* [PATCH 0/1] Remove an unused patch?
@ 2016-02-20 4:22 Leo Famulari
2016-02-20 4:22 ` [PATCH 1/1] gnu: cpio: Remove unused patch Leo Famulari
2016-03-05 16:14 ` [PATCH 0/1] Remove an unused patch? Andreas Enge
0 siblings, 2 replies; 8+ messages in thread
From: Leo Famulari @ 2016-02-20 4:22 UTC (permalink / raw)
To: guix-devel
The patch file 'cpio-gets-undeclared.patch' was "de-applied" to the cpio
sources when we upgraded cpio to 2.12 (92d0fcb6dc5). But, it was never
deleted or removed from gnu-system.am.
So, should we delete it or re-apply it? I guess the answer depends on
whether or not cpio still uses gets().
I searched for use of gets() in the cpio-2.12 source tree like this:
$ grep -rI 'gets ('
$ grep -rI 'gets('
All the results were uses of fgets(). Is that reasonable method of
searching or should I continue with some other technique?
Leo Famulari (1):
gnu: cpio: Remove unused patch.
gnu-system.am | 1 -
gnu/packages/patches/cpio-gets-undeclared.patch | 45 -------------------------
2 files changed, 46 deletions(-)
delete mode 100644 gnu/packages/patches/cpio-gets-undeclared.patch
--
2.7.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/1] gnu: cpio: Remove unused patch.
2016-02-20 4:22 [PATCH 0/1] Remove an unused patch? Leo Famulari
@ 2016-02-20 4:22 ` Leo Famulari
2016-02-26 0:20 ` Mark H Weaver
2016-03-05 16:14 ` [PATCH 0/1] Remove an unused patch? Andreas Enge
1 sibling, 1 reply; 8+ messages in thread
From: Leo Famulari @ 2016-02-20 4:22 UTC (permalink / raw)
To: guix-devel
* gnu/packages/patches/cpio-gets-undeclared.patch: Delete file.
* gnu-system.am (dist_patch_DATA): Remove it.
---
gnu-system.am | 1 -
gnu/packages/patches/cpio-gets-undeclared.patch | 45 -------------------------
2 files changed, 46 deletions(-)
delete mode 100644 gnu/packages/patches/cpio-gets-undeclared.patch
diff --git a/gnu-system.am b/gnu-system.am
index 33032e9..8363d69 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -436,7 +436,6 @@ dist_patch_DATA = \
gnu/packages/patches/clang-libc-search-path.patch \
gnu/packages/patches/clucene-pkgconfig.patch \
gnu/packages/patches/cmake-fix-tests.patch \
- gnu/packages/patches/cpio-gets-undeclared.patch \
gnu/packages/patches/cpio-CVE-2016-2037.patch \
gnu/packages/patches/cpufrequtils-fix-aclocal.patch \
gnu/packages/patches/crda-optional-gcrypt.patch \
diff --git a/gnu/packages/patches/cpio-gets-undeclared.patch b/gnu/packages/patches/cpio-gets-undeclared.patch
deleted file mode 100644
index bc34de6..0000000
--- a/gnu/packages/patches/cpio-gets-undeclared.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-This patch is needed to allow builds with newer versions of
-the GNU libc (2.16+).
-
-The upstream fix was:
-
- commit 66712c23388e93e5c518ebc8515140fa0c807348
- Author: Eric Blake <eblake@redhat.com>
- Date: Thu Mar 29 13:30:41 2012 -0600
-
- stdio: don't assume gets any more
-
- Gnulib intentionally does not have a gets module, and now that C11
- and glibc have dropped it, we should be more proactive about warning
- any user on a platform that still has a declaration of this dangerous
- interface.
-
- * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets
- support.
- * modules/stdio (Makefile.am): Likewise.
- * lib/stdio-read.c (gets): Likewise.
- * tests/test-stdio-c++.cc: Likewise.
- * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment.
- * lib/stdio.in.h (gets): Make warning occur in more places.
- * doc/posix-functions/gets.texi (gets): Update documentation.
- Reported by Christer Solskogen.
-
- Signed-off-by: Eric Blake <eblake@redhat.com>
-
-This patch just gets rid of the offending part.
-
---- cpio-2.11/gnu/stdio.in.h-orig 2012-11-25 22:17:06.000000000 +0400
-+++ cpio-2.11/gnu/stdio.in.h 2012-11-25 22:18:36.000000000 +0400
-@@ -135,12 +135,6 @@
- "use gnulib module fflush for portable POSIX compliance");
- #endif
-
--/* It is very rare that the developer ever has full control of stdin,
-- so any use of gets warrants an unconditional warning. Assume it is
-- always declared, since it is required by C89. */
--#undef gets
--_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
--
- #if @GNULIB_FOPEN@
- # if @REPLACE_FOPEN@
- # if !(defined __cplusplus && defined GNULIB_NAMESPACE)
--
2.7.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] gnu: cpio: Remove unused patch.
2016-02-20 4:22 ` [PATCH 1/1] gnu: cpio: Remove unused patch Leo Famulari
@ 2016-02-26 0:20 ` Mark H Weaver
2016-02-26 1:32 ` Leo Famulari
0 siblings, 1 reply; 8+ messages in thread
From: Mark H Weaver @ 2016-02-26 0:20 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> writes:
> * gnu/packages/patches/cpio-gets-undeclared.patch: Delete file.
> * gnu-system.am (dist_patch_DATA): Remove it.
This patch is actually used by two other packages: 'rush' and 'dico'.
