Bug#465478: Bug#465453: asterisk: illegal free(env_var) after putenv(env_var)

[Philipp Berndt]

On Tuesday 12 February 2008 20:12, you wrote:
> Hi,
> I'm not sure what you expect from this flood of bug reports.

Hello Faidon,

sorry that I found so many bugs in your package ;-)
I had to fix them because I needed a stable version. Later I reported them and 
shared my patches "in the hope that they would be useful".

> These are all against the version of asterisk present in the stable
> suite of Debian which means that no minor fixes are accepted -- only
> security fixes and severe bugs, such as data corruption.

Actucally I had thought that asterisk taking up all CPU time (#465460), 
accessing freed memory (#465453), memory leaks (#465455) and a broken build 
system (#465452, #465458) wouldn't be considered minor bugs that are not 
worth fixing...

> Moreover, these are all are upstream issues and I'm not sure what we can
> do about them.

Hmmm... I had just read the bug reporting guidelines 
http://www.debian.org/Bugs/Reporting where it says:
| Don't file bugs upstream
|
| If you file a bug in Debian, don't send a copy to the upstream software
| maintainers yourself, as it is possible that the bug exists only in Debian.
| If necessary, the maintainer of the package will forward the bug upstream.

In fact, I believe that some of the reported bugs only exist in your package 
(which is based on 1.2.13) and have long been fixed in upstream 1.2.26.
Thus reporting them to you seemed reasonable to me.

> Forwarding them to Digium is not an option for many 
> reasons: a) upstream needs a license disclaimer on all patches b) these
> are against asterisk 1.2 which is frozen for only security fixes.
>
> I'd suggest to:
> - Verify which of these apply to asterisk 1.4 (present in
>    unstable/testing).
> - Report back which of them apply so we can close the rest.
> - Open up a bug report against bugs.digium.com suggesting your fixes to
>    upstream (be careful not to report any bristuff issues!)
> - Then report back the URLs of the bugs on Digium's BTS.
>
> I may be requiring too much from you

I'm afraid you are, I wish I had more time though. If I were to test/debug 
Digium's current version to see whether the bugs still exist there, I could 
have used their version in the first place.
(In fact, what *is* the advantage of Debian asterisk_1.2.13~dfsg-2etch2 over 
Digium asterisk-1.2.26 ?)
Anyway, at least some of them do apply to asterisk 1.4, too, e.g. #465460.

> but your bugs are *code* bugs and you should approach upsteam with those.

Why, they are just *bug* reports. The fact that I happened to find and share 
some possible fixes shouldn't make a difference. The patches are meant as a 
suggestion, just an example of how the bugs could be fixed. Just ignore the 
patches if they bother you. ;-)

> I am keeping the bugs open for the moment even though I'm not too sure
> about it.

Not for me!

Best regards,
Philipp

>
> Thanks,
> Faidon

> severity 465452 minor
> tags + 465452 upstream
bristuff: xagi-test

> severity 465453 minor
> tags + 465453 upstream
putenv (was fixed upstream somewhere between 1.2.13 and 1.2.26)

> severity 465455 minor
> tags + 465455 upstream
bristuff: memleak

> severity 465460 minor
> tags + 465460 upstream
local_queue_frame_livelock (applies to 1.4 too)

> tags + 465458 upstream
SOLINK

> tags + 465468 upstream
tune_ast_softhangup_nolock

> tags + 465478 upstream
Not mine (and not an asterisk bug)