lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 20 Jan 2019 16:32:55 +0100
From:   Sven Eckelmann <sven@...fation.org>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>,
        Simon Horman <horms+renesas@...ge.net.au>,
        Yoshinori Sato <ysato@...rs.sourceforge.jp>,
        Rich Felker <dalias@...c.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jonathan Corbet <corbet@....net>,
        b.a.t.m.a.n@...ts.open-mesh.org
Subject: Re: [patch 2/2] scripts/spdxcheck.py: Handle special quotation mark comments

On Wednesday, 16 January 2019 11.26.53 CET Thomas Gleixner wrote:
> The SuperH boot code files use a magic format for the SPDX identifier
> comment:
> 
>   LIST "SPDX-License-Identifier: .... "
> 
> The trailing quotation mark is not stripped before the token parser is
> invoked and causes the scan to fail. Handle it gracefully.
[...]

This patch introduces a false positive when checking files with an ANSI-C 
style /* SPDX-License-Identifier: .... */ comment line.

    $ ./scripts/checkpatch.pl -q -f include/linux/bug.h
    WARNING: 'SPDX-License-Identifier: GPL-2.0 */' is not supported in LICENSES/...
    #1: FILE: include/linux/bug.h:1:
    +/* SPDX-License-Identifier: GPL-2.0 */
    
    total: 0 errors, 1 warnings, 79 lines checked

checkpatch.pl is already stripping the "/* " prefix and only sends the 
remaining "SPDX-License-Identifier: GPL-2.0 */" via stdin to
scripts/spdxcheck.py. Thus the newly introduced check

> +                # Remove trailing comment closure
> +                if line.startswith('/*'):
> +                    expr = expr.rstrip('*/').strip()

doesn't match and thus the code doesn't remove the " */" at the end of the 
line.

Kind regards,
	Sven
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