configure.ac: Disable auto-detection of libbsd

2025-04-13 08:02:56 +00:00 · 2017-06-01 20:40:36 +02:00 · 2017-06-01 20:40:36 +02:00 · 120bbbc8cf
commit 120bbbc8cf
parent f356fb56fb
2 changed files with 4 additions and 5 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -3,12 +3,11 @@ Release ??????????
                  CVE-2016-9063 -- Detect integer overflow
             #25  More integer overflow detection (function poolGrow)
                  Use high quality entropy for hash initialization:
-                    * arc4random_buf on BSD, systems with libbsd, CloudABI
+                    * arc4random_buf on BSD, systems with libbsd
+                      (when configured with --with-libbsd), CloudABI
                    * RtlGenRandom on Windows XP / Server 2003 and later
                    * getrandom on Linux 3.17+
                  In a way, that's still part of CVE-2016-5300.
-                  For packaging, feel free to configure using
-                  --(with|without)-libbsd to bypass auto-detection.
                  For run-time debug output, EXPAT_ENTROPY_DEBUG=1 can be used.

        Bug fixes:
--- a/expat/configure.ac
+++ b/expat/configure.ac
@ -101,8 +101,8 @@ AC_CHECK_FUNCS(memmove bcopy)


 AC_ARG_WITH([libbsd], [
-AS_HELP_STRING([--with-libbsd], [enforce use of libbsd])
-AS_HELP_STRING([--without-libbsd], [prohibit use of libbsd])])
+AS_HELP_STRING([--with-libbsd], [utilize libbsd (for arc4random_buf)])
+], [], [with_libbsd=no])
 AS_IF([test "x${with_libbsd}" != xno], [
  AC_CHECK_LIB([bsd], [arc4random_buf], [], [
    AS_IF([test "x${with_libbsd}" = xyes], [