[MIR] jansson

Given that this package parses JSON data and has had one security issue in the past year, it would probably benefit from a quick security review.

I reviewed jansson version 2.7-1ubuntu1 as checked into vivid. This should
not be considered a full security audit but rather a quick gauge of
maintainability.

- jansson provides a C api for working with json files
- Build-Depends: debhelper, dh-autoreconf
- Does not itself daemonize
- Does not itself run as a system user
- No pre/post inst/rm
- No initscripts
- No dbus services
- No setuid
- No binaries in *bin/
- No sudo fragments
- No udev rules
- No cronjobs
- Almost no tests run during build
- Clean build logs

- No subprocesses spawned
- Most memory management looks good, some potential for integer overflow
  exists
- File opening looks safe
- Logging looks safe
- Environment variables only used in test programs
- No privileged operations
- No cryptography
- Does not itself do networking
- No tmp file use
- Does not use WebKit
- Does not use JS
- Does not use PolicyKit
- Clean cppcheck

Here's a few small issues I found while reviewing the source in the hopes
someone finds them useful:

- loadfile() in test/bin/json_process.c does malloc(fsize+1), no checks
  that fsize+1 doesn't wrap-around
- multiple cases of malloc(size * sizeof(foo)); a calloc()-style function
  that checks for integer overflows ought to be used instead

Jansson looks like high-quality code with a friendly API for manipulating
JSON in C.

Security team ACK for promoting jansson to main.

Thanks

Packaging also looks fine, but needs a team bug subscriber.

Override component to main
jansson 2.7-1ubuntu1 in vivid: universe/libs -> main
libjansson-dbg 2.7-1ubuntu1 in vivid amd64: universe/debug/extra/100% -> main
libjansson-dbg 2.7-1ubuntu1 in vivid arm64: universe/debug/extra/100% -> main
libjansson-dbg 2.7-1ubuntu1 in vivid armhf: universe/debug/extra/100% -> main
libjansson-dbg 2.7-1ubuntu1 in vivid i386: universe/debug/extra/100% -> main
libjansson-dbg 2.7-1ubuntu1 in vivid powerpc: universe/debug/extra/100% -> main
libjansson-dbg 2.7-1ubuntu1 in vivid ppc64el: universe/debug/extra/100% -> main
libjansson-dev 2.7-1ubuntu1 in vivid amd64: universe/libdevel/optional/100% -> main
libjansson-dev 2.7-1ubuntu1 in vivid arm64: universe/libdevel/optional/100% -> main
libjansson-dev 2.7-1ubuntu1 in vivid armhf: universe/libdevel/optional/100% -> main
libjansson-dev 2.7-1ubuntu1 in vivid i386: universe/libdevel/optional/100% -> main
libjansson-dev 2.7-1ubuntu1 in vivid powerpc: universe/libdevel/optional/100% -> main
libjansson-dev 2.7-1ubuntu1 in vivid ppc64el: universe/libdevel/optional/100% -> main
libjansson-doc 2.7-1ubuntu1 in vivid amd64: universe/doc/optional/100% -> main
libjansson-doc 2.7-1ubuntu1 in vivid arm64: universe/doc/optional/100% -> main
libjansson-doc 2.7-1ubuntu1 in vivid armhf: universe/doc/optional/100% -> main
libjansson-doc 2.7-1ubuntu1 in vivid i386: universe/doc/optional/100% -> main
libjansson-doc 2.7-1ubuntu1 in vivid powerpc: universe/doc/optional/100% -> main
libjansson-doc 2.7-1ubuntu1 in vivid ppc64el: universe/doc/optional/100% -> main
libjansson4 2.7-1ubuntu1 in vivid amd64: universe/libs/optional/100% -> main
libjansson4 2.7-1ubuntu1 in vivid arm64: universe/libs/optional/100% -> main
libjansson4 2.7-1ubuntu1 in vivid armhf: universe/libs/optional/100% -> main
libjansson4 2.7-1ubuntu1 in vivid i386: universe/libs/optional/100% -> main
libjansson4 2.7-1ubuntu1 in vivid powerpc: universe/libs/optional/100% -> main
libjansson4 2.7-1ubuntu1 in vivid ppc64el: universe/libs/optional/100% -> main
25 publications overridden.