| 2022-01-18 19:37:29 |
Andreas Hasenack |
bug |
|
|
added bug |
| 2022-01-18 19:38:23 |
Andreas Hasenack |
bug |
|
|
added subscriber MIR approval team |
| 2022-01-19 12:51:39 |
Andreas Hasenack |
description |
[Availability]
The package libyang2 is already in Ubuntu universe.
The package libyang2 builds for the architectures it is designed to work on.
It currently builds and works for architetcures (all but i386): amd64 arm64 armhf ppc64el riscv64 s390x
Link to package: https://launchpad.net/ubuntu/+source/libyang2
[Rationale]
- The package libyang2 is a new runtime dependency of package frr
which is an ongoing MIR at #1951834
[Security]
- Search in the National Vulnerability Database using the PKG as keyword
http://cve.mitre.org/cve/search_cve_list.html
libyang had quite a few CVEs: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libyang
But all in major version 1. Version 2 (subject of this MIR) doesn't have CVEs yet.
Going over the above CVEs for 2021, for example, shows that only gentoo issued advisories. The remaining ones for 2019 had a mix of Redhat and Fedora advisories, and not even gentoo ones.
- check OSS security mailing list (feed into search engine
'site:www.openwall.com/lists/oss-security <pkgname>')
No results (libyang2, libyang). "yang" returns results for a person with that name.
Not a single triaged CVE for libyang v1: https://ubuntu.com/security/cve?q=&package=libyang&priority=&version=&status=
v2 has no Ubuntu CVEs (makes sense: it'a s new package in jammy): https://ubuntu.com/security/cve?q=&package=libyang&priority=&version=&status=
Debian security tracker: https://security-tracker.debian.org/tracker/source-package/libyang
libyang2 has no entries yet in the debian security tracker: https://security-tracker.debian.org/tracker/source-package/libyang2
Looks like Debian never issued a DSA for these.
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services
- libyang is a schema validator, and bugs can become vulnerabilities if untrusted input is parsed incorrectly.
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
No launchpad bugs for either libyang or libyang2
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libyang
CVE bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989060
Probably not handled because libyang2 is replacing libyang(1), and doesn't have these vulns
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libyang2
No bugs yet against libyang2
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
The package has a test suite, but it's disabled. Enabling it in d/rules
shows 2 failures and the build aborts:
(...)
96% tests passed, 2 tests failed out of 57
Total Test time (real) = 0.83 sec
The following tests FAILED:
29 - utest_inout (Failed)
30 - utest_context (Failed)
Errors while running CTest
make[1]: *** [Makefile:74: test] Error 8
make[1]: Leaving directory '/home/ubuntu/git/packages/libyang2/libyang2/obj-x86_64-linux-gnu'
dh_auto_test: error: cd obj-x86_64-linux-gnu && make -j4 test ARGS\+=--verbose ARGS\+=-j4 returned exit code 2
make: *** [debian/rules:8: build] Error 25
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
This should be investigate:
- why is it not enabled by default? (Possibly an oversight)
- fix the failures
- this also increases the build time considerably, about 15x
- is the build with tests different, i.e., does it contain debug code? Maybe we need two builds
- The package runs an autopkgtest, and is currently passing on
this all arches except i386 (it's not built for i386):
https://autopkgtest.ubuntu.com/packages/libyang2
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is present and works
- lintian run is ok-ish:
$ lintian -I --pedantic
E: libyang2 changes: bad-distribution-in-changes-file unstable
W: libyang2-tools: groff-message usr/share/man/man1/yanglint.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
W: libyang2-tools: groff-message usr/share/man/man1/yangre.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
I: libyang2 source: out-of-date-standards-version 4.5.0 (released 2020-01-20) (current is 4.5.1)
I: libyang2: spelling-error-in-binary usr/lib/x86_64-linux-gnu/libyang.so.2.13.7 unkown unknown
I: libyang2: symbols-file-missing-build-depends-package-field
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 13
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 138
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 17
I: libyang2 source: unused-file-paragraph-in-dep5-copyright ... use --no-tag-display-limit to see all (or pipe to a file/program)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright */iana-*.yin (line 24)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright linenoise/* (line 37)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright swig/* (line 9)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright ... use --no-tag-display-limit to see all (or pipe to a file/program)
P: libyang2 source: package-uses-old-debhelper-compat-version 10
P: libyang2 source: silent-on-rules-requiring-root
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
Note that libyang1 relied on pcre3, but libyang2 (this package) uses pcre2 already.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/libyang2/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
$ check-mir
Checking support status of build dependencies...
