I reviewed libhandy 0.0.10-1 as checked into eoan. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
libhandy is a library full of GTK widgets for mobile phones. The aim of
libhandy is to help with developing UI for mobile devices using GTK/GNOME.
- No CVE History:
- Build-Depends
- debhelper-compat
- dh-sequence-gir
- gtk-doc-tools
- libgirepository1.0-dev
- libgladeui-dev
- libglib2.0-doc
- libgnome-desktop-3-dev
- libgtk-3-doc
- libgtk-3-dev
- libxml2-utils
- meson
- pkg-config
- valac
- No pre/post inst/rm scripts
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- No binaries in PATH
- No sudo fragments
- No udev rules
- Unit tests / autopkgtests
- under tests/ there are quite a few tests available testing different
widgets
- autopkgtests passing on:
https://autopkgtest.ubuntu.com/packages/libh/libhandy
https://ci.debian.net/packages/libh/libhandy/
- No cron jobs
- Build logs:
- Some compiler warnings:
update-rc.d: warning: start and stop actions are no longer supported; falling
back to defaults
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-action-row'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-arrows'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-combo-row'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-dialer'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-dialer-cycle-button'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-dialog'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-expander-row'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-header-bar'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-header-group'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-preferences-group'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-preferences-page'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-preferences-row'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-preferences-window'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-search-bar'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-squeezer'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-string-utf8'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-value-object'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-view-switcher'
WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to
'test-view-switcher-bar'
html/HdyViewSwitcher.html:135: warning: no link for: "PangoEllipsizeMode" ->
(<span class="type">PangoEllipsizeMode</span>).
html/HdyViewSwitcher.html:543: warning: no link for:
"PANGO-ELLIPSIZE-NONE:CAPS" -> (<code
class="literal">PANGO_ELLIPSIZE_NONE</code>)
- No processes spawned
- Memory management
- It looks safe
- No File IO
- No Logging
- No Environment variable usage
- No Use of privileged functions
- No Use of cryptography
- No Use of temp files
- No Use of networking
- No Use of WebKit
- No Use of PolicyKit
- No significant cppcheck results
- We don't have Coverity results so far, as we are having issues with coverity
+ meson.
- A few FIXME around the code, mostly on src/hdy-leaflet.c, nothing that would
block the MIR
This library is well maintained and GNOME apps should use even more
libhandy in the future. Although this is still not a "stable" release,
we don't have any objections on it going to main.
I am not sure if you will want to wait for version 0.1.0 or will need to
move ahead to get the current version into 19.10. If you are going to
wait for the "stable" release, just let us know and we can review and
compare the changes with the current audit.
Security team ACK for promoting libhandy to main.
** Changed in: libhandy (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815483
Title:
[MIR] libhandy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
