I reviewed the diff between 2.14 in kinetic and this upload (just
changelog), and I carefully reviewed the 2.13 + Ubuntu changes to 2.14 +
Debian changes diff again; outside of some autotools noise, the changes
were carefully adding symbol versioning, a few symbols for new
functions, and on the packaging side bumping the generated dependencies
– +1, uploaded to -proposed (waiting for SRU team to review)
** Changed in: jansson (Ubuntu)
Assignee: (unassigned) => Loïc Minier (lool)
** Changed in: jansson (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to jansson in Ubuntu.
https://bugs.launchpad.net/bugs/1987678
Title:
Backport jansson 2.14 to jammy from kinetic
Status in jansson package in Ubuntu:
In Progress
Bug description:
[Impact]
* jansson 2.13 has a symbol conflict with json-c
library.(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966398 &
https://github.com/akheron/jansson/issues/523). So an application is
linking to both jansson and json-c, there will be 50% of chance that
it reference to a wrong symbol, which need to SIGSEGV
* In order to fix this issue, both json-c and jansson need to add
symbol versioning. jansson library added this in 2.14(not yet in
jammy) while json-c added in 0.15 (already in jammy)
* And the affecting application should rebuild against the latest
json-c and jansson libraries in order to have the correct symbol
linked
[Test Plan]
* jansson is basically available in all of the cpu architecture. So the 1st
test will be building in a personal ppa and see if it can be built in every
platform.
* Some of the library mentioned in the upstream issue checker can be
used to verify the fix. But since I am working on a package in a
private project which is hitting the issue. I am testing with my
private packages(which is on arm64 platform)
* Looking into the packages that depends on jansson. There are a large
number of packages including network-manager. So I tried to pick 2 packages on
my desktop to verify if there is regression
1. network-manager, since it is widely used in Ubuntu
2. emacs, since jansson is a JSON parser, so I pick an application that I can
do some operation on JSON(e.g. formatting in emacs)
[Where problems could occur]
* jansson upstream is well maintained and there is also CI test job.
jansson 2.14 is also packaged and maintained by Debian community. It
is available for a few months already. So in general, the risk of
regression is low in that perspective.
* When looking into the changes between 2.13 and 2.14. There are
changes in test coverage and some tidy up on the build scripts. The
changes look safe but certainly there can be mistake and behaviour
changes. But jansson do not depends on other packages and so this kind
of regression on build script should be easily caught by test builds
in different architecture and a simple integration test with package
that depends on jansson.
* On the library itself, it added symbol versioning to fix the bug
and at the same time there are 3 new API added in 2.14. But these
changes should be backward compatible. But since there is new symbols
added, there can be new symbol conflict with other library but the
impact should just be similar to the original bug that it is already
conflict with json-c. There are alos misc fixes in like snprintf
checking which looks to be safe.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jansson/+bug/1987678/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
