<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><br>
<div class="moz-forward-container"><br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0"
cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Re: GlusterFS inclusion</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date:
</th>
<td>Mon, 28 Apr 2014 09:10:23 -0700</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From:
</th>
<td>Patricia Gaughen
<a class="moz-txt-link-rfc2396E" href="mailto:patricia.gaughen@canonical.com"><patricia.gaughen@canonical.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td>Joe Julian <a class="moz-txt-link-rfc2396E" href="mailto:me@joejulian.name"><me@joejulian.name></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>I've started the discussions internally. Will keep you posted.
On Thu, Apr 24, 2014 at 7:34 PM, Joe Julian <a class="moz-txt-link-rfc2396E" href="mailto:me@joejulian.name"><me@joejulian.name></a> wrote:
> Please help us get current releases of GlusterFS in Ubuntu proper. Contact
> myself for introductions or Louis 'semiosis' Zuckerman in #gluster. We are
> both board members and almost always on IRC.
</pre>
</div>
<br>
<br>
On 04/25/2014 09:14 AM, Joe Julian wrote:<br>
</div>
<blockquote cite="mid:535A89F8.9080207@julianfamily.org" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
GlusterFS was rejected during the security analysis with these
comments:<br>
<blockquote type="cite">
<p id="yui_3_10_3_1_1398442245235_54" style="margin: 0px 0px
0.8em; padding: 0px; width: auto; max-width: 45em; color:
rgb(51, 51, 51); font-family: 'Ubuntu Mono', monospace;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
18px; orphans: auto; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">here's just a list of
what I found while reading the code:</p>
<p style="margin: 0px 0px 0.8em; padding: 0px; width: auto;
max-width: 45em; color: rgb(51, 51, 51); font-family: 'Ubuntu
Mono', monospace; font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: 18px; orphans: auto; text-align: left;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; background-color: rgb(255, 255, 255);">- cppcheck reports
~20 real coding mistakes, perhaps a few false positives<br>
- get_uuid_<wbr>via_daemon(<wbr>) doesn't check fork() for
error return<br>
- rdd_valid_config() buffer overflow rdd_config.<wbr>out_file.<wbr>path<br>
- gf_cli_<wbr>print_limit_<wbr>list() doesn't check
sprintf(abspath) return value<br>
- rb_malloc() and rb_free() ignore their allocator argument<br>
Not a security problem, but might be very surprising<br>
- int_to_data() data_from_<wbr>[u]int{<wbr>64,32,16,<wbr>8}()
data_from_double()<br>
all re-calculate the length rather than use the return value
from<br>
gf_asprintf(). (Not a security problem, just redundant.)</p>
</blockquote>
Should we add cppcheck to Jenkins?<br>
<br>
</blockquote>
<br>
</body>
</html>