8 files changed, 145 insertions, 8 deletions
diff --git a/core/diffutils/PKGBUILD b/core/diffutils/PKGBUILD
index 9108c4999..5d1dbc730 100644
--- a/core/diffutils/PKGBUILD
+++ b/core/diffutils/PKGBUILD
@@ -12,11 +12,15 @@ license=('GPL3')
 groups=('base')
 depends=('glibc' 'sh')
 install=diffutils.install
-source=(ftp://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.xz)
-md5sums=('26ff64c332429c830c154be46b393382')
+source=(ftp://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.xz
+	gnulib-no-gets.patch)
+md5sums=('26ff64c332429c830c154be46b393382'
+         '97b8845dad2ca6017fc4ef54f0a4562b')
 
 build() {
   cd ${srcdir}/${pkgname}-${pkgver}
+  # Based on commit 66712c23388e93e5c518ebc8515140fa0c807348 from gnulib.
+  patch -p1 -i "$srcdir/gnulib-no-gets.patch"
   ./configure --prefix=/usr
   make
 }
diff --git a/core/diffutils/gnulib-no-gets.patch b/core/diffutils/gnulib-no-gets.patch
new file mode 100644
index 000000000..435c3bfb9
--- /dev/null
+++ b/core/diffutils/gnulib-no-gets.patch
@@ -0,0 +1,44 @@
+diff --git a/lib/stdio.in.h b/lib/stdio.in.h
+index aa7b599..c377b6e 100644
+--- a/lib/stdio.in.h
++++ b/lib/stdio.in.h
+@@ -698,22 +698,11 @@ _GL_WARN_ON_USE (getline, "getline is unportable - "
+ # endif
+ #endif
+ 
+-#if @GNULIB_GETS@
+-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
+-#  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+-#   undef gets
+-#   define gets rpl_gets
+-#  endif
+-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
+-_GL_CXXALIAS_RPL (gets, char *, (char *s));
+-# else
+-_GL_CXXALIAS_SYS (gets, char *, (char *s));
+-#  undef gets
+-# endif
+-_GL_CXXALIASWARN (gets);
+ /* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
++   so any use of gets warrants an unconditional warning; besides, C11
++   removed it.  */
++#undef gets
++#if HAVE_RAW_DECL_GETS
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+ #endif
+ 
+@@ -1053,9 +1042,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - "
+ # endif
+ #endif
+ 
+-/* Some people would argue that sprintf should be handled like gets
+-   (for example, OpenBSD issues a link warning for both functions),
+-   since both can cause security holes due to buffer overruns.
++/* Some people would argue that all sprintf uses should be warned about
++   (for example, OpenBSD issues a link warning for it),
++   since it can cause security holes due to buffer overruns.
+    However, we believe that sprintf can be used safely, and is more
+    efficient than snprintf in those safe cases; and as proof of our
+    belief, we use sprintf in several gnulib modules.  So this header
diff --git a/core/gettext/PKGBUILD b/core/gettext/PKGBUILD
index e67b2d195..b5a5cedfd 100644
--- a/core/gettext/PKGBUILD
+++ b/core/gettext/PKGBUILD
@@ -13,11 +13,14 @@ depends=('gcc-libs' 'acl' 'sh' 'glib2')
 optdepends=('cvs: for autopoint tool')
 options=(!libtool !docs)
 install=gettext.install
-source=(ftp://ftp.gnu.org/pub/gnu/gettext/${pkgname}-${pkgver}.tar.gz)
-md5sums=('3dd55b952826d2b32f51308f2f91aa89')
+source=(ftp://ftp.gnu.org/pub/gnu/gettext/${pkgname}-${pkgver}.tar.gz
+	gnulib-no-gets.patch)
+md5sums=('3dd55b952826d2b32f51308f2f91aa89'
+         'ca29994ca712580744feda170999e7ae')
 
