[packages/sharutils] - fix for undeclared gets - rel 2

baggins baggins at pld-linux.org
Thu Dec 13 13:21:14 CET 2012 

commit 77335e6dc9a3880b111a33bd60af7eb1fd5727bf
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Thu Dec 13 13:21:01 2012 +0100

    - fix for undeclared gets
    - rel 2

 sharutils-glibc2.16.patch | 88 +++++++++++++++++++++++++++++++++++++++++++++++
 sharutils.spec            |  4 ++-
 2 files changed, 91 insertions(+), 1 deletion(-)
---
diff --git a/sharutils.spec b/sharutils.spec
index c51afcb..d381d00 100644
--- a/sharutils.spec
+++ b/sharutils.spec
@@ -9,7 +9,7 @@ Summary(tr.UTF-8):	Arşivleme ve kabuk araçları
 Summary(uk.UTF-8):	Утиліти GNU shar для створення та розпаковки shell-архівів
 Name:		sharutils
 Version:	4.11.1
-Release:	1
+Release:	2
 License:	GPL v3+
 Group:		Applications
 Source0:	http://ftp.gnu.org/gnu/sharutils/%{name}-%{version}.tar.bz2
@@ -17,6 +17,7 @@ Source0:	http://ftp.gnu.org/gnu/sharutils/%{name}-%{version}.tar.bz2
 Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5:	336f405f69324d129a6ccd3b66f8eb6c
 Patch0:		%{name}-info.patch
+Patch1:		%{name}-glibc2.16.patch
 URL:		http://www.gnu.org/software/sharutils/
 BuildRequires:	autoconf >= 2.50
 BuildRequires:	automake >= 1:1.11
@@ -89,6 +90,7 @@ programlar üzerinden güvenli bir şekilde gönderilebilir.
 %prep
 %setup -q -a1
 %patch0 -p1
+%patch1 -p1
 
 %{__rm} po/stamp-po
 
diff --git a/sharutils-glibc2.16.patch b/sharutils-glibc2.16.patch
new file mode 100644
index 0000000..f3dbb45
--- /dev/null
+++ b/sharutils-glibc2.16.patch
@@ -0,0 +1,88 @@
+From 5de88fad8cc214f07082445c6bb7b83091d664e4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Thu, 2 Aug 2012 17:40:55 +0200
+Subject: [PATCH] Fix building with glibc-2.16.6
+
+Ported to sharutils-4.11.1 from gnulib commit:
+
+From 66712c23388e93e5c518ebc8515140fa0c807348 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake at redhat.com>
+Date: Thu, 29 Mar 2012 13:30:41 -0600
+Subject: [PATCH] stdio: don't assume gets any more
+
+Gnulib intentionally does not have a gets module, and now that C11
+and glibc have dropped it, we should be more proactive about warning
+any user on a platform that still has a declaration of this dangerous
+interface.
+---
+ lib/stdio.in.h    | 12 +++++++-----
+ m4/stdio_h.m4     |  4 ++--
+ m4/warn-on-use.m4 |  4 ++--
+ 3 files changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/lib/stdio.in.h b/lib/stdio.in.h
+index 57e93ba..6ab9c8b 100644
+--- a/lib/stdio.in.h
++++ b/lib/stdio.in.h
+@@ -176,10 +176,12 @@ _GL_WARN_ON_USE (fflush, "fflush is not always POSIX compliant - "
+ #endif
+ 
+ /* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
++   so any use of gets warrants an unconditional warning; besides, C11
++   removed it.  */
+ #undef gets
++#if HAVE_RAW_DECL_GETS
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
++#endif
+ 
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+@@ -902,9 +904,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - "
+ # endif
+ #endif
+ 
+-/* Some people would argue that sprintf should be handled like gets
+-   (for example, OpenBSD issues a link warning for both functions),
+-   since both can cause security holes due to buffer overruns.
++/* Some people would argue that all sprintf uses should be warned about
++   (for example, OpenBSD issues a link warning for it),
++   since it can cause security holes due to buffer overruns.
+    However, we believe that sprintf can be used safely, and is more
+    efficient than snprintf in those safe cases; and as proof of our
+    belief, we use sprintf in several gnulib modules.  So this header
+diff --git a/m4/stdio_h.m4 b/m4/stdio_h.m4
+index 7f3ae56..990c616 100644
+--- a/m4/stdio_h.m4
++++ b/m4/stdio_h.m4
+@@ -34,9 +34,9 @@ AC_DEFUN([gl_STDIO_H],
+ 
+   dnl Check for declarations of anything we want to poison if the
+   dnl corresponding gnulib module is not in use, and which is not
+-  dnl guaranteed by C89.
++  dnl guaranteed by both C89 and C11.
+   gl_WARN_ON_USE_PREPARE([[#include <stdio.h>
+-    ]], [dprintf fpurge fseeko ftello getdelim getline popen renameat
++    ]], [dprintf fpurge fseeko ftello getdelim getline gets popen renameat
+     snprintf tmpfile vdprintf vsnprintf])
+ ])
+ 
+diff --git a/m4/warn-on-use.m4 b/m4/warn-on-use.m4
+index e0d0f27..4b07efb 100644
+--- a/m4/warn-on-use.m4
++++ b/m4/warn-on-use.m4
+@@ -18,8 +18,8 @@ dnl with or without modifications, as long as this notice is preserved.
+ # some systems declare functions in the wrong header, then INCLUDES
+ # should do likewise.
+ #
+-# If you assume C89, then it is generally safe to assume declarations
+-# for functions declared in that standard (such as gets) without
++# It is generally safe to assume declarations for functions declared
++# in the intersection of C89 and C11 (such as printf) without
+ # needing gl_WARN_ON_USE_PREPARE.
+ AC_DEFUN([gl_WARN_ON_USE_PREPARE],
+ [
+-- 
+1.7.11.2
+
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/sharutils.git/commitdiff/77335e6dc9a3880b111a33bd60af7eb1fd5727bf

More information about the pld-cvs-commit mailing list