Bug#789256: cmus: Pulls in unwanted and potentially dangerous DECnet packages through libroar2

John Paul Adrian Glaubitz glaubitz at physik.fu-berlin.de
Fri Jun 19 08:52:01 UTC 2015 

Package: cmus
Version: 2.5.0-7+b1
Severity: serious
Justification: potentially breaks other packages

Hello!

As previously discussed, I am opening a bug report against cmus to drop
ROAR support from cmus. The reason is that ROAR still depends on libdnet
which is potentially dangerous as it may disrupt a user's network
configuration [1] for users who run apt-get with --install-suggests
and a consequently, the removal of ROAR audio support was previously
requested in Debian [2] as well as Ubuntu [3].

Furthermore, it has been observed, that ROAR with DECnet even directly
affects cmus now, rendering the package unusable after installation,
being stuck directly after starting cmus:

glaubitz at z6:~> cmus
getnodeadd: Can not open /etc/decnet.conf

I therefore request the removal of ROAR support in cmus completely. If
anyone needs this feature, they can just rebuild cmus locally since
apparently there aren't any users for ROAR audio besides its original
maintainer and his buddy who requested re-adding the feature in [4].

Thanks,
Adrian

> [1] https://lists.debian.org/debian-user/2011/09/msg00287.html
> [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675610
> [3] https://bugs.launchpad.net/ubuntu/+source/cmus/+bug/923027
> [4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680745

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (99, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cmus depends on:
ii  libao4          1.1.0-3
ii  libasound2      1.0.28-1
ii  libc6           2.19-18
ii  libcddb2        1.3.2-5
ii  libcdio-cdda1   0.83-4.2
ii  libcdio13       0.83-4.2
ii  libcue1         1.4.0-1
ii  libfaad2        2.8.0~cvs20150510-1
ii  libflac8        1.3.1-2
ii  libmad0         0.15.1b-8
ii  libmodplug1     1:0.8.8.4-4.1+b1
ii  libmpcdec6      2:0.1~r459-4.1
ii  libncursesw5    5.9+20150516-2
ii  libtinfo5       5.9+20150516-2
ii  libvorbisfile3  1.3.4-2
ii  libwavpack1     4.75.0-1

Versions of packages cmus recommends:
ii  cmus-plugin-ffmpeg  2.5.0-7+b1
ii  libpulse0           6.0-2
ii  libroar2            1.0~beta11-1

cmus suggests no packages.

-- no debconf information

More information about the pkg-multimedia-maintainers mailing list