diff options
| author |   Alexey Neyman <stilor@att.net> | 2018-05-15 23:41:28 (GMT) |
|---|---|---|
| committer |   GitHub <noreply@github.com> | 2018-05-15 23:41:28 (GMT) |
| commit | d274ab06fe807b2a85223391de9aa484e9bbff08 (patch) | |
| tree | 3de1fc2aadf622ce02226f254d908d39e25e3988 | |
| parent | 844c83cac209ca7f99684dee14f1c3d64c6ee27e (diff) | |
| parent | 37ac0e8474883ce9202ef4e08b7d9f9f66ea8a5d (diff) | |
Merge pull request #967 from stilor/fix-building-older-glibc
Fix building older glibc
88 files changed, 4259 insertions, 31 deletions
diff --git a/config/libc/glibc.in b/config/libc/glibc.in index a297bb1..5916a83 100644 --- a/config/libc/glibc.in +++ b/config/libc/glibc.in @@ -320,4 +320,16 @@ config GLIBC_MIN_KERNEL default LINUX_VERSION if GLIBC_KERNEL_VERSION_AS_HEADERS default GLIBC_MIN_KERNEL_VERSION if GLIBC_KERNEL_VERSION_CHOSEN +# All supported versions of glibc build cleanly with GCC7 and earlier. +# GCC8-related fixes were only available in glibc 2.27. +config GLIBC_ENABLE_WERROR + bool "Enable -Werror during the build" + default y if GCC_7_or_older + default y if GCC_8_or_later && GLIBC_2_27_or_later + help + By default, glibc enables strict warning checks during the build. + However, older version of glibc may not build with newer versions + of the compiler than there were available at the time of a glibc + release (because newer compilers typically have better diagnostics). + endif # KERNEL_LINUX diff --git a/packages/glibc-linaro/2.20-2014.11/0011-strftime-multiple-stmts.patch b/packages/glibc-linaro/2.20-2014.11/0011-strftime-multiple-stmts.patch new file mode 100644 index 0000000..0f97e7d --- /dev/null +++ b/packages/glibc-linaro/2.20-2014.11/0011-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -738,12 +738,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc-linaro/2.20-2014.11/0012-if_nametoindex-size-check.patch b/packages/glibc-linaro/2.20-2014.11/0012-if_nametoindex-size-check.patch new file mode 100644 index 0000000..7976fdd --- /dev/null +++ b/packages/glibc-linaro/2.20-2014.11/0012-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -43,6 +43,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc-linaro/2.20-2014.11/0013-utmp-nonstring.patch b/packages/glibc-linaro/2.20-2014.11/0013-utmp-nonstring.patch new file mode 100644 index 0000000..a4570fb --- /dev/null +++ b/packages/glibc-linaro/2.20-2014.11/0013-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -393,6 +393,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc-linaro/2.20-2014.11/0014-getlogin_r-use-strnlen.patch b/packages/glibc-linaro/2.20-2014.11/0014-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..ff19964 --- /dev/null +++ b/packages/glibc-linaro/2.20-2014.11/0014-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -82,7 +82,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -91,7 +91,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc-linaro/2.20-2014.11/0015-zic.c-use-memcpy.patch b/packages/glibc-linaro/2.20-2014.11/0015-zic.c-use-memcpy.patch new file mode 100644 index 0000000..ef768aa --- /dev/null +++ b/packages/glibc-linaro/2.20-2014.11/0015-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1713,7 +1713,7 @@ + } + #define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp)) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.12.1/0045-strftime-multiple-stmts.patch b/packages/glibc/2.12.1/0045-strftime-multiple-stmts.patch new file mode 100644 index 0000000..e544b33 --- /dev/null +++ b/packages/glibc/2.12.1/0045-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -742,12 +742,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.12.1/0046-if_nametoindex-size-check.patch b/packages/glibc/2.12.1/0046-if_nametoindex-size-check.patch new file mode 100644 index 0000000..5803db5 --- /dev/null +++ b/packages/glibc/2.12.1/0046-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -54,6 +54,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.12.1/0047-utmp-nonstring.patch b/packages/glibc/2.12.1/0047-utmp-nonstring.patch new file mode 100644 index 0000000..b789724 --- /dev/null +++ b/packages/glibc/2.12.1/0047-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -350,6 +350,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.12.1/0048-getlogin_r-use-strnlen.patch b/packages/glibc/2.12.1/0048-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..15a16bd --- /dev/null +++ b/packages/glibc/2.12.1/0048-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -83,7 +83,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -92,7 +92,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.12.1/0049-zic.c-use-memcpy.patch b/packages/glibc/2.12.1/0049-zic.c-use-memcpy.patch new file mode 100644 index 0000000..4c89446 --- /dev/null +++ b/packages/glibc/2.12.1/0049-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1648,7 +1648,7 @@ + #define DO(field) (void) fwrite((void *) tzh.field, \ + (size_t) sizeof tzh.field, (size_t) 1, fp) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = ZIC_VERSION; + convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt); + convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.12.2/0008-strftime-multiple-stmts.patch