[PATCH 1/4] ltp: Fixes security string printf on testcases/network/nfsv4/acl/acl1.c

[PATCH 1/4] ltp: Fixes security string printf on testcases/network/nfsv4/acl/acl1.c

[Aníbal Limón]

[YOCTO #9548]

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
---
 ...etwork-nfsv4-acl-acl1.c-Security-fix-on-s.patch | 41 ++++++++++++++++++++++
 meta/recipes-extended/ltp/ltp_20160126.bb          |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-extended/ltp/ltp/0001-testcases-network-nfsv4-acl-acl1.c-Security-fix-on-s.patch

diff --git a/meta/recipes-extended/ltp/ltp/0001-testcases-network-nfsv4-acl-acl1.c-Security-fix-on-s.patch b/meta/recipes-extended/ltp/ltp/0001-testcases-network-nfsv4-acl-acl1.c-Security-fix-on-s.patch
new file mode 100644
index 0000000..8f285d1
--- /dev/null
+++ b/meta/recipes-extended/ltp/ltp/0001-testcases-network-nfsv4-acl-acl1.c-Security-fix-on-s.patch
@@ -0,0 +1,41 @@
+From 672a56be14426eae44864673c6c2afca0ab89d46 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
+Date: Fri, 13 May 2016 11:11:28 -0500
+Subject: [PATCH] testcases/network/nfsv4/acl/acl1.c: Security fix on string
+ printf
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes:
+
+acl1.c: In function 'test_acl_default':
+acl1.c:317:2: error: format not a string literal and no format arguments
+[-Werror=format-security]
+  printf(cmd);
+
+[YOCTO #9548]
+
+Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
+
+Upstream-status: Pending
+---
+ testcases/network/nfsv4/acl/acl1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/testcases/network/nfsv4/acl/acl1.c b/testcases/network/nfsv4/acl/acl1.c
+index b8b67b4..7c7c506 100644
+--- a/testcases/network/nfsv4/acl/acl1.c
++++ b/testcases/network/nfsv4/acl/acl1.c
+@@ -314,7 +314,7 @@ void test_acl_default(char *dir, acl_t acl)
+ 	char *cmd = malloc(256);
+ 
+ 	strcpy(cmd, "chmod 7777 ");
+-	printf(cmd);
++	printf(cmd, NULL);
+ 	strcat(cmd, dir);
+ 	system(cmd);
+ 	acl2 = acl_get_file(path, ACL_TYPE_ACCESS);
+-- 
+2.1.4
+
diff --git a/meta/recipes-extended/ltp/ltp_20160126.bb b/meta/recipes-extended/ltp/ltp_20160126.bb
index 097c16d..278f492 100644
--- a/meta/recipes-extended/ltp/ltp_20160126.bb
+++ b/meta/recipes-extended/ltp/ltp_20160126.bb
@@ -62,6 +62,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \
            file://0033-shmat1-Cover-GNU-specific-code-under-__USE_GNU.patch \
            file://0034-periodic_output.patch \
            file://0035-fix-test_proc_kill-hang.patch \
+           file://0001-testcases-network-nfsv4-acl-acl1.c-Security-fix-on-s.patch \
            "
 
 S = "${WORKDIR}/git"
-- 
2.1.4

[PATCH] security_flags: Enable security flags on leafpad, ltp and libuser.

[Aníbal Limón]

Now we have patches that solves the security formatting issues into
those packages.

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
---
 meta/conf/distro/include/security_flags.inc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 5755d28..7a91cec 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -103,9 +103,6 @@ SECURITY_STRINGFORMAT_pn-expect = ""
 SECURITY_STRINGFORMAT_pn-gcc = ""
 SECURITY_STRINGFORMAT_pn-gettext = ""
 SECURITY_STRINGFORMAT_pn-kexec-tools = ""
-SECURITY_STRINGFORMAT_pn-leafpad = ""
-SECURITY_STRINGFORMAT_pn-libuser = ""
-SECURITY_STRINGFORMAT_pn-ltp = ""
 SECURITY_STRINGFORMAT_pn-makedevs = ""
 SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
 SECURITY_STRINGFORMAT_pn-stat = ""
-- 
2.1.4

[PATCH 2/4] libuser: Fix security string formatting issues.

