kexec-tools: Add patches to enable format-security

Also remove the override from security_flags.inc (From OE-Core rev: 33d084a66a371fb10e26a0a23c639c69ddd3f1e5) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Jussi Kukkonen <jussi.kukkonen@intel.com> 2017-03-16 16:30:24 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-17 16:53:04 +0000
commit: f8007417ea1e2d2ec2c6c88e49376f6344f3fda0 (patch)
tree: 3af76280ac20707e4d2627fa67e7915ab08528d2 /meta
parent: 6dcf5c6e6eadd0a572f9aa61783b54ccd39f0378 (diff)
download: poky-f8007417ea1e2d2ec2c6c88e49376f6344f3fda0.tar.gz
4 files changed, 123 insertions, 1 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index da1c3a01db..5a1ea0de8e 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -93,7 +93,6 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_STRINGFORMAT_pn-busybox = ""
 SECURITY_STRINGFORMAT_pn-expect = ""
 SECURITY_STRINGFORMAT_pn-gcc = ""
-SECURITY_STRINGFORMAT_pn-kexec-tools = ""
 SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
 TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
diff --git a/meta/recipes-kernel/kexec/kexec-tools/0001-x86-x86_64-Fix-format-warning-with-die.patch b/meta/recipes-kernel/kexec/kexec-tools/0001-x86-x86_64-Fix-format-warning-with-die.patch
new file mode 100644
index 0000000000..e601f52757
--- /dev/null
+++ b/meta/recipes-kernel/kexec/kexec-tools/0001-x86-x86_64-Fix-format-warning-with-die.patch
@@ -0,0 +1,78 @@
+Upstream-Status: Backport
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+From 1550f81bf1886aa0520da0b6181cd61c1a75d4ad Mon Sep 17 00:00:00 2001
+From: Pratyush Anand <panand@redhat.com>
+Date: Tue, 14 Mar 2017 17:59:22 +0530
+Subject: [PATCH 1/2] x86/x86_64: Fix format warning with die()
+Fedora koji uses gcc version 7.0.1-0.12.fc27, and it generates a build
+warning
+   kexec/arch/i386/kexec-elf-x86.c:299:3: error: format not a string
+   literal and no format arguments [-Werror=format-security]
+       die(error_msg);
+       ^~~
+    cc1: some warnings being treated as errors
+error_msg can have a format specifier as well in string. In such cases,
+if there is no other arguments for the format variable then code will
+try to access a non existing argument. Therefore, use 1st argument as
+format specifier for string print and pass error_msg as the string to be
+printed.
+While doing that,also use const qualifier before "char *error_msg".
+Signed-off-by: Pratyush Anand <panand@redhat.com>
+Signed-off-by: Simon Horman <horms@verge.net.au>
+---
+ kexec/arch/i386/kexec-elf-x86.c      | 4 ++--
+ kexec/arch/x86_64/kexec-elf-x86_64.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+diff --git a/kexec/arch/i386/kexec-elf-x86.c b/kexec/arch/i386/kexec-elf-x86.c
+index de00dcb..fedf031 100644
+--- a/kexec/arch/i386/kexec-elf-x86.c
+++ b/kexec/arch/i386/kexec-elf-x86.c
+@@ -91,7 +91,7 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
+        char *command_line = NULL, *modified_cmdline = NULL;
+        const char *append = NULL;
+        char *tmp_cmdline = NULL;
+-       char *error_msg = NULL;
+       const char *error_msg = NULL;
+        int result;
+        int command_line_len;
+        const char *ramdisk;
+@@ -296,6 +296,6 @@ out:
+        free(command_line);
+        free(modified_cmdline);
+        if (error_msg)
+-               die(error_msg);
+               die("%s", error_msg);
