Reconsider usage of UBSAN

[jcharaoui]

The Debian security team believes the usage of UBSAN in HTTPDirFS may bring more harm than good:

This is a bad idea not only due to slower execution, but might even introduce vulnerabilities: https://www.openwall.com/lists/oss-security/2016/02/17/9

While there are safe usages of ubsan, httpdirfs being the only package in the archive that uses ubsan but not asan is something that sounds wrong and underreviewed.

Original bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031744

[jcharaoui]

Also making a note that since the bug has been reported with RC (release-critical) severity, unless we fix it in Debian, it will be removed from the upcoming stable release (bookworm).

[fangfufu]

Yeh, I don't think we actually need UBSAN. I just thought it might be a good idea when I added in. I didn't know it could introduce security vulnerability. I am just going to remove it for now, unless Adrian suggests that I should add ASAN alongside UBSAN, rather than just remove UBSAN.

[jcharaoui]

Closing as fixed.