Main Inclusion Report for libpciaccess

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/libp/libpciaccess; available for all architectures

2. Rationale:

   • Introduced as part of Xorg's PCI Rework. Had been considered optional for xserver 1.3 and 1.4, but is a required dependency for xserver 1.5, which we'll be shipping in Intrepid.

   • Required dependency for the intel_reg_dumper debugging tool. Currently we disable building it due to the missing libpciaccess dependency, but upstream sometimes requests use of it by our users when upstreaming bug reports.

3. Security:

   • CVE entries: None

   • Secunia history: None

   • Binaries: Primarily a library. Includes one binary executable scanpci, which does not require suid to run

   • Network activity: Does not open ports, nor does it perform any network activity.

   • Probes PCI devices and processes binary data retrieved from hardware
   • Source code review: I've browsed through the code, looking for obvious red flags and did not see anything, however I'm no security guru. The malloc/memcpy routines, and linux_devmem.c could probably benefit from a closer analysis. -- bryce

4. Quality assurance:

   • In what situations does the package not work out of the box without configuration ? none

   • Does the package ask any debconf questions higher than priority 'medium' ? no

   • Debian bugs: 2 bugs, one particular to platforms alpha, parisc, mips, and m68k, which are not important platforms for Ubuntu. Other is is an issue that pciutils now provides /usr/share/misc/pci.ids.gz as a compressed file, and libpciaccess needs gzip support as a result; on Ubuntu intrepid though, our /usr/share/misc/pci.ids is not compressed so we're okay.

   • Maintenance in Debian is calm ?

   • Upstream is lightly active (mostly 1-3 line fixes)

   • Upstream bug tracker: 4 bugs filed, none terribly important for Ubuntu

   • Hardware: This package interacts with hardware by performing PCI device scans. This is derived from existing Xorg functionality so is not terribly exotic.

   • Test suite: none available

5. Standards compliance:

   • FHS, Debian Policy compliance ? yes

   • Debian library packaging guide standards compliance ? yes

   • Packaging system (debhelper/cdbs/dbs): debhelper

   • Patch system: none

   • Packaging oddities: none

6. Dependencies:

   • Only debhelper, which is in main

7. Background information:

   • This library has always been called libpciaccess
   • libpciaccess was introduced as part of Xorg's PCI Rework, in which PCI device detection is moved from the xserver to the individual drivers. A benefit of this change is that if a new version of the driver gains support for additional PCI ID's, then it can claim them directly, rather than requiring the xserver to be patched.

Reviewers

MIR bug: https://bugs.launchpad.net/ubuntu/+bug/239614

Author: Bryce Harrington