[MIR] libsemanage (shadow's rdep to continue SELinux support in shadow)

Jamie's previous review of libsemanage seemed to imply that we want to avoid it, at least for now. I don't know if that position of his has changed but, if it has, we should revisit all its potential rdeps (like sssd) as well.

ustr MIR (needed by libsemanage):
Review in bug:
 * Does it FTBFS currently? builds fine with only main
 * Does it have a test suite? yes and it is enabled in the build
 * Does Ubuntu carry a delta? no
 * It has a symbols file
 * Does it have a bug subscriber in Ubuntu? no
 * Does it have a watch file? yes
 * Is its update history slow or sporadic? yes. Last upstream update was 4.5 years ago
 * Is the current release packaged? yes
 * Will entering main make it harder for the people currently keeping it up to date? no
 * Lintian warnings no
 * Is debian/rules a mess? no, it's clean
 * Errors/warnings during the build: yes, but they are false positives or harmless
 * Incautious use of malloc/sprintf: no, it is highly optimized and not easy to get into, but also very defensively programmed
 * Uses of sudo or LD_LIBRARY_PATH: no
 * Important bugs (crashers, etc) in Debian or Ubuntu: no
 * Does the package have a CVE history? no
 * Do not need a security audit at this time

ustr has some compiler warnings but they turned out to not be a problem after some review. A bug subscriber would be nice. The fact that upstream hasn't created any new releases gives me some pause, but it is also an indication that ustr is feature complete and works well. ACK

libsemanage review:
 * Does it FTBFS currently? needs libustr-dev, otherwise builds fine
 * Does it have a test suite? yes, enabled in the build
 * If it's a Python package, does it use dh_python3/dh_python2? no
 * If it's a Python package going on the desktop CD, will it pull in Python 2? it only builds with python2, but since we only want libsemanage1, libsemanage1-dev and libsemanage-common, python2 won't be pulled onto the desktop CD
 * Does Ubuntu carry a delta? no
 * It has a symbols file
 * Does it have a bug subscriber in Ubuntu? no
 * Does it have a watch file? yes, but it doesn't detect a new version correctly (ie, 2.1.9 is available, but uscan reports 'libsemanage: remote site does not even have current version')
 * Is its update history slow or sporadic? it is fine
 * Is the current release packaged? in Debian experimental only
 * Will entering main make it harder for the people currently keeping it up to date? no
 * Lintian warnings: it's clean
 * Is debian/rules a mess? there are several overrides primarily dealing with python and ruby support, but it is reasonable enough
 * Errors/warnings during the build: no
 * Incautious use of malloc/sprintf: seems fine
 * Uses of sudo or LD_LIBRARY_PATH: no
 * Important bugs (crashers, etc) in Debian or Ubuntu: no
 * Does the package have a CVE history? no
 * It is widely used and well maintained upstream. Package does not warrant a security audit at this time.

Would be nice if libsemanage had a bug subscriber and the watch file were fixed. This does not block the MIR. ACK

Override component to main
ustr 1.0.4-3 in raring: universe/libs -> main
libustr-1.0-1 1.0.4-3 in raring amd64: universe/libs/optional -> main
libustr-1.0-1 1.0.4-3 in raring armhf: universe/libs/optional -> main
libustr-1.0-1 1.0.4-3 in raring i386: universe/libs/optional -> main
libustr-1.0-1 1.0.4-3 in raring powerpc: universe/libs/optional -> main
libustr-1.0-1-dbg 1.0.4-3 in raring amd64: universe/libs/extra -> main
libustr-1.0-1-dbg 1.0.4-3 in raring armhf: universe/libs/extra -> main
libustr-1.0-1-dbg 1.0.4-3 in raring i386: universe/libs/extra -> main
libustr-1.0-1-dbg 1.0.4-3 in raring powerpc: universe/libs/extra -> main
libustr-dev 1.0.4-3 in raring amd64: universe/libdevel/optional -> main
libustr-dev 1.0.4-3 in raring armhf: universe/libdevel/optional -> main
libustr-dev 1.0.4-3 in raring i386: universe/libdevel/optional -> main
libustr-dev 1.0.4-3 in raring powerpc: universe/libdevel/optional -> main
libustr-doc 1.0.4-3 in raring amd64: universe/doc/optional -> main
libustr-doc 1.0.4-3 in raring armhf: universe/doc/optional -> main
libustr-doc 1.0.4-3 in raring i386: universe/doc/optional -> main
libustr-doc 1.0.4-3 in raring powerpc: universe/doc/optional -> main
Override [y|N]? y

I've asked Brian to subscribe foundations-bugs to ustr and libsemanage.

