On Sun, Apr 8, 2012 at 10:19, Clifford Yapp <cliffy...@gmail.com> wrote: > > On Sun, Apr 8, 2012 at 8:59 AM, Tom Browder <tom.brow...@gmail.com> wrote: >> >> On Sun, Apr 8, 2012 at 07:48, Tom Browder <tom.brow...@gmail.com> wrote: >> > On Sat, Apr 7, 2012 at 21:53, Clifford Yapp <cliffy...@gmail.com> wrote: >> ... >> > I'm still investigating... >> >> All works with an autotools build--perhaps a cmake problem with the tcl >> stuff? > > > Conceivable. What are the details of the errors?
For one thing, I just noticed that "make" env | grepp with autotools removes the regress/CMakeLists.txt, that is confusing the issue! Okay, I just found a disconnect with the tcl library version--cured that with an install BEFORE the regress check (did tcl bump a patch number recently?). Now regression failure has changed to this for both builds: ERROR: relos does not exist! Output: invalid command name "relos" But, for cmake, the regression fails at that point. For autotools, there is another regression failure: /bin/sh ../regress/flawfinder.sh .. running flawfinder... Error: File ended while in string. Error: File ended while in string. Error: File ended while in comment. Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 ../src/other/jove/jove_io.c:564: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead. ../src/other/libz/contrib/untgz/untgz.c:32: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/libz/contrib/untgz/untgz.c:277: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/libz/examples/gun.c:526: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/libz/examples/gun.c:529: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead. ../src/other/openNURBS/opennurbs_object.cpp:856: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add). Consider strlcat or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. ../src/other/step/src/clprobe-ui/stepenteditor.cc:166: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add). Consider strlcat or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. ../src/other/step/src/exppp/exppp.c:270: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:457: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach. ../src/other/tcl/unix/tclUnixFCmd.c:840: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:872: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1268: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1270: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1489: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1553: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1645: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFile.c:788: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach. ../src/other/tcl/unix/tclUnixFile.c:959: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach. ../src/other/tcl/unix/tclUnixTest.c:730: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/win/tclWinFile.c:1898: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach. ../src/other/tcl/win/tclWinTest.c:777: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. Hits = 21 Lines analyzed = 2377147 in 54.61 seconds (43934 lines/second) Physical Source Lines of Code (SLOC) = 1646674 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 21 Hits@level+ = [0+] 21 [1+] 21 [2+] 21 [3+] 21 [4+] 21 [5+] 21 Hits/KSLOC@level+ = [0+] 0.012753 [1+] 0.012753 [2+] 0.012753 [3+] 0.012753 [4+] 0.012753 [5+] 0.012753 Minimum risk level = 5 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! -> flawfinder.sh FAILED For both builds, mged is working again. Thanks, Cliff. Best, -Tom ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ BRL-CAD Developer mailing list brlcad-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/brlcad-devel
