[MIR] libxcvt
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libxcvt (Ubuntu) |
Fix Released
|
Undecided
|
Timo Aaltonen | ||
Bug Description
[Availability]
The package libxcvt is already in Ubuntu universe.
The package libxcvt build for the architectures it is designed to work on.
It currently builds and works for architetcures: amdg64
Link to package [[https:/
[Rationale]
- The package libxcvt is required in Ubuntu main for xorg-server, xwayland
- The package libxcvt is required in Ubuntu main no later than jammy FFE
due to landing new versions of xorg-server, xwayland
[Security]
- No CVEs/security issues in this software in the past
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has no bugs open
- Ubuntu https:/
- Debian https:/
[Quality assurance - testing]
- The package does not run a test at build time because upstream doesn't provide
any
- The package does not run an autopkgtest
[Quality assurance - packaging]
- debian/watch is present and works
- This package does not yield massive lintian Warnings, Errors
- Link to recent build log including a lintian run:
https:/
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf
questions higher than medium
- Packaging and build is easy, link to d/rules:
https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be kernel-packages
- Team is already subscribed to the package
- This does not use static builds
- This does not use vendored code
[Background information]
The Package description explains the package well
libxcvt0 is split from xorg-server so that xwayland can also use it. 'xcvt' is not needed in main.
The library is tiny, has had in total of 21 commits over the years in xorg-server git tree before the split. Keep this in mind before requiring automated tests.
| Changed in libxcvt (Ubuntu): | |
| assignee: | nobody → Timo Aaltonen (tjaalton) |
| description: | updated |
| description: | updated |
| Changed in libxcvt (Ubuntu): | |
| assignee: | Timo Aaltonen (tjaalton) → nobody |
| status: | Incomplete → New |
| Changed in libxcvt (Ubuntu): | |
| assignee: | nobody → Lukas Märdian (slyon) |
| tags: | added: fr-2055 |
| Lukas Märdian (slyon) wrote | #1 |
| Changed in libxcvt (Ubuntu): | |
| status: | New → Incomplete |
| Changed in libxcvt (Ubuntu): | |
| assignee: | Lukas Märdian (slyon) → Timo Aaltonen (tjaalton) |
| Lukas Märdian (slyon) wrote | #2 |
| Changed in libxcvt (Ubuntu): | |
| status: | Incomplete → In Progress |
| Lukas Märdian (slyon) wrote | #3 |
| Changed in libxcvt (Ubuntu): | |
| status: | In Progress → Fix Committed |
| Matthias Klose (doko) wrote | #4 |
| Changed in libxcvt (Ubuntu): | |
| status: | Fix Committed → Fix Released |
Review for Package: src:libxcvt
[Summary]
libxcvt is a simple library (and tool) to generate xorg-server and xwayland mode
lines given the horizontal and vertical resolution and refresh rate (among other
optional paramters). It has been part of xorg-server in the past and has now
been split out as an indiviual library, to be used by xwayland as well.
MIR team ACK under the constraint to resolve the below listed
required TODOs and as much as possible having a look at the
recommended TODOs.
This does not need a security review
List of specific binary packages to be promoted to main: libxcvt0
Specific binary packages built, but NOT to be promoted to main: xcvt, libxcvt-dev
Notes:
This is a split out library that has been part of xorg-server before, so it
should usually not need big MIR as the code is already in main as part of
another package. But OTOH this split gives us a change to improve the current
situation of this library. You mention that inside xorg-server this code only
got 21 commits over the years and therefore does not require automated testing.
There is very little testing around this library, I know it's small and doesn't
change often, but still it could be hit by misscompilation and other things.
Is there any bigger (manual) testing story around libxcvt, that you could
outline in a comment?
Required TODOs:
#1: please add some basic autopkgtests, I recommend those two easy cases:
- linking a tiny binary agains libxcvt0 and checking for expected output,
similar to what got recently implemented in src:protobuf-c: d/t/build-test
- calling xcvt with some parameters and checking for the expected output:
$ cvt 1080 1920 75
# 1080x1920 74.98 Hz (CVT) hsync: 150.40 kHz; pclk: 225.00 MHz
Modeline "1080x1920_75.00" 225.00 1080 1176 1288 1496 1920 1923 1933 2006 -hsync +vsync
Recommended TODOs:
#2 the autopkgtests as mentioned above (in case we have a proper manual testing
story defined somewhere, that has not been mentioned in the MIR before)
[Duplication]
There is no other package in main providing the same functionality.
I found several tools doing a similar job, but not is available in main or can
be used as a library:
http://
http://
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
more tests now.
Problems: None
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
- does not have odd Built-Using entries
- not a go package, no extra constraints to consider in that regard
Problems: None
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port/socket
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with secur...