Avoid using gets (...at all) on recent glibc.

Because "gets is a security hole - use fgets instead" and this function is not available anymore in recent environments. Also depend on patch change, as it shall lead to recompilation.

Avoid using gets (...at all) on recent glibc.
Because "gets is a security hole - use fgets instead" and this function is not available anymore in recent environments. Also depend on patch change, as it shall lead to recompilation.
70859841 · Łukasz Nowak · c902ed4b · 70859841 · 70859841 · 70859841
Commit 70859841 authored Jul 20, 2012 by Łukasz Nowak
14 changed files
--- a/component/bison/buildout.cfg
+++ b/component/bison/buildout.cfg
@@ -4,7 +4,19 @@ extends =
 parts =
  bison
+[bison-drop.gets.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = ac06cbaa298ac686d0b0c04bc03e6ad8
+download-only = true
+filename = drop.gets.patch
 [bison]
+virtual-depends = ${bison-drop.gets.patch:md5sum}
+patch-options = -p1
+patches =
+  ${bison-drop.gets.patch:location}/${bison-drop.gets.patch:filename}
 recipe = hexagonit.recipe.cmmi
 url = http://ftp.gnu.org/gnu/bison/bison-2.5.tar.bz2
 md5sum = 9dba20116b13fc61a0846b0058fbe004

--- a/component/bison/drop.gets.patch
+++ b/component/bison/drop.gets.patch
+diff -ur bison-2.5.orig/lib/stdio.in.h bison-2.5/lib/stdio.in.h
+--- bison-2.5.orig/lib/stdio.in.h	2011-05-15 00:23:46.000000000 +0200
+++ bison-2.5/lib/stdio.in.h	2012-07-23 16:30:56.366722487 +0200
+@@ -181,7 +181,9 @@
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
--- a/component/coreutils/buildout.cfg
+++ b/component/coreutils/buildout.cfg
@@ -2,10 +2,23 @@
 parts =
  coreutils
+[coreutils-drop.gets.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = 63c2299d92d23e4748abb9668b7e62ea
+download-only = true
+filename = drop.gets.patch
 [coreutils]
+virtual-depends = ${coreutils-drop.gets.patch:md5sum}
 recipe = hexagonit.recipe.cmmi
 url = http://ftp.gnu.org/gnu/coreutils/coreutils-8.12.tar.gz
 md5sum = fce7999953a67243d00d75cc86dbcaa6
+patch-options = -p1
+patches =
+  ${coreutils-drop.gets.patch:location}/${coreutils-drop.gets.patch:filename}
 configure-options =
  --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --enable-install-program=tr,basename,uname,cat,cp,ls
 environment =

--- a/component/coreutils/drop.gets.patch
+++ b/component/coreutils/drop.gets.patch
+diff -ur coreutils-8.12.old/lib/stdio.in.h coreutils-8.12/lib/stdio.in.h
+--- coreutils-8.12.old/lib/stdio.in.h	2011-04-25 11:01:29.000000000 +0200
+++ coreutils-8.12/lib/stdio.in.h	2012-07-23 16:02:17.591610452 +0200
+@@ -181,7 +181,9 @@
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
--- a/component/cpio/buildout.cfg
+++ b/component/cpio/buildout.cfg
@@ -2,7 +2,19 @@
 [buildout]
 parts = cpio
+[cpio-drop.gets.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = 6c79cb9caf407063543efff93647c450
+download-only = true
+filename = drop.gets.patch
 [cpio]
+virtual-depends =
+  ${cpio-drop.gets.patch:md5sum}
+patch-options = -p1
+patches =
+  ${cpio-drop.gets.patch:location}/${cpio-drop.gets.patch:filename}
 recipe = hexagonit.recipe.cmmi
 url = http://ftp.gnu.org/gnu/cpio/cpio-2.11.tar.bz2
 md5sum = 20fc912915c629e809f80b96b2e75d7d
--- a/component/cpio/drop.gets.patch
+++ b/component/cpio/drop.gets.patch
+diff -ur cpio-2.11.orig/gnu/stdio.in.h cpio-2.11/gnu/stdio.in.h
+--- cpio-2.11.orig/gnu/stdio.in.h	2010-03-10 10:27:03.000000000 +0100
+++ cpio-2.11/gnu/stdio.in.h	2012-07-23 13:04:56.075242094 +0200
+@@ -139,7 +139,9 @@
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
--- a/component/gettext/buildout.cfg
+++ b/component/gettext/buildout.cfg
@@ -6,10 +6,23 @@ extends =
  ../libxml2/buildout.cfg
  ../zlib/buildout.cfg
+[gettext-drop.gets.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = 1a17a2e6c1539927304379dfa0f149c5
+download-only = true
+filename = drop.gets.patch
 [gettext]
+virtual-depends = ${gettext-drop.gets.patch:md5sum}
 recipe = hexagonit.recipe.cmmi
 url = http://ftp.gnu.org/pub/gnu/gettext/gettext-0.18.1.1.tar.gz
 md5sum = 3dd55b952826d2b32f51308f2f91aa89
+patch-options = -p1
+patches =
+  ${gettext-drop.gets.patch:location}/${gettext-drop.gets.patch:filename}
 configure-options =
  --disable-static
  --disable-java

