GNU bug report logs -
#50128
[PATCH core-updates-frozen] gnu: libsepol: Fix build.
Previous Next
Reported by: Noah Evans <noah <at> nevans.me>
Date: Thu, 19 Aug 2021 22:23:01 UTC
Severity: normal
Tags: patch
Done: Mathieu Othacehe <othacehe <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 50128 in the body.
You can then email your comments to 50128 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#50128; Package
guix-patches.
(Thu, 19 Aug 2021 22:23:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Noah Evans <noah <at> nevans.me>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 19 Aug 2021 22:23:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
libsepol fails due to -Werror=stringop-truncation. I attatched a patch that uses an upstream commit to fix the warning, or we could just disable Werror.
From 88e6d094bfb5341b0c0fe3a7267396e774b43abb Mon Sep 17 00:00:00 2001
From: Noah Evans <noah <at> nevans.me>
Date: Thu, 19 Aug 2021 17:56:30 -0400
Subject: [PATCH core-updates-frozen] gnu: libsepol: Fix build.
---
...epol-fix-stringop-truncation-warning.patch | 90 +++++++++++++++++++
gnu/packages/selinux.scm | 4 +
2 files changed, 94 insertions(+)
create mode 100644 gnu/packages/patches/libsepol-fix-stringop-truncation-warning.patch
diff --git a/gnu/packages/patches/libsepol-fix-stringop-truncation-warning.patch b/gnu/packages/patches/libsepol-fix-stringop-truncation-warning.patch
new file mode 100644
index 0000000000..59f9513d7a
--- /dev/null
+++ b/gnu/packages/patches/libsepol-fix-stringop-truncation-warning.patch
@@ -0,0 +1,90 @@
+Taken from upstream:
+<https://github.com/SELinuxProject/selinux/commit/07d6f1cea5a8ec0251606636189bc519d80b0729>.
+
+From 07d6f1cea5a8ec0251606636189bc519d80b0729 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones <at> googlemail.com>
+Date: Thu, 1 Jul 2021 20:07:07 +0200
+Subject: [PATCH] libsepol: assure string NUL-termination of ibdev_name
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Clang complains:
+
+ ibendport_record.c: In function ‘sepol_ibendport_get_ibdev_name’:
+ ibendport_record.c:169:2: error: ‘strncpy’ specified bound 64 equals destination size [-Werror=stringop-truncation]
+ 169 | strncpy(tmp_ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX);
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ibendport_record.c: In function ‘sepol_ibendport_set_ibdev_name’:
+ ibendport_record.c:189:2: error: ‘strncpy’ specified bound 64 equals destination size [-Werror=stringop-truncation]
+ 189 | strncpy(tmp, ibdev_name, IB_DEVICE_NAME_MAX);
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+strncpy(3) does not NUL-terminate the destination if the source is of
+the same length or longer then the specified size.
+The source of these copies are retrieved from
+sepol_ibendport_alloc_ibdev_name(), which allocates a fixed amount of
+IB_DEVICE_NAME_MAX bytes.
+Reduce the size to copy by 1 of all memory regions allocated by
+sepol_ibendport_alloc_ibdev_name().
+
+Signed-off-by: Christian Göttsche <cgzones <at> googlemail.com>
+---
+ libsepol/src/ibendport_record.c | 8 ++++----
+ libsepol/src/ibendports.c | 2 +-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/libsepol/src/ibendport_record.c b/libsepol/src/ibendport_record.c
+index adf671615..1eb50914b 100644
+--- a/libsepol/src/ibendport_record.c
++++ b/libsepol/src/ibendport_record.c
+@@ -62,7 +62,7 @@ int sepol_ibendport_key_create(sepol_handle_t *handle,
+ if (sepol_ibendport_alloc_ibdev_name(handle, &tmp_key->ibdev_name) < 0)
+ goto err;
+
+- strncpy(tmp_key->ibdev_name, ibdev_name, IB_DEVICE_NAME_MAX);
++ strncpy(tmp_key->ibdev_name, ibdev_name, IB_DEVICE_NAME_MAX - 1);
+ tmp_key->port = port;
+
+ *key_ptr = tmp_key;
+@@ -166,7 +166,7 @@ int sepol_ibendport_get_ibdev_name(sepol_handle_t *handle,
+ if (sepol_ibendport_alloc_ibdev_name(handle, &tmp_ibdev_name) < 0)
+ goto err;
+
+- strncpy(tmp_ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX);
++ strncpy(tmp_ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX - 1);
+ *ibdev_name = tmp_ibdev_name;
+ return STATUS_SUCCESS;
+
+@@ -186,7 +186,7 @@ int sepol_ibendport_set_ibdev_name(sepol_handle_t *handle,
+ if (sepol_ibendport_alloc_ibdev_name(handle, &tmp) < 0)
+ goto err;
+
+- strncpy(tmp, ibdev_name, IB_DEVICE_NAME_MAX);
++ strncpy(tmp, ibdev_name, IB_DEVICE_NAME_MAX - 1);
+ free(ibendport->ibdev_name);
+ ibendport->ibdev_name = tmp;
+ return STATUS_SUCCESS;
+@@ -230,7 +230,7 @@ int sepol_ibendport_clone(sepol_handle_t *handle,
+ if (sepol_ibendport_alloc_ibdev_name(handle, &new_ibendport->ibdev_name) < 0)
+ goto omem;
+
+- strncpy(new_ibendport->ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX);
++ strncpy(new_ibendport->ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX - 1);
+ new_ibendport->port = ibendport->port;
+
+ if (ibendport->con &&
+diff --git a/libsepol/src/ibendports.c b/libsepol/src/ibendports.c
+index 6d56c9a17..ee5cb1930 100644
+--- a/libsepol/src/ibendports.c
++++ b/libsepol/src/ibendports.c
+@@ -34,7 +34,7 @@ static int ibendport_from_record(sepol_handle_t *handle,
+ &ibdev_name) < 0)
+ goto err;
+
+- strncpy(tmp_ibendport->u.ibendport.dev_name, ibdev_name, IB_DEVICE_NAME_MAX);
++ strncpy(tmp_ibendport->u.ibendport.dev_name, ibdev_name, IB_DEVICE_NAME_MAX - 1);
+
+ free(ibdev_name);
+ ibdev_name = NULL;
+
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 8a75538d10..7c1466e555 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -55,6 +55,10 @@
(url "https://github.com/SELinuxProject/selinux")
(commit version)))
(file-name (git-file-name "selinux" version))
+ (patches
+ (search-patches
+ ;; XXX: Remove patch in next release.
+ "libsepol-fix-stringop-truncation-warning.patch"))
(sha256
(base32
"03p3lmvrvkcvsmiczsjzhyfgxlxdkdyq0p8igv3s3hdak5n92jjn"))))
--
2.33.0
[Message part 2 (text/html, inline)]
Reply sent
to
Mathieu Othacehe <othacehe <at> gnu.org>:
You have taken responsibility.
(Sun, 29 Aug 2021 10:01:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Noah Evans <noah <at> nevans.me>:
bug acknowledged by developer.
(Sun, 29 Aug 2021 10:01:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 50128-done <at> debbugs.gnu.org (full text, mbox):
Hello,
Thanks for the patch, however this has already been fixed by Guillaume
with 5b0d7819e7827ecd22a25c30bf6a48ba0a535b2e.
Mathieu
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 26 Sep 2021 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 205 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.