diff options
Diffstat (limited to 'distro')
-rw-r--r-- | distro/base.scm | 3 | ||||
-rw-r--r-- | distro/patches/diffutils-gets-undeclared.patch | 71 |
2 files changed, 74 insertions, 0 deletions
diff --git a/distro/base.scm b/distro/base.scm index 78beb9f6c3..fc4308b0d9 100644 --- a/distro/base.scm +++ b/distro/base.scm @@ -273,6 +273,9 @@ producing patched versions.") (base32 "0jci0wv68025xd0s0rq4s5qxpx56dd9d730lka63qpzk1rfvfkxb")))) (build-system gnu-build-system) + (inputs `(("patch/gets" + ,(search-patch "diffutils-gets-undeclared.patch")))) + (arguments `(#:patches (list (assoc-ref %build-inputs "patch/gets")))) (description "Programs to find differences among text files") (long-description "GNU Diffutils is a package of several programs related to finding diff --git a/distro/patches/diffutils-gets-undeclared.patch b/distro/patches/diffutils-gets-undeclared.patch new file mode 100644 index 0000000000..b6cdc77caa --- /dev/null +++ b/distro/patches/diffutils-gets-undeclared.patch @@ -0,0 +1,71 @@ +This patch is needed to allow builds with newer versions of +the GNU libc (2.16+). + + +commit 66712c23388e93e5c518ebc8515140fa0c807348 +Author: Eric Blake <eblake@redhat.com> +Date: Thu Mar 29 13:30:41 2012 -0600 + + stdio: don't assume gets any more + + Gnulib intentionally does not have a gets module, and now that C11 + and glibc have dropped it, we should be more proactive about warning + any user on a platform that still has a declaration of this dangerous + interface. + + * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets + support. + * modules/stdio (Makefile.am): Likewise. + * lib/stdio-read.c (gets): Likewise. + * tests/test-stdio-c++.cc: Likewise. + * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment. + * lib/stdio.in.h (gets): Make warning occur in more places. + * doc/posix-functions/gets.texi (gets): Update documentation. + Reported by Christer Solskogen. + + Signed-off-by: Eric Blake <eblake@redhat.com> + +diff --git a/lib/stdio.in.h b/lib/stdio.in.h +index aa7b599..c377b6e 100644 +--- a/lib/stdio.in.h ++++ b/lib/stdio.in.h +@@ -698,22 +698,11 @@ _GL_WARN_ON_USE (getline, "getline is unportable - " + # endif + #endif + +-#if @GNULIB_GETS@ +-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@ +-# if !(defined __cplusplus && defined GNULIB_NAMESPACE) +-# undef gets +-# define gets rpl_gets +-# endif +-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1))); +-_GL_CXXALIAS_RPL (gets, char *, (char *s)); +-# else +-_GL_CXXALIAS_SYS (gets, char *, (char *s)); +-# undef gets +-# endif +-_GL_CXXALIASWARN (gets); + /* It is very rare that the developer ever has full control of stdin, +- so any use of gets warrants an unconditional warning. Assume it is +- always declared, since it is required by C89. */ ++ so any use of gets warrants an unconditional warning; besides, C11 ++ removed it. */ ++#undef gets ++#if HAVE_RAW_DECL_GETS + _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); + #endif + +@@ -1053,9 +1042,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - " + # endif + #endif + +-/* Some people would argue that sprintf should be handled like gets +- (for example, OpenBSD issues a link warning for both functions), +- since both can cause security holes due to buffer overruns. ++/* Some people would argue that all sprintf uses should be warned about ++ (for example, OpenBSD issues a link warning for it), ++ since it can cause security holes due to buffer overruns. + However, we believe that sprintf can be used safely, and is more + efficient than snprintf in those safe cases; and as proof of our + belief, we use sprintf in several gnulib modules. So this header |