libxmlb is a recently developed and released library written in C to allow applications to perform fast XPath queries against an XML document without having to parse the entire document into memory. This is designed to only support a subset of XPath for the purposes for fwupd and other utilities. Provides a command-line xb-tool application in /usr/lib which is not intended for end-users to run.
- CVE history: no - Build-Depends: gir1.2-glib-2.0, gobject-introspection, gtk-doc-tools, libglib2.0-dev, libgirepository1.0-dev, meson, shared-mime-info, uuid-dev - Does not daemonize - No use of udev - No pre/post inst/rm scripts - No initscripts / systemd unit files - No DBus services - No setuid binaries - No binaries added to PATH - No sudo fragments - No udev rules - Unit tests run during package build - these look pretty comprehensive - No cronjobs - Clean build logs - no warnings during build other than for missing API documentation - No subprocesses are spawned - Memory management looks good, no obvious issues - uses core GLib memory management functionality and string types etc. Care is taken on memory copies etc to ensure buffers are appropriately sized. - xb-tool always sets GIO_USE_VFS to local and overwrites G_MESSAGES_DEBUG for logging purposes - No privileged operations - No cryptography - No network connections - Temporary files only uses during unit tests - No WebKit - No JavaScript - No PolicyKit - Clean cppcheck - 1 false positive error for an unintialised variable Overall code is of high quality - also upstream has integrated support for fuzzing so likely should be pretty robust against malicious inputs from untrusted XML documents etc. Security team ACK for promoting to main. ** Changed in: libxmlb (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1814997 Title: [MIR] libxmlb To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxmlb/+bug/1814997/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs