mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-14 08:54:46 +00:00
f6015bee6c
It's not masking a real overflow, but inhibits invalid `snprintf()` buffer size bassed. Without the change build fails on `master` as: In function 'snprintf', inlined from 'xt_end_chain' at src/tofu.c:82:3, inlined from 'xt_end_chain' at src/tofu.c:70:1: ...-glibc-2.38-27-dev/include/bits/stdio2.h:54:10: error: '__builtin___snprintf_chk' specified bound 4 exceeds destination size 3 [-Werror=stringop-overflow] 54 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 55 | __glibc_objsize (__s), __fmt, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 56 | __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~ As the project is not maintained anymore let's just disable the `fortify3` that puts an extra check into `snprintf()` buffer.
33 lines
981 B
Nix
33 lines
981 B
Nix
{ stdenv, lib, fetchFromSourcehut, bearssl, scdoc }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "gmni";
|
|
version = "1.0";
|
|
|
|
src = fetchFromSourcehut {
|
|
owner = "~sircmpwn";
|
|
repo = "gmni";
|
|
rev = version;
|
|
sha256 = "sha256-3MFNAI/SfFigNfitfFs3o9kkz7JeEflMHiH7iJpLfi4=";
|
|
};
|
|
|
|
nativeBuildInputs = [ scdoc ];
|
|
buildInputs = [ bearssl ];
|
|
|
|
# Fix build on `gcc-13`:
|
|
# inlined from 'xt_end_chain' at src/tofu.c:82:3,
|
|
# ...-glibc-2.38-27-dev/include/bits/stdio2.h:54:10: error: '__builtin___snprintf_chk' specified bound 4 exceeds destination size 3 [-Werror=stringop-overflow]
|
|
#
|
|
# The overflow will not happen in practice, but `snprintf()` gets
|
|
# passed one more byte than available.
|
|
hardeningDisable = [ "fortify3" ];
|
|
|
|
meta = with lib; {
|
|
description = "A Gemini client";
|
|
homepage = "https://git.sr.ht/~sircmpwn/gmni";
|
|
license = licenses.gpl3Only;
|
|
maintainers = with maintainers; [ bsima jb55 ];
|
|
platforms = platforms.linux;
|
|
};
|
|
}
|