Override component to main
libsemanage 2.1.6-6 in raring: universe/libdevel -> main
libsemanage-common 2.1.6-6 in raring amd64: universe/libs/optional -> main
libsemanage-common 2.1.6-6 in raring armhf: universe/libs/optional -> main
libsemanage-common 2.1.6-6 in raring i386: universe/libs/optional -> main
libsemanage-common 2.1.6-6 in raring powerpc: universe/libs/optional -> main
libsemanage-ruby1.8 2.1.6-6 in raring amd64: universe/ruby/optional -> main
libsemanage-ruby1.8 2.1.6-6 in raring armhf: universe/ruby/optional -> main
libsemanage-ruby1.8 2.1.6-6 in raring i386: universe/ruby/optional -> main
libsemanage-ruby1.8 2.1.6-6 in raring powerpc: universe/ruby/optional -> main
libsemanage1 2.1.6-6 in raring amd64: universe/libs/optional -> main
libsemanage1 2.1.6-6 in raring armhf: universe/libs/optional -> main
libsemanage1 2.1.6-6 in raring i386: universe/libs/optional -> main
libsemanage1 2.1.6-6 in raring powerpc: universe/libs/optional -> main
libsemanage1-dev 2.1.6-6 in raring amd64: universe/libdevel/optional -> main
libsemanage1-dev 2.1.6-6 in raring armhf: universe/libdevel/optional -> main
libsemanage1-dev 2.1.6-6 in raring i386: universe/libdevel/optional -> main
libsemanage1-dev 2.1.6-6 in raring powerpc: universe/libdevel/optional -> main
python-semanage 2.1.6-6 in raring amd64: universe/devel/optional -> main
python-semanage 2.1.6-6 in raring armhf: universe/devel/optional -> main
python-semanage 2.1.6-6 in raring i386: universe/devel/optional -> main
python-semanage 2.1.6-6 in raring powerpc: universe/devel/optional -> main
ruby-semanage 2.1.6-6 in raring amd64: universe/ruby/optional -> main
ruby-semanage 2.1.6-6 in raring armhf: universe/ruby/optional -> main
ruby-semanage 2.1.6-6 in raring i386: universe/ruby/optional -> main
ruby-semanage 2.1.6-6 in raring powerpc: universe/ruby/optional -> main
Override [y|N]? y

Looks like it was missed that cunit is also a dependency of this mess. Someone's going to need to review that as well. :/

MIR review:
 * Builds fine with just main
 * Interestingly, though it is a unit testing framework for C, it doesn't seem to include a test suite
 * no Ubuntu delta
 * FYI, it's a library but neither ships a symbols file nor uses dh_makeshlibs -V
 * It has a watch file
 * Update history is very slow
 * The latest release is packaged
 * lintian checks are fine
 * debian/rules uses older style, but is readable enough
 * There are some warnings about not checking the return code of fgets() in Console.c
 * Spot-checking the code, it has some old conventions and isn't doing bounds checking on strcpy or checking return codes. However, because of the old conventions, these string operations are happening on the stack or our compiler hardening should cover them
 * There aren't any important bugs in Debian or Ubuntu
 * There is no CVE history and nothing in the code dictates a more in-depth security review.

ACK provided the compiler warnings are addressed and the patches sent to Debian.

Override component to main
cunit 2.1-0.dfsg-10ubuntu1 in raring: universe/libs -> main
libcunit1 2.1-0.dfsg-10ubuntu1 in raring amd64: universe/libs/optional -> main
libcunit1 2.1-0.dfsg-10ubuntu1 in raring armhf: universe/libs/optional -> main
libcunit1 2.1-0.dfsg-10ubuntu1 in raring i386: universe/libs/optional -> main
libcunit1 2.1-0.dfsg-10ubuntu1 in raring powerpc: universe/libs/optional -> main
libcunit1-dev 2.1-0.dfsg-10ubuntu1 in raring amd64: universe/libdevel/optional -> main
libcunit1-dev 2.1-0.dfsg-10ubuntu1 in raring armhf: universe/libdevel/optional -> main
libcunit1-dev 2.1-0.dfsg-10ubuntu1 in raring i386: universe/libdevel/optional -> main
libcunit1-dev 2.1-0.dfsg-10ubuntu1 in raring powerpc: universe/libdevel/optional -> main
libcunit1-doc 2.1-0.dfsg-10ubuntu1 in raring amd64: universe/doc/optional -> main
libcunit1-doc 2.1-0.dfsg-10ubuntu1 in raring armhf: universe/doc/optional -> main
libcunit1-doc 2.1-0.dfsg-10ubuntu1 in raring i386: universe/doc/optional -> main
libcunit1-doc 2.1-0.dfsg-10ubuntu1 in raring powerpc: universe/doc/optional -> main
libcunit1-ncurses 2.1-0.dfsg-10ubuntu1 in raring amd64: universe/libs/optional -> main
libcunit1-ncurses 2.1-0.dfsg-10ubuntu1 in raring armhf: universe/libs/optional -> main
libcunit1-ncurses 2.1-0.dfsg-10ubuntu1 in raring i386: universe/libs/optional -> main
libcunit1-ncurses 2.1-0.dfsg-10ubuntu1 in raring powerpc: universe/libs/optional -> main
libcunit1-ncurses-dev 2.1-0.dfsg-10ubuntu1 in raring amd64: universe/libdevel/optional -> main
libcunit1-ncurses-dev 2.1-0.dfsg-10ubuntu1 in raring armhf: universe/libdevel/optional -> main
libcunit1-ncurses-dev 2.1-0.dfsg-10ubuntu1 in raring i386: universe/libdevel/optional -> main
libcunit1-ncurses-dev 2.1-0.dfsg-10ubuntu1 in raring powerpc: universe/libdevel/optional -> main
Override [y|N]? y

$ syncpackage --force cunit
syncpackage: Source cunit -> saucy/Proposed: current version 2.1-0.dfsg-11ubuntu1, new version 2.1-0.dfsg-12
syncpackage: New changes:
cunit (2.1-0.dfsg-12) unstable; urgency=low

  * Standards version 3.9.4.
  [Dmitrijs Ledkovs]
    * Check return value of fgets calls.
    * Compile in C99 mode to get snprintf support. (Closes: #710161)

 -- Philipp Benner <email address hidden> Sun, 23 Jun 2013 19:44:36 +0200
Sync this package [y|N]? y
syncpackage: Request succeeded; you should get an e-mail once it is processed.