* libcmocka-dev binary and source package is in universe
Checking support status of binary dependencies...
* libyang2 binary and source package is in universe
* libyang2 binary and source package is in universe
* libyang2-tools binary and source package is in universe
cmocka is used for unit tests only, at build time, when enabled
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Server Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
- The Package description explains the package well
- Upstream Name is libyang
- Link to upstream project: https://github.com/CESNET/libyang/ |
[Availability]
The package libyang2 is already in Ubuntu universe.
The package libyang2 builds for the architectures it is designed to work on.
It currently builds and works for architetcures (all but i386): amd64 arm64 armhf ppc64el riscv64 s390x
Link to package: https://launchpad.net/ubuntu/+source/libyang2
[Rationale]
- The package libyang2 is a new runtime dependency of package frr
which is an ongoing MIR at #1951834
[Security]
- Search in the National Vulnerability Database using the PKG as keyword
http://cve.mitre.org/cve/search_cve_list.html
libyang had quite a few CVEs: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libyang
But all in major version 1. Version 2 (subject of this MIR) doesn't have CVEs yet.
Going over the above CVEs for 2021, for example, shows that only gentoo issued advisories. The remaining ones for 2019 had a mix of Redhat and Fedora advisories, and not even gentoo ones.
- check OSS security mailing list (feed into search engine
'site:www.openwall.com/lists/oss-security <pkgname>')
No results (libyang2, libyang). "yang" returns results for a person with that name.
Not a single triaged CVE for libyang v1: https://ubuntu.com/security/cve?q=&package=libyang&priority=&version=&status=
v2 has no Ubuntu CVEs (makes sense: it'a s new package in jammy): https://ubuntu.com/security/cve?q=&package=libyang&priority=&version=&status=
Debian security tracker: https://security-tracker.debian.org/tracker/source-package/libyang
libyang2 has no entries yet in the debian security tracker: https://security-tracker.debian.org/tracker/source-package/libyang2
Looks like Debian never issued a DSA for these.
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services
- libyang is a schema validator, and bugs can become vulnerabilities if untrusted input is parsed incorrectly.
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
No launchpad bugs for either libyang or libyang2
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libyang
CVE bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989060
Probably not handled because libyang2 is replacing libyang(1), and doesn't have these vulns
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libyang2
No bugs yet against libyang2
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
The package has a test suite, but it's disabled. Enabling it in d/rules
shows 2 failures and the build aborts:
(...)
96% tests passed, 2 tests failed out of 57
Total Test time (real) = 0.83 sec
The following tests FAILED:
29 - utest_inout (Failed)
30 - utest_context (Failed)
Errors while running CTest
make[1]: *** [Makefile:74: test] Error 8
make[1]: Leaving directory '/home/ubuntu/git/packages/libyang2/libyang2/obj-x86_64-linux-gnu'
dh_auto_test: error: cd obj-x86_64-linux-gnu && make -j4 test ARGS\+=--verbose ARGS\+=-j4 returned exit code 2
make: *** [debian/rules:8: build] Error 25
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
This should be investigate:
- why is it not enabled by default? (Possibly an oversight)
- fix the failures
- this also increases the build time considerably, about 15x
- is the build with tests different, i.e., does it contain debug code? Maybe we need two builds
I filed a bug about this: https://bugs.launchpad.net/ubuntu/+source/libyang2/+bug/1958385
Upstream already provided a fix for the test failures.