[Aníbal Limón]

[YOCTO #9547]

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
---
 ...es.c-parse_field-fix-string-formating-in-.patch | 34 ++++++++++++++++++++++
 meta/recipes-extended/libuser/libuser_0.62.bb      |  3 +-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/libuser/libuser/0001-modules-files.c-parse_field-fix-string-formating-in-.patch

diff --git a/meta/recipes-extended/libuser/libuser/0001-modules-files.c-parse_field-fix-string-formating-in-.patch b/meta/recipes-extended/libuser/libuser/0001-modules-files.c-parse_field-fix-string-formating-in-.patch
new file mode 100644
index 0000000..074491b
--- /dev/null
+++ b/meta/recipes-extended/libuser/libuser/0001-modules-files.c-parse_field-fix-string-formating-in-.patch
@@ -0,0 +1,34 @@
+From a4857911ece5ebfcdef42aee4c070eb216f39597 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
+Date: Fri, 13 May 2016 11:40:13 -0500
+Subject: [PATCH] modules/files.c: parse_field fix string formating in
+ g_warnings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+[YOCTO #9547]
+
+Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
+
+Upstream-status: Pending
+---
+ modules/files.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/files.c b/modules/files.c
+index 4ef0a57..35eafc9 100644
+--- a/modules/files.c
++++ b/modules/files.c
+@@ -534,7 +534,7 @@ parse_field(const struct format_specifier *format, GValue *value,
+ 						 string, &err);
+ 	if (ret == FALSE) {
+ 		g_assert(err != NULL);
+-		g_warning(lu_strerror(err));
++		g_warning(lu_strerror(err), NULL);
+ 		lu_error_free(&err);
+ 	}
+ 	return ret;
+-- 
+2.1.4
+
diff --git a/meta/recipes-extended/libuser/libuser_0.62.bb b/meta/recipes-extended/libuser/libuser_0.62.bb
index 1369ae8..7a64efe 100644
--- a/meta/recipes-extended/libuser/libuser_0.62.bb
+++ b/meta/recipes-extended/libuser/libuser_0.62.bb
@@ -14,7 +14,8 @@ SECTION = "base"
 SRC_URI = "https://fedorahosted.org/releases/l/i/libuser/libuser-${PV}.tar.xz \
            file://0001-Check-for-issetugid.patch \
            file://0002-remove-unused-execinfo.h.patch \
-          "
+           file://0001-modules-files.c-parse_field-fix-string-formating-in-.patch \
+           "
 
 SRC_URI[md5sum] = "63e5e5c551e99dc5302b40b80bd6d4f2"
 SRC_URI[sha256sum] = "a58ff4fabb01a25043b142185a33eeea961109dd60d4b40b6a9df4fa3cace20b"
-- 
2.1.4

[PATCH 3/4] leafpad: Fix security formating issues.

[Aníbal Limón]

[YOCTO #9546]

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
---
 ...gtkprint-.c-Fix-security-formatting-issue.patch | 81 ++++++++++++++++++++++
 meta/recipes-sato/leafpad/leafpad_0.8.18.1.bb      |  4 +-
 2 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-sato/leafpad/files/src-dialog-gtkprint-.c-Fix-security-formatting-issue.patch

