The following script was applied:
sed ':a;/part of MXE.$/{N;s/\n//;ba}' -i $(git grep -l 'part of MXE')
sed 's/\(part of MXE\).*\(See index.html\)/\1. \2/' -i \
$(git grep -l 'part of MXE.*See index.html')
before='This file is part of MXE. See index.html for further information.'
after='This file is part of MXE. See LICENSE.md for licensing information.'
sed "s/$before/$after/" -i $(git grep -l 'part of MXE')
Then git grep 'index.html for further information' revealed two other files.
One of them was patched manually (patch.mk). Makefile has text
"See index.html for further information" unrelated to licensing.
See https://github.com/mxe/mxe/issues/1500#issuecomment-241340792
The original libgnurx is based off glibc 2.5, which has multiple known
vulnerabilities, including but not limited to:
- CVE-2013-0242: Buffer overflow in the extend_buffers function in the
regular expression matcher (posix/regexec.c) in glibc, possibly 2.17
and earlier, allows context-dependent attackers to cause a denial of
service (memory corruption and crash) via crafted multibyte
characters.
Most of the automatic conversion was done using the following Python script:
import os
import re
pkgs = sorted(mkfile[:-len('.mk')] for mkfile in os.listdir('src') if mkfile.endswith('.mk'))
with open('index.html', 'rb') as f:
index = f.read()
pkgs_index = re.findall('<td class="package">([^<]*)</td>', index)
assert pkgs_index == pkgs
versions = dict(re.findall('<td id="([^"]*)-version">([^<]*)</td>', index))
assert sorted(versions.keys()) == pkgs
for pkg in pkgs:
version = versions[pkg]
with open('src/' + pkg + '.mk', 'rb') as f:
mk = f.read()
checksumpos = mk.index('\n$(PKG)_CHECKSUM ')
versionline = '\n$(PKG)_VERSION := %(version)s' % {'version': version}
newmk = mk[:checksumpos] + versionline + mk[checksumpos:]
with open('src/' + pkg + '.mk', 'wb') as f:
f.write(newmk)
Tony Theodore
Viktor Szakats
Boris Nagaev
Timothy Gu
Uwe Hermann
Volker Grabsch
Volker Grabsch
Mark Brand
Moritz Bunkus