@mterry: thanks for letting me know about a test suite not being
customary.
@Björn: thanks for filing the bug report upstream and talking with
them on IRC about a test suite. Full unit tests would be a superb bonus
and probably a development assistance upstream as well. :)
- No CVE history
- No init scripts, cron jobs, dbus services, fscaps, setuid, sudo
- No binaries use PIE or BIND_NOW
- One executable is missing stack protection
- The library is missing fortify
- All binaries use RELRO
- No testsuite
- No daemons
- No crypto, no networking
- No {pre,post}{inst,rm}
- Several doxygen warnings:
- "warning: no matching class member found for .. Possible candidates .."
- Most memory allocations are C++ native
- Code rarely checks for error conditions, or emits error conditions that
are not checked by calling functions; continuing in the face of errors
may be suitable for conversion from under-documented format, but isn't
necessarily ideal
The stack protection and fortify source should be enabled for the library
and both executables. PIE and BIND_NOW would be nice.
Provisional ACK assuming:
- stack protection and fortify are enabled
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1124082
Title:
[MIR] libmspub
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libmspub/+bug/1124082/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
