diff options
author | Edwin Plauchu <edwin.plauchu.camacho@intel.com> | 2016-05-17 14:25:11 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-05-19 09:05:20 +0100 |
commit | c676d5dd6f276c1404c7ae19e9522b603fcd8b99 (patch) | |
tree | d9370672404c72d9e2d883b6ebec4560f43eb22e /meta | |
parent | 8ed25517a9ba01b85153a0ffb93fd62b09b21756 (diff) | |
download | poky-c676d5dd6f276c1404c7ae19e9522b603fcd8b99.tar.gz |
zip: fix security issues
This patch avoids zip recipe fails to compile with compiler
flags which elevate common string formatting issues into an
error (-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9552]
(From OE-Core rev: f63a36360b7e138d2a63c84b5b1a8287ffe3d2ae)
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/conf/distro/include/security_flags.inc | 1 | ||||
-rw-r--r-- | meta/recipes-extended/zip/zip-3.0/fix-security-format.patch | 42 | ||||
-rw-r--r-- | meta/recipes-extended/zip/zip.inc | 3 |
3 files changed, 44 insertions, 2 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 5ae6dd876d..c1f596e921 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc | |||
@@ -106,7 +106,6 @@ SECURITY_STRINGFORMAT_pn-kexec-tools = "" | |||
106 | SECURITY_STRINGFORMAT_pn-makedevs = "" | 106 | SECURITY_STRINGFORMAT_pn-makedevs = "" |
107 | SECURITY_STRINGFORMAT_pn-oh-puzzles = "" | 107 | SECURITY_STRINGFORMAT_pn-oh-puzzles = "" |
108 | SECURITY_STRINGFORMAT_pn-unzip = "" | 108 | SECURITY_STRINGFORMAT_pn-unzip = "" |
109 | SECURITY_STRINGFORMAT_pn-zip = "" | ||
110 | 109 | ||
111 | TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}" | 110 | TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}" |
112 | TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" | 111 | TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" |
diff --git a/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch b/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch new file mode 100644 index 0000000000..19d8548273 --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch | |||
@@ -0,0 +1,42 @@ | |||
1 | zip: Fixing security formatting issues | ||
2 | |||
3 | Fix security formatting issues related to printing without NULL argument | ||
4 | |||
5 | zip.c: In function 'help_extended': | ||
6 | zip.c:1031:5: error: format not a string literal and no format arguments [-Werror=format-security] | ||
7 | printf(text[i]); | ||
8 | ^ | ||
9 | zip.c: In function 'version_info': | ||
10 | zip.c:1228:5: error: format not a string literal and no format arguments [-Werror=format-security] | ||
11 | printf(cryptnote[i]); | ||
12 | ^ | ||
13 | |||
14 | [YOCTO #9552] | ||
15 | [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9552] | ||
16 | |||
17 | Upstream-Status: Pending | ||
18 | |||
19 | Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> | ||
20 | |||
21 | diff --git a/zip.c b/zip.c | ||
22 | index 439821f..d7da768 100644 | ||
23 | --- a/zip.c | ||
24 | +++ b/zip.c | ||
25 | @@ -1028,7 +1028,7 @@ local void help_extended() | ||
26 | |||
27 | for (i = 0; i < sizeof(text)/sizeof(char *); i++) | ||
28 | { | ||
29 | - printf(text[i]); | ||
30 | + fputs(text[i],stdout); | ||
31 | putchar('\n'); | ||
32 | } | ||
33 | #ifdef DOS | ||
34 | @@ -1225,7 +1225,7 @@ local void version_info() | ||
35 | CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE); | ||
36 | for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++) | ||
37 | { | ||
38 | - printf(cryptnote[i]); | ||
39 | + fputs(cryptnote[i],stdout); | ||
40 | putchar('\n'); | ||
41 | } | ||
42 | ++i; /* crypt support means there IS at least one compilation option */ | ||
diff --git a/meta/recipes-extended/zip/zip.inc b/meta/recipes-extended/zip/zip.inc index 6221c5e139..21985a4a08 100644 --- a/meta/recipes-extended/zip/zip.inc +++ b/meta/recipes-extended/zip/zip.inc | |||
@@ -5,7 +5,8 @@ SECTION = "console/utils" | |||
5 | LICENSE = "BSD-3-Clause" | 5 | LICENSE = "BSD-3-Clause" |
6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=04d43c5d70b496c032308106e26ae17d" | 6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=04d43c5d70b496c032308106e26ae17d" |
7 | 7 | ||
8 | SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/zip${@d.getVar('PV',1).replace('.', '')}.tgz" | 8 | SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/zip${@d.getVar('PV',1).replace('.', '')}.tgz \ |
9 | file://fix-security-format.patch" | ||
9 | 10 | ||
10 | EXTRA_OEMAKE = "'CC=${CC}' 'BIND=${CC}' 'AS=${CC} -c' 'CPP=${CPP}' \ | 11 | EXTRA_OEMAKE = "'CC=${CC}' 'BIND=${CC}' 'AS=${CC} -c' 'CPP=${CPP}' \ |
11 | 'CFLAGS=-I. -DUNIX ${CFLAGS}' 'INSTALL=install' \ | 12 | 'CFLAGS=-I. -DUNIX ${CFLAGS}' 'INSTALL=install' \ |