discuss@mandoc.bsd.lv
 help / color / mirror / Atom feed
* Patching Mandoc for IRIX
@ 2020-06-02 23:29 Kazuo Kuroi
  2020-06-22 21:44 ` Ingo Schwarze
  0 siblings, 1 reply; 6+ messages in thread
From: Kazuo Kuroi @ 2020-06-02 23:29 UTC (permalink / raw)
  To: discuss

[-- Attachment #1: Type: text/plain, Size: 1735 bytes --]

Hi there,

I have patched mandoc to work with IRIX, but I have a feeling that the 
fixes made will require some changes. Let me first explain my goals here:

I am patching mandoc to work with MIPSPro, the native compiler of IRIX, 
so I'll have to explain the changes I made to get it to build:

http://gitea.irixce.org/Raion/Xenopatches/raw/branch/master/mandoc/mandoc.patch 


Here's the patch file.

First change is because it doesn't reliably detect the c99 driver, and 
as the code uses non ANSI-related things, it needs to detect c99. This 
can probably be disregarded, as can the CFLAGS reference.

Next one is in mandoc.h, and it's because MIPSPro doesn't support the 
__attribute__ block. This could be fixed with a guard for non-GCC 
compilers, like this:
#ifdef __GNUC__
__attribute__((__format__ (__printf__, 4, 5)));

#endif

Or something. I would hope that you won't lock it out to GCC or clang, 
because I'm sure there's other compilers this thing chokes on.

The rest are to fix the IRIX printf() implementation, which doesn't 
allow for %zu as mandoc currently does. You can see my discussion with a 
colleague on the topic here:

https://forums.irixnet.org/thread-1946-post-14522.html

I understand if you do not want to upstream all of these changes, but I 
would hope that we can take some action to prevent someone else from 
having to go through this. Surely, this is not the only UNIX that would 
cause this.

Yes, GCC works, but we don't have clang and often times using a GPL 
compiler isn't only against my own principles when we have perfectly 
good alternatives, and MIPSPro performs better on IRIX than GCC.

If I can be of any assistance or questions in regards to this patch, let 
me know!

-Kazuo Kuroi


[-- Attachment #2: Type: text/html, Size: 2749 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Patching Mandoc for IRIX
  2020-06-02 23:29 Patching Mandoc for IRIX Kazuo Kuroi
@ 2020-06-22 21:44 ` Ingo Schwarze
  2020-06-22 22:09   ` Kazuo Kuroi
  0 siblings, 1 reply; 6+ messages in thread
From: Ingo Schwarze @ 2020-06-22 21:44 UTC (permalink / raw)
  To: Kazuo Kuroi; +Cc: discuss

Hello,

sorry for taking so long to respond, i was somewhat distracted by other
matters and now found your message while systematically looking for
unanswered messages regarding mandoc.


Kazuo Kuroi wrote on Tue, Jun 02, 2020 at 07:29:52PM -0400:

> I have patched mandoc to work with IRIX, but I have a feeling that the 
> fixes made will require some changes. Let me first explain my goals here:
> 
> I am patching mandoc to work with MIPSPro, the native compiler of IRIX, 

That sounds good and interesting.  I like it when people try to make
software work with native compilers that is intended to be portable,
rather than following a mindless reflex like "oh let's just require
gcc or clang to compile this".

> so I'll have to explain the changes I made to get it to build:
> 
> http://gitea.irixce.org/Raion/Xenopatches/raw/branch/master/mandoc/mandoc.patch 
> 
> Here's the patch file.
> 
> First change is because it doesn't reliably detect the c99 driver, and 
> as the code uses non ANSI-related things, it needs to detect c99. This 
> can probably be disregarded,

Possibly.  I tried to include code in ./configure in the past to
automatically detect the system compiler, but that attempt caused
more grief than benefit.  Few platforms needed it, and more ended
up having trouble with the attempted test.

So for the next release, i decided to simplify things by just
statically setting CC=cc in ./configure and inviting users to
set CC in configure.local to whatever is appropriate on their
platform - but of course only if "cc" is not.

Arguably, given that POSIX defines c99 but not cc, it might be better
to make CC=c99 the default.  Probably, the only reason that i didn't
is somewhat weak:  My main development platform, OpenBSD, provides
a cc(1) command but does not provide a c99(1) command.  Maybe it
should, but oh well.

For now, i suggest you keep CC=c99 in the configure.local file for IRIX.

> as can the CFLAGS reference.

I certainly won't put -O3 into CFLAGS by default, or any other
optimization flag for that matter.  I think operating systems should
have defaults that are appropriate for compiling general purpose
application software that has no special needs, and i consider it
annoying when upstream maintainers tweak compiler flags like that.

However, if there is some compelling reason why IRIX needs -O3,
then you can put that into the configure.local file for IRIX, though
i'm a bit at a loss trying to guess why that could possibly be
needed.

If IRIX needs -mips3, that definitely needs to go into configure.local.
I have no idea right now how i could possibly test for that.

> Next one is in mandoc.h, and it's because MIPSPro doesn't support the 
> __attribute__ block. This could be fixed with a guard for non-GCC 
> compilers, like this:
> #ifdef __GNUC__
> __attribute__((__format__ (__printf__, 4, 5)));
> #endif

Actually, i was already doing that, ./configure wrote something
like that into config.h.  However, some of the *.c files used private
headers using __attribute__ without including config.h first.  I
just fixed that with the first one of the two commits below.
Thanks for reporting the issue!

While there, i also replaced the horrible __GNUC__ version number
test by a proper feature test.  No idea why we didn't have that
in the first place, it really wasn't difficult to write.

> Or something. I would hope that you won't lock it out to GCC or clang, 

Absolutely not, that's not my intention at all.

> because I'm sure there's other compilers this thing chokes on.

Right.  Only it's sometimes hard to get reports from other compilers,
so thanks for what you are reporting.

> The rest are to fix the IRIX printf() implementation, which doesn't 
> allow for %zu as mandoc currently does.

I would strongly recommend that you fix your IRIX libc to support %zu
because that has been required by POSIX for more than a decade

  https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html

and because not having it, which often results in using format
specifiers for the wrong length, can cause security issues.
Maybe not in mandoc, but in general: i don't doubt that you also
run software on IRIX that is more prone to develop security
vulnerabilities.  Besides, i would be surprised if closing that
particular feature gap in the IRIX libc would cause particularly
large amounts of work.

Given that apart from the the notoriously quirky and extremely
outdated SunOS 5.9 (2002 version), this is the first time i'm hearing
about a system that does not support %zu - even SunOS 5.10 (2009
version) supports that - i'm a bit hesitant to write a feature test
for that, also because using the result of the feature test in the
code would be somewhat intrusive.

So until you come around to fixing your libc, is think carrying
local patches for %zu is the best you can do.  But i suggest you
use the following idiom for these patches:

  mandoc_asprintf(arg, "%llun", (unsigned long long)width);

That should be perfectly safe and perfectly portable, whereas the 

  size_t width = ...;
  mandoc_asprintf(arg, "%un", width);

that you are currently using can potentially be dangerous.
At the very least, depending on the platform, on endianness,
and maybe depending on other aspects of the ABI, it might
silently produce incorrect results.

> You can see my discussion with a 
> colleague on the topic here:
> 
> https://forums.irixnet.org/thread-1946-post-14522.html

Very interesting, please keep me posted on how things work out.
In particular, i would be interested to learn if any of your
manual pages format poorly with mandoc.  But it's also
interesting to follow how your work progresses in general.

Regarding the topics discussed in your forum:

 * Heirloom (not "Heritage") Troff has very high typesetting
   quality in some respects, in some even better than groff,
   for example it has paragraph-at-once filling.  It is also
   somewhat maintained, but AFAIK more or less by a one-man
   team (Carsten Kunze) with a handful of commits in 2019
   and none so far in 2020.  It is not at all an obvious
   choice as a manual page formatter.  I'm not aware of a
   single operating system using it for that purpose.  Carsten
   has invested some work to make it better for manual pages,
   but you should still expect at least occasional compatibility
   issues when using it for manual pages, much more frquently
   than with mandoc or groff.

 * With mandoc, all three options are workable:  installing source
   manuals or preformatted manuals, and in the former case,
   using mandoc as both the formatter and the man(1) implementation,
   as for example OpenBSD and Alpine Linux do it, or using mandoc
   as the formatter but a different man(1) implementation, as for
   example FreeBSD and Illumos do it.
   In OpenBSD, we switched in three steps: first we switched the
   formatter from groff to mandoc in 2010, then we switched from
   installing preformatted to installing source manuals in 2011,
   and finally to the mandoc implementation of man(1) in 2014.
   Alpine Linux has done all that in one single step in 2014.

