Hi,
I have a quick review of the RC bugs in *key* packages that are unfixed
in unstable according to UDD. The following is a list of 32 of these
(out of about 180) with proposed verdicts/tagging to start a debate
about them.
There are 3 verdicts:
* can-defer (serious bug, but not a blocker - could be fixed in via pu
or a security upload)
- This implies a "stretch-ignore".
* will-remove (the *key* package will be removed unless the bug is
fixed)
* is-blocker (must be fixed for stretch - possibly via reverting)
Full-disclosure:
* all verdicts are based on the title of the bug and I am very open to
discussion about these
* the list is based on UDD's view[1]
* if your favourite bug is not listed here, please feel free to bring
it up (or wait for the next round of these lists) :)
The list:
> Bug Source Verdict Title
> 804272 akonadi can-defer fails to synchronize
> caldav to OpenXChange without notice
> 850874 ark can-defer ark: CVE-2017-5330:
> Unintended execution of scripts and executable files
> 827744 bzip2 can-defer bzip2: CVE-2016-3189:
> heap use after free in bzip2recover
> 834845 chicken can-defer chicken: CVE-2016-6830
> CVE-2016-6831
> 848976 courier-authlib will-remove Unsuitable to be part
> of stable release without proper maintainer
> 848977 courier-unicode will-remove Unsuitable to be part
> of stable release without proper maintainer
> 827297 deborphan can-defer deborphan: No support
> for versioned provides
> 851819 flashplugin-nonfree will-remove ERROR: wget failed to
> download http://people.debian.org/~bartm/...
> 814978 gcc-5 will-remove gcc-5: gnat paths are
> wrong due to ada-gcc-name.diff
> 848220 gcc-5 will-remove gcc-5 should not ship
> in stretch
> 835960 gcc-5-cross will-remove gcc-5-cross:
> non-standard gcc/g++ used for build (gcc-5)
> 835777 gcc-5-cross will-remove gcc-5-cross: FTBFS:
> patch fails to apply
> 835692 gcc-5-cross-ports will-remove gcc-5-cross-ports:
> FTBFS: patches fail to apply
> 835961 gcc-5-cross-ports will-remove gcc-5-cross-ports:
> non-standard gcc/g++ used for build (gcc-5)
> 852891 lintian is-blocker lintian: FTBFS: Test
> failures
> 850216 mariadb-10.1 is-blocker mysql-server-5.6:
> Listens on * by default after installation (related to use of alternatives)
> 805828 mysql-5.6 will-remove mysql-server-5.6:
> upgrade didn't work, package unusable, mysql does not start
> 798080 mysql-5.6 will-remove mysql-server-5.6:
> service stop hangs forever on systemd
> 804920 mysql-5.6 will-remove mysql-server-5.6: needs
> Conflicts: cqrlog (<< 1.9.0-5~)
> 837615 mysql-5.6 will-remove mysql-5.6: don't
> include in stretch
> 812812 mysql-5.6 will-remove MySQL client library
> should ship a symbols file, or at least not have a Lintian override to hide
> the problem
> 851770 php-gettext can-defer php-gettext:
> CVE-2015-8980
> 851771 php-gettext can-defer php-gettext:
> CVE-2016-6175
> 852163 python3.5 is-blocker python3.5-minimal wont
> configure
> 820381 rar will-remove rar crashes.
> 852883 systemd is-blocker systemd: FTBFS: Test
> failures
> 757083 sysvinit is-blocker initscripts: please
> treat /usr (if separate) the same as /
> 851446 sysvinit is-blocker mkdir: cannot create
> directory `/run/shm': File exists
> 852603 virglrenderer can-defer virglrenderer:
> CVE-2016-10163
> 852604 virglrenderer can-defer virglrenderer:
> CVE-2017-5580
> 845793 zlib is-blocker lib64z1-dev doesn't
> provide a shlibs file, causing package build failures
> 787956 zlib is-blocker lib32z1-dev: Compiling
> anything that includes <zlib.h> with -m32 fails
Thanks,
~Niels
[1]
https://udd.debian.org/bugs/?release=stretch_and_sid&merged=ign&keypackages=only&fnewerval=7&flastmodval=7&rc=1&ctags=1&cdeferred=1&sortby=id&sorto=asc&format=html#results