diff --git a/meta/recipes-sato/leafpad/files/src-dialog-gtkprint-.c-Fix-security-formatting-issue.patch b/meta/recipes-sato/leafpad/files/src-dialog-gtkprint-.c-Fix-security-formatting-issue.patch
new file mode 100644
index 0000000..cf2687f
--- /dev/null
+++ b/meta/recipes-sato/leafpad/files/src-dialog-gtkprint-.c-Fix-security-formatting-issue.patch
@@ -0,0 +1,81 @@
+From 316ccb1733a6da726c0e7f0748e3e88ec459ca54 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
+Date: Fri, 13 May 2016 14:36:51 -0500
+Subject: [PATCH] src/{dialog,gtkprint}.c: Fix security formatting issues
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+../../../../../../../workspace/sources/leafpad/src/dialog.c: In
+unction
+'run_dialog_message':
+../../../../../../../workspace/sources/leafpad/src/dialog.c:39:3:
+rror:
+format not a string literal and no format arguments
+[-Werror=format-security]
+   str);
+   ^
+../../../../../../../workspace/sources/leafpad/src/dialog.c: In
+unction
+'create_dialog_message_question':
+../../../../../../../workspace/sources/leafpad/src/dialog.c:64:3:
+rror:
+format not a string literal and no format arguments
+[-Werror=format-security]
+   str);
+
+../../../../../../../workspace/sources/leafpad/src/gtkprint.c: In
+function 'create_error_dialog':
+../../../../../../../workspace/sources/leafpad/src/gtkprint.c:168:3:
+error: format not a string literal and no format arguments
+[-Werror=format-security]
+   message);
+
+[YOCTO #9546]
+
+Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
+
+Upstream-status: Pending
+---
+ src/dialog.c   | 4 ++--
+ src/gtkprint.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/dialog.c b/src/dialog.c
+index 14b69d7..8c8f2da 100644
+--- a/src/dialog.c
++++ b/src/dialog.c
+@@ -36,7 +36,7 @@ void run_dialog_message(GtkWidget *window,
+ 		GTK_DIALOG_DESTROY_WITH_PARENT,
+ 		type,
+ 		GTK_BUTTONS_NONE,
+-		str);
++		str, NULL);
+ 	gtk_window_set_resizable(GTK_WINDOW(dialog), FALSE);
+ 	gtk_dialog_add_buttons(GTK_DIALOG(dialog),
+ 		GTK_STOCK_OK, GTK_RESPONSE_CANCEL, NULL);
+@@ -61,7 +61,7 @@ GtkWidget *create_dialog_message_question(GtkWidget *window, gchar *message, ...
+ 		GTK_DIALOG_DESTROY_WITH_PARENT,
+ 		GTK_MESSAGE_QUESTION,
+ 		GTK_BUTTONS_NONE,
+-		str);
++		str, NULL);
+ 	gtk_window_set_resizable(GTK_WINDOW(dialog), FALSE);
+ 	gtk_dialog_add_buttons(GTK_DIALOG(dialog),
+ 		GTK_STOCK_NO, GTK_RESPONSE_NO,
+diff --git a/src/gtkprint.c b/src/gtkprint.c
+index 3f39384..e2bb83a 100644
+--- a/src/gtkprint.c
++++ b/src/gtkprint.c
+@@ -165,7 +165,7 @@ static void create_error_dialog(GtkTextView *text_view, gchar *message)
+ 		GTK_DIALOG_DESTROY_WITH_PARENT,
+ 		GTK_MESSAGE_ERROR,
+ 		GTK_BUTTONS_NONE,
+-		message);
++		message, NULL);
+ 	gtk_window_set_resizable(GTK_WINDOW(dialog), FALSE);
+ 	gtk_dialog_add_buttons(GTK_DIALOG(dialog),
+ 		GTK_STOCK_OK, GTK_RESPONSE_CANCEL, NULL);
+-- 
+2.1.4
+
diff --git a/meta/recipes-sato/leafpad/leafpad_0.8.18.1.bb b/meta/recipes-sato/leafpad/leafpad_0.8.18.1.bb
index 093b89f..e6a4b56 100644
--- a/meta/recipes-sato/leafpad/leafpad_0.8.18.1.bb
+++ b/meta/recipes-sato/leafpad/leafpad_0.8.18.1.bb
@@ -11,7 +11,9 @@ DEPENDS = "gtk+ intltool-native libowl gettext-native"
 REQUIRED_DISTRO_FEATURES = "x11"
 
 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
-	   file://leafpad.desktop"
+           file://leafpad.desktop \
+           file://src-dialog-gtkprint-.c-Fix-security-formatting-issue.patch \
+           "
 
 SRC_URI[md5sum] = "254a72fc67505e3aa52884c729cd7b97"
 SRC_URI[sha256sum] = "959d22ae07f22803bc66ff40d373a854532a6e4732680bf8a96a3fbcb9f80a2c"
-- 
2.1.4

[PATCH 4/4] security_flags: Enable security flags on leafpad, ltp and libuser.

[Aníbal Limón]

Now we have patches that solves the security formatting issues into
those packages.

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
---
 meta/conf/distro/include/security_flags.inc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 5755d28..7a91cec 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -103,9 +103,6 @@ SECURITY_STRINGFORMAT_pn-expect = ""
 SECURITY_STRINGFORMAT_pn-gcc = ""
 SECURITY_STRINGFORMAT_pn-gettext = ""
 SECURITY_STRINGFORMAT_pn-kexec-tools = ""
-SECURITY_STRINGFORMAT_pn-leafpad = ""
-SECURITY_STRINGFORMAT_pn-libuser = ""
-SECURITY_STRINGFORMAT_pn-ltp = ""
 SECURITY_STRINGFORMAT_pn-makedevs = ""
 SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
 SECURITY_STRINGFORMAT_pn-stat = ""
-- 
2.1.4

Re: [PATCH 2/4] libuser: Fix security string formatting issues.

[Paul Eggleton]

Hi Aníbal,

On Fri, 13 May 2016 14:49:26 Aníbal Limón wrote:
> [YOCTO #9547]
> 
> Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>

This isn't sufficient as a commit message. Every commit requires a proper 
message explaining what and why as per [1], even if it's covered by the 
bugzilla entry.

Thanks,
Paul

[1] http://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines

-- 

Paul Eggleton
Intel Open Source Technology Centre