> I understand if you do not want to upstream all of these changes, but I 
> would hope that we can take some action to prevent someone else from 
> having to go through this. Surely, this is not the only UNIX that would 
> cause this.

In general, i try to upstream patches when it is possible without
causing unreasonable complication.  Often, that work progressed in
multiple steps, slowly and carefully improving support for that
platform, sometimes over years.  For example, in the beginning,
building on Oracle Solaris 11 needed lots of handholding and various
configure.local tweaks.  By now, even the older SunOS 5.10 just
works out of the box.

> Yes, GCC works, but we don't have clang and often times using a GPL 
> compiler isn't only against my own principles when we have perfectly 
> good alternatives, and MIPSPro performs better on IRIX than GCC.

That sounds reasonable.

> If I can be of any assistance or questions in regards to this patch, let 
> me know!

Sure, see above, and keep me posted about how your work is progressing!

Do you have a porting or packaging system in IRIX, in any way similar
to BSD ports, or Linux packages, or MacPorts, or Homebrew, or AUR,
or SlackBuilds, or Cashew?  If so, is there a distinction between
official or unofficial ports/packages?  I'm wondering whether at some
point, it might make sense to list IRIX on

  https://mandoc.bsd.lv/ports.html

but i'm a bit at a loss as to how...

Could you re-test whether compiling mandoc from CVS HEAD on IRIX
now already works a bit better for you, with smaller patches?

Yours,
  Ingo


Log Message:
-----------
Because mandoc_aux.h and mandoc.h use __attribute__, all files that
include mandoc_aux.h or mandoc.h need to include config.h, too.
It is suspected that for example IRIX needs this, or it is likely
to throw errors in these files because the system compiler doesn't
understand __attribute__.
Issue reported by Kazuo Kuroi <kazuo at irixnet dot org>.

Modified Files:
--------------
    mandoc:
        Makefile.depend
        dba_array.c
        dba_read.c
        mandoc_ohash.c
        mandoc_xr.c
        mdoc_markdown.c
        mdoc_state.c
        roff_html.c
        roff_term.c
        roff_validate.c
        term_tab.c

Revision Data
-------------
Index: mdoc_state.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mdoc_state.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -Lmdoc_state.c -Lmdoc_state.c -u -p -r1.16 -r1.17
--- mdoc_state.c
+++ mdoc_state.c
@@ -1,4 +1,4 @@
-/*	$Id$ */
+/* $Id$ */
 /*
  * Copyright (c) 2014, 2015, 2017 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -14,6 +14,8 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+#include "config.h"
+
 #include <sys/types.h>
 
 #include <assert.h>
Index: term_tab.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/term_tab.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -Lterm_tab.c -Lterm_tab.c -u -p -r1.5 -r1.6
--- term_tab.c
+++ term_tab.c
@@ -1,4 +1,4 @@
-/*	$Id$ */
+/* $Id$ */
 /*
  * Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -14,6 +14,8 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+#include "config.h"
+
 #include <sys/types.h>
 
 #include <stddef.h>
Index: roff_html.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/roff_html.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -Lroff_html.c -Lroff_html.c -u -p -r1.20 -r1.21
--- roff_html.c
+++ roff_html.c
@@ -1,4 +1,4 @@
-/*	$Id$ */
+/* $Id$ */
 /*
  * Copyright (c) 2010 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014, 2017, 2018, 2019 Ingo Schwarze <schwarze@openbsd.org>
@@ -15,6 +15,8 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+#include "config.h"
+
 #include <sys/types.h>
 
 #include <assert.h>
Index: mandoc_ohash.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mandoc_ohash.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -Lmandoc_ohash.c -Lmandoc_ohash.c -u -p -r1.2 -r1.3
--- mandoc_ohash.c
+++ mandoc_ohash.c
@@ -1,4 +1,4 @@
-/*	$Id$	*/
+/* $Id$	*/
 /*
  * Copyright (c) 2014, 2015 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -14,6 +14,8 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+#include "config.h"
+
 #include <sys/types.h>
 #include <stddef.h>
 #include <stdint.h>
Index: mdoc_markdown.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mdoc_markdown.c,v
retrieving revision 1.35
retrieving revision 1.36
diff -Lmdoc_markdown.c -Lmdoc_markdown.c -u -p -r1.35 -r1.36
--- mdoc_markdown.c
+++ mdoc_markdown.c
@@ -16,6 +16,8 @@
  *
  * Markdown formatter for mdoc(7) used by mandoc(1).
  */
+#include "config.h"
+
 #include <sys/types.h>
 
