Control: tags 925806 + patch
Control: tags 925806 + pending
I've prepared an NMU for procenv (versioned as 0.50-1.1), and uploaded
it without further delay since this is a rather old RC bug. Please see
attached patch.
A new upstream release is available (#952527) if you would prefer to
apply this fix that way instead, but I haven't uploaded that, since it
includes changes that didn't seem appropriate for an NMU.
There is an additional patch in Ubuntu for a similar issue that is only
visible with -O3, which I have not applied since it doesn't seem to be
immediately necessary in Debian.
Regards,
smcv
diffstat for procenv-0.50 procenv-0.50
changelog | 9 ++
patches/Handle-strncpy-in-a-way-compatible-with-gcc-9-linting.patch | 37 ++++++++++
patches/series | 1
3 files changed, 47 insertions(+)
diff -Nru procenv-0.50/debian/changelog procenv-0.50/debian/changelog
--- procenv-0.50/debian/changelog 2018-01-30 11:35:08.000000000 +0000
+++ procenv-0.50/debian/changelog 2020-02-25 11:15:17.000000000 +0000
@@ -1,3 +1,12 @@
+procenv (0.50-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * d/p/Handle-strncpy-in-a-way-compatible-with-gcc-9-linting.patch:
+ Apply patch (from Ubuntu, via upstream) to fix build with gcc 9
+ (Closes: #925806)
+
+ -- Simon McVittie <[email protected]> Tue, 25 Feb 2020 11:15:17 +0000
+
procenv (0.50-1) unstable; urgency=medium
* New upstream release
diff -Nru procenv-0.50/debian/patches/Handle-strncpy-in-a-way-compatible-with-gcc-9-linting.patch procenv-0.50/debian/patches/Handle-strncpy-in-a-way-compatible-with-gcc-9-linting.patch
--- procenv-0.50/debian/patches/Handle-strncpy-in-a-way-compatible-with-gcc-9-linting.patch 1970-01-01 01:00:00.000000000 +0100
+++ procenv-0.50/debian/patches/Handle-strncpy-in-a-way-compatible-with-gcc-9-linting.patch 2020-02-25 11:15:17.000000000 +0000
@@ -0,0 +1,37 @@
+From: Steve Langasek <[email protected]>
+Date: Sat, 20 Jul 2019 10:36:43 -0700
+Subject: Handle strncpy in a way compatible with gcc-9 linting
+
+gcc-9 is now more rigorous about ensuring strncpy() is used correctly and
+errors out if the bound argument appears to be derived from the source
+argument:
+/usr/include/bits/string_fortified.h:106:10: error: '__builtin_strncpy' specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
+Leverage this compiler functionality, and in the process fix a possible
+1-byte buffer overflow.
+
+Origin: vendor, Ubuntu
+Bug: https://github.com/jamesodhunt/procenv/issues/7
+Bug-Debian: https://bugs.debian.org/925806
+Forwarded: https://github.com/jamesodhunt/procenv/pull/9
+Applied-upstream: 0.51, commit:https://github.com/jamesodhunt/procenv/commit/54dd0b726d46f1caf26623ce952a0e7bfb1f9671
+---
+ src/procenv.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/procenv.c b/src/procenv.c
+index fa4780f..2dc195f 100644
+--- a/src/procenv.c
++++ b/src/procenv.c
+@@ -4337,10 +4337,10 @@ format_time (const time_t *t, char *buffer, size_t len)
+ bug ("buffer too small");
+
+ /* Ensure nul byte copied */
+- strncpy (buffer, str, l+1);
++ strncpy (buffer, str, len);
+
+ /* Overwrite NL */
+- buffer[strlen (buffer)-1] = '\0';
++ buffer[strlen (str)-1] = '\0';
+ }
+
+ char *
diff -Nru procenv-0.50/debian/patches/series procenv-0.50/debian/patches/series
--- procenv-0.50/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ procenv-0.50/debian/patches/series 2020-02-25 11:15:17.000000000 +0000
@@ -0,0 +1 @@
+Handle-strncpy-in-a-way-compatible-with-gcc-9-linting.patch
