This bug was fixed in the package cron - 3.0pl1-120ubuntu2
---
cron (3.0pl1-120ubuntu2) precise; urgency=low
* Drop build-dependency on libaudit, not in main and the security team
doesn't want it there. LP: #878155.
-- Steve LangasekThu, 20 Oct 2011 07:57:06 -0700
** Chan
> The security team is interested in audit in main as well, but as it is now,
> we don't want it.
Ok, thanks - will drop the build-dependency from cron.
** Changed in: audit (Ubuntu)
Status: New => Won't Fix
** Changed in: libev (Ubuntu)
Status: New => Won't Fix
** Changed in: lib
The security team is interested in audit in main as well, but as it is
now, we don't want it. auditd runs with a lot of privileges and can talk
over the network. We will be discussing auditd as part of
https://blueprints.launchpad.net/ubuntu/+spec/security-p-catch-all
--
You received this bug not
On 10/20/2011 01:23 AM, Steve Langasek wrote:
> This brings us in line with the Debian cron package, which links against
> libaudit. I was surprised to see that libaudit wasn't already in main.
FYI: by default, cron does not link against libaudit. Support for
libaudit is an optional feature that
I was puzzled by audit's build-dependency on libev, because there's no
binary dep. It turns out audit bundles its own copy of libev, and
statically links against it.
If libev is to be linked against dynamically, we need to move it to /lib
(currently in /usr/lib). If static linking is ok in this
This brings us in line with the Debian cron package, which links against
libaudit. I was surprised to see that libaudit wasn't already in main.
No major bugs on the package in Debian or in Ubuntu.
One secunia advisory for the package, from 2008.
http://secunia.com/advisories/29617/
The auditd