 #include <assert.h>
Index: dba_read.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/dba_read.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -Ldba_read.c -Ldba_read.c -u -p -r1.4 -r1.5
--- dba_read.c
+++ dba_read.c
@@ -1,4 +1,4 @@
-/*	$Id$ */
+/* $Id$ */
 /*
  * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -19,6 +19,8 @@
  * The interface is defined in "dba.h".
  * This file is seperate from dba.c because this also uses "dbm.h".
  */
+#include "config.h"
+
 #include <regex.h>
 #include <stdint.h>
 #include <stdlib.h>
Index: Makefile.depend
===================================================================
RCS file: /home/cvs/mandoc/mandoc/Makefile.depend,v
retrieving revision 1.48
retrieving revision 1.49
diff -LMakefile.depend -LMakefile.depend -u -p -r1.48 -r1.49
--- Makefile.depend
+++ Makefile.depend
@@ -22,8 +22,8 @@ compat_strsep.o: compat_strsep.c config.
 compat_strtonum.o: compat_strtonum.c config.h
 compat_vasprintf.o: compat_vasprintf.c config.h
 dba.o: dba.c config.h mandoc_aux.h mandoc_ohash.h compat_ohash.h mansearch.h dba_write.h dba_array.h dba.h
-dba_array.o: dba_array.c mandoc_aux.h dba_write.h dba_array.h
-dba_read.o: dba_read.c mandoc_aux.h mansearch.h dba_array.h dba.h dbm.h
+dba_array.o: dba_array.c config.h mandoc_aux.h dba_write.h dba_array.h
+dba_read.o: dba_read.c config.h mandoc_aux.h mansearch.h dba_array.h dba.h dbm.h
 dba_write.o: dba_write.c config.h dba_write.h
 dbm.o: dbm.c config.h mansearch.h dbm_map.h dbm.h
 dbm_map.o: dbm_map.c config.h mansearch.h dbm_map.h dbm.h
@@ -42,8 +42,8 @@ man_validate.o: man_validate.c config.h 
 mandoc.o: mandoc.c config.h mandoc_aux.h mandoc.h roff.h libmandoc.h roff_int.h
 mandoc_aux.o: mandoc_aux.c config.h mandoc.h mandoc_aux.h
 mandoc_msg.o: mandoc_msg.c config.h mandoc.h
-mandoc_ohash.o: mandoc_ohash.c mandoc_aux.h mandoc_ohash.h compat_ohash.h
-mandoc_xr.o: mandoc_xr.c mandoc_aux.h mandoc_ohash.h compat_ohash.h mandoc_xr.h
+mandoc_ohash.o: mandoc_ohash.c config.h mandoc_aux.h mandoc_ohash.h compat_ohash.h
+mandoc_xr.o: mandoc_xr.c config.h mandoc_aux.h mandoc_ohash.h compat_ohash.h mandoc_xr.h
 mandocd.o: mandocd.c config.h mandoc.h roff.h mdoc.h man.h mandoc_parse.h main.h manconf.h
 mandocdb.o: mandocdb.c config.h compat_fts.h mandoc_aux.h mandoc_ohash.h compat_ohash.h mandoc.h roff.h mdoc.h man.h mandoc_parse.h manconf.h mansearch.h dba_array.h dba.h
 manpath.o: manpath.c config.h mandoc_aux.h mandoc.h manconf.h
@@ -53,8 +53,8 @@ mdoc_argv.o: mdoc_argv.c config.h mandoc
 mdoc_html.o: mdoc_html.c config.h mandoc_aux.h mandoc.h roff.h mdoc.h out.h html.h main.h
 mdoc_macro.o: mdoc_macro.c config.h mandoc.h roff.h mdoc.h libmandoc.h roff_int.h libmdoc.h
 mdoc_man.o: mdoc_man.c config.h mandoc_aux.h mandoc.h roff.h mdoc.h man.h out.h main.h
-mdoc_markdown.o: mdoc_markdown.c mandoc_aux.h mandoc.h roff.h mdoc.h main.h
-mdoc_state.o: mdoc_state.c mandoc.h roff.h mdoc.h libmandoc.h roff_int.h libmdoc.h
+mdoc_markdown.o: mdoc_markdown.c config.h mandoc_aux.h mandoc.h roff.h mdoc.h main.h
+mdoc_state.o: mdoc_state.c config.h mandoc.h roff.h mdoc.h libmandoc.h roff_int.h libmdoc.h
 mdoc_term.o: mdoc_term.c config.h mandoc_aux.h roff.h mdoc.h out.h term.h term_tag.h main.h
 mdoc_validate.o: mdoc_validate.c config.h mandoc_aux.h mandoc.h mandoc_xr.h roff.h mdoc.h libmandoc.h roff_int.h libmdoc.h tag.h
 msec.o: msec.c config.h mandoc.h libmandoc.h msec.in
@@ -62,9 +62,9 @@ out.o: out.c config.h mandoc_aux.h tbl.h
 preconv.o: preconv.c config.h mandoc.h roff.h mandoc_parse.h libmandoc.h
 read.o: read.c config.h mandoc_aux.h mandoc.h roff.h mdoc.h man.h mandoc_parse.h libmandoc.h roff_int.h tag.h
 roff.o: roff.c config.h mandoc_aux.h mandoc_ohash.h compat_ohash.h mandoc.h roff.h mandoc_parse.h libmandoc.h roff_int.h tbl_parse.h eqn_parse.h predefs.in
-roff_html.o: roff_html.c mandoc.h roff.h out.h html.h
-roff_term.o: roff_term.c mandoc.h roff.h out.h term.h
-roff_validate.o: roff_validate.c mandoc.h roff.h libmandoc.h roff_int.h
+roff_html.o: roff_html.c config.h mandoc.h roff.h out.h html.h
+roff_term.o: roff_term.c config.h mandoc.h roff.h out.h term.h
+roff_validate.o: roff_validate.c config.h mandoc.h roff.h libmandoc.h roff_int.h
 soelim.o: soelim.c config.h compat_stringlist.h
 st.o: st.c config.h mandoc.h roff.h libmdoc.h
 tag.o: tag.c config.h mandoc_aux.h mandoc_ohash.h compat_ohash.h roff.h mdoc.h roff_int.h tag.h
@@ -77,6 +77,6 @@ tbl_term.o: tbl_term.c config.h mandoc.h
 term.o: term.c config.h mandoc.h mandoc_aux.h out.h term.h main.h
 term_ascii.o: term_ascii.c config.h mandoc.h mandoc_aux.h out.h term.h manconf.h main.h
 term_ps.o: term_ps.c config.h mandoc_aux.h out.h term.h manconf.h main.h
-term_tab.o: term_tab.c mandoc_aux.h out.h term.h
+term_tab.o: term_tab.c config.h mandoc_aux.h out.h term.h
 term_tag.o: term_tag.c config.h mandoc.h roff.h roff_int.h tag.h term_tag.h
 tree.o: tree.c config.h mandoc.h roff.h mdoc.h man.h tbl.h eqn.h main.h
Index: dba_array.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/dba_array.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -Ldba_array.c -Ldba_array.c -u -p -r1.1 -r1.2
--- dba_array.c
+++ dba_array.c
@@ -1,4 +1,4 @@
-/*	$Id$ */
+/* $Id$ */
 /*
  * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -17,6 +17,8 @@
  * Allocation-based arrays for the mandoc database, for read-write access.
  * The interface is defined in "dba_array.h".
  */
+#include "config.h"
+
 #include <assert.h>
 #include <stdint.h>
 #include <stdlib.h>
Index: mandoc_xr.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mandoc_xr.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -Lmandoc_xr.c -Lmandoc_xr.c -u -p -r1.3 -r1.4
--- mandoc_xr.c
+++ mandoc_xr.c
@@ -1,4 +1,4 @@
-/*	$Id$ */
+/* $Id$ */
 /*
  * Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -14,6 +14,8 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+#include "config.h"
+
 #include <sys/types.h>
 
 #include <assert.h>
Index: roff_validate.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/roff_validate.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -Lroff_validate.c -Lroff_validate.c -u -p -r1.19 -r1.20
--- roff_validate.c
+++ roff_validate.c
@@ -1,4 +1,4 @@
-/*	$Id$ */
+/* $Id$ */
 /*
  * Copyright (c) 2010, 2017, 2018, 2020 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -14,6 +14,8 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+#include "config.h"
+
 #include <sys/types.h>
 
 #include <assert.h>
Index: roff_term.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/roff_term.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -Lroff_term.c -Lroff_term.c -u -p -r1.19 -r1.20
--- roff_term.c
+++ roff_term.c
@@ -1,4 +1,4 @@
-/*	$Id$ */
+/* $Id$ */
 /*
  * Copyright (c) 2010,2014,2015,2017-2019 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -14,6 +14,8 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+#include "config.h"
+
 #include <sys/types.h>
 
 #include <assert.h>


Log Message:
-----------
Provide a real feature test for __attribute__().
Looking at version numbers like __GNUC__ is always a bad idea.
Believe it or not, this even makes ./configure shorter by one line.

Modified Files:
--------------
    mandoc:
        Makefile
        configure
        configure.local.example

Added Files:
-----------
    mandoc:
        test-attribute.c

Revision Data
-------------
Index: Makefile
===================================================================
RCS file: /home/cvs/mandoc/mandoc/Makefile,v
retrieving revision 1.534
retrieving revision 1.535
diff -LMakefile -LMakefile -u -p -r1.534 -r1.535
--- Makefile
+++ Makefile
@@ -19,7 +19,8 @@ VERSION = 1.14.5
 
 # === LIST OF FILES ====================================================
 
-TESTSRCS	 = test-be32toh.c \
+TESTSRCS	 = test-attribute.c \
+		   test-be32toh.c \
 		   test-cmsg.c \
 		   test-dirent-namlen.c \
 		   test-EFTYPE.c \
--- /dev/null
+++ test-attribute.c
@@ -0,0 +1,48 @@
+/* $Id: test-attribute.c,v 1.1 2020/06/22 20:00:38 schwarze Exp $ */
+/*
+ * Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+void	 var_arg(const char *, ...)
+		__attribute__((__format__ (__printf__, 1, 2)));
+void	 no_ret(int)
+		__attribute__((__noreturn__));
+
+void
+var_arg(const char *fmt, ...)
+{
+	va_list	 ap;
+
+	va_start(ap, fmt);
+	vprintf(fmt, ap);
+	va_end(ap);
+}
+
+void
+no_ret(int i)
+{
+	exit(i);
+}
+
+int
+main(void)
+{
+	var_arg("Test output: %d\n", 42);
+	no_ret(0);
+}
Index: configure.local.example
===================================================================
RCS file: /home/cvs/mandoc/mandoc/configure.local.example,v
retrieving revision 1.37
retrieving revision 1.38
diff -Lconfigure.local.example -Lconfigure.local.example -u -p -r1.37 -r1.38
--- configure.local.example
+++ configure.local.example
@@ -288,6 +288,7 @@ CFLAGS="-g"
 # and will be regarded as failed) or 1 (test will not be run and will
 # be regarded as successful).
 
