Skip to content

Commit

Permalink
Update CRAN comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@jennybc
jennybc committed Dec 19, 2018
1 parent 4e8d775 commit 98b5a03
Showing 1 changed file with 16 additions and 28 deletions.
44 changes: 16 additions & 28 deletions cran-comments.md
View file
@@ -1,43 +1,31 @@
## Test environments

* local macOS Sierra 10.12.6 + R 3.4.3
* macOS Sierra 10.12.6 + R 3.4.4 via travis-ci
* OS X El Capitan 10.11.6 + R 3.4.4 via travis-ci
* local macOS Mojave 10.14.1 + R 3.5.1
* macOS Sierra 10.12.6 + R 3.5.1 via travis-ci
* OS X El Capitan 10.11.6 + R 3.5.1 via travis-ci
* Ubuntu trusty (14.04.5 LTS) via travis-ci
- R-oldrel = R 3.3.3
- R-release = R 3.4.4
- R-devel = R (unstable) (2018-04-16 r74611)
* local Windows 10 VM, R 3.4.3
* Windows Server 2012 + R 3.5.0 RC (2018-04-15 r74605) via appveyor
* Windows + R 3.4.4 & 3.5.0 beta (2018-04-13 r74592) via win-builder
- R 3.1.3, 3.2.5, 3.3.3
- R-oldrel = R 3.4.4
- R-release = R 3.5.1
- R-devel = (unstable) (2018-12-19 r75866)
* local Windows 10 VM, R 3.5.1
* Windows Server 2012 + 3.5.1 Patched (2018-12-08 r75805) via appveyor
* Windows + R 3.5.1 & Under development (unstable) (2018-12-17 r75857) via win-builder

## R CMD check results

There are no errors and no warnings. On some platforms, but not all, I see this NOTE:
I see no errors, warnings, or notes for readxl.

installed size is 5.2Mb
sub-directories of 1Mb or more:
libs 3.8Mb

This NOTE is not new and can currently be seen for the CRAN version on r-devel-linux-x86_64-fedora-gcc.
The current CRAN results for clang-UBSAN and gcc-UBSAN note a misaligned address for type 'DWORD', emanating from the embedded libxls library. I believe I have gotten this fixed upstream and, therefore, in the current submission.

The main reason for this release is to include an updated version of the embedded libxls library, which has been patched to address these CVEs:

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404

FYI the same firm also posted two other CVEs that mention readxl, but then go on clarify that the vulnerabilities do not actually affect readxl (they have also been fixed in libxls for years):

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
The main reason for this release is to prepare for a coming release of the tibble package, which readxl depends on.

readxl fails on big-endian platforms due to endian-ness bugs in the wrapped libxls library. This has always been the case and nothing has changed.

## Reverse dependencies

I attempted to check all 67 reverse dependencies and succeeded with 65. I compared check results between the current CRAN version of readxl and this submission.
I attempted to check all 88 reverse dependencies (CRAN and BioC) and succeeded with 83. I compared check results between the current CRAN version of readxl and this submission.

For these 65, there are no notes, warnings or errors that appear to be related to readxl, nor any that differ between checks run with readxl v1.0.0 and v1.1.0.
For these 83, there are no notes, warnings or errors that appear to be related to readxl, nor any that differ between checks run with readxl v1.1.0 and v1.2.0.

I was unable to check 2 packages (rattle, Ricetl) due to onerous installation requirements.
I was unable to check 5 packages (DAPAR, dynBiplotGUI, lpirfs, PCRedux, zooaRchGUI) for various combinations of these reasons: installation/compilation failure, R CMD check timed out, missing external dependencies.

0 comments on commit 98b5a03

Please sign in to comment.