Ubuntu
content-hub package

[MIR] content-hub

Bug #1597453 reported by Ken VanDine
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
High
Unassigned
content-hub (Ubuntu)
Fix Released
Undecided
Mathieu Trudel-Lapierre

Bug Description

[Availability]
 * Available in universe

[Rationale]
 * This package is required by unity8

[Security]
 * No known security issues at this time. It has been reviewed by security in the past for use on the phone.

[Quality assurance]
 * This package has both unit tests and autopkgtests

[Dependencies]
 Most dependencies are already in main with the exception of the following:
 * ubuntu-download-manager (bug #1488425)
 * qtbase-opensource-src-gles (the non-gles variant is in main) (doesn't need a MIR?)

[Standards compliance]
 * This package uses cmake and is properly translated.

[Maintenance]
 * This package is maintained by Canonical and actively in use on the phone images

See original description

Related branches

lp:~ken-vandine/content-hub/hardening
system-apps-ci-bot: Needs Fixing (continuous-integration)
Mathieu Trudel-Lapierre: Approve
Diff: 16 lines (+6/-0)
1 file modified
debian/rules (+6/-0)
Sebastien Bacher (seb128)
description: updated
Michael Terry (mterry)
Changed in content-hub (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Blockers:
 - I'm concerned about the number of bugs open; we should have an idea whether they are all really still issues. There are a few older bugs with no response at all, or no change in months.
 - Security team should explicitly sign-off on the review that was previously done, since this package is the basis for the security story behind how applications retrieve files on the system.
 - This is blocked on the MIR for ubuntu-download-manager still: https://bugs.launchpad.net/ubuntu/+source/ubuntu-download-manager/+bug/1488425

Changed in content-hub (Ubuntu):
status: New → Incomplete
Revision history for this message
Ken VanDine (ken-vandine) wrote :

The bulk of the bugs are actually feature requests.

Revision history for this message
Sebastien Bacher (seb128) wrote :

security team gave their ack on the trello board

Revision history for this message
Sebastien Bacher (seb128) wrote :

changing back to New, security is ok it seems and Ken commented on the bugs being feature requests ... was there anything else on content-hub itself to resolve?

Changed in content-hub (Ubuntu):
status: Incomplete → New
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

N: Processing binary package libcontent-hub0 (version 0.2+16.10.20160830-0ubuntu1, arch amd64) ...
I: libcontent-hub0: hardening-no-bindnow usr/lib/x86_64-linux-gnu/libcontent-hub.so.0.2.0
I: libcontent-hub0: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/libcontent-hub.so.0.2.0

N: Processing binary package qtdeclarative5-ubuntu-content1 (version 0.2+16.10.20160830-0ubuntu1, arch amd64) ...
I: qtdeclarative5-ubuntu-content1: hardening-no-bindnow usr/lib/x86_64-linux-gnu/qt5/qml/Ubuntu/Content/libubuntu-content-hub-plugin.so

Are these expected? Please fix if possible. Otherwise I see no other issues with content-hub.

Revision history for this message
Ken VanDine (ken-vandine) wrote :

@cyphermox: I don't get that from lintian on xenial, is that new for yakkety?

Jean-Baptiste Lallement (jibel)
Changed in canonical-devices-system-image:
status: New → Fix Committed
status: Fix Committed → In Progress
importance: Undecided → High
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

I still see this issue from lintian:
I: libcontent-hub0: hardening-no-fortify-functions usr/lib/x86_64-linux-gnu/libcontent-hub.so.0.2.0

However, as discussed the -D_FORTIFY_SOURCE=2 option is properly passed at build time, and we no longer have the lintian warning about bindnow, which seems to indicate that hardening options are correctly being passed.

Please file a bug about this and seek help from the Security Team to figure out why this is either a false-positive or otherwise broken (could it be because cmake is doing something special?).

In the meantime, I believe it is fine to accept the MIR despite this issue, as it *is* being worked on and the package looks fine otherwise.

