[Bug 1971767] Re: [MIR] libfreeaptx
Override component to main libfreeaptx 0.1.1-2 in kinetic: universe/misc -> main freeaptx-utils 0.1.1-2 in kinetic amd64: universe/utils/optional/100% -> main freeaptx-utils 0.1.1-2 in kinetic arm64: universe/utils/optional/100% -> main freeaptx-utils 0.1.1-2 in kinetic armhf: universe/utils/optional/100% -> main freeaptx-utils 0.1.1-2 in kinetic i386: universe/utils/optional/100% -> main freeaptx-utils 0.1.1-2 in kinetic ppc64el: universe/utils/optional/100% -> main freeaptx-utils 0.1.1-2 in kinetic riscv64: universe/utils/optional/100% -> main freeaptx-utils 0.1.1-2 in kinetic s390x: universe/utils/optional/100% -> main libfreeaptx-dev 0.1.1-2 in kinetic amd64: universe/libdevel/optional/100% -> main libfreeaptx-dev 0.1.1-2 in kinetic arm64: universe/libdevel/optional/100% -> main libfreeaptx-dev 0.1.1-2 in kinetic armhf: universe/libdevel/optional/100% -> main libfreeaptx-dev 0.1.1-2 in kinetic i386: universe/libdevel/optional/100% -> main libfreeaptx-dev 0.1.1-2 in kinetic ppc64el: universe/libdevel/optional/100% -> main libfreeaptx-dev 0.1.1-2 in kinetic riscv64: universe/libdevel/optional/100% -> main libfreeaptx-dev 0.1.1-2 in kinetic s390x: universe/libdevel/optional/100% -> main libfreeaptx0 0.1.1-2 in kinetic amd64: universe/libs/optional/100% -> main libfreeaptx0 0.1.1-2 in kinetic arm64: universe/libs/optional/100% -> main libfreeaptx0 0.1.1-2 in kinetic armhf: universe/libs/optional/100% -> main libfreeaptx0 0.1.1-2 in kinetic i386: universe/libs/optional/100% -> main libfreeaptx0 0.1.1-2 in kinetic ppc64el: universe/libs/optional/100% -> main libfreeaptx0 0.1.1-2 in kinetic riscv64: universe/libs/optional/100% -> main libfreeaptx0 0.1.1-2 in kinetic s390x: universe/libs/optional/100% -> main 22 publications overridden. ** Changed in: libfreeaptx (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
The pipewire update has been uploaded now ** Changed in: libfreeaptx (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
Ready for the seed/dependency change to land ** Changed in: libfreeaptx (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
I reviewed libfreeaptx 0.1.1-1ubuntu1 as checked into kinetic. This shouldn't be considered a full audit but rather a quick gauge of maintainability. libfreeaptx is an implementation of the audio processing technology (aptX) codec. It is a fork of the libopenatpx library (which is in universe) - the fork was done since the most recent version of libopenaptx (0.2.1) now has an incompatible license and so this is a fork of the 0.2.0 version with a real license. - No CVE History - No Build-Depends - No pre/post inst/rm scripts - No init scripts - No systemd units - No dbus services - No setuid binaries - 2 binaries in PATH from freeaptx-utils binary package - -rwxr-xr-x root/root 14648 2022-05-20 22:53 ./usr/bin/freeaptxdec - -rwxr-xr-x root/root 14648 2022-05-20 22:53 ./usr/bin/freeaptxenc - utils to read / write raw 24-bit signed stereo samples from / to aptX via stdin/stdout - No sudo fragments - No polkit files - No udev rules - No unit tests - 3 simple autopkgtests - build test compiles a very simple C program using libfreeaptx to check headers / pkg-config files are installed correctly - 2 other tests use freeaptxenc to encode a raw sample to aptX and then decode it again in both regular and HD - No cron jobs - Build logs are quite clean - No processes spawned - No dynamic memory management other than allocating a structure on the heap to store context for the session - Otherwise uses buffers provided by the caller and appears to be quite good at checking buffer lengths etc to not overflow them - No file IO - Logging is only done in CLI based enc/dec tools and is careful not to have potential format string vulnerabilities - No environment variable usage - No use of privileged functions - No use of cryptography / random number sources etc - No use of temp files - No use of networking - No use of WebKit - No use of PolicyKit - No significant cppcheck results - No significant Coverity results - No significant shellcheck results libfreeaptx looks like pretty decent code - it is small and doesn't do anything fancy with memory management and appears quite defensive in how it checks buffer lengths etc. The biggest issue I have with this package is the lack of unit tests for the code - so it will make it hard to verify that any future changes don't inadvertently break it. Lack of these is annoying but the upstream repo doesn't contain them either nor does libopenaptx either so this is not a blocker. Security team ACK for promoting libfreeaptx to main. ** Changed in: libfreeaptx (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
setting to high since it's needed for bluetooth to work out of the box with pipewire in kinetic ** Changed in: libfreeaptx (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
Ionna, thanks for the review, tests have been added now https://launchpad.net/ubuntu/+source/libfreeaptx/0.1.1-1ubuntu1 and the desktop-packages team is subscribed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
