From 44cba32f7c8ac6cddfabde3e60c541a952f438d5 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sat, 28 Jan 2023 04:17:28 -0800 Subject: [PATCH] update with latest u-config status of things --- content/blog/pkgconf-and-cve-2023-24056.md | 23 ++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/content/blog/pkgconf-and-cve-2023-24056.md b/content/blog/pkgconf-and-cve-2023-24056.md index 6aba9d1..13b6747 100644 --- a/content/blog/pkgconf-and-cve-2023-24056.md +++ b/content/blog/pkgconf-and-cve-2023-24056.md @@ -109,11 +109,11 @@ the potential to someday be a replacement to pkgconf. I am open to talking abou such a deprecation, even. However, after the initial blogpost (which contained disinformation about both -freedesktop pkg-config *and* pkgconf), there is additional disinformation from +freedesktop pkg-config *and* pkgconf), there was additional disinformation from another person who is enthusiastic about the u-config project. Notably, he -submitted a patch, which amongst other things, claims that `pkgconf` does not -consider `/usr/include` to be a system include path. When configured correctly, -it definitely does. For example, on Alpine Linux: +submitted a patch, which amongst other things, could be misinterpreted by readers +to conclude that `pkgconf` does not consider `/usr/include` as a system include +path. When configured correctly, it definitely does. For example, on Alpine Linux: pestilence:~$ pkgconf --dump-personality Triplet: default @@ -127,6 +127,21 @@ if it were true. [uc-disinfo]: https://github.com/skeeto/u-config/commit/c069c94d77e1381cf7d67b8283601c5e79a91534#diff-c1f8e1880984a1a513fbb1c1191ea62910de9f1656c89f30d41609fb7317080bR1563 +*Update (28 January 2023):* Since the initial publication of this blog, the comment +introduced in the above patch has been corrected to reflect a specific edge case +relating to `-I/usr/include` verses `-I /usr/include`. I believe the discrepancy +in the handling of both fragments to be a bug, one which was not reported to me, +but rather discussed only in the source code comment. The contributor of the patch +in question to u-config, in particular, has pointed the fact that they later changed +the source code comment to clarify the issue, as part of an attempt to deflect from +the point of this blog: discussing how the u-config author and contributors have +chosen to engage in bad faith with other pkg-config implementations (especially +pkgconf) from the beginning of their project. While I plan to fix the non-reported +discrepancy in the next pkgconf release, I will note that the u-config authors have +so far [chosen to not handle this edge case][uc-comment-2]. + + [uc-comment-2]: https://github.com/skeeto/u-config/blob/7b5d32f/u-config.c#L1679-L1686 + ## `pkg-config` implementations do specific things for a reason In the UNIX environment, the behavior of the system toolchain is static and