From ac9b25b31e3304a65e0490a2acc16d415838b4be Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Mon, 4 Feb 2019 00:13:56 +0100
Subject: [PATCH] Fix build errors with GCC9 and two more grubby-bls fixes

- Fix GCC warnings about possible string truncations and buffer overflows
- grubby-bls: unset default entry if is the one being removed
- grubby-bls: show absolute path when printing error about incorrect param

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
 ...-about-possible-string-truncations-a.patch | 104 ++++++++++++++++++
 grubby.spec                                   |   8 +-
 2 files changed, 111 insertions(+), 1 deletion(-)
 create mode 100644 0010-Fix-GCC-warnings-about-possible-string-truncations-a.patch

diff --git a/0010-Fix-GCC-warnings-about-possible-string-truncations-a.patch b/0010-Fix-GCC-warnings-about-possible-string-truncations-a.patch
new file mode 100644
index 0000000..24d3d30
--- /dev/null
+++ b/0010-Fix-GCC-warnings-about-possible-string-truncations-a.patch
@@ -0,0 +1,104 @@
+From 00241c65a5c0b4bb32a847a6abb5a86d0c704a8f Mon Sep 17 00:00:00 2001
+From: no one <noone@example.com>
+Date: Tue, 5 Feb 2019 20:08:43 +0100
+Subject: [PATCH] Fix GCC warnings about possible string truncations and buffer
+ overflows
+
+Building with -Werror=stringop-truncation and -Werror=stringop-overflow
+leads to GCC complaining about possible string truncation and overflows.
+
+Fix this by using memcpy(), explicitly calculating the buffers lenghts
+and set a NUL byte terminator after copying the buffers.
+
+Signed-off-by: no one <noone@example.com>
+---
+ grubby.c | 35 +++++++++++++++++++++++++++--------
+ 1 file changed, 27 insertions(+), 8 deletions(-)
+
+diff --git a/grubby.c b/grubby.c
+index 96d252a0a83..5ca689539cf 100644
+--- a/grubby.c
++++ b/grubby.c
+@@ -459,20 +459,26 @@ char *grub2ExtractTitle(struct singleLine * line) {
+     snprintf(result, resultMaxSize, "%s", ++current);
+     
+     i++;
++    int result_len = 0;
+     for (; i < line->numElements; ++i) {
+ 	current = line->elements[i].item;
+ 	current_len = strlen(current);
+ 	current_indent = line->elements[i].indent;
+ 	current_indent_len = strlen(current_indent);
+ 
+-	strncat(result, current_indent, current_indent_len);
++	memcpy(result + result_len, current_indent, current_indent_len);
++	result_len += current_indent_len;
++
+ 	if (!isquote(current[current_len-1])) {
+-	    strncat(result, current, current_len);
++	    memcpy(result + result_len, current_indent, current_indent_len);
++	    result_len += current_len;
+ 	} else {
+-	    strncat(result, current, current_len - 1);
++	    memcpy(result + result_len, current_indent, current_indent_len);
++	    result_len += (current_len - 1);
+ 	    break;
+ 	}
+     }
++    result[result_len] = '\0';
+     return result;
+ }
+ 
+@@ -1281,6 +1287,7 @@ static struct grubConfig * readConfig(const char * inName,
+ 	    extras = malloc(len + 1);
+ 	    *extras = '\0';
+ 
++	    int buf_len = 0;
+ 	    /* get title. */
+ 	    for (int i = 0; i < line->numElements; i++) {
+ 		if (!strcmp(line->elements[i].item, "menuentry"))
+@@ -1292,13 +1299,18 @@ static struct grubConfig * readConfig(const char * inName,
+ 
+ 		len = strlen(title);
+ 	        if (isquote(title[len-1])) {
+-		    strncat(buf, title,len-1);
++		    memcpy(buf + buf_len, title, len - 1);
++		    buf_len += (len - 1);
+ 		    break;
+ 		} else {
+-		    strcat(buf, title);
+-		    strcat(buf, line->elements[i].indent);
++		    memcpy(buf + buf_len, title, len);
++		    buf_len += len;
++		    len = strlen(line->elements[i].indent);
++		    memcpy(buf + buf_len, line->elements[i].indent, len);
++		    buf_len += len;
+ 		}
+ 	    }
++	    buf[buf_len] = '\0';
+ 
+ 	    /* get extras */
+ 	    int count = 0;
+@@ -4494,10 +4506,17 @@ int main(int argc, const char ** argv) {
+ 	exit(1);
+     }
+     saved_command_line[0] = '\0';
++    int cmdline_len = 0, arg_len;
+     for (int j = 1; j < argc; j++) {
+-	strcat(saved_command_line, argv[j]);
+-	strncat(saved_command_line, j == argc -1 ? "" : " ", 1);
++	arg_len = strlen(argv[j]);
++	memcpy(saved_command_line + cmdline_len, argv[j], arg_len);
++	cmdline_len += arg_len;
++	if (j != argc - 1) {
++	    memcpy(saved_command_line + cmdline_len, " ", 1);
++	    cmdline_len++;
++	}
+     }
++    saved_command_line[cmdline_len] = '\0';
+ 
+     optCon = poptGetContext("grubby", argc, argv, options, 0);
+     poptReadDefaultConfig(optCon, 1);
+-- 
+2.20.1
+
diff --git a/grubby.spec b/grubby.spec
index 88ebab8..52ab427 100644
--- a/grubby.spec
+++ b/grubby.spec
@@ -1,6 +1,6 @@
 Name: grubby
 Version: 8.40
-Release: 25%{?dist}
+Release: 26%{?dist}
 Summary: Command line tool for updating bootloader configs
 License: GPLv2+
 URL: https://github.com/rhinstaller/grubby
@@ -22,6 +22,7 @@ Patch0006: 0006-Honor-sbindir.patch
 Patch0007: 0007-Make-installkernel-to-use-kernel-install-scripts-on-.patch
 Patch0008: 0008-Add-usr-libexec-rpm-sort.patch
 Patch0009: 0009-Improve-man-page-for-info-option.patch
+Patch0010: 0010-Fix-GCC-warnings-about-possible-string-truncations-a.patch
 
 BuildRequires: gcc
 BuildRequires: pkgconfig glib2-devel popt-devel 
@@ -131,6 +132,11 @@ current boot environment.
  %{_mandir}/man8/*.8*
 
 %changelog
+* Tue Feb 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 8.40-26
+- Fix GCC warnings about possible string truncations and buffer overflows
+- grubby-bls: unset default entry if is the one being removed
+- grubby-bls: show absolute path when printing error about incorrect param
+
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.40-25
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild