[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
Maintained by Debian Perl Group, and has a subscriber. Promoting. $ change-override -c main -S libmail-authenticationresults-perl Override component to main libmail-authenticationresults-perl 1.20180923-2 in focal: universe/misc -> main libmail-authenticationresults-perl 1.20180923-2 in focal amd64: universe/perl/optional/100% -> main libmail-authenticationresults-perl 1.20180923-2 in focal arm64: universe/perl/optional/100% -> main libmail-authenticationresults-perl 1.20180923-2 in focal armhf: universe/perl/optional/100% -> main libmail-authenticationresults-perl 1.20180923-2 in focal i386: universe/perl/optional/100% -> main libmail-authenticationresults-perl 1.20180923-2 in focal ppc64el: universe/perl/optional/100% -> main libmail-authenticationresults-perl 1.20180923-2 in focal s390x: universe/perl/optional/100% -> main Override [y|N]? y 7 publications overridden. ** Changed in: libmail-authenticationresults-perl (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-authenticationresults-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
** Changed in: libmail-authenticationresults-perl (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-authenticationresults-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
I reviewed libmail-authenticationresults-perl 1.20180923-2 as checked into focal. This shouldn't be considered a full audit but rather a quick gauge of maintainability. ANY OTHER NOTES REGARDING THE NATURE OF THE REVIEW ITSELF. libmail-authenticationresults-perl is a parser for Object Oriented Authentication-Results email headers. It tokenizes the header into a usable set of objects. - CVE History: - I was not able to find any CVE history - Build-Depends? - perl - libscalar-list-utils-perl - pre/post inst/rm scripts? - not applicable - init scripts? - not applicable - systemd units? - not applicable - dbus services? - not applicable - setuid binaries? - not applicable - binaries in PATH? - not applicable - sudo fragments? - not applicable - udev rules? - not applicable - unit tests / autopkgtests? - there is a comprehensive test suite - cron jobs? - not applicable - Build logs: - Everything looks fine - Processes spawned? - not applicable - Memory management? - I do not see anything that looks problematic - File IO? - not applicable - Logging? - not applicable - Environment variable usage? - not applicable - Use of privileged functions? - not applicable - Use of cryptography / random number sources etc? - not applicable - Use of temp files? - not applicable - Use of networking? - not applicable - Use of WebKit? - not applicable - Use of PolicyKit? - not applicable - Any significant cppcheck results? - not applicable - Any significant Coverity results? - not applicable Overall it seems to be cleanly written, organized and well documetned code. Upstream is not very active. 111 git commits between 2017.12-2018.10 and nothing since then. It is maintained in debian testing and unstable though. Security team ACK for promoting libmail-authenticationresults-perl to main. ** Changed in: libmail-authenticationresults-perl (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-authenticationresults-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
[Summary] - All looks pretty straight forward, MIR Team ack - Needs security review (assigned) [Duplication] Many libmail-*-perl but no duplicate in main already [Embedded sources and static linking] - no embedded sources - no (static) linking (perl) [Security] - no history of CVEs - no daemon as root - doesn't use webkit1,2 - doesn't use lib*v8 directly - doesn't opens a port - doesn't processe arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - doesn't deal with system authentication (eg, pam), etc) But it - parses data formats (the mail auth response) - it also is a very minor part of authentication in some sort (not system auth at all, but interpreting mail auth) Parsing headers that can be externally crafted is security sensitive, assigning security for a review as well. [Common blockers] - no FTBFS issues - tests are present and run at build time - no translation, but also not user visible - no python package for further constraints on that [Packaging red flags] - no Ubuntu delta atm - perl has no symbols tracking - d/watch is ok - regularly updated in Debian - but it is rather new since August 2019, so we don't have much data to know that in the long run - the current release is packaged - not causing a MOTU problem - a few, but no massive Lintian warnings - d/rules is as small as it can be - no golang constraints to consider - Desktop team is already subscribed - no further dependencies not in main [Upstream red flags] - no Errors/warnings during the build - no incautious use of malloc/sprintf - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of User nobody - no use of setuid - no known Important bugs (crashers, etc) in Debian or Ubuntu - no Dependency on webkit, qtwebkit, seed or libgoa-* - not part of UI design ** Changed in: libmail-authenticationresults-perl (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-authenticationresults-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
** No longer affects: libmail-dkim-perl (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-authenticationresults-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
Hi Heather, the MIR bugs are filed against the package that has to be evaluated. Thanks to your explanations that is clear now and I fixed it up in the bug tasks. ** Also affects: libmail-authenticationresults-perl (Ubuntu) Importance: Undecided Status: New ** Changed in: libmail-dkim-perl (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-authenticationresults-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
Note that libmail-authenticationresults-perl requires libscalar-list-utils-perl (in universe) so a new MIR for libscalar-list-utils-perl has been opened: https://bugs.launchpad.net/ubuntu/+source/libmail-dkim-perl/+bug/1854849 ** Description changed: [Availability] It is available for all architectures in the universe. https://launchpad.net/ubuntu/+source/libmail-authenticationresults-perl [Rationale] A new dependency of libmail-dkim-perl. [Security] No known CVEs. https://security-tracker.debian.org/tracker/source-package/libmail-authenticationresults-perl https://launchpad.net/ubuntu/+source/libmail-authenticationresults-perl/+cve [Quality assurance] - Desktop Packages team subscribed - dh_auto_test runs as part of build (353 tests) - autopkgtest capability was added in 1.20180923-2 [Dependencies] - Depends on perl, libscalar-list-utils-perl - both are in the universe. + Depends on perl (already in main), libscalar-list-utils-perl (in universe, see bug #1854849) [Standards compliance] debhelper [Maintenance] The upstream does not appear to be very active but the package is maintained by the Debian perl team (testing and unstable) https://github.com/marcbradshaw/Mail-AuthenticationResults https://packages.debian.org/search?keywords=libmail-authenticationresults-perl=names=all=all -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-dkim-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
libmail-dkim-perl v0.54-1 is already in main: https://launchpad.net/ubuntu/+source/libmail-dkim-perl/0.54-1 but the new v0.56-1 has a new dependency on libmail-authenticationresults-perl: https://launchpad.net/ubuntu/+source/libmail-dkim-perl/0.56-1 libmail-authenticationresults-perl is available in the universe: https://launchpad.net/ubuntu/+source/libmail-authenticationresults-perl That is why this is a new MIR, to hopefully get libmail- authenticationresults-perl into main so that we can upgrade to libmail- dkim-perl v0.56-1. My apologies for not having this assigned to the right package - this is my first MIR so I'll watch out for that mistake in future MIRs :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-dkim-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1853175] Re: [MIR] libmail-authenticationresults-perl
why is this a separate MIR? It doesn't show up on the MIR tracker. Also you need to assign it to the package which needs promotion. ** Changed in: libmail-dkim-perl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1853175 Title: [MIR] libmail-authenticationresults-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmail-dkim-perl/+bug/1853175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs