2023-02-01 23:20:55 |
Vladimir Petko |
bug |
|
|
added bug |
2023-02-01 23:21:34 |
Vladimir Petko |
tags |
|
lunar |
|
2023-02-01 23:21:37 |
Vladimir Petko |
description |
[Availability]
- The package libwebm is already in Ubuntu universe.
- The package libwebm does not build for the architectures
it is designed to work on.
- It currently builds and works for architectures:
amd64 arm64 armhf i386 ppc64el riscv64
It currently fails build unit tests for: s390x
https://launchpadlibrarian.net/635116394/buildlog_ubuntu-lunar-s390x.libwebm_1.0.0.29-1_BUILDING.txt.gz
Link to package https://launchpad.net/ubuntu/+source/libwebm/
[Rationale]
- The package libwebm will not generally be useful for a large part of
our user base, but is important/helpful still because it is vendored
in aom package that we intend to support as a dependency of libheif.
- It would be great and useful to community/processes to have the
package libwebm in Ubuntu main, but there is no definitive deadline.
[Security]
- Had 6 security issues in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9746
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6548
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6406
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19212
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2464
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1621
No CVEs open against current version (1.0.0.29-1).
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does contain extensions to security-sensitive software:
the package provides WebM parser which processes untrusted input
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libwebm/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libwebm
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log
https://launchpadlibrarian.net/635116394/buildlog_ubuntu-lunar-s390x.libwebm_1.0.0.29-1_BUILDING.txt.gz
- The package does not run an autopkgtest because it is not implemented
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package
https://launchpadlibrarian.net/635115306/buildlog_ubuntu-lunar-amd64.libwebm_1.0.0.29-1_BUILDING.txt.gz
- Please attach the full output you have got from
`lintian --pedantic` as an extra post to this bug.
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to d/rules:
https://git.launchpad.net/ubuntu/+source/libwebm/tree/debian/rules
Note: currently rules list individual test suites to run. Finding them
by a file name suffix will reduce maintenance effort.
[UI standards]
- Application is not end-user facing (does not need translation)
- End-user applications without desktop file, not needed because it does not
provide GUI
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
Note: build time dependencies on libgmock-dev and libgtest-dev are present.
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Foundations Team
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package failed built during the most recent test rebuild:
https://launchpadlibrarian.net/644058422/buildlog_ubuntu-lunar-s390x.libwebm_1.0.0.29-1_BUILDING.txt.gz
[Background information]
The Package description explains the package well
Upstream Name is libwebm
Link to upstream project https://chromium.googlesource.com/webm/libwebm |
[Availability]
- The package libwebm is already in Ubuntu universe.
- The package libwebm does not build for the architectures
it is designed to work on.
- It currently builds and works for architectures:
amd64 arm64 armhf i386 ppc64el riscv64
It currently fails build unit tests for: s390x
https://launchpadlibrarian.net/635116394/buildlog_ubuntu-lunar-s390x.libwebm_1.0.0.29-1_BUILDING.txt.gz
Link to package https://launchpad.net/ubuntu/+source/libwebm/
[Rationale]
- The package libwebm will not generally be useful for a large part of
our user base, but is important/helpful still because it is vendored
in aom package that we intend to support as a dependency of libheif.
- It would be great and useful to community/processes to have the
package libwebm in Ubuntu main, but there is no definitive deadline.
[Security]
- Had 6 security issues in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9746
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6548
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6406
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19212
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2464
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1621
No CVEs open against current version (1.0.0.29-1).
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does contain extensions to security-sensitive software:
the package provides WebM parser which processes untrusted input
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libwebm/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libwebm
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log
https://launchpadlibrarian.net/635116394/buildlog_ubuntu-lunar-s390x.libwebm_1.0.0.29-1_BUILDING.txt.gz
- The package does not run an autopkgtest because it is not implemented
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package
https://launchpadlibrarian.net/635115306/buildlog_ubuntu-lunar-amd64.libwebm_1.0.0.29-1_BUILDING.txt.gz
- Please attach the full output you have got from
`lintian --pedantic` as an extra post to this bug.
