3 files changed, 140 insertions, 1 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index febedfa092..fc4c5812bb 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -104,7 +104,6 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
 SECURITY_STRINGFORMAT_pn-gettext = ""
 SECURITY_STRINGFORMAT_pn-kexec-tools = ""
 SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
-SECURITY_STRINGFORMAT_pn-unzip = ""
 TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
diff --git a/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
new file mode 100644
index 0000000000..c82f502552
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
@@ -0,0 +1,139 @@
+unzip: Fixing security formatting issues
+Fix security formatting issues related to sprintf parameters expeted. 
+[YOCTO #9551]
+[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
+Upstream-Status: Pending
+Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
+diff --git a/unzpriv.h b/unzpriv.h
+index c8d3eab..85e693a 100644
+--- a/unzpriv.h
+++ b/unzpriv.h
+@@ -1006,7 +1006,7 @@
+ #    define LoadFarStringSmall(x)   Qstrfix(x)
+ #    define LoadFarStringSmall2(x)  Qstrfix(x)
+ #  else
+-#    define LoadFarString(x)        (char *)(x)
+#    define LoadFarString(x)        "%s",(char *)(x)
+ #    define LoadFarStringSmall(x)   (char *)(x)
+ #    define LoadFarStringSmall2(x)  (char *)(x)
+ #  endif
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..ca779c2 100644
+--- a/fileio.c
+++ b/fileio.c
+@@ -588,8 +588,8 @@ unsigned readbuf(__G__ buf, size)   /* return number of bytes read into buf */
+             else if (G.incnt < 0) {
+                 /* another hack, but no real harm copying same thing twice */
+                 (*G.message)((zvoid *)&G,
+-                  (uch *)LoadFarString(ReadError),  /* CANNOT use slide */
+-                  (ulg)strlen(LoadFarString(ReadError)), 0x401);
+                  (uch *)(char*)(ReadError),  /* CANNOT use slide */
+                  (ulg)strlen((char*)(ReadError)), 0x401);
+                 return 0;  /* discarding some data; better than lock-up */
+             }
+             /* buffer ALWAYS starts on a block boundary:  */
+@@ -631,8 +631,8 @@ int readbyte(__G)   /* refill inbuf and return a byte if available, else EOF */
+         } else if (G.incnt < 0) {  /* "fail" (abort, retry, ...) returns this */
+             /* another hack, but no real harm copying same thing twice */
+             (*G.message)((zvoid *)&G,
+-              (uch *)LoadFarString(ReadError),
+-              (ulg)strlen(LoadFarString(ReadError)), 0x401);
+              (uch *)(char*)(ReadError),
+              (ulg)strlen((char*)(ReadError)), 0x401);
+             echon();
+ #ifdef WINDLL
+             longjmp(dll_error_return, 1);
+@@ -1356,7 +1356,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
+                 ++((Uz_Globs *)pG)->lines;
+                 if (((Uz_Globs *)pG)->lines >= ((Uz_Globs *)pG)->height)
+                     (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
+-                      LoadFarString(MorePrompt), 1);
+                      (char*)(MorePrompt), 1);
+             }
+ #endif /* MORE */
+             if (MSG_STDERR(flag) && ((Uz_Globs *)pG)->UzO.tflag &&
+@@ -1416,7 +1416,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
+                     ((Uz_Globs *)pG)->sol = TRUE;
+                     q = p + 1;
+                     (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
+-                      LoadFarString(MorePrompt), 1);
+                      (char*)(MorePrompt), 1);
+                 }
+             }
+             INCSTR(p);
+@@ -2176,7 +2176,7 @@ int do_string(__G__ length, option)   /* return PK-type error code */
+                     (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
+                     q = slide;
+                     if (pause && G.extract_flag) /* don't pause for list/test */
+-                        (*G.mpause)((zvoid *)&G, LoadFarString(QuitPrompt), 0);
+                        (*G.mpause)((zvoid *)&G, (char*)(QuitPrompt), 0);
+                 }
+             }
+             (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
+diff --git a/unzip.c b/unzip.c
+index 2d94a38..ca135af 100644
+--- a/unzip.c
+++ b/unzip.c
+@@ -1079,7 +1079,7 @@ int unzip(__G__ argc, argv)
+ #ifndef _WIN32_WCE /* Win CE does not support environment variables */
+         if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvZipInfo),
+                              LoadFarStringSmall2(EnvZipInfo2))) != PK_OK)
+-            perror(LoadFarString(NoMemEnvArguments));
+            perror((char*)(NoMemEnvArguments));
+ #endif
+     } else
+ #endif /* !NO_ZIPINFO */