+HAVE_ATTRIBUTE=0
 HAVE_DIRENT_NAMLEN=0
 HAVE_ENDIAN=0
 HAVE_EFTYPE=0
Index: configure
===================================================================
RCS file: /home/cvs/mandoc/mandoc/configure,v
retrieving revision 1.75
retrieving revision 1.76
diff -Lconfigure -Lconfigure -u -p -r1.75 -r1.76
--- configure
+++ configure
@@ -55,6 +55,7 @@ BUILD_CGI=0
 BUILD_CATMAN=0
 INSTALL_LIBMANDOC=0
 
+HAVE_ATTRIBUTE=
 HAVE_CMSG=
 HAVE_DIRENT_NAMLEN=
 HAVE_EFTYPE=
@@ -294,6 +295,7 @@ fi
 # --- tests for config.h  ----------------------------------------------
 
 # --- library functions ---
+runtest attribute	ATTRIBUTE	|| true
 runtest cmsg		CMSG		"" "-D_XPG4_2" || true
 runtest dirent-namlen	DIRENT_NAMLEN	|| true
 runtest be32toh		ENDIAN		|| true
@@ -422,10 +424,6 @@ cat << __HEREDOC__
 #error "Do not use C++.  See the INSTALL file."
 #endif
 
-#if !defined(__GNUC__) || (__GNUC__ < 4)
-#define __attribute__(x)
-#endif
-
 __HEREDOC__
 
 [ ${NEED_GNU_SOURCE} -eq 0 ] || echo "#define _GNU_SOURCE"
@@ -447,6 +445,7 @@ echo "#define OSENUM ${OSENUM}"
 [ -n "${OSNAME}" ] && echo "#define OSNAME \"${OSNAME}\""
 [ -n "${UTF8_LOCALE}" ] && echo "#define UTF8_LOCALE \"${UTF8_LOCALE}\""
 [ -n "${HOMEBREWDIR}" ] && echo "#define HOMEBREWDIR \"${HOMEBREWDIR}\""
+[ ${HAVE_ATTRIBUTE} -eq 0 ] && echo "#define __attribute__(x)"
 [ ${HAVE_EFTYPE} -eq 0 ] && echo "#define EFTYPE EINVAL"
 [ ${HAVE_O_DIRECTORY} -eq 0 ] && echo "#define O_DIRECTORY 0"
 [ ${HAVE_PATH_MAX} -eq 0 ] && echo "#define PATH_MAX 4096"
--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Patching Mandoc for IRIX
  2020-06-22 21:44 ` Ingo Schwarze
@ 2020-06-22 22:09   ` Kazuo Kuroi
  2020-08-27 18:09     ` Ingo Schwarze
  0 siblings, 1 reply; 6+ messages in thread
From: Kazuo Kuroi @ 2020-06-22 22:09 UTC (permalink / raw)
  To: discuss

Hi Ingo!

Thank you for getting back to me, I appreciate the professionalism! 
Don't worry about the specific CFLAGS, -mips4 should work as well and I 
was just demonstrating what my particular use case requested. -O3 was 
just a test, and it got roped into the patch, my mistake!

I'm glad to hear you're taking my feedback seriously, let me speak on 
one point though:

IRIX is not free/open source, and we do not have access to the IRIX libc 
to change the printf() implementation. I've considered adding an 
external override printf() replacement to my library I use to improve 
portability (libxg) but let me quote a dev on my forums on the topic:

"The "%zun" format specifier to the printf family of functions is 
problematic for us.  Newer libc implementations (GNU, BSD, ...) use the 
"z" character as a length modifier to indicate the following "u" 
argument is of type size_t.  IRIX libc doesn't support the "z" length 
modifier at all.  So that's got to go, for starters.  I'm assuming 
you're compiling as N32 code, so an unmodified "%u" should suffice since 
size_t is defined as an unsigned int in /usr/include/sys/types.h.  (Use 
%lu for 64-bit code where size_t is an unsigned long instead.  Which 
clearly shows why the z modifier is needed for portable code!)

Also, the trailing "n" is potentially problematic.  I'm not 100% sure, 
but I think the code is intended to print a size_t followed by a literal 
"n".  But IRIX libc seems to be interpreting it as the "n" "conversion 
character" which requests the printf family of functions to put the 
length of the printed string into a variable.  But the next argument to 
the printf call (from mdoc_validate.c) is an int rather than a pointer 
to an int.  That would explain the segmentation fault:  printf treating 
that integer as a pointer means it is trying to write to memory the 
process doesn't own."

In this case, the trailing n didn't cause any issues. I understand for 
portability reasons you wouldn't want to change it, and that's totally 
understandable. One way you could accommodate IRIX would be to use the 
__sgi definition in configure, and then you could use perl or sed to 
change the code, or you could throw a warning out in configure regarding 
%zu in the code and we could work out a more conservative patch that 
fixes just the %zu for those who stumble upon this. This mostly affects 
the makewhatis commands, the actual mandoc binary appears to work fine.

I would think that some other platforms like older AIX, Solaris, HP-UX 
etc. may have this issue too, but I've not worked on those extensively.

Pragmatically, after I got a copy of the DWB, I think the best option 
for our usecase is to use mandoc because the implementation is just 
"Better" than the others here, and it doesn't preclude groff or nroff 
for others. The native awf used in the base IRIX has its manpages packed 
in .z pack files, I still need to test if we can use the "man" but if 
not, I am gonna make a script with a cronjob that allows for the man 
files to be packed up easily.

On your question of whether or not we have ports or anything, not 
currently. There's two main projects looking to "modernize" IRIX, each 
with its own way of doing things:

Nekoware II - Named after the old forum nekochan.net's premiere project, 
which was Nekoware. We follow the same philosophy of the base of the 
ports should be compiled with the native compiler (MIPSPro) while 
projects that are too "new" can use GCC as needed. We package stuff in 
the .tardist native format, basically a tarball with the 
idb/spec/distfile format used by IRIX since the 4D1 68k era. It's a bit 
clunky, but we prefer to kind of keep things historical.

I'm a project head for Nekoware II - I don't do development that 
intensively, I'm basically a guy who knows how to beat on other people's 
code to make it work. I work more as a documenter, packager and 
occasional supervisor.

SGUG RSE - A competing project by the sgi.sh forum. They have ported RPM 
to IRIX and are using an SRPM approach with GCC and distcc. I do not 
know but so much about this, but they are not currently packaging mandoc 
as they use GNU GROFF.

I usually, for now, keep patches and references in "Xenopatches" here:
http://gitea.irixce.org/Raion/Xenopatches/src/branch/master/mandoc

So pragmatically, once I figure out how to get it all together, you can 
link here and I'll include a build instructions file. Once Nekoware II 
is packaging tardists again, you can link back to nekoware II's homepage.


Thank you very much.