I'm not sure how I feel about this, but regardless, we can't simply
remove the patch.
Thanks,
Mark
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] gnu: cpio: Remove unused patch.
2016-02-26 0:20 ` Mark H Weaver
@ 2016-02-26 1:32 ` Leo Famulari
0 siblings, 0 replies; 8+ messages in thread
From: Leo Famulari @ 2016-02-26 1:32 UTC (permalink / raw)
To: Mark H Weaver; +Cc: guix-devel
On Thu, Feb 25, 2016 at 07:20:14PM -0500, Mark H Weaver wrote:
> Leo Famulari <leo@famulari.name> writes:
> > * gnu/packages/patches/cpio-gets-undeclared.patch: Delete file.
> > * gnu-system.am (dist_patch_DATA): Remove it.
>
> This patch is actually used by two other packages: 'rush' and 'dico'.
> I'm not sure how I feel about this, but regardless, we can't simply
> remove the patch.
Oops, good catch! I will be sure to check for this in the future.
It *is* a little disconcerting...
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/1] Remove an unused patch?
2016-02-20 4:22 [PATCH 0/1] Remove an unused patch? Leo Famulari
2016-02-20 4:22 ` [PATCH 1/1] gnu: cpio: Remove unused patch Leo Famulari
@ 2016-03-05 16:14 ` Andreas Enge
2016-03-05 21:57 ` Ludovic Courtès
1 sibling, 1 reply; 8+ messages in thread
From: Andreas Enge @ 2016-03-05 16:14 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
On Fri, Feb 19, 2016 at 11:22:30PM -0500, Leo Famulari wrote:
> The patch file 'cpio-gets-undeclared.patch' was "de-applied" to the cpio
> sources when we upgraded cpio to 2.12 (92d0fcb6dc5). But, it was never
> deleted or removed from gnu-system.am.
I think it can be safely removed. The patch itself mentions that the upstream
sources have been fixed, so with the update that removed the "patches" field,
this one has become obsolete also. Apparently the patch was required for
building with newer glibc; the fact that it now builds without the patch is
further proof that the patch is not needed.
Thanks for spotting this!
Andreas
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/1] Remove an unused patch?
2016-03-05 16:14 ` [PATCH 0/1] Remove an unused patch? Andreas Enge
@ 2016-03-05 21:57 ` Ludovic Courtès
2016-03-05 22:08 ` Leo Famulari
0 siblings, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2016-03-05 21:57 UTC (permalink / raw)
To: Andreas Enge; +Cc: guix-devel
Andreas Enge <andreas@enge.fr> skribis:
> On Fri, Feb 19, 2016 at 11:22:30PM -0500, Leo Famulari wrote:
>> The patch file 'cpio-gets-undeclared.patch' was "de-applied" to the cpio
>> sources when we upgraded cpio to 2.12 (92d0fcb6dc5). But, it was never
>> deleted or removed from gnu-system.am.
>
> I think it can be safely removed.
No, because the patch is still used by two other packages, Dico and Rush
(confusingly enough; this is because the problem being fixed was in
Gnulib, and thus widespread.)
Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/1] Remove an unused patch?
2016-03-05 21:57 ` Ludovic Courtès
@ 2016-03-05 22:08 ` Leo Famulari
2016-03-06 12:49 ` Andreas Enge
0 siblings, 1 reply; 8+ messages in thread
From: Leo Famulari @ 2016-03-05 22:08 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
On Sat, Mar 05, 2016 at 10:57:03PM +0100, Ludovic Courtès wrote:
> Andreas Enge <andreas@enge.fr> skribis:
>
> > On Fri, Feb 19, 2016 at 11:22:30PM -0500, Leo Famulari wrote:
> >> The patch file 'cpio-gets-undeclared.patch' was "de-applied" to the cpio
> >> sources when we upgraded cpio to 2.12 (92d0fcb6dc5). But, it was never
> >> deleted or removed from gnu-system.am.
> >
> > I think it can be safely removed.
>
> No, because the patch is still used by two other packages, Dico and Rush
> (confusingly enough; this is because the problem being fixed was in
> Gnulib, and thus widespread.)
To make it more clear, what do you think about renaming the patch so it
doesn't refer to cpio, and adding references to Rush and Dico in the
patch?
>
> Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/1] Remove an unused patch?
2016-03-05 22:08 ` Leo Famulari
@ 2016-03-06 12:49 ` Andreas Enge
0 siblings, 0 replies; 8+ messages in thread
From: Andreas Enge @ 2016-03-06 12:49 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
On Sat, Mar 05, 2016 at 05:08:40PM -0500, Leo Famulari wrote:
> To make it more clear, what do you think about renaming the patch so it
> doesn't refer to cpio, and adding references to Rush and Dico in the
> patch?
Yes, I was thinking the same. But this is a very singular case, and now
everybody is aware of it, so it is maybe not necessary, but would still
be helpful.
I checked whether we could simply update dico and rush, but there are no
new versions.
Andreas
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-03-06 12:49 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-20 4:22 [PATCH 0/1] Remove an unused patch? Leo Famulari
2016-02-20 4:22 ` [PATCH 1/1] gnu: cpio: Remove unused patch Leo Famulari
2016-02-26 0:20 ` Mark H Weaver
2016-02-26 1:32 ` Leo Famulari
2016-03-05 16:14 ` [PATCH 0/1] Remove an unused patch? Andreas Enge
2016-03-05 21:57 ` Ludovic Courtès
2016-03-05 22:08 ` Leo Famulari
2016-03-06 12:49 ` Andreas Enge
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.