file-5.41 uses AC_PROG_CC, and was generated with autoconf 2.69. That
oldish version of autoconf does not check the C standard when AC_PROG_CC
is called, and standard-specific macros must be called instead:
AC_PROG_CC_C89, AC_PROG_CC_C99, or AC_PROG_CC_STDC.
So we would need to patch configure.ac to call either of those options,
and then we'd have to autoreocnf.
However, that would autoreconf with our autoconf, version 2.71. In that
version, AC_PROG_CC always check what C standards are available and sets
the appropriate ac_cv_XXX variables, and the previous macros,
AC_PROG_CC_C89, AC_PROG_CC_C99, and AC_PROG_CC_STDC are deprecated.
So it turns out that we just need to autoreconf.
Fixes:
- http://autobuild.buildroot.org/results/9e7868be00f2cd18205b2ce664be95f8b9e2b063
- http://autobuild.buildroot.org/results/31cbc313fceb84c0cbb1969fca5ac44244871dbc
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
FOO_CPE_ID_VALID really ought to be an internal implementaion detail.
Packages that really want to trigger their CPE defintitions really
should set one of the actual variables to a meaningful value.
There are two CPE-related variables that we could chose to set to
replace FOO_CPE_ID_VALID: FOO_CPE_ID_VENDOR and FOO_CPE_ID_PRODUCT.
Between those two, _VENDOR more often diverges from the default than
_PRODUCT does, so that's what we use.
---8<------8<------8<------8<------8<---
#!/bin/bash
# Replace FOO_CPE_ID_VALID = YES with FOO_CPE_ID_VENDOR = foo_project
for i in $(git grep -l -E '[^)]_CPE_ID_VALID = YES' package support); do
pkg="$(basename "${i%/*}")"
sed -r -i -e "s/_CPE_ID_VALID = YES/_CPE_ID_VENDOR = ${pkg}_project/" "${i}"
done
---8<------8<------8<------8<------8<---
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: update cpe-test comment to reflect pkg3 change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-18218: cdf_read_property_info in cdf.c in file through 5.37 does
not restrict the number of CDF_VECTOR elements, which allows a heap-based
buffer overflow (4-byte out-of-bounds write).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has
an out-of-bounds read because memcpy is misused.
CVE-2019-8904: do_bid_note in readelf.c in libmagic.a in file 5.35 has a
stack-based buffer over-read, related to file_printf and file_vprintf.
Update license files hashes; removal of trailing white spaces.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-10360: The do_core_note function in readelf.c in
libmagic.a in file 5.33 allows remote attackers to cause a denial of
service (out-of-bounds read and application crash) via a crafted ELF
file.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added license hashes, added optional dependency to libseccomp provided
by upstream in this version bump.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-4c is BSD-4-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-4c/BSD-4-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-2c is BSD-2-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-3c is BSD-3-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Make license type lists more uniform:
* put content license applies to in parenthesis; ex: "GPLv2+ (programs)"
* use commas to separate types listed without conjuction; ex: "GPLv2, LGPLv2"
No attempt was made to validate the claimed licenses. This is just a tweak
to increase uniformity of the _LICENSE variables.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: replace semi-colons by commas in LIBURCU_LICENSE.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
