccfg40 should have priority standard"
507797 in ftp.debian.org "libisccc40 should have priority standard"
507798 in ftp.debian.org "libedit2 should have priority standard"
507799 in ftp.debian.org "libgssglue1 must have priority standard"
507800 in ftp.debian.org "ucf must have priority standard"
507801 in ftp.debian.org "libpci3 must have priority standard"
"sarge images have syslinux binaries without source"
506977 in release.debian.org "FPC: copyright infringement in pre 2.2.2 sources"
507239 in release.debian.org "RM: astrolog/stable -- RoQA; orphaned long time, non-free, contains potentially undistributable code"
This one is fixed in experimental:
503907 in libwebkit-1.0-1 "epiphany-webkit: Crashes at startup whenever I go to a site."