Prior to this change, the check was for an explicit -Dnls=enabled,
however, if the option was never set, it defaulted to disabled. With
this change, unless explicitly disabled, the Meson build system will
automatically build with NLS support.
The previous version of the Meson build files did not handle the po
directory correctly, and lost a lot of information. As part of the
migration away from Autotools, this is one more item that needs to be
checked off.
CI: [ci skip] [doxy skip]
Meson is a far more robust build framework, compared to autotools. This
greatly simplifies adding new features, since it's far easier to
maintain a set of meson.build files vs the autotools mishmash.
DEPRECATION NOTICE: Autotools based build is deprecated and will be
removed in the future.
When the x52d daemon was originally implemented, the inih library was
not bundled with any major distribution, and had to be compiled from
source everytime. However, with recent distributions (starting with
Ubuntu 22.04 LTS), this is no longer an issue, and inih is available in
the distro package manager. As a result, there is no longer a need to
vendor the inih sources with thiis repository.
However, as a result of this change, third party packaging scripts such
as those on the AUR or other similar registries that directly query the
git repository will fail unless they update the dependencies.
BREAKING CHANGE: Packaging scripts (AUR, etc.) need dependency update
SonarQube cloud identified a maintainability issue based on MISRA C
guidelines that prohibit backward jumps. While not a mandatory fix, it
helps to clean up the codebase and improves readability.
Ref. MISRA C:2012, 15.2 - The goto statement shall jump to a label
declared later in the same function.
This change adds a test suite for libx52util, testing all the positive
cases where a character is added to the lookup table. For now, this test
suite only verifies single character mappings, not double character
mappings. A future commit will add test cases for characters not in the
map.
CodeQL identified a medium severity security issue with the action
definitions not including a permissions block as required by modern
security practices. This change ensures that the majority of the actions
force the token to be read-only and not accidentally write content back
into the repository.
This change adds the new permissions structure to the action definition,
and migrates away from the 3rd party action to an official action. This
was identified as a possible security vulnerability by CodeQL
Configuring the build with CFLAGS="-O2 -g -fanalyzer", we ran into some
build errors, which we address in this commit.
First off, GCC identified a false positive file descriptor leak in
x52d_client.c, this instance is suppressed to avoid breaking the build.
There was a bug in x52d_clock.c, where if the original timezone could
not have a copy due to malloc failure, it would fail when resetting the
TZ environment. This is fixed by ensuring the copy is valid.
Finally, there was a potential NULL pointer dereference if the pinelog
module messes up the log levels, and the lmap_get_string method ends up
returning a NULL which was passed to the DATA macro. This is fixed by
checking for NULL and handling it in case of failure.
libx52_exit dereferences the device pointer to deinitialize libusb.
However, a user could pass NULL to this function, resulting in a null
pointer dereference.
The pinelog_init function frees the module_level and module_name
pointers at the start of the function, but doesn't reset them back to
NULL. If a subsequent malloc fails, then it would attempt to free the
pointer again, resulting in a double-free situation.
However, this is only hit if the pinelog_init function is called more
than once. While this is not likely (given that I'm the only known user
of pinelog at this time), it's still good coding practice.
Prior to this change, if the input string terminates exactly when `len`
characters have been output, the libx52util_convert_utf8_string function
returns an error of `-E2BIG`, even though the buffer is sufficiently
large. Because the output buffer is not expected to be NUL terminated,
this additional character can be safely placed in the output buffer
without overrun.
This change checks for a non-NUL character when the index matches or
exceeds the output buffer length, and only then will it return -E2BIG.
The test case uses a negative value to force a test of the ID to string
functions in the abnormal case. However, this ends up with accessing the
expected array with a negative index. This is technically undefined
behavior, and may cause failures in some systems. This change ensures
that the negative values will be mapped directly to the unknown
string, without having to perform a negative index.
The libx52util_convert_utf8_string function manually converts the UTF-8
string into the character map supported by the X52/X52Pro MFD. However,
there was a bug when handling malformed UTF-8 input. If the state
machine thinks it is at the start of a word and receives malformed UTF-8
input (between 0x80 and 0xC0), it will ignore the characters, but it
will not reset the entry to the map_root location, thereby causing
subsequent characters to be dropped.
This change ensures that the entry is reset to map_root[*input] after
skipping over an invalid UTF-8 sequence.
As part of improving the privacy around the software, even though time
zone is not considered PII, it's still coarse location data that we
don't need at all. By using UTC, we can eliminate even this last bit of
identifying information from the bug reports.
In order to comply with recent privacy laws such as GDPR and CCPA, the
bug report utility has been updated to remove personally identifiable
information such as device serial number and system hostname from the
output.
In addition, this change also adds a PRIVACY.md file which describes how
this project handles data, in compliance with GDPR/CCPA. Documentation
is updated to link to the privacy document as well.
Version metadata was not updated to reflect the new version. This fixes
the version metadata and updates the changelog file to reflect the
reason why the older version was deprecated.
In macos-14, programs that rely on cmocka need to specify CMOCKA_CFLAGS
as part of their CFLAGS. This has not been an issue so far on older
versions of macOS, or on any release of Ubuntu, but it should be done to
ensure that the library headers can be found.
macos-12 builds fail with the following error message:
ld: warning: -undefined dynamic_lookup may not work with chained fixups
This causes the overall build status to be marked as fail, even though
macOS builds are not treated as failing the build. Also, macOS 12 is
going to effectively be end-of-lifed in November 2024, so it's not worth
spending the time to look into this.
Cmocka is optional for the builds, but the absence of cmocka causes the
Daemon build to fail when running `make check`. This commit addresses
that issue, while keeping tests that don't need cmocka.
`calloc` requires the count to be the first argument, and the size
parameter to be the second argument. However, this has not really caused
issues in the past, and older compilers were not so strict about it.
However, newer compilers (at least GCC 14) triggers a warning on this
and causes the build to fail.
Fixes#52
nirenjan
nirenjan
dependabot[bot]