b/packages/glibc/2.12.2/0008-strftime-multiple-stmts.patch new file mode 100644 index 0000000..e544b33 --- /dev/null +++ b/packages/glibc/2.12.2/0008-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -742,12 +742,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.12.2/0009-if_nametoindex-size-check.patch b/packages/glibc/2.12.2/0009-if_nametoindex-size-check.patch new file mode 100644 index 0000000..5803db5 --- /dev/null +++ b/packages/glibc/2.12.2/0009-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -54,6 +54,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.12.2/0010-utmp-nonstring.patch b/packages/glibc/2.12.2/0010-utmp-nonstring.patch new file mode 100644 index 0000000..b789724 --- /dev/null +++ b/packages/glibc/2.12.2/0010-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -350,6 +350,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.12.2/0011-getlogin_r-use-strnlen.patch b/packages/glibc/2.12.2/0011-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..15a16bd --- /dev/null +++ b/packages/glibc/2.12.2/0011-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -83,7 +83,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -92,7 +92,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.12.2/0012-zic.c-use-memcpy.patch b/packages/glibc/2.12.2/0012-zic.c-use-memcpy.patch new file mode 100644 index 0000000..4c89446 --- /dev/null +++ b/packages/glibc/2.12.2/0012-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1648,7 +1648,7 @@ + #define DO(field) (void) fwrite((void *) tzh.field, \ + (size_t) sizeof tzh.field, (size_t) 1, fp) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = ZIC_VERSION; + convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt); + convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.13/0044-strftime-multiple-stmts.patch b/packages/glibc/2.13/0044-strftime-multiple-stmts.patch new file mode 100644 index 0000000..e544b33 --- /dev/null +++ b/packages/glibc/2.13/0044-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -742,12 +742,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.13/0045-if_nametoindex-size-check.patch b/packages/glibc/2.13/0045-if_nametoindex-size-check.patch new file mode 100644 index 0000000..5803db5 --- /dev/null +++ b/packages/glibc/2.13/0045-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -54,6 +54,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.13/0046-utmp-nonstring.patch b/packages/glibc/2.13/0046-utmp-nonstring.patch new file mode 100644 index 0000000..b789724 --- /dev/null +++ b/packages/glibc/2.13/0046-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -350,6 +350,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.13/0047-getlogin_r-use-strnlen.patch b/packages/glibc/2.13/0047-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..15a16bd --- /dev/null +++ b/packages/glibc/2.13/0047-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -83,7 +83,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -92,7 +92,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.13/0048-zic.c-use-memcpy.patch b/packages/glibc/2.13/0048-zic.c-use-memcpy.patch new file mode 100644 index 0000000..4c89446 --- /dev/null +++ b/packages/glibc/2.13/0048-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1648,7 +1648,7 @@ + #define DO(field) (void) fwrite((void *) tzh.field, \ + (size_t) sizeof tzh.field, (size_t) 1, fp) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = ZIC_VERSION; + convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt); + convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.14.1/0044-strftime-multiple-stmts.patch b/packages/glibc/2.14.1/0044-strftime-multiple-stmts.patch new file mode 100644 index 0000000..e544b33 --- /dev/null +++ b/packages/glibc/2.14.1/0044-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -742,12 +742,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.14.1/0045-if_nametoindex-size-check.patch b/packages/glibc/2.14.1/0045-if_nametoindex-size-check.patch new file mode 100644 index 0000000..5803db5 --- /dev/null +++ b/packages/glibc/2.14.1/0045-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -54,6 +54,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.14.1/0046-utmp-nonstring.patch b/packages/glibc/2.14.1/0046-utmp-nonstring.patch new file mode 100644 index 0000000..b789724 --- /dev/null +++ b/packages/glibc/2.14.1/0046-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -350,6 +350,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.14.1/0047-getlogin_r-use-strnlen.patch b/packages/glibc/2.14.1/0047-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..15a16bd --- /dev/null +++ b/packages/glibc/2.14.1/0047-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -83,7 +83,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -92,7 +92,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.14.1/0048-zic.c-use-memcpy.patch b/packages/glibc/2.14.1/0048-zic.c-use-memcpy.patch new file mode 100644 index 0000000..4c89446 --- /dev/null +++ b/packages/glibc/2.14.1/0048-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1648,7 +1648,7 @@ + #define DO(field) (void) fwrite((void *) tzh.field, \ + (size_t) sizeof tzh.field, (size_t) 1, fp) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = ZIC_VERSION; + convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt); + convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.14/998-obstack-common.patch b/packages/glibc/2.14/998-obstack-common.patch deleted file mode 100644 index 4b95f06..0000000 --- a/packages/glibc/2.14/998-obstack-common.patch +++ /dev/null @@ -1,30 +0,0 @@ -commit 39b1f6172a2f9ddc74a8f82d6e84dd13b22dbaf2 -Author: Peter Collingbourne <pcc@google.com> -Date: Wed May 15 20:28:08 2013 +0200 - - Move _obstack_compat out of common - - it is impossible to create an alias of a common symbol (as - compat_symbol does), because common symbols do not have a section or - an offset until linked. GNU as tolerates aliases of common symbols by - simply creating another common symbol, but other assemblers (notably - LLVM's integrated assembler) are less tolerant. - - 2013-05-15 Peter Collingbourne <pcc@google.com> - - * malloc/obstack.c (_obstack_compat): Add initializer. - - - -diff --git a/malloc/obstack.c b/malloc/obstack.c -index 25a90514f7..c3c7db4a96 100644 ---- a/malloc/obstack.c -+++ b/malloc/obstack.c -@@ -115,7 +115,7 @@ int obstack_exit_failure = EXIT_FAILURE; - /* A looong time ago (before 1994, anyway; we're not sure) this global variable - was used by non-GNU-C macros to avoid multiple evaluation. The GNU C - library still exports it because somebody might use it. */ --struct obstack *_obstack_compat; -+struct obstack *_obstack_compat = 0; - compat_symbol (libc, _obstack_compat, _obstack, GLIBC_2_0); - # endif - # endif diff --git a/packages/glibc/2.15/0045-strftime-multiple-stmts.patch b/packages/glibc/2.15/0045-strftime-multiple-stmts.patch new file mode 100644 index 0000000..e544b33 --- /dev/null +++ b/packages/glibc/2.15/0045-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -742,12 +742,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.15/0046-if_nametoindex-size-check.patch b/packages/glibc/2.15/0046-if_nametoindex-size-check.patch new file mode 100644 index 0000000..5803db5 --- /dev/null +++ b/packages/glibc/2.15/0046-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -54,6 +54,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.15/0047-utmp-nonstring.patch b/packages/glibc/2.15/0047-utmp-nonstring.patch new file mode 100644 index 0000000..3943cdf --- /dev/null +++ b/packages/glibc/2.15/0047-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -375,6 +375,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -61,10 +61,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.15/0048-getlogin_r-use-strnlen.patch b/packages/glibc/2.15/0048-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..15a16bd --- /dev/null +++ b/packages/glibc/2.15/0048-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -83,7 +83,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -92,7 +92,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.15/0049-zic.c-use-memcpy.patch b/packages/glibc/2.15/0049-zic.c-use-memcpy.patch new file mode 100644 index 0000000..4c89446 --- /dev/null +++ b/packages/glibc/2.15/0049-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1648,7 +1648,7 @@ + #define DO(field) (void) fwrite((void *) tzh.field, \ + (size_t) sizeof tzh.field, (size_t) 1, fp) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = ZIC_VERSION; + convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt); + convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.16.0/0037-strftime-multiple-stmts.patch b/packages/glibc/2.16.0/0037-strftime-multiple-stmts.patch new file mode 100644 index 0000000..88e658b --- /dev/null +++ b/packages/glibc/2.16.0/0037-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -737,12 +737,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.16.0/0038-if_nametoindex-size-check.patch b/packages/glibc/2.16.0/0038-if_nametoindex-size-check.patch new file mode 100644 index 0000000..375bb95 --- /dev/null +++ b/packages/glibc/2.16.0/0038-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -44,6 +44,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.16.0/0039-utmp-nonstring.patch b/packages/glibc/2.16.0/0039-utmp-nonstring.patch new file mode 100644 index 0000000..1f47956 --- /dev/null +++ b/packages/glibc/2.16.0/0039-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -375,6 +375,15 @@ + # define __glibc_unlikely(cond) (cond) + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -60,10 +60,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.16.0/0040-getlogin_r-use-strnlen.patch b/packages/glibc/2.16.0/0040-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..ff19964 --- /dev/null +++ b/packages/glibc/2.16.0/0040-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -82,7 +82,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -91,7 +91,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.16.0/0041-zic.c-use-memcpy.patch b/packages/glibc/2.16.0/0041-zic.c-use-memcpy.patch new file mode 100644 index 0000000..8679c0a --- /dev/null +++ b/packages/glibc/2.16.0/0041-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1695,7 +1695,7 @@ + #define