diff options
Diffstat (limited to 'meta/recipes-extended')
| -rw-r--r-- | meta/recipes-extended/stat/stat-3.3/fix-security-format.patch | 68 | ||||
| -rw-r--r-- | meta/recipes-extended/stat/stat_3.3.bb | 1 |
2 files changed, 69 insertions, 0 deletions
diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch new file mode 100644 index 0000000000..0c01ed0383 --- /dev/null +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch | |||
| @@ -0,0 +1,68 @@ | |||
| 1 | stat: Fixing security formatting issues | ||
| 2 | |||
| 3 | Fix security formatting issues related to printf without NULL argument | ||
| 4 | |||
| 5 | stat.c: In function 'print_human_access': | ||
| 6 | stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security] | ||
| 7 | printf (access); | ||
| 8 | ^ | ||
| 9 | stat.c: In function 'print_human_time': | ||
| 10 | stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security] | ||
| 11 | if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str); | ||
| 12 | ^ | ||
| 13 | stat.c: In function 'print_it': | ||
| 14 | stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security] | ||
| 15 | printf(b); | ||
| 16 | ^ | ||
| 17 | stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security] | ||
| 18 | printf(b); | ||
| 19 | ^ | ||
| 20 | |||
| 21 | [YOCTO #9550] | ||
| 22 | [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550] | ||
| 23 | |||
| 24 | Upstream-Status: Pending | ||
| 25 | |||
| 26 | Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> | ||
| 27 | |||
| 28 | diff --git a/stat.c b/stat.c | ||
| 29 | index 1ed07a9..2be6f62 100644 | ||
| 30 | --- a/stat.c | ||
| 31 | +++ b/stat.c | ||
| 32 | @@ -289,15 +289,15 @@ void print_human_access(struct stat *statbuf) | ||
| 33 | default: | ||
| 34 | access[0] = '?'; | ||
| 35 | } | ||
| 36 | - printf (access); | ||
| 37 | + fputs(access,stdout); | ||
| 38 | } | ||
| 39 | |||
| 40 | void print_human_time(time_t *t) | ||
| 41 | { | ||
| 42 | char str[40]; | ||
| 43 | |||
| 44 | - if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str); | ||
| 45 | - else printf("Cannot calculate human readable time, sorry"); | ||
| 46 | + if (strftime(str, 40, "%c", localtime(t)) > 0) fputs(str,stdout); | ||
| 47 | + else fputs("Cannot calculate human readable time, sorry",stdout); | ||
| 48 | } | ||
| 49 | |||
| 50 | /* print statfs info */ | ||
| 51 | @@ -610,7 +610,7 @@ void print_it(char *masterformat, char *filename, | ||
| 52 | { | ||
| 53 | strcpy (pformat, "%"); | ||
| 54 | *m++ = '\0'; | ||
| 55 | - printf(b); | ||
| 56 | + fputs(b,stdout); | ||
| 57 | |||
| 58 | /* copy all format specifiers to our format string */ | ||
| 59 | while (isdigit(*m) || strchr("#0-+. I", *m)) | ||
| 60 | @@ -639,7 +639,7 @@ void print_it(char *masterformat, char *filename, | ||
| 61 | } | ||
| 62 | else | ||
| 63 | { | ||
| 64 | - printf(b); | ||
| 65 | + fputs(b,stdout); | ||
| 66 | b = NULL; | ||
| 67 | } | ||
| 68 | } | ||
diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb index a5ece07440..0697c73908 100644 --- a/meta/recipes-extended/stat/stat_3.3.bb +++ b/meta/recipes-extended/stat/stat_3.3.bb | |||
| @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \ | |||
| 6 | file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f" | 6 | file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f" |
| 7 | 7 | ||
| 8 | SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \ | 8 | SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \ |
| 9 | file://fix-security-format.patch \ | ||
| 9 | file://fix-error-return.patch" | 10 | file://fix-error-return.patch" |
| 10 | 11 | ||
| 11 | SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3" | 12 | SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3" |