Create anchore-syft.yml

Rename UNLICENSE to Unlicense.txt
try to fix scorecard
12 changed files with 99 additions and 10 deletions
--- a/.github/workflows/anchore-syft.yml
+++ b/.github/workflows/anchore-syft.yml
@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, builds an image, performs a container image
+# scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency
+# submission API.
+
+# For more information on the Anchore sbom-action usage
+# and parameters, see https://github.com/anchore/sbom-action. For more
+# information about the Anchore SBOM tool, Syft, see
+# https://github.com/anchore/syft
+name: Anchore Syft SBOM scan
+
+on:
+  push:
+    branches: [ "master" ]
+
+permissions:
+  contents: write
+
+jobs:
+  Anchore-Build-Scan:
+    permissions:
+      contents: write # required to upload to the Dependency submission API
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v3
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag localbuild/testimage:latest
+    - name: Scan the image and upload dependency results
+      uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a
+      with:
+        image: "localbuild/testimage:latest"
+        artifact-name: image.spdx.json
+        dependency-snapshot: true
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -54,7 +54,7 @@ jobs:
          # For private repositories:
          #   - `publish_results` will always be set to `false`, regardless
          #     of the value entered here.
-          publish_results: true
+          publish_results: false

      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -81,10 +81,16 @@ else()
    set(LIVEINCLUDE ${LIVE}/groupsock/include ${LIVE}/liveMedia/include ${LIVE}/UsageEnvironment/include ${LIVE}/BasicUsageEnvironment/include)
    if (NOT EXISTS ${LIVE})
        file (DOWNLOAD ${LIVE555URL} ${CMAKE_BINARY_DIR}/live555-latest.tar.gz )
-        EXECUTE_PROCESS(COMMAND ${CMAKE_COMMAND} -E tar xvf ${CMAKE_BINARY_DIR}/live555-latest.tar.gz  RESULT_VARIABLE unpack_result)
+        message(STATUS "extract live555")
+        EXECUTE_PROCESS(COMMAND ${CMAKE_COMMAND} -E tar xf ${CMAKE_BINARY_DIR}/live555-latest.tar.gz  RESULT_VARIABLE unpack_result)
        if(NOT unpack_result STREQUAL "0")
            message(FATAL_ERROR "Fetching and compiling live555 failed!")
        endif()
+        message(STATUS "patch live555")
+        EXECUTE_PROCESS(COMMAND patch -d ${CMAKE_BINARY_DIR} -f -p 1 -i ${CMAKE_SOURCE_DIR}/patches/001_live555_sprintf_format RESULT_VARIABLE patch_result)
+        if(NOT patch_result STREQUAL "0")
+            message(FATAL_ERROR "Patching live555 failed! error:${patch_result}")
+        endif()        
    endif()
    FILE(GLOB LIVESOURCE ${LIVE}/groupsock/*.c* ${LIVE}/liveMedia/*.c* ${LIVE}/UsageEnvironment/*.c* ${LIVE}/BasicUsageEnvironment/*.c*)
    if (NOT OpenSSL_FOUND)
--- a/2
+++ b/2
@ -4,7 +4,7 @@ WORKDIR /v4l2rtspserver
 COPY . /v4l2rtspserver

 RUN apt-get update \
-    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates g++ autoconf automake libtool xz-utils cmake make pkg-config git wget libasound2-dev libssl-dev \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates g++ autoconf automake libtool xz-utils cmake make patch pkg-config git wget libasound2-dev libssl-dev \
    && cmake . && make install && apt-get clean && rm -rf /var/lib/apt/lists/

 FROM ubuntu:22.04
--- a/Dockerfile.arm64
+++ b/Dockerfile.arm64
@ -6,7 +6,7 @@ COPY . /v4l2rtspserver
 ARG ARCH=arm64

 RUN apt-get update \
-        && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates xz-utils cmake make pkg-config git wget gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libasound2-dev \
+        && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates xz-utils cmake make patch pkg-config git wget gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libasound2-dev \
        && cmake -DCMAKE_SYSTEM_PROCESSOR=${ARCH} -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM=NEVER -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=ONLY -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY -DCMAKE_FIND_ROOT_PATH_MODE_PACKAGE=ONLY . \
 	&& make install \
 	&& apt-get clean && rm -rf /var/lib/apt/lists/
--- a/Dockerfile.rpi
+++ b/Dockerfile.rpi
@ -6,9 +6,9 @@ COPY . /v4l2rtspserver
 ARG ARCH=armv7l