DO(field) (void) fwrite((void *) tzh.field, \ + (size_t) sizeof tzh.field, (size_t) 1, fp) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = ZIC_VERSION; + convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt); + convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.17/0013-strftime-multiple-stmts.patch b/packages/glibc/2.17/0013-strftime-multiple-stmts.patch new file mode 100644 index 0000000..88e658b --- /dev/null +++ b/packages/glibc/2.17/0013-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -737,12 +737,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.17/0014-if_nametoindex-size-check.patch b/packages/glibc/2.17/0014-if_nametoindex-size-check.patch new file mode 100644 index 0000000..375bb95 --- /dev/null +++ b/packages/glibc/2.17/0014-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -44,6 +44,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.17/0015-utmp-nonstring.patch b/packages/glibc/2.17/0015-utmp-nonstring.patch new file mode 100644 index 0000000..0ffcbcc --- /dev/null +++ b/packages/glibc/2.17/0015-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -382,6 +382,15 @@ + # define __glibc_unlikely(cond) (cond) + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -60,10 +60,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.17/0016-getlogin_r-use-strnlen.patch b/packages/glibc/2.17/0016-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..ff19964 --- /dev/null +++ b/packages/glibc/2.17/0016-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -82,7 +82,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -91,7 +91,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.17/0017-zic.c-use-memcpy.patch b/packages/glibc/2.17/0017-zic.c-use-memcpy.patch new file mode 100644 index 0000000..e5ab81e --- /dev/null +++ b/packages/glibc/2.17/0017-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1609,7 +1609,7 @@ + } + #define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp)) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = ZIC_VERSION; + convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt); + convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.18/0014-strftime-multiple-stmts.patch b/packages/glibc/2.18/0014-strftime-multiple-stmts.patch new file mode 100644 index 0000000..88e658b --- /dev/null +++ b/packages/glibc/2.18/0014-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -737,12 +737,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.18/0015-if_nametoindex-size-check.patch b/packages/glibc/2.18/0015-if_nametoindex-size-check.patch new file mode 100644 index 0000000..375bb95 --- /dev/null +++ b/packages/glibc/2.18/0015-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -44,6 +44,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.18/0016-utmp-nonstring.patch b/packages/glibc/2.18/0016-utmp-nonstring.patch new file mode 100644 index 0000000..378d62e --- /dev/null +++ b/packages/glibc/2.18/0016-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -382,6 +382,15 @@ + # define __glibc_likely(cond) (cond) + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.18/0017-getlogin_r-use-strnlen.patch b/packages/glibc/2.18/0017-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..ff19964 --- /dev/null +++ b/packages/glibc/2.18/0017-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -82,7 +82,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -91,7 +91,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.18/0018-zic.c-use-memcpy.patch b/packages/glibc/2.18/0018-zic.c-use-memcpy.patch new file mode 100644 index 0000000..e5ab81e --- /dev/null +++ b/packages/glibc/2.18/0018-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1609,7 +1609,7 @@ + } + #define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp)) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = ZIC_VERSION; + convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt); + convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.19/0012-strftime-multiple-stmts.patch b/packages/glibc/2.19/0012-strftime-multiple-stmts.patch new file mode 100644 index 0000000..88e658b --- /dev/null +++ b/packages/glibc/2.19/0012-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -737,12 +737,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.19/0013-if_nametoindex-size-check.patch b/packages/glibc/2.19/0013-if_nametoindex-size-check.patch new file mode 100644 index 0000000..375bb95 --- /dev/null +++ b/packages/glibc/2.19/0013-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -44,6 +44,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.19/0014-utmp-nonstring.patch b/packages/glibc/2.19/0014-utmp-nonstring.patch new file mode 100644 index 0000000..378d62e --- /dev/null +++ b/packages/glibc/2.19/0014-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -382,6 +382,15 @@ + # define __glibc_likely(cond) (cond) + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.19/0015-getlogin_r-use-strnlen.patch b/packages/glibc/2.19/0015-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..ff19964 --- /dev/null +++ b/packages/glibc/2.19/0015-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -82,7 +82,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -91,7 +91,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.19/0016-zic.c-use-memcpy.patch b/packages/glibc/2.19/0016-zic.c-use-memcpy.patch new file mode 100644 index 0000000..8b2b480 --- /dev/null +++ b/packages/glibc/2.19/0016-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1676,7 +1676,7 @@ + } + #define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp)) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.20/0012-strftime-multiple-stmts.patch b/packages/glibc/2.20/0012-strftime-multiple-stmts.patch new file mode 100644 index 0000000..0f97e7d --- /dev/null +++ b/packages/glibc/2.20/0012-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -738,12 +738,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.20/0013-if_nametoindex-size-check.patch b/packages/glibc/2.20/0013-if_nametoindex-size-check.patch new file mode 100644 index 0000000..7976fdd --- /dev/null +++ b/packages/glibc/2.20/0013-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -43,6 +43,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.20/0014-utmp-nonstring.patch b/packages/glibc/2.20/0014-utmp-nonstring.patch new file mode 100644 index 0000000..5a3da64 --- /dev/null +++ b/packages/glibc/2.20/0014-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -392,6 +392,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.20/0015-getlogin_r-use-strnlen.patch b/packages/glibc/2.20/0015-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..ff19964 --- /dev/null +++ b/packages/glibc/2.20/0015-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -82,7 +82,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -91,7 +91,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.20/0016-zic.c-use-memcpy.patch b/packages/glibc/2.20/0016-zic.c-use-memcpy.patch new file mode 100644 index 0000000..ef768aa --- /dev/null +++ b/packages/glibc/2.20/0016-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1713,7 +1713,7 @@ + } + #define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp)) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.21/0012-strftime-multiple-stmts.patch b/packages/glibc/2.21/0012-strftime-multiple-stmts.patch new file mode 100644 index 0000000..0f97e7d --- /dev/null +++ b/packages/glibc/2.21/0012-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -738,12 +738,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.21/0013-if_nametoindex-size-check.patch b/packages/glibc/2.21/0013-if_nametoindex-size-check.patch new file mode 100644 index 0000000..7976fdd --- /dev/null +++ b/packages/glibc/2.21/0013-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -43,6 +43,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.21/0014-utmp-nonstring.patch b/packages/glibc/2.21/0014-utmp-nonstring.patch new file mode 100644 index 0000000..dab4e02 --- /dev/null +++ b/packages/glibc/2.21/0014-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -399,6 +399,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #include <bits/wordsize.h> + + #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.21/0015-getlogin_r-use-strnlen.patch b/packages/glibc/2.21/0015-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..ff19964 --- /dev/null +++ b/packages/glibc/2.21/0015-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -82,7 +82,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -91,7 +91,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.21/0016-zic.c-use-memcpy.patch b/packages/glibc/2.21/0016-zic.c-use-memcpy.patch new file mode 100644 index 0000000..ef768aa --- /dev/null +++ b/packages/glibc/2.21/0016-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1713,7 +1713,7 @@ + } + #define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp)) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.22/0012-strftime-multiple-stmts.patch b/packages/glibc/2.22/0012-strftime-multiple-stmts.patch new file mode 100644 index 0000000..0f97e7d --- /dev/null +++ b/packages/glibc/2.22/0012-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -738,12 +738,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.22/0013-if_nametoindex-size-check.patch b/packages/glibc/2.22/0013-if_nametoindex-size-check.patch new file mode 100644 index 0000000..7976fdd --- /dev/null +++ b/packages/glibc/2.22/0013-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -43,6 +43,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.22/0014-utmp-nonstring.patch b/packages/glibc/2.22/0014-utmp-nonstring.patch new file mode 100644 index 0000000..98f142c --- /dev/null +++ b/packages/glibc/2.22/0014-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -399,6 +399,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #if (!defined _Static_assert && !defined __cplusplus \ + && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \ + && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__)) +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.22/0015-getlogin_r-use-strnlen.patch b/packages/glibc/2.22/0015-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..ff19964 --- /dev/null +++ b/packages/glibc/2.22/0015-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -82,7 +82,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -91,7 +91,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.22/0016-zic.c-use-memcpy.patch b/packages/glibc/2.22/0016-zic.c-use-memcpy.patch new file mode 100644 index 0000000..ef768aa --- /dev/null +++ b/packages/glibc/2.22/0016-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1713,7 +1713,7 @@ + } + #define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp)) + tzh = tzh0; +- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.23/0008-strftime-multiple-stmts.patch b/packages/glibc/2.23/0008-strftime-multiple-stmts.patch new file mode 100644 index 0000000..51983e4 --- /dev/null +++ b/packages/glibc/2.23/0008-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -715,12 +715,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.23/0009-if_nametoindex-size-check.patch b/packages/glibc/2.23/0009-if_nametoindex-size-check.patch new file mode 100644 index 0000000..7976fdd --- /dev/null +++ b/packages/glibc/2.23/0009-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -43,6 +43,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.23/0010-utmp-nonstring.patch b/packages/glibc/2.23/0010-utmp-nonstring.patch new file mode 100644 index 0000000..98f142c --- /dev/null +++ b/packages/glibc/2.23/0010-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -399,6 +399,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #if (!defined _Static_assert && !defined __cplusplus \ + && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \ + && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__)) +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.23/0011-getlogin_r-use-strnlen.patch b/packages/glibc/2.23/0011-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..110adcd --- /dev/null +++ b/packages/glibc/2.23/0011-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -80,7 +80,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -89,7 +89,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.23/0012-zic.c-use-memcpy.patch b/packages/glibc/2.23/0012-zic.c-use-memcpy.patch new file mode 100644 index 0000000..96d0f1d --- /dev/null +++ b/packages/glibc/2.23/0012-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1819,7 +1819,7 @@ + } + #define DO(field) fwrite(tzh.field, sizeof tzh.field, 1, fp) + tzh = tzh0; +- strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.24/0008-strftime-multiple-stmts.patch b/packages/glibc/2.24/0008-strftime-multiple-stmts.patch new file mode 100644 index 0000000..51983e4 --- /dev/null +++ b/packages/glibc/2.24/0008-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -715,12 +715,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.24/0009-if_nametoindex-size-check.patch b/packages/glibc/2.24/0009-if_nametoindex-size-check.patch new file mode 100644 index 0000000..7976fdd --- /dev/null +++ b/packages/glibc/2.24/0009-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -43,6 +43,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.24/0010-utmp-nonstring.patch b/packages/glibc/2.24/0010-utmp-nonstring.patch new file mode 100644 index 0000000..5aad8a3 --- /dev/null +++ b/packages/glibc/2.24/0010-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -404,6 +404,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #if (!defined _Static_assert && !defined __cplusplus \ + && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \ + && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__)) +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.24/0011-getlogin_r-use-strnlen.patch b/packages/glibc/2.24/0011-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..110adcd --- /dev/null +++ b/packages/glibc/2.24/0011-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -80,7 +80,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -89,7 +89,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.24/0012-zic.c-use-memcpy.patch b/packages/glibc/2.24/0012-zic.c-use-memcpy.patch new file mode 100644 index 0000000..96d0f1d --- /dev/null +++ b/packages/glibc/2.24/0012-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1819,7 +1819,7 @@ + } + #define DO(field) fwrite(tzh.field, sizeof tzh.field, 1, fp) + tzh = tzh0; +- strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.25/0007-strftime-multiple-stmts.patch b/packages/glibc/2.25/0007-strftime-multiple-stmts.patch new file mode 100644 index 0000000..51983e4 --- /dev/null +++ b/packages/glibc/2.25/0007-strftime-multiple-stmts.patch @@ -0,0 +1,73 @@ +commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb +Author: Joseph Myers <joseph@codesourcery.com> +Date: Tue Jun 27 17:12:13 2017 +0000 + + Fix strftime build with GCC 8. + + Building with current GCC mainline fails with: + + strftime_l.c: In function '__strftime_internal': + strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros] + digits = d > width ? d : width; \ + ^ + strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER' + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + ^~~~~~~~~ + strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause + else + ^~~~ + + In fact this particular instance is harmless; the code looks like: + + if (modifier == L_('O')) + goto bad_format; + else + DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE); + + and because of the goto, it doesn't matter that part of the expansion + isn't under the "else" conditional. But it's also clearly bad style + to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD + to use do { } while (0) to avoid such problems. + + Tested (full testsuite) for x86_64 (GCC 6), and with + build-many-glibcs.py with GCC mainline, in conjunction with my libgcc + patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>. + + * time/strftime_l.c (DO_NUMBER): Define using do { } while (0). + (DO_NUMBER_SPACEPAD): Likewise. + +--- + time/strftime_l.