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
+  patch -p1 -i "$srcdir/gnulib-no-gets.patch"
   sed -i -e 's/libexpat.so.0/libexpat.so.1/' gettext-tools/src/x-glade.c
   ./configure --build=$CHOST --prefix=/usr --enable-csharp
   make
diff --git a/core/gettext/gnulib-no-gets.patch b/core/gettext/gnulib-no-gets.patch
new file mode 100644
index 000000000..b3cb56479
--- /dev/null
+++ b/core/gettext/gnulib-no-gets.patch
@@ -0,0 +1,48 @@
+diff -ru gettext-0.18.1.1.orig/gettext-runtime/gnulib-lib/stdio.in.h gettext-0.18.1.1/gettext-runtime/gnulib-lib/stdio.in.h
+--- gettext-0.18.1.1.orig/gettext-runtime/gnulib-lib/stdio.in.h	2012-10-21 22:31:11.290124705 +0200
++++ gettext-0.18.1.1/gettext-runtime/gnulib-lib/stdio.in.h	2012-10-21 22:31:32.060385194 +0200
+@@ -137,12 +137,6 @@
+                  "use gnulib module fflush for portable POSIX compliance");
+ #endif
+ 
+-/* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
+-#undef gets
+-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+-
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+ #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+diff -ru gettext-0.18.1.1.orig/gettext-tools/gnulib-lib/stdio.in.h gettext-0.18.1.1/gettext-tools/gnulib-lib/stdio.in.h
+--- gettext-0.18.1.1.orig/gettext-tools/gnulib-lib/stdio.in.h	2012-10-21 22:31:09.340394990 +0200
++++ gettext-0.18.1.1/gettext-tools/gnulib-lib/stdio.in.h	2012-10-21 22:31:43.654025009 +0200
+@@ -137,12 +137,6 @@
+                  "use gnulib module fflush for portable POSIX compliance");
+ #endif
+ 
+-/* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
+-#undef gets
+-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+-
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+ #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+diff -ru gettext-0.18.1.1.orig/gettext-tools/libgettextpo/stdio.in.h gettext-0.18.1.1/gettext-tools/libgettextpo/stdio.in.h
+--- gettext-0.18.1.1.orig/gettext-tools/libgettextpo/stdio.in.h	2012-10-21 22:31:11.040365944 +0200
++++ gettext-0.18.1.1/gettext-tools/libgettextpo/stdio.in.h	2012-10-21 22:31:38.086822069 +0200
+@@ -137,12 +137,6 @@
+                  "use gnulib module fflush for portable POSIX compliance");
+ #endif
+ 
+-/* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
+-#undef gets
+-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+-
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+ #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
diff --git a/core/m4/PKGBUILD b/core/m4/PKGBUILD
index 8efbf638b..860958c53 100644
--- a/core/m4/PKGBUILD
+++ b/core/m4/PKGBUILD
@@ -13,14 +13,17 @@ groups=('base-devel')
 depends=('glibc' 'bash')
 install=m4.install
 source=(ftp://ftp.gnu.org/gnu/m4/$pkgname-$pkgver.tar.xz{,.sig}
-        m4-1.4.16-readlink-einval.patch)
+        m4-1.4.16-readlink-einval.patch
+	gnulib-no-gets.patch)
 md5sums=('7548ec061a1ba993790159764f522d0e'
          'eebe5c94e74e7551e2e30c5844f1b653'
-         'cea138fa9b568d06e46269611cec8dd0')
+         'cea138fa9b568d06e46269611cec8dd0'
+         '9593407bef0afdca88c76a2959d6596f')
 
 build() {
   cd ${srcdir}/$pkgname-$pkgver
   patch -Np1 -i $srcdir/m4-1.4.16-readlink-einval.patch
+  patch -p1 -i "$srcdir/gnulib-no-gets.patch"
   ./configure --prefix=/usr
   make
 }
diff --git a/core/m4/gnulib-no-gets.patch b/core/m4/gnulib-no-gets.patch
new file mode 100644
index 000000000..c26c4ac6f
--- /dev/null
+++ b/core/m4/gnulib-no-gets.patch
@@ -0,0 +1,16 @@
+diff -ru m4-1.4.16.orig/lib/stdio.in.h m4-1.4.16/lib/stdio.in.h
+--- m4-1.4.16.orig/lib/stdio.in.h	2012-10-21 21:47:45.261174075 +0200
++++ m4-1.4.16/lib/stdio.in.h	2012-10-21 21:48:14.728646610 +0200
+@@ -158,12 +158,6 @@
+                  "use gnulib module fflush for portable POSIX compliance");
+ #endif
+ 
+-/* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
+-#undef gets
+-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+-
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+ #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
diff --git a/core/tar/PKGBUILD b/core/tar/PKGBUILD
index dfbc772cf..17ae0414c 100644
--- a/core/tar/PKGBUILD
+++ b/core/tar/PKGBUILD
@@ -14,14 +14,17 @@ depends=('glibc' 'sh')
 options=('!emptydirs')
 install=tar.install
 source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz{,.sig}
-        tar.1)
+        tar.1
+	gnulib-no-gets.patch)
 md5sums=('0ced6f20b9fa1bea588005b5ad4b52c1'
          '6618d5fe7785e138c27d7d6a24e998b2'
-         'e97e7343f4e23724b4c48bca2f033e38')
+         'e97e7343f4e23724b4c48bca2f033e38'
+         '4408365a66887d65f4c8d1f416fb9d9f')
 
 build() {
   cd ${srcdir}/$pkgname-$pkgver
 
+  patch -p1 -i "$srcdir/gnulib-no-gets.patch"
   ./configure --prefix=/usr --libexecdir=/usr/lib/tar --bindir=/bin
   make
 }
diff --git a/core/tar/gnulib-no-gets.patch b/core/tar/gnulib-no-gets.patch
new file mode 100644
index 000000000..b26e3c0bb
--- /dev/null
+++ b/core/tar/gnulib-no-gets.patch
@@ -0,0 +1,16 @@
+diff -ru tar-1.26.orig/gnu/stdio.in.h tar-1.26/gnu/stdio.in.h
+--- tar-1.26.orig/gnu/stdio.in.h	2012-10-21 22:03:53.410910902 +0200
++++ tar-1.26/gnu/stdio.in.h	2012-10-21 22:04:07.945278072 +0200
+@@ -160,12 +160,6 @@
+                  "use gnulib module fflush for portable POSIX compliance");
+ #endif
+ 
+-/* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
+-#undef gets
+-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+-
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+ #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)