diff options
| -rw-r--r-- | meta/conf/distro/include/security_flags.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-extended/unzip/unzip/fix-security-format.patch | 139 | ||||
| -rw-r--r-- | meta/recipes-extended/unzip/unzip_6.0.bb | 1 |
3 files changed, 140 insertions, 1 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index febedfa092..fc4c5812bb 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -104,7 +104,6 @@ SECURITY_STRINGFORMAT_pn-gcc = "" SECURITY_STRINGFORMAT_pn-gettext = "" SECURITY_STRINGFORMAT_pn-kexec-tools = "" SECURITY_STRINGFORMAT_pn-oh-puzzles = "" -SECURITY_STRINGFORMAT_pn-unzip = "" TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}" TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}" diff --git a/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/meta/recipes-extended/unzip/unzip/fix-security-format.patch new file mode 100644 index 0000000000..c82f502552 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch @@ -0,0 +1,139 @@ +unzip: Fixing security formatting issues + +Fix security formatting issues related to sprintf parameters expeted. + +[YOCTO #9551] +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551] + +Upstream-Status: Pending + +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> + +diff --git a/unzpriv.h b/unzpriv.h +index c8d3eab..85e693a 100644 +--- a/unzpriv.h ++++ b/unzpriv.h +@@ -1006,7 +1006,7 @@ + # define LoadFarStringSmall(x) Qstrfix(x) + # define LoadFarStringSmall2(x) Qstrfix(x) + # else +-# define LoadFarString(x) (char *)(x) ++# define LoadFarString(x) "%s",(char *)(x) + # define LoadFarStringSmall(x) (char *)(x) + # define LoadFarStringSmall2(x) (char *)(x) + # endif +diff --git a/fileio.c b/fileio.c +index 36bfea3..ca779c2 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -588,8 +588,8 @@ unsigned readbuf(__G__ buf, size) /* return number of bytes read into buf */ + else if (G.incnt < 0) { + /* another hack, but no real harm copying same thing twice */ + (*G.message)((zvoid *)&G, +- (uch *)LoadFarString(ReadError), /* CANNOT use slide */ +- (ulg)strlen(LoadFarString(ReadError)), 0x401); ++ (uch *)(char*)(ReadError), /* CANNOT use slide */ ++ (ulg)strlen((char*)(ReadError)), 0x401); + return 0; /* discarding some data; better than lock-up */ + } + /* buffer ALWAYS starts on a block boundary: */ +@@ -631,8 +631,8 @@ int readbyte(__G) /* refill inbuf and return a byte if available, else EOF */ + } else if (G.incnt < 0) { /* "fail" (abort, retry, ...) returns this */ + /* another hack, but no real harm copying same thing twice */ + (*G.message)((zvoid *)&G, +- (uch *)LoadFarString(ReadError), +- (ulg)strlen(LoadFarString(ReadError)), 0x401); ++ (uch *)(char*)(ReadError), ++ (ulg)strlen((char*)(ReadError)), 0x401); + echon(); + #ifdef WINDLL + longjmp(dll_error_return, 1); +@@ -1356,7 +1356,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag) + ++((Uz_Globs *)pG)->lines; + if (((Uz_Globs *)pG)->lines >= ((Uz_Globs *)pG)->height) + (*((Uz_Globs *)pG)->mpause)((zvoid *)pG, +- LoadFarString(MorePrompt), 1); ++ (char*)(MorePrompt), 1); + } + #endif /* MORE */ + if (MSG_STDERR(flag) && ((Uz_Globs *)pG)->UzO.tflag && +@@ -1416,7 +1416,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag) + ((Uz_Globs *)pG)->sol = TRUE; + q = p + 1; + (*((Uz_Globs *)pG)->mpause)((zvoid *)pG, +- LoadFarString(MorePrompt), 1); ++ (char*)(MorePrompt), 1); + } + } + INCSTR(p); +@@ -2176,7 +2176,7 @@ int do_string(__G__ length, option) /* return PK-type error code */ + (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0); + q = slide; + if (pause && G.extract_flag) /* don't pause for list/test */ +- (*G.mpause)((zvoid *)&G, LoadFarString(QuitPrompt), 0); ++ (*G.mpause)((zvoid *)&G, (char*)(QuitPrompt), 0); + } + } + (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0); +diff --git a/unzip.c b/unzip.c +index 2d94a38..ca135af 100644 +--- a/unzip.c ++++ b/unzip.c +@@ -1079,7 +1079,7 @@ int unzip(__G__ argc, argv) + #ifndef _WIN32_WCE /* Win CE does not support environment variables */ + if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvZipInfo), + LoadFarStringSmall2(EnvZipInfo2))) != PK_OK) +- perror(LoadFarString(NoMemEnvArguments)); ++ perror((char*)(NoMemEnvArguments)); + #endif + } else + #endif /* !NO_ZIPINFO */ +@@ -1088,7 +1088,7 @@ int unzip(__G__ argc, argv) + #ifndef _WIN32_WCE /* Win CE does not support environment variables */ + if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvUnZip), + LoadFarStringSmall2(EnvUnZip2))) != PK_OK) +- perror(LoadFarString(NoMemEnvArguments)); ++ perror((char*)(NoMemEnvArguments)); + #endif + } + +diff --git a/zipinfo.c b/zipinfo.c +index 0ac75b3..8a0887c 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -1640,14 +1640,14 @@ static int zi_long(__G__ pEndprev, error_in_archive) + + *types = '\0'; + if (*ef_ptr & 1) { +- strcpy(types, LoadFarString(UTmodification)); ++ strcpy(types, (char*)(UTmodification)); + ++num; + } + if (*ef_ptr & 2) { + len = strlen(types); + if (num) + types[len++] = '/'; +- strcpy(types+len, LoadFarString(UTaccess)); ++ strcpy(types+len, (char*)(UTaccess)); + ++num; + if (*pEndprev > 0L) + *pEndprev += 4L; +@@ -1656,7 +1656,7 @@ static int zi_long(__G__ pEndprev, error_in_archive) + len = strlen(types); + if (num) + types[len++] = '/'; +- strcpy(types+len, LoadFarString(UTcreation)); ++ strcpy(types+len, (char *)(UTcreation)); + ++num; + if (*pEndprev > 0L) + *pEndprev += 4L; +@@ -2331,7 +2331,7 @@ static char *zi_time(__G__ datetimez, modtimez, d_t_str) + /* time conversion error in verbose listing format, + * return string with '?' instead of data + */ +- return (strcpy(d_t_str, LoadFarString(lngYMDHMSTimeError))); ++ return (strcpy(d_t_str, (char*)(lngYMDHMSTimeError))); + } else + t = (struct tm *)NULL; + if (t != (struct tm *)NULL) { + diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index 239760660f..547379c0dc 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb @@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://11-cve-2014-8141-getzip64data.patch \ file://CVE-2015-7696.patch \ file://CVE-2015-7697.patch \ + file://fix-security-format.patch \ " SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" |