On 6/22/2020 5:44 PM, Ingo Schwarze wrote:
> Hello,
>
> sorry for taking so long to respond, i was somewhat distracted by other
> matters and now found your message while systematically looking for
> unanswered messages regarding mandoc.
>
>
> Kazuo Kuroi wrote on Tue, Jun 02, 2020 at 07:29:52PM -0400:
>
>> I have patched mandoc to work with IRIX, but I have a feeling that the
>> fixes made will require some changes. Let me first explain my goals here:
>>
>> I am patching mandoc to work with MIPSPro, the native compiler of IRIX,
> That sounds good and interesting.  I like it when people try to make
> software work with native compilers that is intended to be portable,
> rather than following a mindless reflex like "oh let's just require
> gcc or clang to compile this".
>
>> so I'll have to explain the changes I made to get it to build:
>>
>> http://gitea.irixce.org/Raion/Xenopatches/raw/branch/master/mandoc/mandoc.patch
>>
>> Here's the patch file.
>>
>> First change is because it doesn't reliably detect the c99 driver, and
>> as the code uses non ANSI-related things, it needs to detect c99. This
>> can probably be disregarded,
> Possibly.  I tried to include code in ./configure in the past to
> automatically detect the system compiler, but that attempt caused
> more grief than benefit.  Few platforms needed it, and more ended
> up having trouble with the attempted test.
>
> So for the next release, i decided to simplify things by just
> statically setting CC=cc in ./configure and inviting users to
> set CC in configure.local to whatever is appropriate on their
> platform - but of course only if "cc" is not.
>
> Arguably, given that POSIX defines c99 but not cc, it might be better
> to make CC=c99 the default.  Probably, the only reason that i didn't
> is somewhat weak:  My main development platform, OpenBSD, provides
> a cc(1) command but does not provide a c99(1) command.  Maybe it
> should, but oh well.
>
> For now, i suggest you keep CC=c99 in the configure.local file for IRIX.
>
>> as can the CFLAGS reference.
> I certainly won't put -O3 into CFLAGS by default, or any other
> optimization flag for that matter.  I think operating systems should
> have defaults that are appropriate for compiling general purpose
> application software that has no special needs, and i consider it
> annoying when upstream maintainers tweak compiler flags like that.
>
> However, if there is some compelling reason why IRIX needs -O3,
> then you can put that into the configure.local file for IRIX, though
> i'm a bit at a loss trying to guess why that could possibly be
> needed.
>
> If IRIX needs -mips3, that definitely needs to go into configure.local.
> I have no idea right now how i could possibly test for that.
>
>> Next one is in mandoc.h, and it's because MIPSPro doesn't support the
>> __attribute__ block. This could be fixed with a guard for non-GCC
>> compilers, like this:
>> #ifdef __GNUC__
>> __attribute__((__format__ (__printf__, 4, 5)));
>> #endif
> Actually, i was already doing that, ./configure wrote something
> like that into config.h.  However, some of the *.c files used private
> headers using __attribute__ without including config.h first.  I
> just fixed that with the first one of the two commits below.
> Thanks for reporting the issue!
>
> While there, i also replaced the horrible __GNUC__ version number
> test by a proper feature test.  No idea why we didn't have that
> in the first place, it really wasn't difficult to write.
>
>> Or something. I would hope that you won't lock it out to GCC or clang,
> Absolutely not, that's not my intention at all.
>
>> because I'm sure there's other compilers this thing chokes on.
> Right.  Only it's sometimes hard to get reports from other compilers,
> so thanks for what you are reporting.
>
>> The rest are to fix the IRIX printf() implementation, which doesn't
>> allow for %zu as mandoc currently does.
> I would strongly recommend that you fix your IRIX libc to support %zu
> because that has been required by POSIX for more than a decade
>
>    https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html
>
> and because not having it, which often results in using format
> specifiers for the wrong length, can cause security issues.
> Maybe not in mandoc, but in general: i don't doubt that you also
> run software on IRIX that is more prone to develop security
> vulnerabilities.  Besides, i would be surprised if closing that
> particular feature gap in the IRIX libc would cause particularly
> large amounts of work.
>
> Given that apart from the the notoriously quirky and extremely
> outdated SunOS 5.9 (2002 version), this is the first time i'm hearing
> about a system that does not support %zu - even SunOS 5.10 (2009
> version) supports that - i'm a bit hesitant to write a feature test
> for that, also because using the result of the feature test in the
> code would be somewhat intrusive.
>
> So until you come around to fixing your libc, is think carrying
> local patches for %zu is the best you can do.  But i suggest you
> use the following idiom for these patches:
>
>    mandoc_asprintf(arg, "%llun", (unsigned long long)width);
>
> That should be perfectly safe and perfectly portable, whereas the
>
>    size_t width = ...;
>    mandoc_asprintf(arg, "%un", width);
>
> that you are currently using can potentially be dangerous.
> At the very least, depending on the platform, on endianness,
> and maybe depending on other aspects of the ABI, it might
> silently produce incorrect results.
>
>> You can see my discussion with a
>> colleague on the topic here:
>>
>> https://forums.irixnet.org/thread-1946-post-14522.html
> Very interesting, please keep me posted on how things work out.
> In particular, i would be interested to learn if any of your
> manual pages format poorly with mandoc.  But it's also
> interesting to follow how your work progresses in general.
>
> Regarding the topics discussed in your forum:
>
>   * Heirloom (not "Heritage") Troff has very high typesetting
>     quality in some respects, in some even better than groff,
>     for example it has paragraph-at-once filling.  It is also
>     somewhat maintained, but AFAIK more or less by a one-man
>     team (Carsten Kunze) with a handful of commits in 2019
>     and none so far in 2020.  It is not at all an obvious
>     choice as a manual page formatter.  I'm not aware of a
>     single operating system using it for that purpose.  Carsten
>     has invested some work to make it better for manual pages,
>     but you should still expect at least occasional compatibility
>     issues when using it for manual pages, much more frquently
>     than with mandoc or groff.
>
>   * With mandoc, all three options are workable:  installing source
>     manuals or preformatted manuals, and in the former case,
>     using mandoc as both the formatter and the man(1) implementation,
>     as for example OpenBSD and Alpine Linux do it, or using mandoc
>     as the formatter but a different man(1) implementation, as for
>     example FreeBSD and Illumos do it.
>     In OpenBSD, we switched in three steps: first we switched the
>     formatter from groff to mandoc in 2010, then we switched from
>     installing preformatted to installing source manuals in 2011,
>     and finally to the mandoc implementation of man(1) in 2014.
>     Alpine Linux has done all that in one single step in 2014.
> In general, i try to upstream patches when it is possible without
> causing unreasonable complication.  Often, that work progressed in
> multiple steps, slowly and carefully improving support for that
> platform, sometimes over years.  For example, in the beginning,
> building on Oracle Solaris 11 needed lots of handholding and various
> configure.local tweaks.  By now, even the older SunOS 5.10 just
> works out of the box.
>
> That sounds reasonable.
> Sure, see above, and keep me posted about how your work is progressing!
>
> Do you have a porting or packaging system in IRIX, in any way similar
> to BSD ports, or Linux packages, or MacPorts, or Homebrew, or AUR,
> or SlackBuilds, or Cashew?  If so, is there a distinction between
> official or unofficial ports/packages?  I'm wondering whether at some
> point, it might make sense to list IRIX on
>
>    https://mandoc.bsd.lv/ports.html
>
> but i'm a bit at a loss as to how...
>
> Could you re-test whether compiling mandoc from CVS HEAD on IRIX
> now already works a bit better for you, with smaller patches?
>
> Yours,
>    Ingo

--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Patching Mandoc for IRIX
  2020-06-22 22:09   ` Kazuo Kuroi
@ 2020-08-27 18:09     ` Ingo Schwarze
  2020-08-28 19:40       ` Kazuo Kuroi
  0 siblings, 1 reply; 6+ messages in thread
From: Ingo Schwarze @ 2020-08-27 18:09 UTC (permalink / raw)
  To: Kazuo Kuroi; +Cc: discuss

Hi Kazuo,

oh no, this thread got buried under other matters *again*.
This is getting really embarassing...  :-(

Kazuo Kuroi wrote on Mon, Jun 22, 2020 at 06:09:09PM -0400:

> IRIX is not free/open source, and we do not have access
> to the IRIX libc to change the printf() implementation.

Now i'm somewhat confused - how do you diagnose and fix security
vulnerabilities in libc in that case?  The system is no longer
maintained by the original vendor, right?

> I've considered adding an external override printf() replacement
> to my library I use to improve portability (libxg)

Yes.  My general philosophy is to write code according to current
standards, and if an older system lacks some function, provide
a replacement function if that can be done without undue effort.
I do not want to pollute the portable code with wrapper functions
or #ifdefs or even macro expansion.

Unfortunately, writing a portability wrapper for printf(3) that
modifies the format string to change %zu into whatever is appropriate
for the current platform is tricky and potentially dangerous, so
maybe it is better that you manually maintain patches for that,
unless or until we have a better idea.

> but let me quote a dev on my forums on the topic:
> 
> "The "%zun" format specifier to the printf family of functions is 
> problematic for us.  Newer libc implementations (GNU, BSD, ...) use the 
> "z" character as a length modifier to indicate the following "u" 
> argument is of type size_t.  IRIX libc doesn't support the "z" length 
> modifier at all.  So that's got to go, for starters.  I'm assuming 
> you're compiling as N32 code, so an unmodified "%u" should suffice since 
> size_t is defined as an unsigned int in /usr/include/sys/types.h.  (Use 
> %lu for 64-bit code where size_t is an unsigned long instead.  Which 
> clearly shows why the z modifier is needed for portable code!)

So far, i see what the problem is here.

Apart from the fact that fixing this in compat_* code would be tricky
and would be needed for few platforms (IRIX the only one known so far),
the detection is also tricky.  Besically, the test_* code would have
to compare sizeof(size_t) to native types like sizeof(unsigned)
and sizeof(unsigned long) and sizeof(unsigned long long) to make
the decision.  That's all somewhat ugly...

> Also, the trailing "n" is potentially problematic.  I'm not 100% sure, 
> but I think the code is intended to print a size_t followed by a literal 
> "n".

Correct.

> But IRIX libc seems to be interpreting it as the "n" "conversion 
> character" which requests the printf family of functions to put the 
> length of the printed string into a variable.

That sounds like a very dangerous security vulnerability in IRIX
libc.  The "%n" conversion specifier is supposed to cause writing
into a variable, and even that is rather risky even when implemented
and used correctly, but the literal letter "n" is absolutely not
supposed to do any such thing.  Also, each conversion specification
ends with the conversion specifier letter, in this case the 'u',
so whatever follows the 'u' is no longer part of the conversion
specification but just literal text.

You really need to get that bug fixed.  I sounds extremely dangerous
and and i can think of no way to work around it.  It is likely to
have dire consequences in any software you compile.

> In this case, the trailing n didn't cause any issues. I understand for 
> portability reasons you wouldn't want to change it, and that's totally 
> understandable.