Changed in content-hub (Ubuntu):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package content-hub - 0.2+16.10.20160914-0ubuntu1

---------------
content-hub (0.2+16.10.20160914-0ubuntu1) yakkety; urgency=medium

  * Build with hardening=+all (LP: #1597453)

 -- Ken VanDine <email address hidden> Wed, 14 Sep 2016 14:30:52 +0000

Changed in content-hub (Ubuntu):
status: Fix Committed → Fix Released
Michael Terry (mterry)
Changed in content-hub (Ubuntu):
status: Fix Released → Fix Committed
Jean-Baptiste Lallement (jibel)
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :
Download full text (3.9 KiB)

Override component to main
content-hub 0.2+16.10.20160914-0ubuntu1 in yakkety: universe/libs -> main
content-hub 0.2+16.10.20160914-0ubuntu1 in yakkety amd64: universe/libs/optional/100% -> main
content-hub 0.2+16.10.20160914-0ubuntu1 in yakkety arm64: universe/libs/optional/100% -> main
content-hub 0.2+16.10.20160914-0ubuntu1 in yakkety armhf: universe/libs/optional/100% -> main
content-hub 0.2+16.10.20160914-0ubuntu1 in yakkety i386: universe/libs/optional/100% -> main
content-hub 0.2+16.10.20160914-0ubuntu1 in yakkety powerpc: universe/libs/optional/100% -> main
content-hub 0.2+16.10.20160914-0ubuntu1 in yakkety ppc64el: universe/libs/optional/100% -> main
content-hub-testability 0.2+16.10.20160914-0ubuntu1 in yakkety amd64: universe/libdevel/optional/100% -> main
content-hub-testability 0.2+16.10.20160914-0ubuntu1 in yakkety arm64: universe/libdevel/optional/100% -> main
content-hub-testability 0.2+16.10.20160914-0ubuntu1 in yakkety armhf: universe/libdevel/optional/100% -> main
content-hub-testability 0.2+16.10.20160914-0ubuntu1 in yakkety i386: universe/libdevel/optional/100% -> main
content-hub-testability 0.2+16.10.20160914-0ubuntu1 in yakkety powerpc: universe/libdevel/optional/100% -> main
content-hub-testability 0.2+16.10.20160914-0ubuntu1 in yakkety ppc64el: universe/libdevel/optional/100% -> main
libcontent-hub-dev 0.2+16.10.20160914-0ubuntu1 in yakkety amd64: universe/libdevel/optional/100% -> main
libcontent-hub-dev 0.2+16.10.20160914-0ubuntu1 in yakkety arm64: universe/libdevel/optional/100% -> main
libcontent-hub-dev 0.2+16.10.20160914-0ubuntu1 in yakkety armhf: universe/libdevel/optional/100% -> main
libcontent-hub-dev 0.2+16.10.20160914-0ubuntu1 in yakkety i386: universe/libdevel/optional/100% -> main
libcontent-hub-dev 0.2+16.10.20160914-0ubuntu1 in yakkety powerpc: universe/libdevel/optional/100% -> main
libcontent-hub-dev 0.2+16.10.20160914-0ubuntu1 in yakkety ppc64el: universe/libdevel/optional/100% -> main
libcontent-hub-doc 0.2+16.10.20160914-0ubuntu1 in yakkety amd64: universe/doc/optional/100% -> main
libcontent-hub-doc 0.2+16.10.20160914-0ubuntu1 in yakkety arm64: universe/doc/optional/100% -> main
libcontent-hub-doc 0.2+16.10.20160914-0ubuntu1 in yakkety armhf: universe/doc/optional/100% -> main
libcontent-hub-doc 0.2+16.10.20160914-0ubuntu1 in yakkety i386: universe/doc/optional/100% -> main
libcontent-hub-doc 0.2+16.10.20160914-0ubuntu1 in yakkety powerpc: universe/doc/optional/100% -> main
libcontent-hub-doc 0.2+16.10.20160914-0ubuntu1 in yakkety ppc64el: universe/doc/optional/100% -> main
libcontent-hub-doc 0.2+16.10.20160914-0ubuntu1 in yakkety s390x: universe/doc/optional/100% -> main
libcontent-hub0 0.2+16.10.20160914-0ubuntu1 in yakkety amd64: universe/libs/optional/100% -> main
libcontent-hub0 0.2+16.10.20160914-0ubuntu1 in yakkety arm64: universe/libs/optional/100% -> main
libcontent-hub0 0.2+16.10.20160914-0ubuntu1 in yakkety armhf: universe/libs/optional/100% -> main
libcontent-hub0 0.2+16.10.20160914-0ubuntu1 in yakkety i386: universe/libs/optional/100% -> main
libcontent-hub0 0.2+16.10.20160914-0ubuntu1 in yakkety powerpc: universe/libs/optional/100% -> main
libcontent...

Read more...

Changed in content-hub (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.