From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS3215 2.0.0.0/16 X-Spam-Status: No, score=-3.0 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,SPF_PASS, T_DKIM_INVALID shortcircuit=no autolearn=ham autolearn_force=no version=3.4.1 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 2F5081F597 for ; Mon, 23 Jul 2018 09:17:59 +0000 (UTC) Received: from localhost ([::1]:33497 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhWyY-0002ae-BV for normalperson@yhbt.net; Mon, 23 Jul 2018 05:17:54 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54527) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhWy9-0002Oe-7y for bug-gnulib@gnu.org; Mon, 23 Jul 2018 05:17:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhWy4-0006pV-De for bug-gnulib@gnu.org; Mon, 23 Jul 2018 05:17:29 -0400 Received: from zap.org.au ([129.94.172.224]:37760 helo=mail.zap.org.au) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fhWy4-0006lN-0W for bug-gnulib@gnu.org; Mon, 23 Jul 2018 05:17:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/simple; d=zap.org.au; s=dkim2; h=Sender:Content-Type:MIME-Version:Message-ID:Subject:To:From:Date: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=HU+X2aaKyz5blw7RsiBnqMJho5xsMaiqKwXR36C0zk4=; b=Q53opJ/fDmBx3i7xbP+malIMjN yBOQm4bUzHERGodZjvgzel3lKpU/ERZq4yPFpCwv6HT7GDLpzwTtbSQF82YzbEngElEAhWke9tp0q 6YRBNpGi3YbrDx+LInJ5codngpjRisobn2TISicjVLMpnTwAZlFlLCUj51fTwF54+68InBmm3VPOZ mST2EUcB49pUgas5yhG+wahRTNiDFsbYUEawKnSJgANfNNGJlC1oXXCQA6sB4SwbeVKbo2Mkj1D4L gvBIKvoaWbrNc8WHvruVoRtuUSMixMqNsz0wB7VGO7WVfQTOaHLlAYq/EFP78v1xneZLMbwzC+I+C DiMNSeLw==; Received: from john by mail.zap.org.au with local (Exim 4.89) (envelope-from ) id 1fhWxv-0008Vs-4s for bug-gnulib@gnu.org; Mon, 23 Jul 2018 19:17:15 +1000 Date: Mon, 23 Jul 2018 19:17:15 +1000 From: John Zaitseff To: Gnulib discussion Subject: Adding strfmon(3) to Gnulib? Message-ID: <20180723091714.4hoqu5op7puxchm3@zap.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: NeoMutt/20170113 (1.7.2) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 129.94.172.224 X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" Hi, all, I've done a quick search of the Gnulib discussion list archives and have not seen this issue raised: Is it worth adding strfmon(3) and possibly strfmon_l(3) for those systems that do not have it? I'm thinking primarily OpenBSD, even the latest version. This OS does not have either. I have a little game (at https://www.zap.org.au/software/trader/) that someone has requested be ported to OpenBSD. Given that this program is written in C, and that OpenBSD does not have strfmon(3), the compile fails. Gnucash gets around this issue by including strfmon.c from FreeBSD. Unfortunately, the version included has an integer overflow vulnerability, fixed in FreeBSD back in 2011, but not updated in Gnucash. Yes, I'll file a bug report... Adding either the version of strfmon(3) from the GNU C Library, or at worst the current FreeBSD version (2-clause BSD licence) to Gnulib will hopefully mitigate security oversights like this. With appropriate macros, it might also allow problematic implementations (such as possibly with macOS?) to be overridden with a decent one. If the Gnulib maintainers are agreeable, I'll try setting aside some time in the next couple of weeks to come up with a suitable patch or git repository you can pull from. If so, what is your preferred procedure for patch submission etc.? PS: Please include my email address in a CC--I'm not (yet) subscribed to the Gnulib mailing list. Yours truly, John Zaitseff -- John Zaitseff ,--_|\ The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: J.Zaitseff@zap.org.au \_,--._* http://www.zap.org.au/ v