I reviewed the diff between 2.14 in kinetic and this upload (just
changelog), and I carefully reviewed the 2.13 + Ubuntu changes to 2.14 +
Debian changes diff again; outside of some autotools noise, the changes
were carefully adding symbol versioning, a few symbols for new
functions, and on the packaging side bumping the generated dependencies
– +1, uploaded to -proposed (waiting for SRU team to review)

** Changed in: jansson (Ubuntu)
     Assignee: (unassigned) => Loïc Minier (lool)

** Changed in: jansson (Ubuntu)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to jansson in Ubuntu.
https://bugs.launchpad.net/bugs/1987678

Title:
  Backport jansson 2.14 to jammy from kinetic

Status in jansson package in Ubuntu:
  In Progress

Bug description:
  [Impact]

   * jansson 2.13 has a symbol conflict with json-c
  library.(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966398 &
  https://github.com/akheron/jansson/issues/523). So an application is
  linking to both jansson and json-c, there will be 50% of chance that
  it reference to a wrong symbol, which need to SIGSEGV

   * In order to fix this issue, both json-c and jansson need to add
  symbol versioning. jansson library added this in 2.14(not yet in
  jammy) while json-c added in 0.15 (already in jammy)

   * And the affecting application should rebuild against the latest
  json-c and jansson libraries in order to have the correct symbol
  linked

  
  [Test Plan]
   * jansson is basically available in all of the cpu architecture. So the 1st 
test will be building in a personal ppa and see if it can be built in every 
platform. 

   * Some of the library mentioned in the upstream issue checker can be
  used to verify the fix. But since I am working on a package in a
  private project which is hitting the issue. I am testing with my
  private packages(which is on arm64 platform)

   * Looking into the packages that depends on jansson. There are a large 
number of packages including network-manager. So I tried to pick 2 packages on 
my desktop to verify if there is regression
  1. network-manager, since it is widely used in Ubuntu
  2. emacs, since jansson is a JSON parser, so I pick an application that I can 
do some operation on JSON(e.g. formatting in emacs)
   

  [Where problems could occur]

   * jansson upstream is well maintained and there is also CI test job.
  jansson 2.14 is also packaged and maintained by Debian community. It
  is available for a few months already. So in general, the risk of
  regression is low in that perspective.

   * When looking into the changes between 2.13 and 2.14. There are
  changes in test coverage and some tidy up on the build scripts. The
  changes look safe but certainly there can be mistake and behaviour
  changes. But jansson do not depends on other packages and so this kind
  of regression on build script should be easily caught by test builds
  in different architecture and a simple integration test with package
  that depends on jansson.

   * On the library itself, it added symbol versioning to fix the bug
  and at the same time there are 3 new API added in 2.14. But these
  changes should be backward compatible. But since there is new symbols
  added, there can be new symbol conflict with other library but the
  impact should just be similar to the original bug that it is already
  conflict with json-c. There are alos misc fixes in like snprintf
  checking which looks to be safe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jansson/+bug/1987678/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to