[MIR] libbluray

libbluray is missing a bug subscriber.

desktop-packages has been subscribed to it now

the package ftbfs. see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893227

libbluray (1:1.0.2-3) unstable; urgency=medium

  * debian/: Force building with Java 8 and also required Java 8 JRE during
    runtime. Upstream currently neither supports building nor running with
    Java 9 and requires major changes.

and we don't have openjdk-8 in main anymore ...

Matthias, thanks for you comment. My originally request is specifically that we *not* include the Java packages in main to keep things simple. So that issue shouldn't affect us since openjdk-8 is still in universe so is ok for a Build-Depends.

it's not just building the package with OpenJDK-8, it can't run with OpenJDK-10/11. So better disable the java parts for now?

The issue with OpenJDK 11 was fixed.

didrocks asked if this was still relevant, and the answer is yes, it's not a high priority for us but it would still let a bit of delta (in a debian/rules file, in Debian, so not an "Ubuntu" delta but a feature delta), so reviewing would be good

I will review this now; but I expect it might need security review as well.

[Summary]
This looks ok from a MIR POV and you have my Ack IF you can outline a reasonable
use case that benefits from libbluray WITHOUT also promoting libaacs0.
Please do to in a comment on this bug.

This does also need a security review, so I'll assign ubuntu-security now.

List of specific binary packages to be promoted to main:
 - libbluray-dev
 - libbluray2

Required TODOs:
- Please double check that without libaacs0 this is still really a useful
  use-case to Ubuntu users. Speak up here and outline what use-cases will
  benefit without libaacs0.

Recommended TODOs:
- Add some self-tests, see suggestions how to do so below

Note: we ship it with the readme already in universe, there is the inherent
      issue of potential piracy issues being considered related with such libs.
      But we already ship it (main/universe should not make a difference), we
      include the disclaimer and this lib does not do any decoding. So it
      should be fine in that regard to the MIR process.
      Also from upstream to quote: "Legal: libbluray is DRM-circumvention free,
      and thus, safe to integrate in your software."

[Duplication]
No other lib seems to provide this funcitonality.
Yet the approach to take libbluray2 but drop the libaacs0 recommends
likely ends up in only support for non-commercial blue rays.
From the description:
  Most commercial Blu-Ray are restricted by AACS or BD+ technologies and this
  library is not enough to playback those discs.
With that in mind is it worth to have libbluray2 "alone"?

[Dependencies]
OK:
- no other Dependencies to MIR due to this (if we keep the bd-j things out)
- -dev shall be promotes and -doc has no critical dependencies

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

Problems:
- does not parse data formats
  It will need to parse blue-ray disks (or images) and could be exploited that
  way. Security should have a look to be sure.

[Common blockers]
OK:
- does not FTBFS currently
- The package has a team bug subscriber (desktop team)
- no translation present, but none needed for this case (user visible)?
- not a python/go package, no extra constraints to consider int hat regard

Problems:
- does not have a test suite that runs at build time
- does not have a test suite that runs as autopkgtest
There are soem test tools like ./src/examples/libbluray_test.c that is even
shipped with the examples. It shouldn't be too hard to provide some self
created m2ts file along that and have an autopkgtest that
1. builds the example against libbluray-dev
2. runs the program to get info from the test file

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking is in place
- d/watch is present and looks ok
- Upstream update history is ok
- Debian/Ubuntu update history is ok
- the c...

Thanks for the review Christian. I've slightly updated the description now, libaacs0 is needed to access protected discs so non crypted ones should be fine even without it installed. I don't have a drive on any of my machines to try if some of the datas are correctly fetched without the library on protected disks though

The request there is a low priority one, would be nice to get it reviewed but after the LTS at this point is alright

I reviewed libbluray 1:1.3.2-1 as checked into kinetic. This shouldn't be considered a full audit but rather a quick gauge of maintainability.

> Libbluray is an open-source library designed for Blu-Ray Discs playback for media players, like VLC or MPlayer.

Upstream: https://code.videolan.org/videolan/libbluray/

- CVE History:
  - trivial
  - CVE-2015-7810
    - "libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files"
    - upstream never vulnerable with default build settings
    - ./debian/rules:9:confflags_java = --enable-bdjava-jar
    - see https://www.openwall.com/lists/oss-security/2015/10/12/7
- Build-Depends?
  - ld-linux-x86-64.so.2
  - libbluray.so.2
  - libbrotlicommon.so.1
  - libbrotlidec.so.1
  - libc.so.6
  - libexpat.so.1
  - libfontconfig.so.1
  - libfreetype.so.6
  - libgcc_s.so.1
  - libicudata.so.70
  - libicuuc.so.70
  - liblzma.so.5
  - libm.so.6
  - libpng16.so.16
  - libstdc++.so.6
  - libudfread.so.0
  - libuuid.so.1
  - libxml2.so.2
  - libz.so.1
  - linux-vdso.so.1
- pre/post inst/rm scripts?
  - none
- init scripts?
  - none
- systemd units?
  - none
- dbus services?
  - none
- setuid binaries?
  - none
- binaries in PATH?
  - ./usr/bin/bd_info
  - ./usr/bin/bd_list_titles
  - ./usr/bin/bd_splice
- sudo fragments?
  - none
- polkit files?
  - none
- udev rules?
  - none
- unit tests / autopkgtests?
  - MISSING !!!
- cron jobs?
  - none
- Build logs:
  - clean logs--lgtm

- Processes spawned?
  - mutex.c defines <pthread.h> initialization, locking and destruction
  - use of Xlets
- Memory management?
  - heavy memory use
  - ~300 uses of memcpu, strcpy, sprintf, calloc, etc outside of build/documentation
  - what I examined looked okay
  - see cppcheck results below
- File IO?
  - heavy IO use
  - functions defined mostly in src/file/* and bluray.c
  - paths are being checked
- Logging?
  - heavy logging use
  - many debug/error messages (+1500)
    - log overflows possible
  - xine, java, and rest of codebase use different logging methods
  - see logging.c
- Environment variable usage?
  - sanitized
    - see dirs_xdg.c and strutl.h
- Use of privileged functions?
  - yes, in Java
  - import java.security.PrivilegedAction and other java.security.*
  - primarily defined in BDJSecurityManager.java
- Use of cryptography / random number sources etc?
  - no, only video codecs
- Use of temp files?
  - CacheDir.java defines CacheDir object used by other Java files.
- Use of networking?
  - socket use appears to be locked to "bd://"
- Use of WebKit?
  - none
- Use of PolicyKit?
  - none

- any significant cppcheck results? (checked C)
  - memleakOnRealloc in bd_info
    - https://code.videolan.org/videolan/libbluray/-/merge_requests/32
    - nb: src/examples/bd_info.c -> /usr/bin/bd_info
- any significant Coverity results? (checked C and Java)
  - null dereferences in asm's MethodWriter.java and ClassReader.java
    - e.g., ClassReader.java:1795, 'name' parameter is null and if av != null, av.vist() will reference null
  - usage of large stack frame often
    - +32k frame allocations
      - e.g., disc.c:disc_cache_bdrom_file
    - none of installed /usr/bin/ have -fstack-cl...