Indeed, printing the literal 'n' right after the number is required,
roff(7) syntax dictates that it must be there.  Doing it in some
different way would cause substantial complication of the code,
and i don't think working around such a serious libc bug would be
reasonable.

> One way you could accommodate IRIX would be to use the 
> __sgi definition in configure,

I strongly dislike testing for platform IDs or version numbers in
autoconfiguration; it's fragile, never complete, and easily gets
outdated when platforms improve, which most platforms do all the
time.  Besides, the OpenBSD mips64 port also defines __sgi__, so
it idenfifies the CPU architecture rather than the operating system.
I guess NetBSD is likely to do even more of that kind because NetBSD
is famous for its wide range of hardware support.

> and then you could use perl or sed to 
> change the code, or you could throw a warning out in configure regarding 
> %zu in the code and we could work out a more conservative patch that 
> fixes just the %zu for those who stumble upon this. This mostly affects 
> the makewhatis commands, the actual mandoc binary appears to work fine.

I doubt that all else works fine without %zu.  That sequence is used
for

 * reporting of configuration errors in manpath.c
 * ctags(1) support for terminal output in term_tag.c
 * abstract syntax tree dumping in tree.c
 * PostScript and PDF generation in term_ps.c
 * mdoc(7) syntax validation in mdoc_validate.c

All that is potentially broken unless correctly patched.

> I would think that some other platforms like older AIX, Solaris, HP-UX 
> etc. may have this issue too, but I've not worked on those extensively.

F
Solaris 11 and Solaris 10 are definitely fine.  Solaris 9 is now
so old that i'm not very diligent about supporting it any longer.
There was a mandoc port for AIX many years ago, and people have
occasionally done light testing on AIX in recent years, but no
such issue came up.  I'm not aware that anyone ever tested on HP-UX,
that system doesn't appear to be used a lot.

> On your question of whether or not we have ports or anything, not 
> currently.

No problem, so i'll just link to these build instructions:

> I usually, for now, keep patches and references in "Xenopatches" here:
> http://gitea.irixce.org/Raion/Xenopatches/src/branch/master/mandoc
> 
> So pragmatically, once I figure out how to get it all together, you can 
> link here and I'll include a build instructions file. Once Nekoware II 
> is packaging tardists again, you can link back to nekoware II's homepage.

Thanks for your information about Nekoware II.

For now, i have added links to ports.html and porthistory.html
as shown below.  Speak up if you think there is a better way.

Yours,
  Ingo


Index: porthistory.html
===================================================================
RCS file: /home/cvs/mandoc/www/porthistory.html,v
retrieving revision 1.52
diff -u -r1.52 porthistory.html
--- porthistory.html	4 Mar 2020 03:19:07 -0000	1.52
+++ porthistory.html	27 Aug 2020 17:58:28 -0000
@@ -36,6 +36,7 @@
   illumos (<a href="https://github.com/illumos/illumos-gate/commit/cec8643b41ebefad6c677010fc784dc4bb0550f3#diff-46d91f95b4440f9432e65c9b3e674271">2019 May 30</a>, Michal Nowak)
   Alpine Linux (<a href="https://git.alpinelinux.org/cgit/aports/commit?id=a33e421da04f54e4a9398da416982720bbae84eb">2019 Aug 25</a>)
   Fedora (<a href="https://src.fedoraproject.org/rpms/mandoc/c/8e2f011858c0b699122ad5ceec4afba9564a5c4c">2019 Oct 16</a>, David Cantrell)
+  <strong>IRIX</strong> Nekoware II (<a href="http://gitea.irixce.org/Raion/Xenopatches/commit/f29efd3d02b4d336f1d2ab6682e51ca52ee636ee">2020 June 2</a>, Kazuo Kuroi)
   </li>
 <li>1.14.4 (<a href="/cgi-bin/cvsweb/NEWS#rev1.32">2018 Aug 8</a>):
   Void Linux (<a href="https://github.com/void-linux/void-packages/commit/9a366969487696e4d8743cd198fef084924814b4">2018 Aug 8</a>, Leah Neukirchen)
Index: ports.html
===================================================================
RCS file: /home/cvs/mandoc/www/ports.html,v
retrieving revision 1.78
diff -u -r1.78 ports.html
--- ports.html	4 Mar 2020 03:20:27 -0000	1.78
+++ ports.html	27 Aug 2020 17:54:42 -0000
@@ -245,6 +245,17 @@
     <td>&mdash;</td>
   </tr>
   <tr>
+    <td><a class="external" href="https://irixnet.org/">IRIX</a></td>
+    <td>1.14.5</td>
+    <td>&mdash;</td>
+    <td>&mdash;</td>
+    <td>2020 June 2</td>
+    <td>&mdash;</td>
+    <td>&mdash;</td>
+    <td>&mdash;</td>
+    <td>&mdash;</td>
+  </tr>
+  <tr>
     <td><a class="external" href="https://crux.nu/">Crux Linux</a></td>
     <td>1.14.3</td>
     <td>&mdash;</td>
@@ -559,6 +569,15 @@
       >macports/mandoc</a></td>
     <td>dito</td>
     <td>&mdash;</td>
+  </tr>
+  <tr>
+    <td><a class="external" href="https://irixnet.org/">IRIX</a></td>
+    <td><a class="external"
+      href="http://gitea.irixce.org/Raion/Xenopatches/commits/branch/master/mandoc"
+      >Xenopatches/mandoc</a></td>
+    <td>work in progress</td>
+    <td><a class="external" href="http://gitea.irixce.org/Raion"
+      >Kazuo Kuroi</a>, Nekoware II</td>
   </tr>
   <tr>
     <td><a class="external" href="https://crux.nu/">Crux Linux</a></td>
--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Patching Mandoc for IRIX
  2020-08-27 18:09     ` Ingo Schwarze
@ 2020-08-28 19:40       ` Kazuo Kuroi
  2020-08-31 14:12         ` Ingo Schwarze
  0 siblings, 1 reply; 6+ messages in thread
From: Kazuo Kuroi @ 2020-08-28 19:40 UTC (permalink / raw)
  To: Ingo Schwarze; +Cc: discuss

Hi Ingo,

This has gotten piled up and I've not had a chance to apply any of your 
fixes.

1. Libc on IRIX:

We're not looking to replace libc with say GNUlibc (oh gods no) and I 
understand the viewpoint that you don't want to pollute the code with 
workarounds. What I am suggesting possibly would be to have your 
configure script detect IRIX either by the preprocessor macro __sgi or 
by uname -a output and automatically advise them to check your ports 
page for a proper patch or something like that. Give me some time to see 
what I can do. . There's literally no chance of fixing the libc unless 
someone comes along and writes a 100% FOSS reimplementation, which I'm 
sure we both know is wishful thinking.

Similar to say HP-UX 11iv1 or Tru64, IRIX is 100% unsupported by its 
current IP holder (HP Enterprise) and hasn't received any patches since 
2006, it's also not FOSS and there's thus no real option but to create a 
wrapper or something around it. Sure, it's an issue, and this is not the 
last BSD-related project I've had these issues with, I have been 
researching byacc, bsd awk, openrsync (From OpenBSD), openm4 (also from 
BSD) etc. to figure out good FOSS replacements for IRIX tools.

Ironically, I don't have issues with %zu with GNU ports for the most 
part, and I've been developing a little code scanner to figure out how 
to go in and catch these issues before I try compiling so I can be on 
the lookout. It's not a bug; more like a lack of functionality. The 
trailing n, apparently, doesn't cause issues when I remove the z format 
specifier. I'm going to confirm that all of your %zun are for size_t, 
and I'll go in and double check that we've not introduced any nasty bugs 
in our downstream patches. The postscript functionality I've not tested, 
primarily because the main goal here is to avoid having to use GNU groff.

2. __sgi vs __sgi__

__sgi is different. IRIX doesn't define __sgi__ as to my knowledge. But 
IRIX is pretty much static at this point, so uname output and platform 
IDs aren't going to change. AFAIK, OpenBSD no longer supports SGI 
hardware, so why their other MIPS ports would define that is probably a 
bug unless it's using a straight port of IRIX n32/n64 ABIs as Linux MIPS 
does (There's so many ABI similarities other than syscalls/libc 
differences it's kinda uncanny).

Fair point either way, but in that case what alternatives do you 
suggest? I think it's fair to just point us downstream if that's all you 
can do it.