- The package runs an autopkgtest, and is currently passing on
this all arches except i386 (it's not built for i386):
https://autopkgtest.ubuntu.com/packages/libyang2
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is present and works
- lintian run is ok-ish:
$ lintian -I --pedantic
E: libyang2 changes: bad-distribution-in-changes-file unstable
W: libyang2-tools: groff-message usr/share/man/man1/yanglint.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
W: libyang2-tools: groff-message usr/share/man/man1/yangre.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
I: libyang2 source: out-of-date-standards-version 4.5.0 (released 2020-01-20) (current is 4.5.1)
I: libyang2: spelling-error-in-binary usr/lib/x86_64-linux-gnu/libyang.so.2.13.7 unkown unknown
I: libyang2: symbols-file-missing-build-depends-package-field
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 13
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 138
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 17
I: libyang2 source: unused-file-paragraph-in-dep5-copyright ... use --no-tag-display-limit to see all (or pipe to a file/program)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright */iana-*.yin (line 24)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright linenoise/* (line 37)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright swig/* (line 9)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright ... use --no-tag-display-limit to see all (or pipe to a file/program)
P: libyang2 source: package-uses-old-debhelper-compat-version 10
P: libyang2 source: silent-on-rules-requiring-root
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
Note that libyang1 relied on pcre3, but libyang2 (this package) uses pcre2 already.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/libyang2/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
$ check-mir
Checking support status of build dependencies...
* libcmocka-dev binary and source package is in universe
Checking support status of binary dependencies...
* libyang2 binary and source package is in universe
* libyang2 binary and source package is in universe
* libyang2-tools binary and source package is in universe
cmocka is used for unit tests only, at build time, when enabled
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Server Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
- The Package description explains the package well
- Upstream Name is libyang
- Link to upstream project: https://github.com/CESNET/libyang/ |
|
| 2022-01-19 16:11:49 |
Andreas Hasenack |
tags |
|
server-todo |
|
| 2022-01-19 16:27:49 |
Andreas Hasenack |
bug |
|
|
added subscriber Ubuntu Server |
| 2022-01-19 16:28:32 |
Andreas Hasenack |
summary |
[MIR}: libyang2 |
[MIR]: libyang2 |
|
| 2022-01-22 13:08:59 |
Andreas Hasenack |
description |
[Availability]
The package libyang2 is already in Ubuntu universe.
The package libyang2 builds for the architectures it is designed to work on.
It currently builds and works for architetcures (all but i386): amd64 arm64 armhf ppc64el riscv64 s390x
Link to package: https://launchpad.net/ubuntu/+source/libyang2
[Rationale]
- The package libyang2 is a new runtime dependency of package frr
which is an ongoing MIR at #1951834
[Security]
- Search in the National Vulnerability Database using the PKG as keyword
http://cve.mitre.org/cve/search_cve_list.html
libyang had quite a few CVEs: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libyang
But all in major version 1. Version 2 (subject of this MIR) doesn't have CVEs yet.
Going over the above CVEs for 2021, for example, shows that only gentoo issued advisories. The remaining ones for 2019 had a mix of Redhat and Fedora advisories, and not even gentoo ones.
- check OSS security mailing list (feed into search engine
'site:www.openwall.com/lists/oss-security <pkgname>')
No results (libyang2, libyang). "yang" returns results for a person with that name.
Not a single triaged CVE for libyang v1: https://ubuntu.com/security/cve?q=&package=libyang&priority=&version=&status=
v2 has no Ubuntu CVEs (makes sense: it'a s new package in jammy): https://ubuntu.com/security/cve?q=&package=libyang&priority=&version=&status=
Debian security tracker: https://security-tracker.debian.org/tracker/source-package/libyang
libyang2 has no entries yet in the debian security tracker: https://security-tracker.debian.org/tracker/source-package/libyang2
Looks like Debian never issued a DSA for these.
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services
- libyang is a schema validator, and bugs can become vulnerabilities if untrusted input is parsed incorrectly.
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
No launchpad bugs for either libyang or libyang2
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libyang
CVE bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989060
Probably not handled because libyang2 is replacing libyang(1), and doesn't have these vulns
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libyang2
No bugs yet against libyang2
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
The package has a test suite, but it's disabled. Enabling it in d/rules
shows 2 failures and the build aborts:
(...)
