From e4c284e6b931fb4eabda57322fbcede798f63bef Mon Sep 17 00:00:00 2001 From: "Yann E. MORIN" Date: Sat, 6 Feb 2021 09:51:02 +0100 Subject: [PATCH] package/pkg-utils: escape \ in generated legal-info In the output of legal-info, which is JSON-formatted, we include the CPI_ID (when it is valid). For xerces, the CPE_ID contains two sequences of \+ (which is exactly what is present in the NIST DB, [0]). However, in JSON, like in C, \ escapes the following character; only a very limited set of characters are valid to escape: " \ / b f n r t u. Escaping any other character is invalid. Conformant JSON parser will choke on invalid sequences, and so does not the json python module: File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode obj, end = self.scan_once(s, idx) ValueError: Invalid \escape: line 1 column 608554 (char 608553) We fix that be globally escaping \ in our json output, in the generic sanitising macro. [0] https://nvd.nist.gov/products/cpe/detail/645?namingFormat=2.3&orderBy=CPEURI&keyword=xerces&status=FINAL Signed-off-by: Yann E. MORIN Signed-off-by: Peter Korsgaard --- package/pkg-utils.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package/pkg-utils.mk b/package/pkg-utils.mk index d94041de24..d0fcdd4e1d 100644 --- a/package/pkg-utils.mk +++ b/package/pkg-utils.mk @@ -167,8 +167,9 @@ endef clean-json = $(strip \ $(subst $(comma)},}, $(subst $(comma)$(space)},$(space)}, \ $(subst $(comma)],], $(subst $(comma)$(space)],$(space)], \ + $(subst \,\\, \ $(strip $(1)) \ - )))) \ + ))))) \ ) ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y) -- 2.30.2