On Wed, 2012-07-18 at 17:10 -0500, Bruce Dubbs wrote: > Bruce Dubbs wrote: > > Matt Burgess wrote: > > >> It's as Andy Benton brought up. There's a fair number of packages, > >> starting with chapter 5's diffutils, that still use or at least > >> reference gets(), which has been removed from this version of Glibc. > > > +Index: diffutils-3.2/lib/stdio.in.h > > +=================================================================== > > +--- diffutils-3.2.orig/lib/stdio.in.h 2011-08-28 04:57:28.000000000 > > -0700 > > ++++ diffutils-3.2/lib/stdio.in.h 2012-07-03 10:45:07.518322117 -0700 > > +@@ -693,11 +693,13 @@ > > + _GL_CXXALIAS_SYS (gets, char *, (char *s)); > > + # undef gets > > + # endif > > ++# if defined gets > > + _GL_CXXALIASWARN (gets); > > + /* It is very rare that the developer ever has full control of stdin, > > + so any use of gets warrants an unconditional warning. Assume it is > > + always declared, since it is required by C89. */ > > + _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); > > ++# endif > > + #endif > > Seems to work. Next up is gettext: > > ======== > > Gentoo just deletes the line: > > --- a/gettext-tools/libgettextpo/stdio.in.h > 14 +++ b/gettext-tools/libgettextpo/stdio.in.h > 15 @@ -125,7 +125,6 @@ > 16 so any use of gets warrants an unconditional warning. Assume it is > 17 always declared, since it is required by C89. */ > 18 #undef gets > 19 -_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); > 20 > 21 #if @GNULIB_FOPEN@ > 22 # if @REPLACE_FOPEN@ > 23 --- a/gettext-tools/gnulib-lib/stdio.in.h > 24 +++ b/gettext-tools/gnulib-lib/stdio.in.h > 25 @@ -125,7 +125,6 @@ > 26 so any use of gets warrants an unconditional warning. Assume it is > 27 always declared, since it is required by C89. */ > 28 #undef gets > 29 -_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); > 30 > 31 #if @GNULIB_FOPEN@ > 32 # if @REPLACE_FOPEN@ > 33 --- a/gettext-runtime/gnulib-lib/stdio.in.h > 34 +++ b/gettext-runtime/gnulib-lib/stdio.in.h > 35 @@ -125,7 +125,6 @@ > 36 so any use of gets warrants an unconditional warning. Assume it is > 37 always declared, since it is required by C89. */ > 38 #undef gets > 39 -_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); > 40 > 41 #if @GNULIB_FOPEN@ > 42 # if @REPLACE_FOPEN@ > > I just ran a sed: > > sed -i -e '/gets is a/d' gettext-tools/libgettextpo/stdio.in.h \ > gettext-tools/gnulib-lib/stdio.in.h \ > gettext-runtime/gnulib-lib/stdio.in.h > > Could probably get by with: > > sed -i -e '/gets is a/d' gettext-*/*/stdio.in.h > > ====== > > m4 now breaks: > > sed -i -e '/gets is a/d' lib/stdio.in.h > > ====== > > tar: > > sed -i -e '/gets is a/d' gnu/stdio.in.h > > ====== > > On to Chapter 6. I'm sure the same packages will need the same fixes, > but there may be some new ones too.
Yeah, Andy had a complete list of those seds in his original mail to lfs-dev, I think. However, being a perfectionist, I wasn't happy with them hence taking so long over the upgrade. I'm after the 'correct' way of dealing with this, which seems to be patching gnulib. I'm working on that for diffutils now, but am getting bitten by a requirement to run automake/autoconf after applying the patch. Trying to figure out what needs patching on top of the source files as we speak but it's getting late. I'm out tomorrow evening, then spending the weekend with the wife in York for her birthday. I'll see if I can get back on to this on Monday. Regards, Matt. -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
