Second batch of backported fixes

getlogin/getlogin_r, zic

Signed-off-by: Alexey Neyman <stilor@att.net>

packages/glibc-linaro/2.20-2014.11/0013-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -393,6 +393,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc-linaro/2.20-2014.11/0014-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -82,7 +82,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -91,7 +91,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc-linaro/2.20-2014.11/0015-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1713,7 +1713,7 @@
+ 		}
+ #define DO(field)	((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);

packages/glibc/2.12.1/0047-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -350,6 +350,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.12.1/0048-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -83,7 +83,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -92,7 +92,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.12.1/0049-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1648,7 +1648,7 @@
+ #define DO(field)	(void) fwrite((void *) tzh.field, \
+ 				(size_t) sizeof tzh.field, (size_t) 1, fp)
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = ZIC_VERSION;
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

packages/glibc/2.12.2/0010-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -350,6 +350,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.12.2/0011-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -83,7 +83,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -92,7 +92,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.12.2/0012-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1648,7 +1648,7 @@
+ #define DO(field)	(void) fwrite((void *) tzh.field, \
+ 				(size_t) sizeof tzh.field, (size_t) 1, fp)
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = ZIC_VERSION;
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

packages/glibc/2.13/0046-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -350,6 +350,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.13/0047-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -83,7 +83,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -92,7 +92,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.13/0048-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1648,7 +1648,7 @@
+ #define DO(field)	(void) fwrite((void *) tzh.field, \
+ 				(size_t) sizeof tzh.field, (size_t) 1, fp)
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = ZIC_VERSION;
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

packages/glibc/2.14.1/0046-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -350,6 +350,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.14.1/0047-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -83,7 +83,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -92,7 +92,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.14.1/0048-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1648,7 +1648,7 @@
+ #define DO(field)	(void) fwrite((void *) tzh.field, \
+ 				(size_t) sizeof tzh.field, (size_t) 1, fp)
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = ZIC_VERSION;
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

packages/glibc/2.15/0047-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -375,6 +375,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -61,10 +61,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.15/0048-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -83,7 +83,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -92,7 +92,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.15/0049-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1648,7 +1648,7 @@
+ #define DO(field)	(void) fwrite((void *) tzh.field, \
+ 				(size_t) sizeof tzh.field, (size_t) 1, fp)
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = ZIC_VERSION;
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

packages/glibc/2.16.0/0039-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -375,6 +375,15 @@
+ # define __glibc_unlikely(cond) (cond)
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -60,10 +60,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.16.0/0040-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -82,7 +82,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -91,7 +91,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.16.0/0041-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1695,7 +1695,7 @@
+ #define DO(field)	(void) fwrite((void *) tzh.field, \
+ 				(size_t) sizeof tzh.field, (size_t) 1, fp)
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = ZIC_VERSION;
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

packages/glibc/2.17/0015-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -382,6 +382,15 @@
+ # define __glibc_unlikely(cond) (cond)
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -60,10 +60,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.17/0016-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -82,7 +82,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -91,7 +91,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.17/0017-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1609,7 +1609,7 @@
+ 		}
+ #define DO(field)	((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = ZIC_VERSION;
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

packages/glibc/2.18/0016-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -382,6 +382,15 @@
+ # define __glibc_likely(cond)	(cond)
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.18/0017-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -82,7 +82,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -91,7 +91,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.18/0018-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1609,7 +1609,7 @@
+ 		}
+ #define DO(field)	((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = ZIC_VERSION;
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
+ 		convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

packages/glibc/2.19/0014-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -382,6 +382,15 @@
+ # define __glibc_likely(cond)	(cond)
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.19/0015-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -82,7 +82,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -91,7 +91,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.19/0016-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1676,7 +1676,7 @@
+ 		}
+ #define DO(field)	((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);

packages/glibc/2.20/0014-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -392,6 +392,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.20/0015-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -82,7 +82,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -91,7 +91,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.20/0016-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1713,7 +1713,7 @@
+ 		}
+ #define DO(field)	((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);

packages/glibc/2.21/0014-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -399,6 +399,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #include <bits/wordsize.h>
+ 
+ #if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.21/0015-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -82,7 +82,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -91,7 +91,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.21/0016-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1713,7 +1713,7 @@
+ 		}
+ #define DO(field)	((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);

packages/glibc/2.22/0014-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -399,6 +399,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #if (!defined _Static_assert && !defined __cplusplus \
+      && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
+      && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.22/0015-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -82,7 +82,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -91,7 +91,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.22/0016-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1713,7 +1713,7 @@
+ 		}
+ #define DO(field)	((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
+ 		tzh = tzh0;
+-		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);

packages/glibc/2.23/0010-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -399,6 +399,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #if (!defined _Static_assert && !defined __cplusplus \
+      && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
+      && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.23/0011-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -80,7 +80,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -89,7 +89,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.23/0012-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1819,7 +1819,7 @@
+ 		}
+ #define DO(field)	fwrite(tzh.field, sizeof tzh.field, 1, fp)
+ 		tzh = tzh0;
+-		strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);

packages/glibc/2.24/0010-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -404,6 +404,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #if (!defined _Static_assert && !defined __cplusplus \
+      && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
+      && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.24/0011-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -80,7 +80,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -89,7 +89,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.24/0012-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1819,7 +1819,7 @@
+ 		}
+ #define DO(field)	fwrite(tzh.field, sizeof tzh.field, 1, fp)
+ 		tzh = tzh0;
+-		strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);

