Ubuntu
electric-fence package

[MIR] electric-fence

Bug #1311984 reported by Scott Kitterman
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
electric-fence (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Electrice fence has no open bugs in Ubuntu and is subject to only very slow change, so it should not add maintenance work in Main.

    Availability: Available in Universe and built on all archs.

    Rationale:

The rationale for this MIR is as a build-dependency for clamav. It is a build-dep in Debian, but we drop it in Ubuntu. If we promoted electric-fence in Ubuntu we could run more tests and it would make it so the package could be sync'ed. Up to now, because of apparmor support, clamav had to be merged, but that's being incorporated into Debian, so if we could promote electric-fence it would reduce the overall maintenance workload in Ubuntu.

    Security:

Security history is good

    Quality assurance:

For use with clamav, usage is automatic. The package does document it's use well for it's target audience (developers).
It has no debconf questions
No Ubuntu bugs. Two minor Debian bugs (newest is from 2005). No expectation that maintenance work would be needed to support this package.
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=electric-fence
https://bugs.launchpad.net/ubuntu/+source/electric-fence
There is no "upstream" bug tracker as this is a Debian native package.
There is no UI.

    Dependencies:

        All build-dep and depends in Main.

    Standards compliance: No FHS issues. It's slightly unusual because it's a test library, not a normal shared lib, but it works as it is.

    Maintenance: No maintenance expected.

    Background information: Information in the package is clear

Security checks

    Check how many vulnerabilities the package had in the past and how they were handled by upstream and the Debian/Ubuntu package:

        http://cve.mitre.org/cve/cve.html: No entries.

        http://secunia.com/advisories/search/: No entries

        http://people.ubuntu.com/~ubuntu-security/cve/universe.html - No entries

    Check for security relevant binaries. If any are present, this requires a more in-depth security review.

No security relevant binaries.

Revision history for this message
Michael Terry (mterry) wrote :

- The source package comes with some odd build artifacts still in it. Like debian/*.debhelper.log, debian/substvars, and a broken libefence.so symlink in the toplevel. Not actual problems. But seems sloppy.

- There is a compile warning that seems problematic, in that it indicates the XSI version of strerror_r is being used, but the code is expecting the GNU one (see the man page for strerror_r):

page.c: In function 'stringErrorReport':
page.c:46:2: warning: return makes pointer from integer without a cast [enabled by default]
  return strerror_r(errno,(char *)err_message,128);
  ^

- Also needs a team bug subscriber for whichever team will look after this in Ubuntu.

- I like the tests being run on build! Besides the above comments, looks good.

Changed in electric-fence (Ubuntu):
status: New → Incomplete
Revision history for this message
Scott Kitterman (kitterman) wrote :

I've subscribe the Clamav Update Team to bugs for the package.

I agree there are some issues with the package, but I considered it better to stay in sync with Debian since the package works for its intended function (testing clamav) as is and no bugs have been filed about it in Ubuntu or Debian, so I think it's unlikely the issues are causing actual problems.

Changed in electric-fence (Ubuntu):
status: Incomplete → New
importance: Undecided → Wishlist
Revision history for this message
Michael Terry (mterry) wrote :

The bug will manifest as a lack of detailed error messages (because it will think strerror is returning NULL most of the time). But on the off-chance that 128 bytes isn't long enough for the error message, it means that electric-fence will try to print from a bogus address like 32 (errno value).

Because this package is only used for testing, I'm OK with the bug existing. But it is clearly a bug. I've filed bug 1313905 for follow-up.

In the meantime, approved.

Changed in electric-fence (Ubuntu):
status: New → Fix Committed
Revision history for this message
Scott Kitterman (kitterman) wrote :

Uploaded clamav with the build-dep added back in. Please promote.

Revision history for this message
Adam Conrad (adconrad) wrote :

Override component to main
electric-fence 2.2.4 in utopic: universe/devel -> main
electric-fence 2.2.4 in utopic amd64: universe/devel/extra/100% -> main
electric-fence 2.2.4 in utopic arm64: universe/devel/extra/100% -> main
electric-fence 2.2.4 in utopic armhf: universe/devel/extra/100% -> main
electric-fence 2.2.4 in utopic i386: universe/devel/extra/100% -> main
electric-fence 2.2.4 in utopic powerpc: universe/devel/extra/100% -> main
electric-fence 2.2.4 in utopic ppc64el: universe/devel/extra/100% -> main
Override [y|N]? y
7 publications overridden.

Changed in electric-fence (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.