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to d/rules:
https://git.launchpad.net/ubuntu/+source/libwebm/tree/debian/rules
Note: currently rules list individual test suites to run. Finding them
by a file name suffix will reduce maintenance effort.
[UI standards]
- Application is not end-user facing (does not need translation)
- End-user applications without desktop file, not needed because it does not
provide GUI
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
Note: build time dependencies on libgmock-dev and libgtest-dev are present.
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Foundations Team
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package failed built during the most recent test rebuild:
https://launchpadlibrarian.net/644058422/buildlog_ubuntu-lunar-s390x.libwebm_1.0.0.29-1_BUILDING.txt.gz
[Background information]
The Package description explains the package well
Upstream Name is libwebm
Link to upstream project https://chromium.googlesource.com/webm/libwebm |
|
2023-02-01 23:22:37 |
Vladimir Petko |
attachment added |
|
libde265-lintian.txt https://bugs.launchpad.net/ubuntu/+source/libwebm/+bug/2004523/+attachment/5644330/+files/libde265-lintian.txt |
|
2023-02-02 08:11:12 |
Lukas Märdian |
bug |
|
|
added subscriber MIR approval team |
2023-02-07 15:45:21 |
Christian Ehrhardt |
libwebm (Ubuntu): assignee |
|
Didier Roche-Tolomelli (didrocks) |
|
2023-02-14 09:34:55 |
Lukas Märdian |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030890 |
|
2023-02-14 09:34:55 |
Lukas Märdian |
bug task added |
|
libwebm (Debian) |
|
2023-02-20 09:36:38 |
Vladimir Petko |
merge proposal linked |
|
https://code.launchpad.net/~vpa1977/ubuntu/+source/libwebm/+git/libwebm/+merge/436986 |
|
2023-03-08 15:54:57 |
Didier Roche-Tolomelli |
libwebm (Ubuntu): assignee |
Didier Roche-Tolomelli (didrocks) |
Ubuntu Security Team (ubuntu-security) |
|
2023-03-10 00:31:30 |
Steve Beattie |
tags |
lunar |
lunar sec-1804 |
|
2023-03-29 02:37:01 |
Bug Watch Updater |
libwebm (Debian): status |
Unknown |
Incomplete |
|
2023-04-05 22:43:25 |
Vladimir Petko |
summary |
[MIR] libwebm (transitive dependency of libheif) |
[MIR] libwebm (transitive dependency of libheif)[libheif -> aom -> libwebm] |
|
2023-06-21 21:53:42 |
Bug Watch Updater |
libwebm (Debian): status |
Incomplete |
Fix Released |
|
2023-08-08 19:30:57 |
Fabian Toepfer |
cve linked |
|
2016-1621 |
|
2023-08-08 19:30:57 |
Fabian Toepfer |
cve linked |
|
2016-2464 |
|
2023-08-08 19:30:57 |
Fabian Toepfer |
cve linked |
|
2018-19212 |
|
2023-08-08 19:30:57 |
Fabian Toepfer |
cve linked |
|
2018-6406 |
|
2023-08-08 19:30:57 |
Fabian Toepfer |
cve linked |
|
2018-6548 |
|
2023-08-08 19:30:57 |
Fabian Toepfer |
cve linked |
|
2019-2126 |
|
2023-08-08 19:30:57 |
Fabian Toepfer |
cve linked |
|
2019-9371 |
|
2023-08-08 19:30:57 |
Fabian Toepfer |
cve linked |
|
2019-9746 |
|
2023-08-08 19:32:46 |
Fabian Toepfer |
libwebm (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
2023-08-08 19:32:54 |
Fabian Toepfer |
bug |
|
|
added subscriber Fabian Toepfer |
2023-08-15 14:42:34 |
Christian Ehrhardt |
libwebm (Ubuntu): status |
New |
In Progress |
|
2023-08-17 07:53:17 |
Marian Rainer-Harbach |
bug |
|
|
added subscriber Marian Rainer-Harbach |
2024-04-18 14:16:09 |
Lukas Märdian |
libwebm (Ubuntu): status |
In Progress |
Fix Committed |
|
2024-04-19 07:37:39 |
Lukas Märdian |
libwebm (Ubuntu): status |
Fix Committed |
In Progress |
|