+@@ -1088,7 +1088,7 @@ int unzip(__G__ argc, argv)
+ #ifndef _WIN32_WCE /* Win CE does not support environment variables */
+         if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvUnZip),
+                              LoadFarStringSmall2(EnvUnZip2))) != PK_OK)
+-            perror(LoadFarString(NoMemEnvArguments));
+            perror((char*)(NoMemEnvArguments));
+ #endif
+     }
+ 
+diff --git a/zipinfo.c b/zipinfo.c
+index 0ac75b3..8a0887c 100644
+--- a/zipinfo.c
+++ b/zipinfo.c
+@@ -1640,14 +1640,14 @@ static int zi_long(__G__ pEndprev, error_in_archive)
+ 
+                         *types = '\0';
+                         if (*ef_ptr & 1) {
+-                            strcpy(types, LoadFarString(UTmodification));
+                            strcpy(types, (char*)(UTmodification));
+                             ++num;
+                         }
+                         if (*ef_ptr & 2) {
+                             len = strlen(types);
+                             if (num)
+                                 types[len++] = '/';
+-                            strcpy(types+len, LoadFarString(UTaccess));
+                            strcpy(types+len, (char*)(UTaccess));
+                             ++num;
+                             if (*pEndprev > 0L)
+                                 *pEndprev += 4L;
+@@ -1656,7 +1656,7 @@ static int zi_long(__G__ pEndprev, error_in_archive)
+                             len = strlen(types);
+                             if (num)
+                                 types[len++] = '/';
+-                            strcpy(types+len, LoadFarString(UTcreation));
+                            strcpy(types+len, (char *)(UTcreation));
+                             ++num;
+                             if (*pEndprev > 0L)
+                                 *pEndprev += 4L;
+@@ -2331,7 +2331,7 @@ static char *zi_time(__G__ datetimez, modtimez, d_t_str)
+             /* time conversion error in verbose listing format,
+              * return string with '?' instead of data
+              */
+-            return (strcpy(d_t_str, LoadFarString(lngYMDHMSTimeError)));
+            return (strcpy(d_t_str, (char*)(lngYMDHMSTimeError)));
+     } else
+         t = (struct tm *)NULL;
+     if (t != (struct tm *)NULL) {
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 239760660f..547379c0dc 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
        file://11-cve-2014-8141-getzip64data.patch \
        file://CVE-2015-7696.patch \
        file://CVE-2015-7697.patch \
+        file://fix-security-format.patch \
 "
 SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index febedfa092..fc4c5812bb 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc
@@ -104,7 +104,6 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
104	SECURITY_STRINGFORMAT_pn-gettext = ""	104	SECURITY_STRINGFORMAT_pn-gettext = ""
105	SECURITY_STRINGFORMAT_pn-kexec-tools = ""	105	SECURITY_STRINGFORMAT_pn-kexec-tools = ""
106	SECURITY_STRINGFORMAT_pn-oh-puzzles = ""	106	SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
107	SECURITY_STRINGFORMAT_pn-unzip = ""
108		107
109	TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"	108	TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
110	TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"	109	TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"


diff --git a/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/meta/recipes-extended/unzip/unzip/fix-security-format.patch new file mode 100644 index 0000000000..c82f502552 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
@@ -0,0 +1,139 @@
		1	unzip: Fixing security formatting issues
		2
		3	Fix security formatting issues related to sprintf parameters expeted.
		4
		5	[YOCTO #9551]
		6	[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
		7
		8	Upstream-Status: Pending
		9
		10	Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
		11
		12	diff --git a/unzpriv.h b/unzpriv.h
		13	index c8d3eab..85e693a 100644
		14	--- a/unzpriv.h
		15	+++ b/unzpriv.h
		16	@@ -1006,7 +1006,7 @@
		17	# define LoadFarStringSmall(x) Qstrfix(x)
		18	# define LoadFarStringSmall2(x) Qstrfix(x)
		19	# else
		20	-# define LoadFarString(x) (char *)(x)
		21	+# define LoadFarString(x) "%s",(char *)(x)
		22	# define LoadFarStringSmall(x) (char *)(x)
		23	# define LoadFarStringSmall2(x) (char *)(x)
		24	# endif
		25	diff --git a/fileio.c b/fileio.c
		26	index 36bfea3..ca779c2 100644
		27	--- a/fileio.c
		28	+++ b/fileio.c
		29	@@ -588,8 +588,8 @@ unsigned readbuf(__G__ buf, size) /* return number of bytes read into buf */
		30	else if (G.incnt < 0) {
		31	/* another hack, but no real harm copying same thing twice */
		32	(G.message)((zvoid )&G,