+        return result;
+ }
+diff --git a/kexec/arch/x86_64/kexec-elf-x86_64.c b/kexec/arch/x86_64/kexec-elf-x86_64.c
+index ae65692..ad22311 100644
+--- a/kexec/arch/x86_64/kexec-elf-x86_64.c
+++ b/kexec/arch/x86_64/kexec-elf-x86_64.c
+@@ -99,7 +99,7 @@ int elf_x86_64_load(int argc, char **argv, const char *buf, off_t len,
+ #define ARG_STYLE_NONE  2
+        int opt;
+        int result = 0;
+-       char *error_msg = NULL;
+       const char *error_msg = NULL;
+ 
+        /* See options.h and add any new options there too! */
+        static const struct option options[] = {
+@@ -276,6 +276,6 @@ out:
+        free(command_line);
+        free(modified_cmdline);
+        if (error_msg)
+-               die(error_msg);
+               die("%s", error_msg);
+        return result;
+ }
+-- 
+2.11.0
diff --git a/meta/recipes-kernel/kexec/kexec-tools/0002-ppc-Fix-format-warning-with-die.patch b/meta/recipes-kernel/kexec/kexec-tools/0002-ppc-Fix-format-warning-with-die.patch
new file mode 100644
index 0000000000..6a1c06df99
--- /dev/null
+++ b/meta/recipes-kernel/kexec/kexec-tools/0002-ppc-Fix-format-warning-with-die.patch
@@ -0,0 +1,43 @@
+From 1c956fc8c6b6324d8d38bba5f9e60a018051c6f5 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Thu, 16 Mar 2017 15:39:06 +0200
+Subject: [PATCH 2/2] ppc: Fix format warning with die()
+Enable compiling kexec-tools for ppc with -Werror=format-security.
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Upstream-Status: Submitted [Mailing list]
+---
+ kexec/arch/ppc/kexec-elf-ppc.c    | 2 +-
+ kexec/arch/ppc/kexec-uImage-ppc.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/kexec/arch/ppc/kexec-elf-ppc.c b/kexec/arch/ppc/kexec-elf-ppc.c
+index 291f06d..ad43ad1 100644
+--- a/kexec/arch/ppc/kexec-elf-ppc.c
+++ b/kexec/arch/ppc/kexec-elf-ppc.c
+@@ -453,7 +453,7 @@ out:
+        if (!tmp_cmdline)
+                free(command_line);
+        if (error_msg)
+-               die(error_msg);
+               die("%s", error_msg);
+ 
+        return result;
+ }
+diff --git a/kexec/arch/ppc/kexec-uImage-ppc.c b/kexec/arch/ppc/kexec-uImage-ppc.c
+index 5eec6e4..e8f7adc 100644
+--- a/kexec/arch/ppc/kexec-uImage-ppc.c
+++ b/kexec/arch/ppc/kexec-uImage-ppc.c
+@@ -306,7 +306,7 @@ out:
+        if (!tmp_cmdline)
+                free(command_line);
+        if (error_msg)
+-               die(error_msg);
+               die("%s", error_msg);
+        return ret;
+ }
+ 
+-- 
+2.11.0
diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb
index af323207f0..1062457760 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb
@@ -16,6 +16,8 @@ SRC_URI += "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.g
            file://0008-arm64-kdump-add-DT-properties-to-crash-dump-kernel-s.patch \
            file://0009-arm64-kdump-Add-support-for-binary-image-files.patch \
            file://0010-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch \
+            file://0001-x86-x86_64-Fix-format-warning-with-die.patch \
+            file://0002-ppc-Fix-format-warning-with-die.patch \
         "
 SRC_URI[md5sum] = "b2b2c5e6b29d467d6e99d587fb6b7cf5"
author	Jussi Kukkonen <jussi.kukkonen@intel.com>	2017-03-16 16:30:24 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-03-17 16:53:04 +0000
commit	f8007417ea1e2d2ec2c6c88e49376f6344f3fda0 (patch)