96% tests passed, 2 tests failed out of 57
Total Test time (real) = 0.83 sec
The following tests FAILED:
29 - utest_inout (Failed)
30 - utest_context (Failed)
Errors while running CTest
make[1]: *** [Makefile:74: test] Error 8
make[1]: Leaving directory '/home/ubuntu/git/packages/libyang2/libyang2/obj-x86_64-linux-gnu'
dh_auto_test: error: cd obj-x86_64-linux-gnu && make -j4 test ARGS\+=--verbose ARGS\+=-j4 returned exit code 2
make: *** [debian/rules:8: build] Error 25
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
This should be investigate:
- why is it not enabled by default? (Possibly an oversight)
- fix the failures
- this also increases the build time considerably, about 15x
- is the build with tests different, i.e., does it contain debug code? Maybe we need two builds
I filed a bug about this: https://bugs.launchpad.net/ubuntu/+source/libyang2/+bug/1958385
Upstream already provided a fix for the test failures.
- The package runs an autopkgtest, and is currently passing on
this all arches except i386 (it's not built for i386):
https://autopkgtest.ubuntu.com/packages/libyang2
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is present and works
- lintian run is ok-ish:
$ lintian -I --pedantic
E: libyang2 changes: bad-distribution-in-changes-file unstable
W: libyang2-tools: groff-message usr/share/man/man1/yanglint.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
W: libyang2-tools: groff-message usr/share/man/man1/yangre.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
I: libyang2 source: out-of-date-standards-version 4.5.0 (released 2020-01-20) (current is 4.5.1)
I: libyang2: spelling-error-in-binary usr/lib/x86_64-linux-gnu/libyang.so.2.13.7 unkown unknown
I: libyang2: symbols-file-missing-build-depends-package-field
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 13
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 138
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 17
I: libyang2 source: unused-file-paragraph-in-dep5-copyright ... use --no-tag-display-limit to see all (or pipe to a file/program)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright */iana-*.yin (line 24)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright linenoise/* (line 37)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright swig/* (line 9)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright ... use --no-tag-display-limit to see all (or pipe to a file/program)
P: libyang2 source: package-uses-old-debhelper-compat-version 10
P: libyang2 source: silent-on-rules-requiring-root
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
Note that libyang1 relied on pcre3, but libyang2 (this package) uses pcre2 already.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/libyang2/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
$ check-mir
Checking support status of build dependencies...
* libcmocka-dev binary and source package is in universe
Checking support status of binary dependencies...
* libyang2 binary and source package is in universe
* libyang2 binary and source package is in universe
* libyang2-tools binary and source package is in universe
cmocka is used for unit tests only, at build time, when enabled
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Server Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
- The Package description explains the package well
- Upstream Name is libyang
- Link to upstream project: https://github.com/CESNET/libyang/ |
[Availability]
The package libyang2 is already in Ubuntu universe.
The package libyang2 builds for the architectures it is designed to work on.
It currently builds and works for architetcures (all but i386): amd64 arm64 armhf ppc64el riscv64 s390x
Link to package: https://launchpad.net/ubuntu/+source/libyang2
[Rationale]
- The package libyang2 is a new runtime dependency of package frr
which is an ongoing MIR at #1951834
[Security]
- Search in the National Vulnerability Database using the PKG as keyword
http://cve.mitre.org/cve/search_cve_list.html
libyang had quite a few CVEs: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libyang
But all in major version 1. Version 2 (subject of this MIR) doesn't have CVEs yet.
Going over the above CVEs for 2021, for example, shows that only gentoo issued advisories. The remaining ones for 2019 had a mix of Redhat and Fedora advisories, and not even gentoo ones.
- check OSS security mailing list (feed into search engine
'site:www.openwall.com/lists/oss-security <pkgname>')
No results (libyang2, libyang). "yang" returns results for a person with that name.
Not a single triaged CVE for libyang v1: https://ubuntu.com/security/cve?q=&package=libyang&priority=&version=&status=
v2 has no Ubuntu CVEs (makes sense: it'a s new package in jammy): https://ubuntu.com/security/cve?q=&package=libyang&priority=&version=&status=
Debian security tracker: https://security-tracker.debian.org/tracker/source-package/libyang
libyang2 has no entries yet in the debian security tracker: https://security-tracker.debian.org/tracker/source-package/libyang2
Looks like Debian never issued a DSA for these.
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services
- libyang is a schema validator, and bugs can become vulnerabilities if untrusted input is parsed incorrectly.