 RUN apt-get update \
-        && apt-get install -y --no-install-recommends ca-certificates xz-utils cmake make pkg-config git wget \
-	&&  git clone --depth 1 https://github.com/raspberrypi/tools.git /rpi_tools \
-        &&  export PATH=/rpi_tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin:$PATH \
+        && apt-get install -y --no-install-recommends ca-certificates xz-utils cmake make patch pkg-config git wget \
+	&& git clone --depth 1 https://github.com/raspberrypi/tools.git /rpi_tools \
+        && export PATH=/rpi_tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin:$PATH \
        && cmake -DCMAKE_SYSTEM_PROCESSOR=${ARCH} -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_C_COMPILER=arm-linux-gnueabihf-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabihf-g++ -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM=NEVER -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=ONLY -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY -DCMAKE_FIND_ROOT_PATH_MODE_PACKAGE=ONLY . \
 	&& make install \
 	&& apt-get clean && rm -rf /var/lib/apt/lists/
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
--- a/Unlicense.txt
+++ b/Unlicense.txt
--- a/inc/BaseServerMediaSubsession.h
+++ b/inc/BaseServerMediaSubsession.h
@ -46,7 +46,7 @@ class BaseServerMediaSubsession
                } else {
    	            m_format = BaseServerMediaSubsession::getAudioRtpFormat(device->getAudioFormat(), device->getSampleRate(), device->getChannels());						
                }
-                LOG(NOTICE) << "format:" << m_format;
+                LOG(NOTICE) << "RTP format:" << m_format;
 			}
 	    }

--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit b53e02a7c6f8fe69d1a4cdae9aed6e1ea9827ebd
+Subproject commit 81181c8ca49c56533dbf6b6fe59f13c77ba7f576
--- a/patches/001_live555_sprintf_format
+++ b/patches/001_live555_sprintf_format
@ -0,0 +1,25 @@
+From: Michel Promonet <michel.promonet@free.fr>
+Subject: [PATCH] Fix crash formating time_t as long (it is a long long)
+Signed-off-by: Michel Promonet <michel.promonet@free.fr>
+
+---
+--- a/live/liveMedia/ServerMediaSession.cpp
+++ b/live/liveMedia/ServerMediaSession.cpp
+@@ -272,7 +272,7 @@ char* ServerMediaSession::generateSDPDes
+ 
+     char const* const sdpPrefixFmt =
+       "v=0\r\n"
+-      "o=- %ld%06ld %d IN %s %s\r\n"
+      "o=- %lld%06lld %d IN %s %s\r\n"
+       "s=%s\r\n"
+       "i=%s\r\n"
+       "t=0 0\r\n"
+@@ -300,7 +300,7 @@ char* ServerMediaSession::generateSDPDes
+ 
+     // Generate the SDP prefix (session-level lines):
+     snprintf(sdp, sdpLength, sdpPrefixFmt,
+-	     fCreationTime.tv_sec, fCreationTime.tv_usec, // o= <session id>
+	     (long long)fCreationTime.tv_sec, (long long)fCreationTime.tv_usec, // o= <session id>
+ 	     1, // o= <version> // (needs to change if params are modified)
+ 	     addressFamily == AF_INET ? "IP4" : "IP6", // o= <address family>
+ 	     ipAddressStr.val(), // o= <address>
--- a/src/V4l2RTSPServer.cpp
+++ b/src/V4l2RTSPServer.cpp
@ -59,7 +59,6 @@ StreamReplicator* V4l2RTSPServer::CreateVideoReplicator(
 				LOG(FATAL) << "No Streaming format supported for device " << videoDev;
 				delete videoCapture;
 			} else {
-				LOG(NOTICE) << "Create Source ..." << videoDev;
 				videoReplicator = DeviceSourceFactory::createStreamReplicator(this->env(), videoCapture->getFormat(), new VideoCaptureAccess(videoCapture), queueSize, captureMode, outfd, repeatConfig);
 				if (videoReplicator == NULL) 
 				{
Author	SHA1	Message	Date
Michel Promonet	95caddff15	Create anchore-syft.yml	2 months ago
Michel Promonet	aff10d0819	Rename UNLICENSE to Unlicense.txt	2 months ago
Michel Promonet	031dae8d5d	try to fix scorecard	2 months ago
Michel Promonet	9e6a6af309	Create SECURITY.md	2 months ago
Michel Promonet	42c1881a61	add patch command	2 months ago
Michel Promonet	63ccf0df52	include live555 patch	2 months ago
Michel Promonet	d390f12567	update logs	2 months ago