--- a/component/gettext/drop.gets.patch
+++ b/component/gettext/drop.gets.patch
+diff -ur gettext-0.18.1.1.orig/gettext-runtime/gnulib-lib/stdio.in.h gettext-0.18.1.1/gettext-runtime/gnulib-lib/stdio.in.h
+--- gettext-0.18.1.1.orig/gettext-runtime/gnulib-lib/stdio.in.h	2010-05-17 21:56:12.000000000 +0200
+++ gettext-0.18.1.1/gettext-runtime/gnulib-lib/stdio.in.h	2012-07-20 17:42:29.940524198 +0200
+@@ -141,7 +141,9 @@
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+diff -ur gettext-0.18.1.1.orig/gettext-tools/gnulib-lib/stdio.in.h gettext-0.18.1.1/gettext-tools/gnulib-lib/stdio.in.h
+--- gettext-0.18.1.1.orig/gettext-tools/gnulib-lib/stdio.in.h	2010-05-24 11:42:46.000000000 +0200
+++ gettext-0.18.1.1/gettext-tools/gnulib-lib/stdio.in.h	2012-07-20 17:45:20.550461064 +0200
+@@ -141,7 +141,9 @@
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+diff -ur gettext-0.18.1.1.orig/gettext-tools/libgettextpo/stdio.in.h gettext-0.18.1.1/gettext-tools/libgettextpo/stdio.in.h
+--- gettext-0.18.1.1.orig/gettext-tools/libgettextpo/stdio.in.h	2010-05-17 21:58:03.000000000 +0200
+++ gettext-0.18.1.1/gettext-tools/libgettextpo/stdio.in.h	2012-07-20 17:45:15.937129402 +0200
+@@ -141,7 +141,9 @@
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
--- a/component/gzip/buildout.cfg
+++ b/component/gzip/buildout.cfg
@@ -2,7 +2,20 @@
 parts =
  gzip
+[gzip-drop.gets.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = d9b1156f912c8cf006f140482918ebc9
+download-only = true
+filename = drop.gets.patch
 [gzip]
+virtual-depends = ${gzip-drop.gets.patch:md5sum}
 recipe = hexagonit.recipe.cmmi
+patch-options = -p1
+patches =
+  ${gzip-drop.gets.patch:location}/${gzip-drop.gets.patch:filename}
 url = ftp://ftp.gnu.org/pub/gnu/gzip/gzip-1.4.tar.gz
 md5sum = e381b8506210c794278f5527cba0e765
--- a/component/gzip/drop.gets.patch
+++ b/component/gzip/drop.gets.patch
+diff -ur gzip-1.4.orig/lib/stdio.in.h gzip-1.4/lib/stdio.in.h
+--- gzip-1.4.orig/lib/stdio.in.h	2010-01-20 14:20:36.000000000 +0100
+++ gzip-1.4/lib/stdio.in.h	2012-07-23 16:20:24.299373437 +0200
+@@ -125,7 +125,9 @@
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
--- a/component/m4/buildout.cfg
+++ b/component/m4/buildout.cfg
@@ -2,7 +2,19 @@
 parts =
  m4
+[m4-drop.gets.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = dc5f06fb42649e181c40177eb1edc333
+download-only = true
+filename = drop.gets.patch
 [m4]
+virtual-depends = ${m4-drop.gets.patch:md5sum}
+patch-options = -p1
+patches =
+  ${m4-drop.gets.patch:location}/${m4-drop.gets.patch:filename}
 recipe = hexagonit.recipe.cmmi
 url = http://ftp.gnu.org/gnu/m4/m4-1.4.16.tar.bz2
 md5sum = 8a7cef47fecab6272eb86a6be6363b2f
--- a/component/m4/drop.gets.patch
+++ b/component/m4/drop.gets.patch
+diff -ur m4-1.4.16.orig/lib/stdio.in.h m4-1.4.16/lib/stdio.in.h
+--- m4-1.4.16.orig/lib/stdio.in.h	2011-03-01 17:39:29.000000000 +0100
+++ m4-1.4.16/lib/stdio.in.h	2012-07-23 09:28:57.945703705 +0200
+@@ -162,7 +162,9 @@
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
--- a/component/wget/buildout.cfg
+++ b/component/wget/buildout.cfg
@@ -6,7 +6,19 @@ extends =
 parts =
  wget
+[wget-drop.gets.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = 866907ebc89fc2e76b44c519cb84930f
+download-only = true
+filename = drop.gets.patch
 [wget]
+virtual-depends = ${wget-drop.gets.patch:md5sum}
+patch-options = -p1
+patches =
+  ${wget-drop.gets.patch:location}/${wget-drop.gets.patch:filename}
 recipe = hexagonit.recipe.cmmi
 url = http://ftp.gnu.org/gnu/wget/wget-1.13.4.tar.bz2
 md5sum = 12115c3750a4d92f9c6ac62bac372e85

--- a/component/wget/drop.gets.patch
+++ b/component/wget/drop.gets.patch
+diff -ur wget-1.13.4.orig/lib/stdio.in.h wget-1.13.4/lib/stdio.in.h
+--- wget-1.13.4.orig/lib/stdio.in.h	2011-09-13 10:15:14.000000000 +0200
+++ wget-1.13.4/lib/stdio.in.h	2012-07-23 14:47:39.793579086 +0200
+@@ -697,8 +697,10 @@
+ /* It is very rare that the developer ever has full control of stdin,
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+ #endif
+#endif
+ #if @GNULIB_OBSTACK_PRINTF@ || @GNULIB_OBSTACK_PRINTF_POSIX@