** Description changed: [Availability] The package libfreeaptx is already in Ubuntu universe. The package libfreeaptx build for the architectures it is designed to work on. It currently builds and works for architetcures: amd64 arm64 armhf ppc64el riscv64 s390x Link to package https://launchpad.net/ubuntu/+source/libfreeaptx [Rationale] - The package libfreeaptx is required in Ubuntu main for pipewire to provide better bluetooth audio codecs https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005801 - The package libfreeaptx is required in Ubuntu main no later than aug 25 due to feature freeze [Security] - No CVEs/security issues in this software in the past - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Packages does not open privileged ports (ports < 1024) - Packages does not contain extensions to security-sensitive software [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu and has no report - - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug - - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libfreeaptx + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libfreeaptx - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - The package does not run a test at build time because the upstream project doesn't include tests. - The package does not run an autopkgtest because upstream doesn't provide tests, audio codecs would also no be something easily testable in autopkgtest. The package will manually tested by connecting an headset and verifying that the high quality profile is available for the device in the settings. The quality will be confirmed by joining a video call or doing a local recording to be replayed. [Quality assurance - packaging] - debian/watch is present and works The lintian warnings are about the manpage which hasn't been upstreamed # lintian --pedantic P: libfreeaptx source: maintainer-manual-page debian/freeaptxdec.1 P: libfreeaptx source: maintainer-manual-page debian/freeaptxenc.1 - TODO-: - Lintian overrides are not present + - Lintian overrides are not present - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will be installed by default, but does not ask debconf questions - Packaging and build is easy, link to d/rules https://salsa.debian.org/debian/libfreeaptx/-/blob/debian/unstable/debian/rules [UI standards] - Application is not end-user facing (does not need translation) [Dependencies] - No further depends or recommends dependencies that are not yet in main [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - Owning Team will be desktop-packages - Team is not yet, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code - The package successfully built during the most recent test rebuild [Background information] The Package description explains the package well Upstream Name is libfreeaptx Link to upstream project https://github.com/iamthehorker/libfreeaptx -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
Review for Package: libfreeaptx [Summary] libfreeaptx is a small library and is Open Source implementation of Audio Processing Technology codec (aptX) derived from ffmpeg 4.0 project and licensed under LGPLv2.1+. This codec is mainly used in Bluetooth A2DP profile. It provides dynamic linked shared library libfreeaptx.so and simple command line utilities for encoding and decoding operations. libfreeaptx is based on version 0.2.0 of libopenaptx with the intent of continuing under a free license without the additional license restriction added to libopenaptx 0.2.1. Binary packages from source package : libfreeaptx-dev: provides development files freeaptx-utils: provides utilities for encoding and decoding (freeaptxenc, freeaptxdec) libfreeaptx0: provides the shared library MIR team ACK. This does need a security review, so I'll assign ubuntu-security. List of specific binary packages to be promoted to main: libfreeaptx0, freeaptx-utils, libfreeaptx-dev Notes: Recommended TODOs: - The package should get a team bug subscriber before being promoted - Although it is explained why there are no tests in the package and the team commits to manually test it, it would still be nice to have some tests either at build time or autopackage if possible (this is only recommended). [Duplication] There is no other package in main providing the same functionality. [Dependencies] OK: - no other Dependencies to MIR due to this - checked with check-mir - not listed in seeded-in-ubuntu - none of the (potentially auto-generated) dependencies (Depends and Recommends) that are present after build are not in main - no -dev/-debug/-doc packages that need exclusion - No dependencies in main that are only superficially tested requiring more tests now. Problems: None [Embedded sources and static linking] OK: - no embedded source present - no static linking - does not have odd Built-Using entries - not a go package, no extra constraints to consider in that regard - No vendoring used, all Built-Using are in main Problems: None [Security] OK: - history of CVEs does not look concerning - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not open a port/socket - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) - does not deal with security attestation (secure boot, tpm, signatures) Problems: - does parse data formats [Common blockers] OK: - does not FTBFS currently - the package does not provide any tests at all. The subscribed team commits to manually test the package as described in bug description (section [Quality assurance - testing]) - no new python2 dependency Problems: None [Packaging red flags] OK: - Ubuntu does not carry a delta - symbols tracking is in place - d/watch is present and looks ok (if needed, e.g. non-native) - Upstream update history is sporadic - Debian/Ubuntu update history is sporadic - the current release is packaged - promoting this does not seem to cause issues for MOTUs that so far maintained the package - no massive Lintian warnings - d/rules is rather clean - It is not on the lto-disabled list Problems: None [Upstream red flags] OK: - no Errors/warnings during the build - no incautious use of malloc/sprintf (as far as we can check it) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (usage is OK inside tests) - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu - no dependency on webkit, qtwebkit, seed or libgoa-* - not part of the UI for extra checks - no translation present, but none needed for this case Problems: None ** Changed in: libfreeaptx (Ubuntu) Assignee: Ioanna Alifieraki (joalif) => (unassigned) ** Changed in: libfreeaptx (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
** Changed in: libfreeaptx (Ubuntu) Assignee: (unassigned) => Ioanna Alifieraki (joalif) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs