diff --git a/0001-Fix-GCC-warnings-about-possible-string-truncations-a.patch b/0001-Fix-GCC-warnings-about-possible-string-truncations-a.patch new file mode 100644 index 0000000000000000000000000000000000000000..c4de866b96589907294a5923df3b30de9a99e1b4 --- /dev/null +++ b/0001-Fix-GCC-warnings-about-possible-string-truncations-a.patch @@ -0,0 +1,104 @@ +From 00241c65a5c0b4bb32a847a6abb5a86d0c704a8f Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 5 Feb 2019 20:08:43 +0100 +Subject: [PATCH] Fix GCC warnings about possible string truncations and buffer + overflows + +Building with -Werror=stringop-truncation and -Werror=stringop-overflow +leads to GCC complaining about possible string truncation and overflows. + +Fix this by using memcpy(), explicitly calculating the buffers lenghts +and set a NUL byte terminator after copying the buffers. + +Signed-off-by: Javier Martinez Canillas +--- + grubby.c | 35 +++++++++++++++++++++++++++-------- + 1 file changed, 27 insertions(+), 8 deletions(-) + +diff --git a/grubby.c b/grubby.c +index 96d252a0a83..5ca689539cf 100644 +--- a/grubby.c ++++ b/grubby.c +@@ -459,20 +459,26 @@ char *grub2ExtractTitle(struct singleLine * line) { + snprintf(result, resultMaxSize, "%s", ++current); + + i++; ++ int result_len = 0; + for (; i < line->numElements; ++i) { + current = line->elements[i].item; + current_len = strlen(current); + current_indent = line->elements[i].indent; + current_indent_len = strlen(current_indent); + +- strncat(result, current_indent, current_indent_len); ++ memcpy(result + result_len, current_indent, current_indent_len); ++ result_len += current_indent_len; ++ + if (!isquote(current[current_len-1])) { +- strncat(result, current, current_len); ++ memcpy(result + result_len, current_indent, current_indent_len); ++ result_len += current_len; + } else { +- strncat(result, current, current_len - 1); ++ memcpy(result + result_len, current_indent, current_indent_len); ++ result_len += (current_len - 1); + break; + } + } ++ result[result_len] = '\0'; + return result; + } + +@@ -1281,6 +1287,7 @@ static struct grubConfig * readConfig(const char * inName, + extras = malloc(len + 1); + *extras = '\0'; + ++ int buf_len = 0; + /* get title. */ + for (int i = 0; i < line->numElements; i++) { + if (!strcmp(line->elements[i].item, "menuentry")) +@@ -1292,13 +1299,18 @@ static struct grubConfig * readConfig(const char * inName, + + len = strlen(title); + if (isquote(title[len-1])) { +- strncat(buf, title,len-1); ++ memcpy(buf + buf_len, title, len - 1); ++ buf_len += (len - 1); + break; + } else { +- strcat(buf, title); +- strcat(buf, line->elements[i].indent); ++ memcpy(buf + buf_len, title, len); ++ buf_len += len; ++ len = strlen(line->elements[i].indent); ++ memcpy(buf + buf_len, line->elements[i].indent, len); ++ buf_len += len; + } + } ++ buf[buf_len] = '\0'; + + /* get extras */ + int count = 0; +@@ -4494,10 +4506,17 @@ int main(int argc, const char ** argv) { + exit(1); + } + saved_command_line[0] = '\0'; ++ int cmdline_len = 0, arg_len; + for (int j = 1; j < argc; j++) { +- strcat(saved_command_line, argv[j]); +- strncat(saved_command_line, j == argc -1 ? "" : " ", 1); ++ arg_len = strlen(argv[j]); ++ memcpy(saved_command_line + cmdline_len, argv[j], arg_len); ++ cmdline_len += arg_len; ++ if (j != argc - 1) { ++ memcpy(saved_command_line + cmdline_len, " ", 1); ++ cmdline_len++; ++ } + } ++ saved_command_line[cmdline_len] = '\0'; + + optCon = poptGetContext("grubby", argc, argv, options, 0); + poptReadDefaultConfig(optCon, 1); +-- +2.20.1 + diff --git a/0002-Fix-stringop-overflow-warning.patch b/0002-Fix-stringop-overflow-warning.patch new file mode 100644 index 0000000000000000000000000000000000000000..0fc4734db30ecde29438ec86c9009a8f2cd73cc7 --- /dev/null +++ b/0002-Fix-stringop-overflow-warning.patch @@ -0,0 +1,72 @@ +From ed5e255c023c9b78120d9ff2246d6516f652d4b7 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 10 Feb 2020 19:32:39 +0100 +Subject: [PATCH] Fix stringop-overflow warning + +GCC gives the following compile warning: + +grubby.c: In function 'main': +grubby.c:4508:27: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] + 4508 | saved_command_line[0] = '\0'; + | ~~~~~~~~~~~~~~~~~~~~~~^~~~~~ +grubby.c:4503:26: note: at offset 0 to an object with size 0 allocated by 'malloc' here + 4503 | saved_command_line = malloc(i); + | ^~~~~~~~~ +cc1: all warnings being treated as errors +make: *** [Makefile:38: grubby.o] Error 1 + +Signed-off-by: Javier Martinez Canillas +--- + grubby.c | 35 +++++++++++++++++++---------------- + 1 file changed, 19 insertions(+), 16 deletions(-) + +diff --git a/grubby.c b/grubby.c +index 5ca689539cf..0c0f67a0ae5 100644 +--- a/grubby.c ++++ b/grubby.c +@@ -4500,23 +4500,26 @@ int main(int argc, const char ** argv) { + int i = 0; + for (int j = 1; j < argc; j++) + i += strlen(argv[j]) + 1; +- saved_command_line = malloc(i); +- if (!saved_command_line) { +- fprintf(stderr, "grubby: %m\n"); +- exit(1); +- } +- saved_command_line[0] = '\0'; +- int cmdline_len = 0, arg_len; +- for (int j = 1; j < argc; j++) { +- arg_len = strlen(argv[j]); +- memcpy(saved_command_line + cmdline_len, argv[j], arg_len); +- cmdline_len += arg_len; +- if (j != argc - 1) { +- memcpy(saved_command_line + cmdline_len, " ", 1); +- cmdline_len++; +- } ++ ++ if (i > 0) { ++ saved_command_line = malloc(i); ++ if (!saved_command_line) { ++ fprintf(stderr, "grubby: %m\n"); ++ exit(1); ++ } ++ saved_command_line[0] = '\0'; ++ int cmdline_len = 0, arg_len; ++ for (int j = 1; j < argc; j++) { ++ arg_len = strlen(argv[j]); ++ memcpy(saved_command_line + cmdline_len, argv[j], arg_len); ++ cmdline_len += arg_len; ++ if (j != argc - 1) { ++ memcpy(saved_command_line + cmdline_len, " ", 1); ++ cmdline_len++; ++ } ++ } ++ saved_command_line[cmdline_len] = '\0'; + } +- saved_command_line[cmdline_len] = '\0'; + + optCon = poptGetContext("grubby", argc, argv, options, 0); + poptReadDefaultConfig(optCon, 1); +-- +2.24.1 + diff --git a/0003-Fix-maybe-uninitialized-warning.patch b/0003-Fix-maybe-uninitialized-warning.patch new file mode 100644 index 0000000000000000000000000000000000000000..bcaa145e3e34679b414dd52c7f6361d273fc1fac --- /dev/null +++ b/0003-Fix-maybe-uninitialized-warning.patch @@ -0,0 +1,35 @@ +From ee9f80190d4c458a09309fbd9a88d2756dc2d3fa Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 10 Feb 2020 20:13:13 +0100 +Subject: [PATCH] Fix maybe-uninitialized warning + +GCC gives the following compile warning: + +grubby.c: In function 'suseGrubConfGetBoot': +grubby.c:2770:5: error: 'grubDevice' may be used uninitialized in this function [-Werror=maybe-uninitialized] + 2770 | free(grubDevice); + | ^~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors +make: *** [Makefile:38: grubby.o] Error 1 + +Signed-off-by: Javier Martinez Canillas +--- + grubby.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grubby.c b/grubby.c +index 0c0f67a0ae5..779c25a2bf9 100644 +--- a/grubby.c ++++ b/grubby.c +@@ -2755,7 +2755,7 @@ int grubGetBootFromDeviceMap(const char * device, + } + + int suseGrubConfGetBoot(const char * path, char ** bootPtr) { +- char * grubDevice; ++ char * grubDevice = NULL; + + if (suseGrubConfGetInstallDevice(path, &grubDevice)) + dbgPrintf("error looking for grub installation device\n"); +-- +2.24.1 + diff --git a/grubby-8.40-1.tar.gz b/grubby-8.40-1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..4cae317a95fbca6af9f24a7c8fde7b83a84d142c Binary files /dev/null and b/grubby-8.40-1.tar.gz differ diff --git a/grubby.spec b/grubby.spec new file mode 100644 index 0000000000000000000000000000000000000000..0cabd60ac6c755ea0ab3910e941b7af9ae8e2dd8 --- /dev/null +++ b/grubby.spec @@ -0,0 +1,68 @@ +%define anolis_release 1 +Name: grubby +Version: 8.40 +Release: %{anolis_release}%{?dist} +Summary: Command line tool for updating bootloader configs +Group: System Environment/Base +License: GPLv2+ +URL: https://github.com/rhboot/grubby +Source0: https://github.com/rhboot/grubby/archive/refs/tags/%{name}-%{version}-1.tar.gz +Patch0001: 0001-Fix-GCC-warnings-about-possible-string-truncations-a.patch +Patch0002: 0002-Fix-stringop-overflow-warning.patch +Patch0003: 0003-Fix-maybe-uninitialized-warning.patch + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: pkgconfig glib2-devel popt-devel +BuildRequires: libblkid-devel git +# for make test / getopt: +BuildRequires: util-linux-ng +%ifarch aarch64 x86_64 +BuildRequires: /usr/bin/grub2-editenv +%endif + +%description +grubby is a command line tool for updating and displaying information about +the configuration files for the grub, lilo, elilo (ia64), yaboot (powerpc) +and zipl (s390) boot loaders. It is primarily designed to be used from scripts +which install new kernels and need to find information about the current boot +environment. + +%prep +%setup -q -n %{name}-%{version}-1 + +git init +git config user.email "noone@example.com" +git config user.name "no one" +git add . +git commit -a -q -m "%{version} baseline" +git am %{patches} - 8.40-1 +- Init version from upstream v8.40