[MIR] cron pulls in b-d's from universe

Bug #878155 reported by Matthias Klose on 2011-10-19
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
audit (Ubuntu)
Undecided
Unassigned
cron (Ubuntu)
Undecided
Unassigned
libev (Ubuntu)
Undecided
Unassigned
libprelude (Ubuntu)
Undecided
Unassigned

Bug Description

cron
  audit
    libprelude
    libev

Related branches

Steve Langasek (vorlon) wrote :

This brings us in line with the Debian cron package, which links against libaudit. I was surprised to see that libaudit wasn't already in main.

No major bugs on the package in Debian or in Ubuntu.

One secunia advisory for the package, from 2008.
  http://secunia.com/advisories/29617/

The auditd binary package runs a privileged daemon that talks to other local processes to provide an auditing service.

Steve Langasek (vorlon) wrote :

I was puzzled by audit's build-dependency on libev, because there's no binary dep. It turns out audit bundles its own copy of libev, and statically links against it.

If libev is to be linked against dynamically, we need to move it to /lib (currently in /usr/lib). If static linking is ok in this case, we can drop the libev-dev build-dependency.

If this is all too ugly, we can drop the libaudit build-dep from cron.

On 10/20/2011 01:23 AM, Steve Langasek wrote:
> This brings us in line with the Debian cron package, which links against
> libaudit. I was surprised to see that libaudit wasn't already in main.

FYI: by default, cron does not link against libaudit. Support for
libaudit is an optional feature that has to be requested at build time.

Jamie Strandboge (jdstrand) wrote :

The security team is interested in audit in main as well, but as it is now, we don't want it. auditd runs with a lot of privileges and can talk over the network. We will be discussing auditd as part of https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all

Steve Langasek (vorlon) wrote :

> The security team is interested in audit in main as well, but as it is now,
> we don't want it.

Ok, thanks - will drop the build-dependency from cron.

Changed in audit (Ubuntu):
status: New → Won't Fix
Changed in libev (Ubuntu):
status: New → Won't Fix
Changed in libprelude (Ubuntu):
status: New → Won't Fix
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cron - 3.0pl1-120ubuntu2

---------------
cron (3.0pl1-120ubuntu2) precise; urgency=low

  * Drop build-dependency on libaudit, not in main and the security team
    doesn't want it there. LP: #878155.
 -- Steve Langasek <email address hidden> Thu, 20 Oct 2011 07:57:06 -0700

Changed in cron (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers