summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEdwin Plauchu <edwin.plauchu.camacho@intel.com>2016-05-27 15:29:21 -0500
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-06-01 08:04:12 +0100
commit2dd1c02fbc7492002df9030f50710e242369e8b2 (patch)
tree27505f3a1cf35cfd2cd923afada6ea5b83e50fdf
parent4976382011106b9515e44359f2f6bb1d0c69fdb3 (diff)
downloadopenembedded-core-2dd1c02fbc7492002df9030f50710e242369e8b2.tar.gz
openembedded-core-2dd1c02fbc7492002df9030f50710e242369e8b2.tar.bz2
openembedded-core-2dd1c02fbc7492002df9030f50710e242369e8b2.zip
unzip: fix security issues
This patch avoids unzip fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security). [YOCTO #9551] Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/conf/distro/include/security_flags.inc1
-rw-r--r--meta/recipes-extended/unzip/unzip/fix-security-format.patch139
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb1
3 files changed, 140 insertions, 1 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index febedfa092..fc4c5812bb 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -104,7 +104,6 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
SECURITY_STRINGFORMAT_pn-gettext = ""
SECURITY_STRINGFORMAT_pn-kexec-tools = ""
SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
-SECURITY_STRINGFORMAT_pn-unzip = ""
TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
diff --git a/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
new file mode 100644
index 0000000000..c82f502552
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
@@ -0,0 +1,139 @@
+unzip: Fixing security formatting issues
+
+Fix security formatting issues related to sprintf parameters expeted.
+
+[YOCTO #9551]
+[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
+
+Upstream-Status: Pending
+
+Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
+
+diff --git a/unzpriv.h b/unzpriv.h
+index c8d3eab..85e693a 100644
+--- a/unzpriv.h
++++ b/unzpriv.h
+@@ -1006,7 +1006,7 @@
+ # define LoadFarStringSmall(x) Qstrfix(x)
+ # define LoadFarStringSmall2(x) Qstrfix(x)
+ # else
+-# define LoadFarString(x) (char *)(x)
++# define LoadFarString(x) "%s",(char *)(x)
+ # define LoadFarStringSmall(x) (char *)(x)
+ # define LoadFarStringSmall2(x) (char *)(x)
+ # endif
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..ca779c2 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -588,8 +588,8 @@ unsigned readbuf(__G__ buf, size) /* return number of bytes read into buf */
+ else if (G.incnt < 0) {
+ /* another hack, but no real harm copying same thing twice */
+ (*G.message)((zvoid *)&G,
+- (uch *)LoadFarString(ReadError), /* CANNOT use slide */
+- (ulg)strlen(LoadFarString(ReadError)), 0x401);
++ (uch *)(char*)(ReadError), /* CANNOT use slide */
++ (ulg)strlen((char*)(ReadError)), 0x401);
+ return 0; /* discarding some data; better than lock-up */
+ }
+ /* buffer ALWAYS starts on a block boundary: */
+@@ -631,8 +631,8 @@ int readbyte(__G) /* refill inbuf and return a byte if available, else EOF */
+ } else if (G.incnt < 0) { /* "fail" (abort, retry, ...) returns this */
+ /* another hack, but no real harm copying same thing twice */
+ (*G.message)((zvoid *)&G,
+- (uch *)LoadFarString(ReadError),
+- (ulg)strlen(LoadFarString(ReadError)), 0x401);
++ (uch *)(char*)(ReadError),
++ (ulg)strlen((char*)(ReadError)), 0x401);
+ echon();
+ #ifdef WINDLL
+ longjmp(dll_error_return, 1);
+@@ -1356,7 +1356,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
+ ++((Uz_Globs *)pG)->lines;
+ if (((Uz_Globs *)pG)->lines >= ((Uz_Globs *)pG)->height)
+ (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
+- LoadFarString(MorePrompt), 1);
++ (char*)(MorePrompt), 1);
+ }
+ #endif /* MORE */
+ if (MSG_STDERR(flag) && ((Uz_Globs *)pG)->UzO.tflag &&
+@@ -1416,7 +1416,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
+ ((Uz_Globs *)pG)->sol = TRUE;
+ q = p + 1;
+ (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
+- LoadFarString(MorePrompt), 1);
++ (char*)(MorePrompt), 1);
+ }
+ }
+ INCSTR(p);
+@@ -2176,7 +2176,7 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
+ q = slide;
+ if (pause && G.extract_flag) /* don't pause for list/test */
+- (*G.mpause)((zvoid *)&G, LoadFarString(QuitPrompt), 0);
++ (*G.mpause)((zvoid *)&G, (char*)(QuitPrompt), 0);
+ }
+ }
+ (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
+diff --git a/unzip.c b/unzip.c
+index 2d94a38..ca135af 100644
+--- a/unzip.c
++++ b/unzip.c
+@@ -1079,7 +1079,7 @@ int unzip(__G__ argc, argv)
+ #ifndef _WIN32_WCE /* Win CE does not support environment variables */
+ if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvZipInfo),
+ LoadFarStringSmall2(EnvZipInfo2))) != PK_OK)
+- perror(LoadFarString(NoMemEnvArguments));
++ perror((char*)(NoMemEnvArguments));
+ #endif
+ } else
+ #endif /* !NO_ZIPINFO */
+@@ -1088,7 +1088,7 @@ int unzip(__G__ argc, argv)
+ #ifndef _WIN32_WCE /* Win CE does not support environment variables */
+ if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvUnZip),
+ LoadFarStringSmall2(EnvUnZip2))) != PK_OK)
+- perror(LoadFarString(NoMemEnvArguments));
++ perror((char*)(NoMemEnvArguments));
+ #endif
+ }
+
+diff --git a/zipinfo.c b/zipinfo.c
+index 0ac75b3..8a0887c 100644
+--- a/zipinfo.c
++++ b/zipinfo.c
+@@ -1640,14 +1640,14 @@ static int zi_long(__G__ pEndprev, error_in_archive)
+
+ *types = '\0';
+ if (*ef_ptr & 1) {
+- strcpy(types, LoadFarString(UTmodification));
++ strcpy(types, (char*)(UTmodification));
+ ++num;
+ }
+ if (*ef_ptr & 2) {
+ len = strlen(types);
+ if (num)
+ types[len++] = '/';
+- strcpy(types+len, LoadFarString(UTaccess));
++ strcpy(types+len, (char*)(UTaccess));
+ ++num;
+ if (*pEndprev > 0L)
+ *pEndprev += 4L;
+@@ -1656,7 +1656,7 @@ static int zi_long(__G__ pEndprev, error_in_archive)
+ len = strlen(types);
+ if (num)
+ types[len++] = '/';
+- strcpy(types+len, LoadFarString(UTcreation));
++ strcpy(types+len, (char *)(UTcreation));
+ ++num;
+ if (*pEndprev > 0L)
+ *pEndprev += 4L;
+@@ -2331,7 +2331,7 @@ static char *zi_time(__G__ datetimez, modtimez, d_t_str)
+ /* time conversion error in verbose listing format,
+ * return string with '?' instead of data
+ */
+- return (strcpy(d_t_str, LoadFarString(lngYMDHMSTimeError)));
++ return (strcpy(d_t_str, (char*)(lngYMDHMSTimeError)));
+ } else
+ t = (struct tm *)NULL;
+ if (t != (struct tm *)NULL) {
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 239760660f..547379c0dc 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://11-cve-2014-8141-getzip64data.patch \
file://CVE-2015-7696.patch \
file://CVE-2015-7697.patch \
+ file://fix-security-format.patch \
"
SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"