		33	- (uch )LoadFarString(ReadError), / CANNOT use slide */
		34	- (ulg)strlen(LoadFarString(ReadError)), 0x401);
		35	+ (uch )(char)(ReadError), /* CANNOT use slide */
		36	+ (ulg)strlen((char*)(ReadError)), 0x401);
		37	return 0; /* discarding some data; better than lock-up */
		38	}
		39	/* buffer ALWAYS starts on a block boundary: */
		40	@@ -631,8 +631,8 @@ int readbyte(__G) /* refill inbuf and return a byte if available, else EOF */
		41	} else if (G.incnt < 0) { /* "fail" (abort, retry, ...) returns this */
		42	/* another hack, but no real harm copying same thing twice */
		43	(G.message)((zvoid )&G,
		44	- (uch *)LoadFarString(ReadError),
		45	- (ulg)strlen(LoadFarString(ReadError)), 0x401);
		46	+ (uch )(char)(ReadError),
		47	+ (ulg)strlen((char*)(ReadError)), 0x401);
		48	echon();
		49	#ifdef WINDLL
		50	longjmp(dll_error_return, 1);
		51	@@ -1356,7 +1356,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
		52	++((Uz_Globs *)pG)->lines;
		53	if (((Uz_Globs )pG)->lines >= ((Uz_Globs )pG)->height)
		54	(((Uz_Globs )pG)->mpause)((zvoid *)pG,
		55	- LoadFarString(MorePrompt), 1);
		56	+ (char*)(MorePrompt), 1);
		57	}
		58	#endif /* MORE */
		59	if (MSG_STDERR(flag) && ((Uz_Globs *)pG)->UzO.tflag &&
		60	@@ -1416,7 +1416,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
		61	((Uz_Globs *)pG)->sol = TRUE;
		62	q = p + 1;
		63	(((Uz_Globs )pG)->mpause)((zvoid *)pG,
		64	- LoadFarString(MorePrompt), 1);
		65	+ (char*)(MorePrompt), 1);
		66	}
		67	}
		68	INCSTR(p);
		69	@@ -2176,7 +2176,7 @@ int do_string(__G__ length, option) /* return PK-type error code */
		70	(G.message)((zvoid )&G, slide, (ulg)(q-slide), 0);
		71	q = slide;
		72	if (pause && G.extract_flag) /* don't pause for list/test */
		73	- (G.mpause)((zvoid )&G, LoadFarString(QuitPrompt), 0);
		74	+ (G.mpause)((zvoid )&G, (char*)(QuitPrompt), 0);
		75	}
		76	}
		77	(G.message)((zvoid )&G, slide, (ulg)(q-slide), 0);
		78	diff --git a/unzip.c b/unzip.c
		79	index 2d94a38..ca135af 100644
		80	--- a/unzip.c
		81	+++ b/unzip.c
		82	@@ -1079,7 +1079,7 @@ int unzip(__G__ argc, argv)
		83	#ifndef _WIN32_WCE /* Win CE does not support environment variables */
		84	if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvZipInfo),
		85	LoadFarStringSmall2(EnvZipInfo2))) != PK_OK)
		86	- perror(LoadFarString(NoMemEnvArguments));
		87	+ perror((char*)(NoMemEnvArguments));
		88	#endif
		89	} else
		90	#endif /* !NO_ZIPINFO */
		91	@@ -1088,7 +1088,7 @@ int unzip(__G__ argc, argv)
		92	#ifndef _WIN32_WCE /* Win CE does not support environment variables */
		93	if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvUnZip),
		94	LoadFarStringSmall2(EnvUnZip2))) != PK_OK)
		95	- perror(LoadFarString(NoMemEnvArguments));
		96	+ perror((char*)(NoMemEnvArguments));
		97	#endif
		98	}
		99
		100	diff --git a/zipinfo.c b/zipinfo.c
		101	index 0ac75b3..8a0887c 100644
		102	--- a/zipinfo.c
		103	+++ b/zipinfo.c
		104	@@ -1640,14 +1640,14 @@ static int zi_long(__G__ pEndprev, error_in_archive)
		105
		106	*types = '\0';
		107	if (*ef_ptr & 1) {
		108	- strcpy(types, LoadFarString(UTmodification));
		109	+ strcpy(types, (char*)(UTmodification));
		110	++num;
		111	}
		112	if (*ef_ptr & 2) {
		113	len = strlen(types);
		114	if (num)
		115	types[len++] = '/';
		116	- strcpy(types+len, LoadFarString(UTaccess));
		117	+ strcpy(types+len, (char*)(UTaccess));
		118	++num;
		119	if (*pEndprev > 0L)
		120	*pEndprev += 4L;
		121	@@ -1656,7 +1656,7 @@ static int zi_long(__G__ pEndprev, error_in_archive)
		122	len = strlen(types);
		123	if (num)
		124	types[len++] = '/';
		125	- strcpy(types+len, LoadFarString(UTcreation));
		126	+ strcpy(types+len, (char *)(UTcreation));
		127	++num;
		128	if (*pEndprev > 0L)
		129	*pEndprev += 4L;
		130	@@ -2331,7 +2331,7 @@ static char *zi_time(__G__ datetimez, modtimez, d_t_str)
		131	/* time conversion error in verbose listing format,
		132	* return string with '?' instead of data
		133	*/
		134	- return (strcpy(d_t_str, LoadFarString(lngYMDHMSTimeError)));
		135	+ return (strcpy(d_t_str, (char*)(lngYMDHMSTimeError)));
		136	} else
		137	t = (struct tm *)NULL;
		138	if (t != (struct tm *)NULL) {
		139


diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index 239760660f..547379c0dc 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
16	file://11-cve-2014-8141-getzip64data.patch \	16	file://11-cve-2014-8141-getzip64data.patch \
17	file://CVE-2015-7696.patch \	17	file://CVE-2015-7696.patch \
18	file://CVE-2015-7697.patch \	18	file://CVE-2015-7697.patch \
		19	file://fix-security-format.patch \
19	"	20	"
20		21
21	SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"	22	SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"