diff options
author | Edwin Plauchu <edwin.plauchu.camacho@intel.com> | 2016-05-17 14:25:11 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-05-19 08:39:27 +0100 |
commit | f63a36360b7e138d2a63c84b5b1a8287ffe3d2ae (patch) | |
tree | e1dbba466ded2c4e113a6dc2b12cc2324b99e752 | |
parent | f03c1f41933e9997a01a8b1dcdf9fb18579de1d1 (diff) | |
download | openembedded-core-f63a36360b7e138d2a63c84b5b1a8287ffe3d2ae.tar.gz openembedded-core-f63a36360b7e138d2a63c84b5b1a8287ffe3d2ae.tar.bz2 openembedded-core-f63a36360b7e138d2a63c84b5b1a8287ffe3d2ae.zip |
zip: fix security issues
This patch avoids zip recipe fails to compile with compiler
flags which elevate common string formatting issues into an
error (-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9552]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/conf/distro/include/security_flags.inc | 1 | ||||
-rw-r--r-- | meta/recipes-extended/zip/zip-3.0/fix-security-format.patch | 42 | ||||
-rw-r--r-- | meta/recipes-extended/zip/zip.inc | 3 |
3 files changed, 44 insertions, 2 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 5ae6dd876d..c1f596e921 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -106,7 +106,6 @@ SECURITY_STRINGFORMAT_pn-kexec-tools = "" SECURITY_STRINGFORMAT_pn-makedevs = "" SECURITY_STRINGFORMAT_pn-oh-puzzles = "" SECURITY_STRINGFORMAT_pn-unzip = "" -SECURITY_STRINGFORMAT_pn-zip = "" TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}" TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" diff --git a/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch b/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch new file mode 100644 index 0000000000..19d8548273 --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/fix-security-format.patch @@ -0,0 +1,42 @@ +zip: Fixing security formatting issues + +Fix security formatting issues related to printing without NULL argument + +zip.c: In function 'help_extended': +zip.c:1031:5: error: format not a string literal and no format arguments [-Werror=format-security] + printf(text[i]); + ^ +zip.c: In function 'version_info': +zip.c:1228:5: error: format not a string literal and no format arguments [-Werror=format-security] + printf(cryptnote[i]); + ^ + +[YOCTO #9552] +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9552] + +Upstream-Status: Pending + +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> + +diff --git a/zip.c b/zip.c +index 439821f..d7da768 100644 +--- a/zip.c ++++ b/zip.c +@@ -1028,7 +1028,7 @@ local void help_extended() + + for (i = 0; i < sizeof(text)/sizeof(char *); i++) + { +- printf(text[i]); ++ fputs(text[i],stdout); + putchar('\n'); + } + #ifdef DOS +@@ -1225,7 +1225,7 @@ local void version_info() + CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE); + for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++) + { +- printf(cryptnote[i]); ++ fputs(cryptnote[i],stdout); + putchar('\n'); + } + ++i; /* crypt support means there IS at least one compilation option */ diff --git a/meta/recipes-extended/zip/zip.inc b/meta/recipes-extended/zip/zip.inc index 6221c5e139..21985a4a08 100644 --- a/meta/recipes-extended/zip/zip.inc +++ b/meta/recipes-extended/zip/zip.inc @@ -5,7 +5,8 @@ SECTION = "console/utils" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=04d43c5d70b496c032308106e26ae17d" -SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/zip${@d.getVar('PV',1).replace('.', '')}.tgz" +SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/zip${@d.getVar('PV',1).replace('.', '')}.tgz \ + file://fix-security-format.patch" EXTRA_OEMAKE = "'CC=${CC}' 'BIND=${CC}' 'AS=${CC} -c' 'CPP=${CPP}' \ 'CFLAGS=-I. -DUNIX ${CFLAGS}' 'INSTALL=install' \ |