I reviewed libqrtr-glib 1.2.2-1ubuntu1 as checked into kinetic. This shouldn't be considered a full audit but rather a quick gauge of maintainability. I do not have a Qualcomm modem to test this package with.
> libqrtr-glib is a glib-based library to use and manage the QRTR (Qualcomm IPC Router) bus.
- processes spawned?
- none
- memory management?
- looks sane
- no direct use of memory copy functions
- file IO?
- none
- logging?
- only debug and error messages using gio
- environment variable usage?
- none
- use of privileged functions?
- none
- use of cryptography / random number sources etc?
- none
- Use of temp files?
- none
- Use of networking?
- qrtr-bus.c and qrtr-client.c make heavy use of sockets and gsocket
- many safety checks--e.g., message lengths and types
- use of WebKit?
- none
- use of PolicyKit?
- none
I reviewed libqrtr-glib 1.2.2-1ubuntu1 as checked into kinetic. This shouldn't be considered a full audit but rather a quick gauge of maintainability. I do not have a Qualcomm modem to test this package with.
> libqrtr-glib is a glib-based library to use and manage the QRTR (Qualcomm IPC Router) bus.
- CVE History: x86-64. so.2 /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 1011354
- none
- build-depends
- primarily glib2 and linux/qrtr
- linux-vdso.so.1
- libglib-2.0.so.0
- libgio-2.0.so.0
- libgobject-2.0.so.0
- libc.so.6
- libpcre.so.3
- libm.so.6
- libgmodule-2.0.so.0
- libz.so.1
- libmount.so.1
- libselinux.so.1
- libffi.so.8
- ld-linux-
- libblkid.so.1
- libpcre2-8.so.0
- pre/post inst/rm scripts?
- none
- init scripts?
- none
- systemd units?
- none
- dbus services?
- none
- setuid binaries?
- none
- binaries in PATH?
- none
- sudo fragments?
- none
- polkit files?
- none
- udev rules?
- none
- unit tests / autopkgtests?
- basic build test
- https:/
- see MIR teams testing requirements
- cron jobs?
- none
- build logs:
- no build errors or warnings
- no lintain errors or warnings
- processes spawned?
- none
- memory management?
- looks sane
- no direct use of memory copy functions
- file IO?
- none
- logging?
- only debug and error messages using gio
- environment variable usage?
- none
- use of privileged functions?
- none
- use of cryptography / random number sources etc?
- none
- Use of temp files?
- none
- Use of networking?
- qrtr-bus.c and qrtr-client.c make heavy use of sockets and gsocket
- many safety checks--e.g., message lengths and types
- use of WebKit?
- none
- use of PolicyKit?
- none
- significant cppcheck results? new_from_ fd
- none
- significant Coverity results?
- none
- two false positive resource leaks
- fd handled by gio's g_socket_
- significant shellcheck results?
- none
- significant bandit results?
- none
For security to do updates, owning team needs to make a firm commitment to testing.
Security team ACK for promoting libqrtr-glib to main.