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
No launchpad bugs for either libyang or libyang2
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libyang
CVE bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989060
Probably not handled because libyang2 is replacing libyang(1), and doesn't have these vulns
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libyang2
No bugs yet against libyang2
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
The package has a test suite, but it was originally disabled. I filed this bug and enabled its: https://bugs.launchpad.net/ubuntu/+source/libyang2/+bug/1958385
The current package in jammy runs tests at build time:
libyang2 (2.0.112-6ubuntu1) jammy; urgency=medium
* Enable build time tests (LP: #1958385):
- d/rules: set -DENABLE_TESTS=ON
- d/p/fix-test-suite-wrt-FILE.patch: fix test suite failure due
to __FILE__ being a relative path
-- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jan 2022 21:03:40 +0000
Upstream already provided a fix for the test failures.
- The package runs an autopkgtest, and is currently passing on
this all arches except i386 (it's not built for i386):
https://autopkgtest.ubuntu.com/packages/libyang2
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is present and works
- lintian run is ok-ish:
$ lintian -I --pedantic
E: libyang2 changes: bad-distribution-in-changes-file unstable
W: libyang2-tools: groff-message usr/share/man/man1/yanglint.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
W: libyang2-tools: groff-message usr/share/man/man1/yangre.1.gz command exited with status 1: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | groff -mandoc -Z -rLL=117n -rLT=117n -wmac -Tutf8
I: libyang2 source: out-of-date-standards-version 4.5.0 (released 2020-01-20) (current is 4.5.1)
I: libyang2: spelling-error-in-binary usr/lib/x86_64-linux-gnu/libyang.so.2.13.7 unkown unknown
I: libyang2: symbols-file-missing-build-depends-package-field
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 13
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 138
I: libyang2 source: unused-file-paragraph-in-dep5-copyright paragraph at line 17
I: libyang2 source: unused-file-paragraph-in-dep5-copyright ... use --no-tag-display-limit to see all (or pipe to a file/program)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright */iana-*.yin (line 24)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright linenoise/* (line 37)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright swig/* (line 9)
I: libyang2 source: wildcard-matches-nothing-in-dep5-copyright ... use --no-tag-display-limit to see all (or pipe to a file/program)
P: libyang2 source: package-uses-old-debhelper-compat-version 10
P: libyang2 source: silent-on-rules-requiring-root
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
Note that libyang1 relied on pcre3, but libyang2 (this package) uses pcre2 already.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/libyang2/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
$ check-mir
Checking support status of build dependencies...
* libcmocka-dev binary and source package is in universe
Checking support status of binary dependencies...
* libyang2 binary and source package is in universe
* libyang2 binary and source package is in universe
* libyang2-tools binary and source package is in universe
cmocka is used for unit tests only, at build time, when enabled
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Server Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
- The Package description explains the package well
- Upstream Name is libyang
- Link to upstream project: https://github.com/CESNET/libyang/ |
|
| 2022-01-25 15:39:24 |
Ioanna Alifieraki |
libyang2 (Ubuntu): assignee |
|
Ioanna Alifieraki (joalif) |
|
| 2022-02-03 15:12:39 |
Ioanna Alifieraki |
libyang2 (Ubuntu): assignee |
Ioanna Alifieraki (joalif) |
Ubuntu Security Team (ubuntu-security) |
|
| 2022-02-08 14:09:38 |
Christian Ehrhardt |
libyang2 (Ubuntu): milestone |
|
ubuntu-22.04-feature-freeze |
|
| 2022-02-08 14:09:54 |
Christian Ehrhardt |
libyang2 (Ubuntu): importance |
Undecided |
Critical |
|
| 2022-02-08 15:23:49 |
Ioanna Alifieraki |
bug |
|
|
added subscriber Ioanna Alifieraki |
| 2022-02-13 17:21:49 |
Andreas Hasenack |
bug watch added |
|
https://github.com/CESNET/libyang/issues/1787 |
|
| 2022-02-18 00:07:59 |
Steve Beattie |
libyang2 (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
| 2022-02-18 06:42:34 |
Christian Ehrhardt |
libyang2 (Ubuntu): status |
New |
In Progress |
|
| 2022-02-22 18:55:53 |
Andreas Hasenack |
libyang2 (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2022-02-22 19:59:14 |
Steve Langasek |
libyang2 (Ubuntu): status |
Fix Committed |
Fix Released |
|
