[MIR] libcdr

Bug #1124074 reported by Björn Michaelsen on 2013-02-13
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libcdr (Ubuntu)
Undecided
Unassigned

Bug Description

rationale: needed by LibreOffice, a core app. In Quantal we used the internal version of libcdr and shipped it inside the LibreOffice package, so the code is in main already anyway.

Michael Terry (mterry) wrote :

-Simple, modern packaging
-No delta
-No test suite
-No symbols file, but it's C++, so that's understandable
-debian/copyright file is a little malformed (missing license stanza), but that's an issue for NEW, not for MIR. Plus, this is from Debian so not worth a delta.
-Would be nice to see a bug subscriber
-This would normally need a security review, since it's a file parser, but since it's been in main, I'll skip that step. Splitting it out actually makes it easier to handle security issues.

*However*, it does have the lintian warning hardening-no-fortify-functions. Can you just check if that warning is a false or true positive? Otherwise, approved.

Changed in libcdr (Ubuntu):
status: New → Incomplete
Benjamin Drung (bdrung) wrote :

The hardening-no-fortify-functions is a valid lintian warning. I sent upstream a bunch of patches adding multi-arch support and fixing hardening-no-fortify-functions and other lintian complaints.

Judging from the Email exchange with Rene hardening-no-fortify-functions isnt a concern for this.

@bdrung: Can we unblock this as your other changes are helpful, but no blockers?

Benjamin Drung (bdrung) wrote :

@Björn: It's not my decision. It's the decision of the MIR team.

@MIR team: Is it okay to wait for the next Debian upload to get hardening-no-fortify-functions fixed or should I fix hardening-no-fortify-functions in Ubuntu and get back in sync with Debian with their next upload?

Michael Terry (mterry) wrote :

Benjamin, if the hardening warning was a true positive, it's better to fix it in Ubuntu before moving to main. And then syncing later.

But if it's a false positive, obviously it doesn't matter. That's why I was asking if it was a real problem. Despite Björn's earlier comment, I think he said on IRC just now that it might be true after all. So I'm waiting on more information/a solution.

Benjamin Drung (bdrung) wrote :

I have uploaded libcdr 0.0.10-1ubuntu1 which fixes the hardening-no-fortify-functions lintian warning.

Matthias Klose (doko) wrote :

Override component to main
libcdr 0.0.10-1ubuntu2 in raring: universe/misc -> main
libcdr-0.0-0 0.0.10-1ubuntu2 in raring amd64: universe/libs/optional -> main
libcdr-0.0-0 0.0.10-1ubuntu2 in raring armhf: universe/libs/optional -> main
libcdr-0.0-0 0.0.10-1ubuntu2 in raring i386: universe/libs/optional -> main
libcdr-0.0-0 0.0.10-1ubuntu2 in raring powerpc: universe/libs/optional -> main
libcdr-dev 0.0.10-1ubuntu2 in raring amd64: universe/libdevel/optional -> main
libcdr-dev 0.0.10-1ubuntu2 in raring armhf: universe/libdevel/optional -> main
libcdr-dev 0.0.10-1ubuntu2 in raring i386: universe/libdevel/optional -> main
libcdr-dev 0.0.10-1ubuntu2 in raring powerpc: universe/libdevel/optional -> main
libcdr-doc 0.0.10-1ubuntu2 in raring amd64: universe/doc/optional -> main
libcdr-doc 0.0.10-1ubuntu2 in raring armhf: universe/doc/optional -> main
libcdr-doc 0.0.10-1ubuntu2 in raring i386: universe/doc/optional -> main
libcdr-doc 0.0.10-1ubuntu2 in raring powerpc: universe/doc/optional -> main
libcdr-tools 0.0.10-1ubuntu2 in raring amd64: universe/utils/optional -> main
libcdr-tools 0.0.10-1ubuntu2 in raring armhf: universe/utils/optional -> main
libcdr-tools 0.0.10-1ubuntu2 in raring i386: universe/utils/optional -> main
libcdr-tools 0.0.10-1ubuntu2 in raring powerpc: universe/utils/optional -> main
17 publications overridden.

Changed in libcdr (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers