summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorEdwin Plauchu <edwin.plauchu.camacho@intel.com>2016-05-17 14:25:11 -0500
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-19 09:05:20 +0100
commitc676d5dd6f276c1404c7ae19e9522b603fcd8b99 (patch)
treed9370672404c72d9e2d883b6ebec4560f43eb22e /meta
parent8ed25517a9ba01b85153a0ffb93fd62b09b21756 (diff)
downloadpoky-c676d5dd6f276c1404c7ae19e9522b603fcd8b99.tar.gz
zip: fix security issues
This patch avoids zip recipe fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security). [YOCTO #9552] (From OE-Core rev: f63a36360b7e138d2a63c84b5b1a8287ffe3d2ae) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/conf/distro/include/security_flags.inc1
-rw-r--r--meta/recipes-extended/zip/zip-3.0/fix-security-format.patch42
-rw-r--r--meta/recipes-extended/zip/zip.inc3
3 files changed, 44 insertions, 2 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 5ae6dd876d..c1f596e921 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -106,7 +106,6 @@ SECURITY_STRINGFORMAT_pn-kexec-tools = ""
106SECURITY_STRINGFORMAT_pn-makedevs = "" 106SECURITY_STRINGFORMAT_pn-makedevs = ""
107SECURITY_STRINGFORMAT_pn-oh-puzzles = "" 107SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
108SECURITY_STRINGFORMAT_pn-unzip = "" 108SECURITY_STRINGFORMAT_pn-unzip = ""
109SECURITY_STRINGFORMAT_pn-zip = ""
110 109
111TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}" 110TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
112TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" 111TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
diff --git a/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch b/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch
new file mode 100644
index 0000000000..19d8548273
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch
@@ -0,0 +1,42 @@
1zip: Fixing security formatting issues
2
3Fix security formatting issues related to printing without NULL argument
4
5zip.c: In function 'help_extended':
6zip.c:1031:5: error: format not a string literal and no format arguments [-Werror=format-security]
7 printf(text[i]);
8 ^
9zip.c: In function 'version_info':
10zip.c:1228:5: error: format not a string literal and no format arguments [-Werror=format-security]
11 printf(cryptnote[i]);
12 ^
13
14[YOCTO #9552]
15[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9552]
16
17Upstream-Status: Pending
18
19Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
20
21diff --git a/zip.c b/zip.c
22index 439821f..d7da768 100644
23--- a/zip.c
24+++ b/zip.c
25@@ -1028,7 +1028,7 @@ local void help_extended()
26
27 for (i = 0; i < sizeof(text)/sizeof(char *); i++)
28 {
29- printf(text[i]);
30+ fputs(text[i],stdout);
31 putchar('\n');
32 }
33 #ifdef DOS
34@@ -1225,7 +1225,7 @@ local void version_info()
35 CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE);
36 for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++)
37 {
38- printf(cryptnote[i]);
39+ fputs(cryptnote[i],stdout);
40 putchar('\n');
41 }
42 ++i; /* crypt support means there IS at least one compilation option */
diff --git a/meta/recipes-extended/zip/zip.inc b/meta/recipes-extended/zip/zip.inc
index 6221c5e139..21985a4a08 100644
--- a/meta/recipes-extended/zip/zip.inc
+++ b/meta/recipes-extended/zip/zip.inc
@@ -5,7 +5,8 @@ SECTION = "console/utils"
5LICENSE = "BSD-3-Clause" 5LICENSE = "BSD-3-Clause"
6LIC_FILES_CHKSUM = "file://LICENSE;md5=04d43c5d70b496c032308106e26ae17d" 6LIC_FILES_CHKSUM = "file://LICENSE;md5=04d43c5d70b496c032308106e26ae17d"
7 7
8SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/zip${@d.getVar('PV',1).replace('.', '')}.tgz" 8SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/zip${@d.getVar('PV',1).replace('.', '')}.tgz \
9 file://fix-security-format.patch"
9 10
10EXTRA_OEMAKE = "'CC=${CC}' 'BIND=${CC}' 'AS=${CC} -c' 'CPP=${CPP}' \ 11EXTRA_OEMAKE = "'CC=${CC}' 'BIND=${CC}' 'AS=${CC} -c' 'CPP=${CPP}' \
11 'CFLAGS=-I. -DUNIX ${CFLAGS}' 'INSTALL=install' \ 12 'CFLAGS=-I. -DUNIX ${CFLAGS}' 'INSTALL=install' \