[Bug 1987678] Re: Update jansson 2.14 in jammy

Hon Ming Hui 1987678 at bugs.launchpad.net
Thu Aug 25 16:42:01 UTC 2022 

Testing I did
1. I have built jansson 2.14 on all architecture in my personal PPA. https://launchpad.net/~hm-hui/+archive/ubuntu/sru-all/+packages

2. Verified the bug with a private package on arm64 platform on jammy
and the bug gone after the package is rebuilt with jansson 2.14 in
jammy.

3. Upgrade jansson to 2.14 on an amd64 desktop and performed some basic
functions with network-manager without any issue. Also there aren't any
interruption during upgrade/downgrade of jansson library

4. Use emacs to do some json file formatting and editing with jansson
2.14 installed. No issues discovered.

** Summary changed:

- Update jansson 2.14 in jammy
+ Backport jansson 2.14 to jammy from kinetic

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1987678

Title:
  Backport jansson 2.14 to jammy from kinetic

Status in jansson package in Ubuntu:
  New

Bug description:
  [Impact]

   * jansson 2.13 has a symbol conflict with json-c
  library.(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966398 &
  https://github.com/akheron/jansson/issues/523). So an application is
  linking to both jansson and json-c, there will be 50% of chance that
  it reference to a wrong symbol, which need to SIGSEGV

   * In order to fix this issue, both json-c and jansson need to add
  symbol versioning. jansson library added this in 2.14(not yet in
  jammy) while json-c added in 0.15 (already in jammy)

   * And the affecting application should rebuild against the latest
  json-c and jansson libraries in order to have the correct symbol
  linked

  
  [Test Plan]
   * jansson is basically available in all of the cpu architecture. So the 1st test will be building in a personal ppa and see if it can be built in every platform. 

   * Some of the library mentioned in the upstream issue checker can be
  used to verify the fix. But since I am working on a package in a
  private project which is hitting the issue. I am testing with my
  private packages(which is on arm64 platform)

   * Looking into the packages that depends on jansson. There are a large number of packages including network-manager. So I tried to pick 2 packages on my desktop to verify if there is regression
  1. network-manager, since it is widely used in Ubuntu
  2. emacs, since jansson is a JSON parser, so I pick an application that I can do some operation on JSON(e.g. formatting in emacs)
   

  [Where problems could occur]

   * jansson upstream is well maintained and there is also CI test job.
  jansson 2.14 is also packaged and maintained by Debian community. It
  is available for a few months already. So in general, the risk of
  regression is low in that perspective.

   * When looking into the changes between 2.13 and 2.14. There are
  changes in test coverage and some tidy up on the build scripts. The
  changes look safe but certainly there can be mistake and behaviour
  changes. But jansson do not depends on other packages and so this kind
  of regression on build script should be easily caught by test builds
  in different architecture and a simple integration test with package
  that depends on jansson.

   * On the library itself, it added symbol versioning to fix the bug
  and at the same time there are 3 new API added in 2.14. But these
  changes should be backward compatible. But since there is new symbols
  added, there can be new symbol conflict with other library but the
  impact should just be similar to the original bug that it is already
  conflict with json-c. There are alos misc fixes in like snprintf
  checking which looks to be safe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jansson/+bug/1987678/+subscriptions

More information about the Ubuntu-sponsors mailing list