tree	3af76280ac20707e4d2627fa67e7915ab08528d2 /meta
parent	6dcf5c6e6eadd0a572f9aa61783b54ccd39f0378 (diff)
download	poky-f8007417ea1e2d2ec2c6c88e49376f6344f3fda0.tar.gz

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index da1c3a01db..5a1ea0de8e 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc
@@ -93,7 +93,6 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}"
93	SECURITY_STRINGFORMAT_pn-busybox = ""	93	SECURITY_STRINGFORMAT_pn-busybox = ""
94	SECURITY_STRINGFORMAT_pn-expect = ""	94	SECURITY_STRINGFORMAT_pn-expect = ""
95	SECURITY_STRINGFORMAT_pn-gcc = ""	95	SECURITY_STRINGFORMAT_pn-gcc = ""
96	SECURITY_STRINGFORMAT_pn-kexec-tools = ""
97	SECURITY_STRINGFORMAT_pn-oh-puzzles = ""	96	SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
98		97
99	TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"	98	TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"


diff --git a/meta/recipes-kernel/kexec/kexec-tools/0001-x86-x86_64-Fix-format-warning-with-die.patch b/meta/recipes-kernel/kexec/kexec-tools/0001-x86-x86_64-Fix-format-warning-with-die.patch new file mode 100644 index 0000000000..e601f52757 --- /dev/null +++ b/meta/recipes-kernel/kexec/kexec-tools/0001-x86-x86_64-Fix-format-warning-with-die.patch
@@ -0,0 +1,78 @@
		1	Upstream-Status: Backport
		2	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
		3
		4
		5	From 1550f81bf1886aa0520da0b6181cd61c1a75d4ad Mon Sep 17 00:00:00 2001
		6	From: Pratyush Anand <panand@redhat.com>
		7	Date: Tue, 14 Mar 2017 17:59:22 +0530
		8	Subject: [PATCH 1/2] x86/x86_64: Fix format warning with die()
		9
		10	Fedora koji uses gcc version 7.0.1-0.12.fc27, and it generates a build
		11	warning
		12
		13	kexec/arch/i386/kexec-elf-x86.c:299:3: error: format not a string
		14	literal and no format arguments [-Werror=format-security]
		15	die(error_msg);
		16	^~~
		17	cc1: some warnings being treated as errors
		18
		19	error_msg can have a format specifier as well in string. In such cases,
		20	if there is no other arguments for the format variable then code will
		21	try to access a non existing argument. Therefore, use 1st argument as
		22	format specifier for string print and pass error_msg as the string to be
		23	printed.
		24
		25	While doing that,also use const qualifier before "char *error_msg".
		26
		27	Signed-off-by: Pratyush Anand <panand@redhat.com>
		28	Signed-off-by: Simon Horman <horms@verge.net.au>
		29	---
		30	kexec/arch/i386/kexec-elf-x86.c \| 4 ++--
		31	kexec/arch/x86_64/kexec-elf-x86_64.c \| 4 ++--
		32	2 files changed, 4 insertions(+), 4 deletions(-)
		33
		34	diff --git a/kexec/arch/i386/kexec-elf-x86.c b/kexec/arch/i386/kexec-elf-x86.c
		35	index de00dcb..fedf031 100644
		36	--- a/kexec/arch/i386/kexec-elf-x86.c
		37	+++ b/kexec/arch/i386/kexec-elf-x86.c
		38	@@ -91,7 +91,7 @@ int elf_x86_load(int argc, char *argv, const char buf, off_t len,
		39	char command_line = NULL, modified_cmdline = NULL;
		40	const char *append = NULL;
		41	char *tmp_cmdline = NULL;
		42	- char *error_msg = NULL;
		43	+ const char *error_msg = NULL;
		44	int result;
		45	int command_line_len;
		46	const char *ramdisk;
		47	@@ -296,6 +296,6 @@ out:
		48	free(command_line);
		49	free(modified_cmdline);
		50	if (error_msg)
		51	- die(error_msg);
		52	+ die("%s", error_msg);
		53	return result;
		54	}
		55	diff --git a/kexec/arch/x86_64/kexec-elf-x86_64.c b/kexec/arch/x86_64/kexec-elf-x86_64.c
		56	index ae65692..ad22311 100644
		57	--- a/kexec/arch/x86_64/kexec-elf-x86_64.c
		58	+++ b/kexec/arch/x86_64/kexec-elf-x86_64.c
		59	@@ -99,7 +99,7 @@ int elf_x86_64_load(int argc, char *argv, const char buf, off_t len,
		60	#define ARG_STYLE_NONE 2
		61	int opt;
		62	int result = 0;
		63	- char *error_msg = NULL;
		64	+ const char *error_msg = NULL;
		65
		66	/* See options.h and add any new options there too! */
		67	static const struct option options[] = {
		68	@@ -276,6 +276,6 @@ out:
		69	free(command_line);
		70	free(modified_cmdline);
		71	if (error_msg)
		72	- die(error_msg);
		73	+ die("%s", error_msg);
		74	return result;
		75	}
		76	--
		77	2.11.0
		78


diff --git a/meta/recipes-kernel/kexec/kexec-tools/0002-ppc-Fix-format-warning-with-die.patch b/meta/recipes-kernel/kexec/kexec-tools/0002-ppc-Fix-format-warning-with-die.patch new file mode 100644 index 0000000000..6a1c06df99 --- /dev/null +++ b/meta/recipes-kernel/kexec/kexec-tools/0002-ppc-Fix-format-warning-with-die.patch
@@ -0,0 +1,43 @@
		1	From 1c956fc8c6b6324d8d38bba5f9e60a018051c6f5 Mon Sep 17 00:00:00 2001
		2	From: Jussi Kukkonen <jussi.kukkonen@intel.com>
		3	Date: Thu, 16 Mar 2017 15:39:06 +0200
		4	Subject: [PATCH 2/2] ppc: Fix format warning with die()
		5
		6	Enable compiling kexec-tools for ppc with -Werror=format-security.
		7
		8	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
		9	Upstream-Status: Submitted [Mailing list]
		10	---
		11	kexec/arch/ppc/kexec-elf-ppc.c \| 2 +-
		12	kexec/arch/ppc/kexec-uImage-ppc.c \| 2 +-
		13	2 files changed, 2 insertions(+), 2 deletions(-)
		14
		15	diff --git a/kexec/arch/ppc/kexec-elf-ppc.c b/kexec/arch/ppc/kexec-elf-ppc.c
		16	index 291f06d..ad43ad1 100644
		17	--- a/kexec/arch/ppc/kexec-elf-ppc.c
		18	+++ b/kexec/arch/ppc/kexec-elf-ppc.c
		19	@@ -453,7 +453,7 @@ out:
		20	if (!tmp_cmdline)
		21	free(command_line);
		22	if (error_msg)
		23	- die(error_msg);
		24	+ die("%s", error_msg);
		25
		26	return result;
		27	}
		28	diff --git a/kexec/arch/ppc/kexec-uImage-ppc.c b/kexec/arch/ppc/kexec-uImage-ppc.c
		29	index 5eec6e4..e8f7adc 100644
		30	--- a/kexec/arch/ppc/kexec-uImage-ppc.c
		31	+++ b/kexec/arch/ppc/kexec-uImage-ppc.c
		32	@@ -306,7 +306,7 @@ out:
		33	if (!tmp_cmdline)
		34	free(command_line);
		35	if (error_msg)
		36	- die(error_msg);
		37	+ die("%s", error_msg);
		38	return ret;
		39	}
		40
		41	--
		42	2.11.0
		43


diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb index af323207f0..1062457760 100644 --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb
@@ -16,6 +16,8 @@ SRC_URI += "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.g
16	file://0008-arm64-kdump-add-DT-properties-to-crash-dump-kernel-s.patch \	16	file://0008-arm64-kdump-add-DT-properties-to-crash-dump-kernel-s.patch \
17	file://0009-arm64-kdump-Add-support-for-binary-image-files.patch \	17	file://0009-arm64-kdump-Add-support-for-binary-image-files.patch \
18	file://0010-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch \	18	file://0010-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch \
		19	file://0001-x86-x86_64-Fix-format-warning-with-die.patch \
		20	file://0002-ppc-Fix-format-warning-with-die.patch \
19	"	21	"
20		22
21	SRC_URI[md5sum] = "b2b2c5e6b29d467d6e99d587fb6b7cf5"	23	SRC_URI[md5sum] = "b2b2c5e6b29d467d6e99d587fb6b7cf5"