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/time/strftime_l.c ++++ b/time/strftime_l.c +@@ -715,12 +715,22 @@ + format_char = *f; + switch (format_char) + { +-#define DO_NUMBER(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number +-#define DO_NUMBER_SPACEPAD(d, v) \ +- digits = d > width ? d : width; \ +- number_value = v; goto do_number_spacepad ++#define DO_NUMBER(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number; \ ++ } \ ++ while (0) ++#define DO_NUMBER_SPACEPAD(d, v) \ ++ do \ ++ { \ ++ digits = d > width ? d : width; \ ++ number_value = v; \ ++ goto do_number_spacepad; \ ++ } \ ++ while (0) + + case L_('%'): + if (modifier != 0) diff --git a/packages/glibc/2.25/0008-if_nametoindex-size-check.patch b/packages/glibc/2.25/0008-if_nametoindex-size-check.patch new file mode 100644 index 0000000..7976fdd --- /dev/null +++ b/packages/glibc/2.25/0008-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -43,6 +43,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.25/0009-utmp-nonstring.patch b/packages/glibc/2.25/0009-utmp-nonstring.patch new file mode 100644 index 0000000..e5dd6f4 --- /dev/null +++ b/packages/glibc/2.25/0009-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -430,6 +430,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #if (!defined _Static_assert && !defined __cplusplus \ + && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \ + && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__)) +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.25/0010-getlogin_r-use-strnlen.patch b/packages/glibc/2.25/0010-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..110adcd --- /dev/null +++ b/packages/glibc/2.25/0010-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -80,7 +80,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -89,7 +89,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.25/0011-zic.c-use-memcpy.patch b/packages/glibc/2.25/0011-zic.c-use-memcpy.patch new file mode 100644 index 0000000..96d0f1d --- /dev/null +++ b/packages/glibc/2.25/0011-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1819,7 +1819,7 @@ + } + #define DO(field) fwrite(tzh.field, sizeof tzh.field, 1, fp) + tzh = tzh0; +- strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/2.26/0002-if_nametoindex-size-check.patch b/packages/glibc/2.26/0002-if_nametoindex-size-check.patch new file mode 100644 index 0000000..7976fdd --- /dev/null +++ b/packages/glibc/2.26/0002-if_nametoindex-size-check.patch @@ -0,0 +1,29 @@ +commit 2180fee114b778515b3f560e5ff1e795282e60b0 +Author: Steve Ellcey <sellcey@caviumnetworks.com> +Date: Wed Nov 15 08:58:48 2017 -0800 + + Check length of ifname before copying it into to ifreq structure. + + [BZ #22442] + * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): + Check if ifname is too long. + +--- + sysdeps/unix/sysv/linux/if_index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sysdeps/unix/sysv/linux/if_index.c ++++ b/sysdeps/unix/sysv/linux/if_index.c +@@ -43,6 +43,12 @@ + if (fd < 0) + return 0; + ++ if (strlen (ifname) >= IFNAMSIZ) ++ { ++ __set_errno (ENODEV); ++ return 0; ++ } ++ + strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) + { diff --git a/packages/glibc/2.26/0003-utmp-nonstring.patch b/packages/glibc/2.26/0003-utmp-nonstring.patch new file mode 100644 index 0000000..bfcaad8 --- /dev/null +++ b/packages/glibc/2.26/0003-utmp-nonstring.patch @@ -0,0 +1,80 @@ +commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c +Author: Martin Sebor <msebor@redhat.com> +Date: Wed Nov 15 17:39:59 2017 -0700 + + The -Wstringop-truncation option new in GCC 8 detects common misuses + of the strncat and strncpy function that may result in truncating + the copied string before the terminating NUL. To avoid false positive + warnings for correct code that intentionally creates sequences of + characters that aren't guaranteed to be NUL-terminated, arrays that + are intended to store such sequences should be decorated with a new + nonstring attribute. This change add this attribute to Glibc and + uses it to suppress such false positives. + + ChangeLog: + * misc/sys/cdefs.h (__attribute_nonstring__): New macro. + * sysdeps/gnu/bits/utmp.h (struct utmp): Use it. + * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same. + +--- + misc/sys/cdefs.h | 9 +++++++++ + sysdeps/gnu/bits/utmp.h | 9 ++++++--- + sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++--- + 3 files changed, 21 insertions(+), 6 deletions(-) + +--- a/misc/sys/cdefs.h ++++ b/misc/sys/cdefs.h +@@ -408,6 +408,15 @@ + # endif + #endif + ++#if __GNUC_PREREQ (8, 0) ++/* Describes a char array whose address can safely be passed as the first ++ argument to strncpy and strncat, as the char array is not necessarily ++ a NUL-terminated string. */ ++# define __attribute_nonstring__ __attribute__ ((__nonstring__)) ++#else ++# define __attribute_nonstring__ ++#endif ++ + #if (!defined _Static_assert && !defined __cplusplus \ + && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \ + && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__)) +--- a/sysdeps/gnu/bits/utmp.h ++++ b/sysdeps/gnu/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled +--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h ++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h +@@ -59,10 +59,13 @@ + { + short int ut_type; /* Type of login. */ + pid_t ut_pid; /* Process ID of login process. */ +- char ut_line[UT_LINESIZE]; /* Devicename. */ ++ char ut_line[UT_LINESIZE] ++ __attribute_nonstring__; /* Devicename. */ + char ut_id[4]; /* Inittab ID. */ +- char ut_user[UT_NAMESIZE]; /* Username. */ +- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */ ++ char ut_user[UT_NAMESIZE] ++ __attribute_nonstring__; /* Username. */ ++ char ut_host[UT_HOSTSIZE] ++ __attribute_nonstring__; /* Hostname for remote login. */ + struct exit_status ut_exit; /* Exit status of a process marked + as DEAD_PROCESS. */ + /* The ut_session and ut_tv fields must be the same size when compiled diff --git a/packages/glibc/2.26/0004-getlogin_r-use-strnlen.patch b/packages/glibc/2.26/0004-getlogin_r-use-strnlen.patch new file mode 100644 index 0000000..110adcd --- /dev/null +++ b/packages/glibc/2.26/0004-getlogin_r-use-strnlen.patch @@ -0,0 +1,47 @@ +commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c +Author: Joseph Myers <joseph@codesourcery.com> +Date: Wed Nov 22 18:44:23 2017 +0000 + + Avoid use of strlen in getlogin_r (bug 22447). + + Building glibc with current mainline GCC fails, among other reasons, + because of an error for use of strlen on the nonstring ut_user field. + This patch changes the problem code in getlogin_r to use __strnlen + instead. It also needs to set the trailing NUL byte of the result + explicitly, because of the case where ut_user does not have such a + trailing NUL byte (but the result should always have one). + + Tested for x86_64. Also tested that, in conjunction with + <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes + the build for arm with mainline GCC. + + [BZ #22447] + * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not + strlen to compute length of ut_user and set trailing NUL byte of + result explicitly. + +--- + sysdeps/unix/getlogin_r.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/sysdeps/unix/getlogin_r.c ++++ b/sysdeps/unix/getlogin_r.c +@@ -80,7 +80,7 @@ + + if (result == 0) + { +- size_t needed = strlen (ut->ut_user) + 1; ++ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1; + + if (needed > name_len) + { +@@ -89,7 +89,8 @@ + } + else + { +- memcpy (name, ut->ut_user, needed); ++ memcpy (name, ut->ut_user, needed - 1); ++ name[needed - 1] = 0; + result = 0; + } + } diff --git a/packages/glibc/2.26/0005-zic.c-use-memcpy.patch b/packages/glibc/2.26/0005-zic.c-use-memcpy.patch new file mode 100644 index 0000000..34ebbc5 --- /dev/null +++ b/packages/glibc/2.26/0005-zic.c-use-memcpy.patch @@ -0,0 +1,25 @@ +commit e69897bf202e18034cbef26f363bae64de70a196 +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun Nov 12 22:00:28 2017 -0800 + + timezone: pacify GCC -Wstringop-truncation + + Problem reported by Martin Sebor in: + https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html + * timezone/zic.c (writezone): Use memcpy, not strncpy. + +--- + timezone/zic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/timezone/zic.c ++++ b/timezone/zic.c +@@ -1949,7 +1949,7 @@ + } + #define DO(field) fwrite(tzh.field, sizeof tzh.field, 1, fp) + tzh = tzh0; +- strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); ++ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); + tzh.tzh_version[0] = version; + convert(thistypecnt, tzh.tzh_ttisgmtcnt); + convert(thistypecnt, tzh.tzh_ttisstdcnt); diff --git a/packages/glibc/package.desc b/packages/glibc/package.desc index 71ea200..ea03e69 100644 --- a/packages/glibc/package.desc +++ b/packages/glibc/package.desc @@ -1,6 +1,6 @@ origin='GNU' repository='git git://sourceware.org/git/glibc.git' mirrors='$(CT_Mirrors GNU glibc)' -milestones='2.14 2.17 2.20 2.23 2.24 2.26' +milestones='2.14 2.17 2.20 2.23 2.24 2.26 2.27' archive_formats='.tar.xz .tar.bz2 .tar.gz' signature_format='packed/.sig' diff --git a/scripts/build/libc/glibc.sh b/scripts/build/libc/glibc.sh index 3b4b626..2f257b5 100644 --- a/scripts/build/libc/glibc.sh +++ b/scripts/build/libc/glibc.sh @@ -171,6 +171,7 @@ do_libc_backend_once() { *) extra_config+=("--enable-add-ons=$(do_libc_add_ons_list ,)");; esac + [ "${CT_GLIBC_ENABLE_WERROR}" != "y" ] && extra_config+=("--disable-werror") [ -n "${CT_PKGVERSION}" ] && extra_config+=("--with-pkgversion=${CT_PKGVERSION}") [ -n "${CT_TOOLCHAIN_BUGURL}" ] && extra_config+=("--with-bugurl=${CT_TOOLCHAIN_BUGURL}") |