3. Conclusions

To end my message for now I want to explain that the reason people still 
use IRIX is because of its uniqueness and historical value. I certainly 
am understanding that I can't expect you to make all kinds of special 
accomodations for us, all the same I do appreciate your help. For me, 
and most of the community, Linux and BSD on SGI hardware misses the 
point. Without the original environment, it's just below-average 
underpowered hardware. if I wanted a high performance RISC system 
without that baggage, I'd use POWER64el. So we're kinda stuck with IRIX 
since it's a system of interest.

For now, I'll check the latest CVS revisions, see if that solves some of 
the issues mentioned, and I'll do some more extensive testing just to 
verify if I have any more issues. Will take me a bit of time before you 
hear from me again!

Best Regards,

Kazuo


On 8/27/2020 2:09 PM, Ingo Schwarze wrote:
> Hi Kazuo,
>
> oh no, this thread got buried under other matters *again*.
> This is getting really embarassing...  :-(
>
> Kazuo Kuroi wrote on Mon, Jun 22, 2020 at 06:09:09PM -0400:
>
>> IRIX is not free/open source, and we do not have access
>> to the IRIX libc to change the printf() implementation.
> Now i'm somewhat confused - how do you diagnose and fix security
> vulnerabilities in libc in that case?  The system is no longer
> maintained by the original vendor, right?
>
>> I've considered adding an external override printf() replacement
>> to my library I use to improve portability (libxg)
> Yes.  My general philosophy is to write code according to current
> standards, and if an older system lacks some function, provide
> a replacement function if that can be done without undue effort.
> I do not want to pollute the portable code with wrapper functions
> or #ifdefs or even macro expansion.
>
> Unfortunately, writing a portability wrapper for printf(3) that
> modifies the format string to change %zu into whatever is appropriate
> for the current platform is tricky and potentially dangerous, so
> maybe it is better that you manually maintain patches for that,
> unless or until we have a better idea.
>
>> but let me quote a dev on my forums on the topic:
>>
>> "The "%zun" format specifier to the printf family of functions is
>> problematic for us.  Newer libc implementations (GNU, BSD, ...) use the
>> "z" character as a length modifier to indicate the following "u"
>> argument is of type size_t.  IRIX libc doesn't support the "z" length
>> modifier at all.  So that's got to go, for starters.  I'm assuming
>> you're compiling as N32 code, so an unmodified "%u" should suffice since
>> size_t is defined as an unsigned int in /usr/include/sys/types.h.  (Use
>> %lu for 64-bit code where size_t is an unsigned long instead.  Which
>> clearly shows why the z modifier is needed for portable code!)
> So far, i see what the problem is here.
>
> Apart from the fact that fixing this in compat_* code would be tricky
> and would be needed for few platforms (IRIX the only one known so far),
> the detection is also tricky.  Besically, the test_* code would have
> to compare sizeof(size_t) to native types like sizeof(unsigned)
> and sizeof(unsigned long) and sizeof(unsigned long long) to make
> the decision.  That's all somewhat ugly...
>
>> Also, the trailing "n" is potentially problematic.  I'm not 100% sure,
>> but I think the code is intended to print a size_t followed by a literal
>> "n".
> Correct.
>
>> But IRIX libc seems to be interpreting it as the "n" "conversion
>> character" which requests the printf family of functions to put the
>> length of the printed string into a variable.
> That sounds like a very dangerous security vulnerability in IRIX
> libc.  The "%n" conversion specifier is supposed to cause writing
> into a variable, and even that is rather risky even when implemented
> and used correctly, but the literal letter "n" is absolutely not
> supposed to do any such thing.  Also, each conversion specification
> ends with the conversion specifier letter, in this case the 'u',
> so whatever follows the 'u' is no longer part of the conversion
> specification but just literal text.
>
> You really need to get that bug fixed.  I sounds extremely dangerous
> and and i can think of no way to work around it.  It is likely to
> have dire consequences in any software you compile.
>
>> In this case, the trailing n didn't cause any issues. I understand for
>> portability reasons you wouldn't want to change it, and that's totally
>> understandable.
> Indeed, printing the literal 'n' right after the number is required,
> roff(7) syntax dictates that it must be there.  Doing it in some
> different way would cause substantial complication of the code,
> and i don't think working around such a serious libc bug would be
> reasonable.
>
>> One way you could accommodate IRIX would be to use the
>> __sgi definition in configure,
> I strongly dislike testing for platform IDs or version numbers in
> autoconfiguration; it's fragile, never complete, and easily gets
> outdated when platforms improve, which most platforms do all the
> time.  Besides, the OpenBSD mips64 port also defines __sgi__, so
> it idenfifies the CPU architecture rather than the operating system.
> I guess NetBSD is likely to do even more of that kind because NetBSD
> is famous for its wide range of hardware support.
>
>> and then you could use perl or sed to
>> change the code, or you could throw a warning out in configure regarding
>> %zu in the code and we could work out a more conservative patch that
>> fixes just the %zu for those who stumble upon this. This mostly affects
>> the makewhatis commands, the actual mandoc binary appears to work fine.
> I doubt that all else works fine without %zu.  That sequence is used
> for
>
>   * reporting of configuration errors in manpath.c
>   * ctags(1) support for terminal output in term_tag.c
>   * abstract syntax tree dumping in tree.c
>   * PostScript and PDF generation in term_ps.c
>   * mdoc(7) syntax validation in mdoc_validate.c
>
> All that is potentially broken unless correctly patched.
>
>> I would think that some other platforms like older AIX, Solaris, HP-UX
>> etc. may have this issue too, but I've not worked on those extensively.
> F
> Solaris 11 and Solaris 10 are definitely fine.  Solaris 9 is now
> so old that i'm not very diligent about supporting it any longer.
> There was a mandoc port for AIX many years ago, and people have
> occasionally done light testing on AIX in recent years, but no
> such issue came up.  I'm not aware that anyone ever tested on HP-UX,
> that system doesn't appear to be used a lot.
>
>> On your question of whether or not we have ports or anything, not
>> currently.
> No problem, so i'll just link to these build instructions:
>
>> I usually, for now, keep patches and references in "Xenopatches" here:
>> http://gitea.irixce.org/Raion/Xenopatches/src/branch/master/mandoc
>>
>> So pragmatically, once I figure out how to get it all together, you can
>> link here and I'll include a build instructions file. Once Nekoware II
>> is packaging tardists again, you can link back to nekoware II's homepage.
> Thanks for your information about Nekoware II.
>
> For now, i have added links to ports.html and porthistory.html
> as shown below.  Speak up if you think there is a better way.
>
> Yours,
>    Ingo
>
>
> Index: porthistory.html
> ===================================================================
> RCS file: /home/cvs/mandoc/www/porthistory.html,v
> retrieving revision 1.52
> diff -u -r1.52 porthistory.html
> --- porthistory.html	4 Mar 2020 03:19:07 -0000	1.52
> +++ porthistory.html	27 Aug 2020 17:58:28 -0000
> @@ -36,6 +36,7 @@
>     illumos (<a href="https://github.com/illumos/illumos-gate/commit/cec8643b41ebefad6c677010fc784dc4bb0550f3#diff-46d91f95b4440f9432e65c9b3e674271">2019 May 30</a>, Michal Nowak)
>     Alpine Linux (<a href="https://git.alpinelinux.org/cgit/aports/commit?id=a33e421da04f54e4a9398da416982720bbae84eb">2019 Aug 25</a>)
>     Fedora (<a href="https://src.fedoraproject.org/rpms/mandoc/c/8e2f011858c0b699122ad5ceec4afba9564a5c4c">2019 Oct 16</a>, David Cantrell)
> +  <strong>IRIX</strong> Nekoware II (<a href="http://gitea.irixce.org/Raion/Xenopatches/commit/f29efd3d02b4d336f1d2ab6682e51ca52ee636ee">2020 June 2</a>, Kazuo Kuroi)
>     </li>
>   <li>1.14.4 (<a href="/cgi-bin/cvsweb/NEWS#rev1.32">2018 Aug 8</a>):
>     Void Linux (<a href="https://github.com/void-linux/void-packages/commit/9a366969487696e4d8743cd198fef084924814b4">2018 Aug 8</a>, Leah Neukirchen)
> Index: ports.html
> ===================================================================
> RCS file: /home/cvs/mandoc/www/ports.html,v
> retrieving revision 1.78
> diff -u -r1.78 ports.html
> --- ports.html	4 Mar 2020 03:20:27 -0000	1.78
> +++ ports.html	27 Aug 2020 17:54:42 -0000
> @@ -245,6 +245,17 @@
>       <td>&mdash;</td>
>     </tr>
>     <tr>
> +    <td><a class="external" href="https://irixnet.org/">IRIX</a></td>
> +    <td>1.14.5</td>
> +    <td>&mdash;</td>
> +    <td>&mdash;</td>
> +    <td>2020 June 2</td>
> +    <td>&mdash;</td>
> +    <td>&mdash;</td>
> +    <td>&mdash;</td>
> +    <td>&mdash;</td>
> +  </tr>
> +  <tr>
>       <td><a class="external" href="https://crux.nu/">Crux Linux</a></td>
>       <td>1.14.3</td>
>       <td>&mdash;</td>
> @@ -559,6 +569,15 @@
>         >macports/mandoc</a></td>
>       <td>dito</td>
>       <td>&mdash;</td>
> +  </tr>
> +  <tr>
> +    <td><a class="external" href="https://irixnet.org/">IRIX</a></td>
> +    <td><a class="external"
> +      href="http://gitea.irixce.org/Raion/Xenopatches/commits/branch/master/mandoc"
> +      >Xenopatches/mandoc</a></td>
> +    <td>work in progress</td>
> +    <td><a class="external" href="http://gitea.irixce.org/Raion"
> +      >Kazuo Kuroi</a>, Nekoware II</td>
>     </tr>
>     <tr>
>       <td><a class="external" href="https://crux.nu/">Crux Linux</a></td>
--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Patching Mandoc for IRIX
  2020-08-28 19:40       ` Kazuo Kuroi
@ 2020-08-31 14:12         ` Ingo Schwarze
  0 siblings, 0 replies; 6+ messages in thread
From: Ingo Schwarze @ 2020-08-31 14:12 UTC (permalink / raw)
  To: discuss; +Cc: Kazuo Kuroi

