[Bug 1746598] Re: [MIR] libnfs

Wed, 06 Feb 2019 08:56:10 -0800 

I reviewed libnfs (3.0.0-1) from disco

- Build dependencies:
 - debhelper, dh-autoreconf, libopt-dev

- Few issues on github
- NO CVE history
- no pre or postinst scritps
- no systemd unit files
- no system dbus services
- no setuid files
- Some binaries:
   /usr/bin/nfs-cp:
        Position Independent Executable: yes
        Stack protected: yes
        Fortify Source functions: yes
        Read-only relocations: yes
        Immediate binding: yes
   /usr/bin/nfs-cat:
        Position Independent Executable: yes
        Stack protected: yes
        Fortify Source functions: yes
        Read-only relocations: yes
        Immediate binding: yes

  /usr/bin/nfs-ls:
        Position Independent Executable: yes
        Stack protected: yes
        Fortify Source functions: yes
        Read-only relocations: yes
        Immediate binding: yes
- no sudo fragments on the code just in test/functions.sh line 11 and
15
- no udev rules
- It has dozens of tests, but I didn't see any of them be called during
build
- no cron jobs
- clean build log
- doesn't spawn other process. The only spawn happens in test files
(some .sh
  scripts)
- Memory mgmt looked like OK (in a first review), but cppcheck shows
some mem leaks, in a previous analyzes show it can be treat as irrelevant. 
Further considerations are welcomed.
   - [lib/nfs_v3.c:3106]: (error) Memory leak: cb_data
     [lib/nfs_v3.c:3115]: (error) Memory leak: cb_data
     [lib/nfs_v3.c:3473]: (error) Memory leak: cb_data
     [lib/nfs_v3.c:3482]: (error) Memory leak: cb_data
- File IO: some reads/open files, what seems to be internally to the
lib and lot of them in examples file.
- logging looked fine
- no envars
- does not use encryption
- does not use webkit
- does not use javascript


Said that, I'm ok in that package be promoted to main. Please feel free
to re-review this points I made.


** Changed in: libnfs (Ubuntu)
     Assignee: Leonidas S. Barbosa (leosilvab) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1746598

Title:
  [MIR] libnfs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnfs/+bug/1746598/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to