1 |
commit: 94948c9cb994f123f6ae59b50e400eb6e617c46f |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Apr 28 01:25:20 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Apr 28 01:26:34 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94948c9c |
7 |
|
8 |
sys-apps/systemd: backport -D_FORTIFY_SOURCE=3 patch |
9 |
|
10 |
Notably not bothering to revbump for now because this manifests |
11 |
during self-execution during build and FORTIFY_SOURCE=3 is only |
12 |
available in GCC 12 which isn't even released yet, let alone |
13 |
exposed or enabled by default in Gentoo. |
14 |
|
15 |
It's far more likely that systemd 251 will be released (or |
16 |
at least another RC for it) before we're even close to unleashing |
17 |
FORTIFY_SOURCE=3 on Gentoo Hardened users by default. |
18 |
|
19 |
Bug: https://github.com/systemd/systemd/issues/22801 |
20 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
21 |
|
22 |
.../files/250.4-fortify-source-3-malloc.patch | 42 ++++++++++++++++++++++ |
23 |
sys-apps/systemd/systemd-250.4-r1.ebuild | 1 + |
24 |
2 files changed, 43 insertions(+) |
25 |
|
26 |
diff --git a/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch b/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch |
27 |
new file mode 100644 |
28 |
index 000000000000..ed9eb80f21fa |
29 |
--- /dev/null |
30 |
+++ b/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch |
31 |
@@ -0,0 +1,42 @@ |
32 |
+https://github.com/systemd/systemd/commit/0bd292567a543d124cd303f7dd61169a209cae64 |
33 |
+ |
34 |
+From 0bd292567a543d124cd303f7dd61169a209cae64 Mon Sep 17 00:00:00 2001 |
35 |
+From: Martin Liska <mliska@××××.cz> |
36 |
+Date: Thu, 31 Mar 2022 10:27:45 +0200 |
37 |
+Subject: [PATCH] Support -D_FORTIFY_SOURCE=3 by using |
38 |
+ __builtin_dynamic_object_size. |
39 |
+ |
40 |
+As explained in the issue, -D_FORTIFY_SOURCE=3 requires usage |
41 |
+of __builtin_dynamic_object_size in MALLOC_SIZEOF_SAFE macro. |
42 |
+ |
43 |
+Fixes: #22801 |
44 |
+--- a/src/basic/alloc-util.h |
45 |
++++ b/src/basic/alloc-util.h |
46 |
+@@ -174,13 +174,23 @@ void* greedy_realloc0(void **p, size_t need, size_t size); |
47 |
+ * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the |
48 |
+ * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of |
49 |
+ * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by |
50 |
+- * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the |
51 |
+- * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory, |
52 |
+- * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and |
53 |
++ * both the compiler's and libc's standards. Note that _FORTIFY_SOURCES=3 handles also dynamically allocated |
54 |
++ * objects and thus it's safer using __builtin_dynamic_object_size if _FORTIFY_SOURCES=3 is used (#22801). |
55 |
++ * Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and |
56 |
+ * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner |
57 |
+ * case. */ |
58 |
++ |
59 |
++#if defined __has_builtin |
60 |
++# if __has_builtin(__builtin_dynamic_object_size) |
61 |
++# define MALLOC_SIZEOF_SAFE(x) \ |
62 |
++ MIN(malloc_usable_size(x), __builtin_dynamic_object_size(x, 0)) |
63 |
++# endif |
64 |
++#endif |
65 |
++ |
66 |
++#ifndef MALLOC_SIZEOF_SAFE |
67 |
+ #define MALLOC_SIZEOF_SAFE(x) \ |
68 |
+ MIN(malloc_usable_size(x), __builtin_object_size(x, 0)) |
69 |
++#endif |
70 |
+ |
71 |
+ /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items |
72 |
+ * that fit into the specified memory block */ |
73 |
+ |
74 |
|
75 |
diff --git a/sys-apps/systemd/systemd-250.4-r1.ebuild b/sys-apps/systemd/systemd-250.4-r1.ebuild |
76 |
index 0a50c49d2cc6..949d0d02e69c 100644 |
77 |
--- a/sys-apps/systemd/systemd-250.4-r1.ebuild |
78 |
+++ b/sys-apps/systemd/systemd-250.4-r1.ebuild |
79 |
@@ -244,6 +244,7 @@ src_prepare() { |
80 |
# Add local patches here |
81 |
PATCHES+=( |
82 |
"${FILESDIR}/250.4-random-seed-hash.patch" |
83 |
+ "${FILESDIR}/250.4-fortify-source-3-malloc.patch" |
84 |
) |
85 |
|
86 |
if ! use vanilla; then |