packages/glibc/2.25/0009-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -430,6 +430,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #if (!defined _Static_assert && !defined __cplusplus \
+      && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
+      && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.25/0010-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -80,7 +80,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -89,7 +89,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.25/0011-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1819,7 +1819,7 @@
+ 		}
+ #define DO(field)	fwrite(tzh.field, sizeof tzh.field, 1, fp)
+ 		tzh = tzh0;
+-		strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);

packages/glibc/2.26/0003-utmp-nonstring.patch

@@ -0,0 +1,80 @@
+commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
+Author: Martin Sebor <msebor@redhat.com>
+Date:   Wed Nov 15 17:39:59 2017 -0700
+
+    The -Wstringop-truncation option new in GCC 8 detects common misuses
+    of the strncat and strncpy function that may result in truncating
+    the copied string before the terminating NUL.  To avoid false positive
+    warnings for correct code that intentionally creates sequences of
+    characters that aren't guaranteed to be NUL-terminated, arrays that
+    are intended to store such sequences should be decorated with a new
+    nonstring attribute.  This change add this attribute to Glibc and
+    uses it to suppress such false positives.
+    
+    ChangeLog:
+            * misc/sys/cdefs.h (__attribute_nonstring__): New macro.
+            * sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
+            * sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
+
+---
+ misc/sys/cdefs.h                         |    9 +++++++++
+ sysdeps/gnu/bits/utmp.h                  |    9 ++++++---
+ sysdeps/unix/sysv/linux/s390/bits/utmp.h |    9 ++++++---
+ 3 files changed, 21 insertions(+), 6 deletions(-)
+
+--- a/misc/sys/cdefs.h
++++ b/misc/sys/cdefs.h
+@@ -408,6 +408,15 @@
+ # endif
+ #endif
+ 
++#if __GNUC_PREREQ (8, 0)
++/* Describes a char array whose address can safely be passed as the first
++   argument to strncpy and strncat, as the char array is not necessarily
++   a NUL-terminated string.  */
++# define __attribute_nonstring__ __attribute__ ((__nonstring__))
++#else
++# define __attribute_nonstring__
++#endif
++
+ #if (!defined _Static_assert && !defined __cplusplus \
+      && (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
+      && (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
+--- a/sysdeps/gnu/bits/utmp.h
++++ b/sysdeps/gnu/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++    __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++    __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++    __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled
+--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
++++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+@@ -59,10 +59,13 @@
+ {
+   short int ut_type;		/* Type of login.  */
+   pid_t ut_pid;			/* Process ID of login process.  */
+-  char ut_line[UT_LINESIZE];	/* Devicename.  */
++  char ut_line[UT_LINESIZE]
++     __attribute_nonstring__;	/* Devicename.  */
+   char ut_id[4];		/* Inittab ID.  */
+-  char ut_user[UT_NAMESIZE];	/* Username.  */
+-  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
++  char ut_user[UT_NAMESIZE]
++     __attribute_nonstring__;	/* Username.  */
++  char ut_host[UT_HOSTSIZE]
++     __attribute_nonstring__;	/* Hostname for remote login.  */
+   struct exit_status ut_exit;	/* Exit status of a process marked
+ 				   as DEAD_PROCESS.  */
+ /* The ut_session and ut_tv fields must be the same size when compiled

packages/glibc/2.26/0004-getlogin_r-use-strnlen.patch

@@ -0,0 +1,47 @@
+commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
+Author: Joseph Myers <joseph@codesourcery.com>
+Date:   Wed Nov 22 18:44:23 2017 +0000
+
+    Avoid use of strlen in getlogin_r (bug 22447).
+    
+    Building glibc with current mainline GCC fails, among other reasons,
+    because of an error for use of strlen on the nonstring ut_user field.
+    This patch changes the problem code in getlogin_r to use __strnlen
+    instead.  It also needs to set the trailing NUL byte of the result
+    explicitly, because of the case where ut_user does not have such a
+    trailing NUL byte (but the result should always have one).
+    
+    Tested for x86_64.  Also tested that, in conjunction with
+    <https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
+    the build for arm with mainline GCC.
+    
+            [BZ #22447]
+            * sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
+            strlen to compute length of ut_user and set trailing NUL byte of
+            result explicitly.
+
+---
+ sysdeps/unix/getlogin_r.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sysdeps/unix/getlogin_r.c
++++ b/sysdeps/unix/getlogin_r.c
+@@ -80,7 +80,7 @@
+ 
+   if (result == 0)
+     {
+-      size_t needed = strlen (ut->ut_user) + 1;
++      size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
+ 
+       if (needed > name_len)
+ 	{
+@@ -89,7 +89,8 @@
+ 	}
+       else
+ 	{
+-	  memcpy (name, ut->ut_user, needed);
++	  memcpy (name, ut->ut_user, needed - 1);
++	  name[needed - 1] = 0;
+ 	  result = 0;
+ 	}
+     }

packages/glibc/2.26/0005-zic.c-use-memcpy.patch

@@ -0,0 +1,25 @@
+commit e69897bf202e18034cbef26f363bae64de70a196
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date:   Sun Nov 12 22:00:28 2017 -0800
+
+    timezone: pacify GCC -Wstringop-truncation
+    
+    Problem reported by Martin Sebor in:
+    https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
+    * timezone/zic.c (writezone): Use memcpy, not strncpy.
+
+---
+ timezone/zic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/timezone/zic.c
++++ b/timezone/zic.c
+@@ -1949,7 +1949,7 @@
+ 		}
+ #define DO(field)	fwrite(tzh.field, sizeof tzh.field, 1, fp)
+ 		tzh = tzh0;
+-		strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
++		memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ 		tzh.tzh_version[0] = version;
+ 		convert(thistypecnt, tzh.tzh_ttisgmtcnt);
+ 		convert(thistypecnt, tzh.tzh_ttisstdcnt);