Hi Kazuo,

Kazuo Kuroi wrote on Fri, Aug 28, 2020 at 03:40:26PM -0400:

> We're not looking to replace libc with say GNUlibc (oh gods no)

That makes sense to me.  Replacing the complete libc would be a very
drastic change in any operating system.  It can easily be contrary
to project goals.

> and I 
> understand the viewpoint that you don't want to pollute the code with 
> workarounds. What I am suggesting possibly would be to have your 
> configure script detect IRIX either by the preprocessor macro __sgi or 
> by uname -a output and automatically advise them to check your ports 
> page for a proper patch or something like that.

Again, i don't like testing for platform names like that.  Imagine
one day, you find a way to really fix the problem in IRIX - that could
happen even if today, you don't know yet how.  Then such a test would
deliver totally bogus advice to users, and i'm not likely to even
notice because i don't use IRIX daily.  I hate it when application
software makes libellious statements about operating systems merely
because they had a problem at some point in the past.

Also imagine somebody else has another system that also chokes on %zu.
Testing for __sgi doesn't help with that at all.

But now your input gave me a somewhat similar idea.  Maybe i should
write an automated test that detects whether printf("%zu...", ...)
works as expected, and if it doesn't, print a diagnostic message
advising the user what exactly the problem is, why it can't be fixed
automatically, and how they can fix it manually (for example, using
a patch you provide on your website).

I don't think i will do that for the upcoming mandoc realease yet...

> Give me some time to see what I can do.

 ... to give you a chance to think it through: whether that approach
makes sense to you, too.

> There's literally no chance of fixing the libc unless 
> someone comes along and writes a 100% FOSS reimplementation,
> which I'm sure we both know is wishful thinking.

It seems to me you need some way to fix at least security bugs one
way or another, and the misinterpretion of "%zun" as "something + %n"
does indeed look like a security vulnerability to me.

I'm not convinced fixing a bad bug in a single function requiires
replacing the whole library.  Even without decompiling, it is likely
possible to replace an individual buggy function in the library.
Something like

   $ ld --shared -o libc.so.new printf.o libc.so.old

might be all that is needed, maybe with a few more options, if
necessary replacing printf.o with something like vfprintf.o if it
turns out the actual bug is in that function.  Of course, you need
to write your own printf.c or vfprintf.c or whatever or grab one
from a freely licensed C library (for example a BSD one). If that
isn't possible, using a feature like LD_PRELOAD might be another
option, again only overriding functions that are actually broken,
not rewriting everything from scratch.

Either way, problems like this require solutions on the operating
system level, not on the application software level.

> Ironically, I don't have issues with %zu with GNU ports for the most 
> part,

GNU projects using autoconf are notorious for not using the printf(3)
implementation from the native libc.  Autoconf does tests for some
subfeatures of printf(3), is extremely picky about the results,
usually concludes the native libc is no good and proceeds to use
some bundled version of printf(3) instead.  That of course hides
potential issues and instead creates others, if the bundled (GNU)
implementation isn't fully compatible with what users expect on the
operating system in question.

I hate it, though, when application programs test for operating
system bugs (rather than whether features are supported) and then
replace components of the operating system merely because they
don't like what they see, so i'm not going to do that.

If the OS provides a function, i will use it and rely on the operating
system maintainers to make sure it works.  It is not my job as an
application developer to second-guess operating system maintainers.
This dog also bites the other way: imagine a libc function has a
common bug in all operating systems.  It is reported and all systems
fix it, but most application software (in particular programs
endulging in autoconf orgies) still suffer from it because they
considered it smart to bundle and use their own copy.  That's a
bummer, isn't it?

> and I've been developing a little code scanner to figure out how 
> to go in and catch these issues before I try compiling so I can be on 
> the lookout. It's not a bug; more like a lack of functionality. The 
> trailing n, apparently, doesn't cause issues when I remove the z format 
> specifier. I'm going to confirm that all of your %zun are for size_t, 

If you find any that aren't, please tell me, because that might indicate
a bug in mandoc...

> and I'll go in and double check that we've not introduced any nasty bugs 
> in our downstream patches. The postscript functionality I've not tested, 
> primarily because the main goal here is to avoid having to use GNU groff.
> 
> 2. __sgi vs __sgi__
> 
> __sgi is different. IRIX doesn't define __sgi__ as to my knowledge. But 
> IRIX is pretty much static at this point, so uname output and platform 
> IDs aren't going to change. AFAIK, OpenBSD no longer supports SGI 
> hardware,

Oh, you are right, the sgi port was dropped recently:

  https://www.openbsd.org/sgi.html

> so why their other MIPS ports would define that is probably a 
> bug unless it's using a straight port of IRIX n32/n64 ABIs as Linux MIPS 
> does (There's so many ABI similarities other than syscalls/libc 
> differences it's kinda uncanny).
> 
> Fair point either way, but in that case what alternatives do you 
> suggest? I think it's fair to just point us downstream if that's all you 
> can do it.

See above for another idea.

> 3. Conclusions
> 
> To end my message for now I want to explain that the reason people still 
> use IRIX is because of its uniqueness and historical value. I certainly 
> am understanding that I can't expect you to make all kinds of special 
> accomodations for us, all the same I do appreciate your help. For me, 
> and most of the community, Linux and BSD on SGI hardware misses the 
> point. Without the original environment, it's just below-average 
> underpowered hardware. if I wanted a high performance RISC system 
> without that baggage, I'd use POWER64el. So we're kinda stuck with IRIX 
> since it's a system of interest.

Oh, i see.  Yes, that makes sense to me.

> For now, I'll check the latest CVS revisions, see if that solves some of 
> the issues mentioned, and I'll do some more extensive testing just to 
> verify if I have any more issues. Will take me a bit of time before you 
> hear from me again!

Sure, there is no hurry.

I appreciate that you consider and investigate all this seriously.

We can probably iterate a bit, both sides moving closer to the
other in baby steps (a bit of detection on my side, smaller and
cleaner patches on your side, even more bits of detection here,
even smaller and cleaner patches there, and so on), but it need
not be finished next week.

Yours,
  Ingo
--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-08-31 14:12 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-02 23:29 Patching Mandoc for IRIX Kazuo Kuroi
2020-06-22 21:44 ` Ingo Schwarze
2020-06-22 22:09   ` Kazuo Kuroi
2020-08-27 18:09     ` Ingo Schwarze
2020-08-28 19:40       ` Kazuo Kuroi
2020-08-31 14:12         ` Ingo Schwarze

discuss@mandoc.bsd.lv

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/mandoc-discuss

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 mandoc-discuss mandoc-discuss/ http://inbox.vuxu.org/mandoc-discuss \
		discuss@mandoc.bsd.lv
	public-inbox-index mandoc-discuss

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.mandoc.discuss


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git