Re: [MacPorts] #54009: libsndfile @1.0.27: update to 1.0.28

[Ryan Schmidt]

Yes, I would include as much of

https://github.com/erikd/libsndfile/commit/170a10ab8d4e6e395e68ee258edb077e80c1215d

as is relevant to fix this issue (i.e. not the part that changes the version 
number). You'll then need to "use_autoreconf yes" too, since the patch modify 
configure.ac and configure will need to be regenerated. If the project uses an 
autogen.sh script, use that instead.

-Ryan


> On Apr 26, 2017, at 02:43, Jan Stary  wrote:
> 
> libsndfile 1.0.28 has introduced "-Wvla" into its compilation options,
> which means it no longer builds on my 10.6.8 which comes with gcc 4.2.1.
> 
>  cc1: error: unrecognized command line option "-Wvla"
> 
> I brought that up on the sndfile mailing list,
> upstream already has a fix for it in their git
> (i.e. check first that the compiler support -Wvla).
> 
> It builds fine with e.g. gcc-4.3 that comes with macports.
> 
> Until upstreams releases the fixed version, what do I do?
> Rather than messing with the choice of compiler (which I never did before),
> I would just patch the -Wvla away.
> 
> Are there any objections to that?
> (I thought I would ask here before posting the Portfile diff).
> 
>   Jan
> 
> 
> 
>> #54009: libsndfile @1.0.27: update to 1.0.28
>> --+
>> Reporter:  l2dy  |  Owner:  janstary
>> Type:  update| Status:  new
>> Priority:  Normal|  Milestone:
>> Component:  ports |Version:
>> Keywords:  security  |   Port:  libsndfile
>> --+
>> CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742.
>> 
>> All low impact from Red Hat CVE Database.

Re: [MacPorts] #54009: libsndfile @1.0.27: update to 1.0.28

[Jan Stary]

libsndfile 1.0.28 has introduced "-Wvla" into its compilation options,
which means it no longer builds on my 10.6.8 which comes with gcc 4.2.1.

  cc1: error: unrecognized command line option "-Wvla"

I brought that up on the sndfile mailing list,
upstream already has a fix for it in their git
(i.e. check first that the compiler support -Wvla).

It builds fine with e.g. gcc-4.3 that comes with macports.

Until upstreams releases the fixed version, what do I do?
Rather than messing with the choice of compiler (which I never did before),
I would just patch the -Wvla away.

Are there any objections to that?
(I thought I would ask here before posting the Portfile diff).

Jan



> #54009: libsndfile @1.0.27: update to 1.0.28
> --+
>  Reporter:  l2dy  |  Owner:  janstary
>  Type:  update| Status:  new
>  Priority:  Normal|  Milestone:
> Component:  ports |Version:
>  Keywords:  security  |   Port:  libsndfile
> --+
>  CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742.
> 
>  All low impact from Red Hat CVE Database.