[bug#50128] [PATCH core-updates-frozen] gnu: libsepol: Fix build.

[Noah Evans]

libsepol fails due to -Werror=stringop-truncation. I attatched a patch that uses an upstream commit to fix the warning, or we could just disable Werror.

From 88e6d094bfb5341b0c0fe3a7267396e774b43abb Mon Sep 17 00:00:00 2001

From: Noah Evans <noah@nevans.me>

Date: Thu, 19 Aug 2021 17:56:30 -0400

Subject: [PATCH core-updates-frozen] gnu: libsepol: Fix build.

---

...epol-fix-stringop-truncation-warning.patch | 90 +++++++++++++++++++

gnu/packages/selinux.scm                      |  4 +

2 files changed, 94 insertions(+)

create mode 100644 gnu/packages/patches/libsepol-fix-stringop-truncation-warning.patch

diff --git a/gnu/packages/patches/libsepol-fix-stringop-truncation-warning.patch b/gnu/packages/patches/libsepol-fix-stringop-truncation-warning.patch

new file mode 100644

index 0000000000..59f9513d7a

--- /dev/null

+++ b/gnu/packages/patches/libsepol-fix-stringop-truncation-warning.patch

@@ -0,0 +1,90 @@

+Taken from upstream:

+<https://github.com/SELinuxProject/selinux/commit/07d6f1cea5a8ec0251606636189bc519d80b0729>.

+

+From 07d6f1cea5a8ec0251606636189bc519d80b0729 Mon Sep 17 00:00:00 2001

+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>

+Date: Thu, 1 Jul 2021 20:07:07 +0200

+Subject: [PATCH] libsepol: assure string NUL-termination of ibdev_name

+MIME-Version: 1.0

+Content-Type: text/plain; charset=UTF-8

+Content-Transfer-Encoding: 8bit

+

+Clang complains:

+

+    ibendport_record.c: In function ‘sepol_ibendport_get_ibdev_name’:

+    ibendport_record.c:169:2: error: ‘strncpy’ specified bound 64 equals destination size [-Werror=stringop-truncation]

+      169 |  strncpy(tmp_ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX);

+          |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+    ibendport_record.c: In function ‘sepol_ibendport_set_ibdev_name’:

+    ibendport_record.c:189:2: error: ‘strncpy’ specified bound 64 equals destination size [-Werror=stringop-truncation]

+      189 |  strncpy(tmp, ibdev_name, IB_DEVICE_NAME_MAX);

+          |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

+strncpy(3) does not NUL-terminate the destination if the source is of

+the same length or longer then the specified size.

+The source of these copies are retrieved from

+sepol_ibendport_alloc_ibdev_name(), which allocates a fixed amount of

+IB_DEVICE_NAME_MAX bytes.

+Reduce the size to copy by 1 of all memory regions allocated by

+sepol_ibendport_alloc_ibdev_name().

+

+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

+---

+ libsepol/src/ibendport_record.c | 8 ++++----

+ libsepol/src/ibendports.c       | 2 +-

+ 2 files changed, 5 insertions(+), 5 deletions(-)

+

+diff --git a/libsepol/src/ibendport_record.c b/libsepol/src/ibendport_record.c

+index adf671615..1eb50914b 100644

+--- a/libsepol/src/ibendport_record.c

++++ b/libsepol/src/ibendport_record.c

+@@ -62,7 +62,7 @@ int sepol_ibendport_key_create(sepol_handle_t *handle,

+ if (sepol_ibendport_alloc_ibdev_name(handle, &tmp_key->ibdev_name) < 0)

+ goto err;

+

+- strncpy(tmp_key->ibdev_name, ibdev_name, IB_DEVICE_NAME_MAX);

++ strncpy(tmp_key->ibdev_name, ibdev_name, IB_DEVICE_NAME_MAX - 1);

+ tmp_key->port = port;

+

+ *key_ptr = tmp_key;

+@@ -166,7 +166,7 @@ int sepol_ibendport_get_ibdev_name(sepol_handle_t *handle,

+ if (sepol_ibendport_alloc_ibdev_name(handle, &tmp_ibdev_name) < 0)

+ goto err;

+

+- strncpy(tmp_ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX);

++ strncpy(tmp_ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX - 1);

+ *ibdev_name = tmp_ibdev_name;

+ return STATUS_SUCCESS;

+

+@@ -186,7 +186,7 @@ int sepol_ibendport_set_ibdev_name(sepol_handle_t *handle,

+ if (sepol_ibendport_alloc_ibdev_name(handle, &tmp) < 0)

+ goto err;

+

+- strncpy(tmp, ibdev_name, IB_DEVICE_NAME_MAX);

++ strncpy(tmp, ibdev_name, IB_DEVICE_NAME_MAX - 1);

+ free(ibendport->ibdev_name);

+ ibendport->ibdev_name = tmp;

+ return STATUS_SUCCESS;

+@@ -230,7 +230,7 @@ int sepol_ibendport_clone(sepol_handle_t *handle,

+ if (sepol_ibendport_alloc_ibdev_name(handle, &new_ibendport->ibdev_name) < 0)

+ goto omem;

+

+- strncpy(new_ibendport->ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX);

++ strncpy(new_ibendport->ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX - 1);

+ new_ibendport->port = ibendport->port;

+

+ if (ibendport->con &&

+diff --git a/libsepol/src/ibendports.c b/libsepol/src/ibendports.c

+index 6d56c9a17..ee5cb1930 100644

+--- a/libsepol/src/ibendports.c

++++ b/libsepol/src/ibendports.c

+@@ -34,7 +34,7 @@ static int ibendport_from_record(sepol_handle_t *handle,

+    &ibdev_name) < 0)

+ goto err;

+

+- strncpy(tmp_ibendport->u.ibendport.dev_name, ibdev_name, IB_DEVICE_NAME_MAX);

++ strncpy(tmp_ibendport->u.ibendport.dev_name, ibdev_name, IB_DEVICE_NAME_MAX - 1);

+

+ free(ibdev_name);

+ ibdev_name = NULL;

+

diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm

index 8a75538d10..7c1466e555 100644

--- a/gnu/packages/selinux.scm

+++ b/gnu/packages/selinux.scm

@@ -55,6 +55,10 @@

                      (url "https://github.com/SELinuxProject/selinux")

                      (commit version)))

               (file-name (git-file-name "selinux" version))

+              (patches

+               (search-patches

+                ;; XXX: Remove patch in next release.

+                "libsepol-fix-stringop-truncation-warning.patch"))

               (sha256

                (base32

                 "03p3lmvrvkcvsmiczsjzhyfgxlxdkdyq0p8igv3s3hdak5n92jjn"))))

--

2.33.0