Gentoo Archives: gentoo-commits

From: Sam James <sam@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/files/, sys-apps/systemd/
Date: Thu, 28 Apr 2022 01:26:49
Message-Id: 1651109194.94948c9cb994f123f6ae59b50e400eb6e617c46f.sam@gentoo
1 commit: 94948c9cb994f123f6ae59b50e400eb6e617c46f
2 Author: Sam James <sam <AT> gentoo <DOT> org>
3 AuthorDate: Thu Apr 28 01:25:20 2022 +0000
4 Commit: Sam James <sam <AT> gentoo <DOT> org>
5 CommitDate: Thu Apr 28 01:26:34 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94948c9c
7
8 sys-apps/systemd: backport -D_FORTIFY_SOURCE=3 patch
9
10 Notably not bothering to revbump for now because this manifests
11 during self-execution during build and FORTIFY_SOURCE=3 is only
12 available in GCC 12 which isn't even released yet, let alone
13 exposed or enabled by default in Gentoo.
14
15 It's far more likely that systemd 251 will be released (or
16 at least another RC for it) before we're even close to unleashing
17 FORTIFY_SOURCE=3 on Gentoo Hardened users by default.
18
19 Bug: https://github.com/systemd/systemd/issues/22801
20 Signed-off-by: Sam James <sam <AT> gentoo.org>
21
22 .../files/250.4-fortify-source-3-malloc.patch | 42 ++++++++++++++++++++++
23 sys-apps/systemd/systemd-250.4-r1.ebuild | 1 +
24 2 files changed, 43 insertions(+)
25
26 diff --git a/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch b/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch
27 new file mode 100644
28 index 000000000000..ed9eb80f21fa
29 --- /dev/null
30 +++ b/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch
31 @@ -0,0 +1,42 @@
32 +https://github.com/systemd/systemd/commit/0bd292567a543d124cd303f7dd61169a209cae64
33 +
34 +From 0bd292567a543d124cd303f7dd61169a209cae64 Mon Sep 17 00:00:00 2001
35 +From: Martin Liska <mliska@××××.cz>
36 +Date: Thu, 31 Mar 2022 10:27:45 +0200
37 +Subject: [PATCH] Support -D_FORTIFY_SOURCE=3 by using
38 + __builtin_dynamic_object_size.
39 +
40 +As explained in the issue, -D_FORTIFY_SOURCE=3 requires usage
41 +of __builtin_dynamic_object_size in MALLOC_SIZEOF_SAFE macro.
42 +
43 +Fixes: #22801
44 +--- a/src/basic/alloc-util.h
45 ++++ b/src/basic/alloc-util.h
46 +@@ -174,13 +174,23 @@ void* greedy_realloc0(void **p, size_t need, size_t size);
47 + * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the
48 + * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of
49 + * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by
50 +- * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the
51 +- * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory,
52 +- * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
53 ++ * both the compiler's and libc's standards. Note that _FORTIFY_SOURCES=3 handles also dynamically allocated
54 ++ * objects and thus it's safer using __builtin_dynamic_object_size if _FORTIFY_SOURCES=3 is used (#22801).
55 ++ * Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
56 + * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner
57 + * case. */
58 ++
59 ++#if defined __has_builtin
60 ++# if __has_builtin(__builtin_dynamic_object_size)
61 ++# define MALLOC_SIZEOF_SAFE(x) \
62 ++ MIN(malloc_usable_size(x), __builtin_dynamic_object_size(x, 0))
63 ++# endif
64 ++#endif
65 ++
66 ++#ifndef MALLOC_SIZEOF_SAFE
67 + #define MALLOC_SIZEOF_SAFE(x) \
68 + MIN(malloc_usable_size(x), __builtin_object_size(x, 0))
69 ++#endif
70 +
71 + /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items
72 + * that fit into the specified memory block */
73 +
74
75 diff --git a/sys-apps/systemd/systemd-250.4-r1.ebuild b/sys-apps/systemd/systemd-250.4-r1.ebuild
76 index 0a50c49d2cc6..949d0d02e69c 100644
77 --- a/sys-apps/systemd/systemd-250.4-r1.ebuild
78 +++ b/sys-apps/systemd/systemd-250.4-r1.ebuild
79 @@ -244,6 +244,7 @@ src_prepare() {
80 # Add local patches here
81 PATCHES+=(
82 "${FILESDIR}/250.4-random-seed-hash.patch"
83 + "${FILESDIR}/250.4-fortify-source-3-malloc.patch"
84 )
85
86 if ! use vanilla; then