From: Khem Raj <raj.khem@gmail.com>
To: Patches and discussions about the oe-core layer
<openembedded-core@lists.openembedded.org>,
Armin Kuster <akuster808@gmail.com>
Subject: Re: [PATCH 05/15] libidn: Fix hardened build with musl
Date: Fri, 2 Jun 2017 14:12:27 -0700 [thread overview]
Message-ID: <CAMKF1srgnO95oL5gZVbt++sby+7rXYpVNDfg=r+9z7Eujh3oow@mail.gmail.com> (raw)
In-Reply-To: <20170522050042.42403-5-raj.khem@gmail.com>
Armin
Please backport this patch to pyro as well.
On Sun, May 21, 2017 at 10:00 PM, Khem Raj <raj.khem@gmail.com> wrote:
> Re-introduce the patch that was deemed to be not needed
> but it infact is still needed with musl
>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> ---
> .../libidn/0001-idn-format-security-warnings.patch | 181 +++++++++++++++++++++
> meta/recipes-extended/libidn/libidn_1.33.bb | 1 +
> 2 files changed, 182 insertions(+)
> create mode 100644 meta/recipes-extended/libidn/libidn/0001-idn-format-security-warnings.patch
>
> diff --git a/meta/recipes-extended/libidn/libidn/0001-idn-format-security-warnings.patch b/meta/recipes-extended/libidn/libidn/0001-idn-format-security-warnings.patch
> new file mode 100644
> index 0000000000..5adc7d9fd9
> --- /dev/null
> +++ b/meta/recipes-extended/libidn/libidn/0001-idn-format-security-warnings.patch
> @@ -0,0 +1,181 @@
> +From 82f98dcbc429bbe89a9837c533cbcbc02e77c790 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <adraszik@tycoint.com>
> +Date: Tue, 28 Jun 2016 12:43:31 +0100
> +Subject: [PATCH] idn: fix printf() format security warnings
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +| ../../libidn-1.32/src/idn.c: In function 'main':
> +| ../../libidn-1.32/src/idn.c:172:7: error: format not a string literal and no format arguments [-Werror=format-security]
> +| error (0, 0, _("only one of -s, -e, -d, -a, -u or -n can be specified"));
> +| ^~~~~
> +| ../../libidn-1.32/src/idn.c:187:5: error: format not a string literal and no format arguments [-Werror=format-security]
> +| fprintf (stderr, _("Type each input string on a line by itself, "
> +| ^~~~~~~
> +| ../../libidn-1.32/src/idn.c:202:4: error: format not a string literal and no format arguments [-Werror=format-security]
> +| error (EXIT_FAILURE, errno, _("input error"));
> +| ^~~~~
> +| ../../libidn-1.32/src/idn.c:220:8: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:245:8: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:281:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:340:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UCS-4 to UTF-8"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:364:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UCS-4 to UTF-8"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:442:8: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UCS-4 to UTF-8"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:498:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:527:5: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:540:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| error (EXIT_FAILURE, 0, _("could not do NFKC normalization"));
> +| ^~~~~
> +| ../../libidn-1.32/src/idn.c:551:5: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +
> +Signed-off-by: André Draszik <adraszik@tycoint.com>
> +---
> +Upstream-Status: Pending
> +
> + src/idn.c | 27 ++++++++++++++-------------
> + 1 file changed, 14 insertions(+), 13 deletions(-)
> +
> +diff --git a/src/idn.c b/src/idn.c
> +index be1c7d1..68e4291 100644
> +--- a/src/idn.c
> ++++ b/src/idn.c
> +@@ -170,7 +170,7 @@ main (int argc, char *argv[])
> + (args_info.idna_to_unicode_given ? 1 : 0) +
> + (args_info.nfkc_given ? 1 : 0) != 1)
> + {
> +- error (0, 0, _("only one of -s, -e, -d, -a, -u or -n can be specified"));
> ++ error (0, 0, "%s", _("only one of -s, -e, -d, -a, -u or -n can be specified"));
> + usage (EXIT_FAILURE);
> + }
> +
> +@@ -185,7 +185,7 @@ main (int argc, char *argv[])
> + if (!args_info.quiet_given
> + && args_info.inputs_num == 0
> + && isatty (fileno (stdin)))
> +- fprintf (stderr, _("Type each input string on a line by itself, "
> ++ fprintf (stderr, "%s", _("Type each input string on a line by itself, "
> + "terminated by a newline character.\n"));
> +
> + do
> +@@ -197,7 +197,7 @@ main (int argc, char *argv[])
> + if (feof (stdin))
> + break;
> +
> +- error (EXIT_FAILURE, errno, _("input error"));
> ++ error (EXIT_FAILURE, errno, "%s", _("input error"));
> + }
> +
> + if (strlen (line) > 0)
> +@@ -215,7 +215,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (p);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> + }
> +
> +@@ -240,7 +240,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (r);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> + }
> +
> +@@ -277,7 +277,7 @@ main (int argc, char *argv[])
> + q = stringprep_utf8_to_ucs4 (p, -1, &len);
> + free (p);
> + if (!q)
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> +
> + if (args_info.debug_given)
> +@@ -336,7 +336,7 @@ main (int argc, char *argv[])
> + r = stringprep_ucs4_to_utf8 (q, -1, NULL, NULL);
> + free (q);
> + if (!r)
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UCS-4 to UTF-8"));
> +
> + p = stringprep_utf8_to_locale (r);
> +@@ -360,7 +360,7 @@ main (int argc, char *argv[])
> + q = stringprep_utf8_to_ucs4 (p, -1, NULL);
> + free (p);
> + if (!q)
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UCS-4 to UTF-8"));
> +
> + if (args_info.debug_given)
> +@@ -438,7 +438,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (p);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UCS-4 to UTF-8"));
> + }
> +
> +@@ -494,7 +494,7 @@ main (int argc, char *argv[])
> + r = stringprep_ucs4_to_utf8 (q, -1, NULL, NULL);
> + free (q);
> + if (!r)
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> +
> + p = stringprep_utf8_to_locale (r);
> +@@ -523,7 +523,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (p);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> + }
> +
> +@@ -537,7 +537,8 @@ main (int argc, char *argv[])
> + r = stringprep_utf8_nfkc_normalize (p, -1);
> + free (p);
> + if (!r)
> +- error (EXIT_FAILURE, 0, _("could not do NFKC normalization"));
> ++ error (EXIT_FAILURE, 0, "%s",
> ++ _("could not do NFKC normalization"));
> +
> + if (args_info.debug_given)
> + {
> +@@ -547,7 +548,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (r);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> + }
> +
> +--
> +2.8.1
> +
> diff --git a/meta/recipes-extended/libidn/libidn_1.33.bb b/meta/recipes-extended/libidn/libidn_1.33.bb
> index 109cc7f3f5..9e8bdbae18 100644
> --- a/meta/recipes-extended/libidn/libidn_1.33.bb
> +++ b/meta/recipes-extended/libidn/libidn_1.33.bb
> @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/libidn/${BPN}-${PV}.tar.gz \
> file://dont-depend-on-help2man.patch \
> file://0001-idn-fix-printf-format-security-warnings.patch \
> file://gcc7-compatibility.patch \
> + file://0001-idn-format-security-warnings.patch \
> "
>
> SRC_URI[md5sum] = "a9aa7e003665de9c82bd3f9fc6ccf308"
> --
> 2.13.0
>
next prev parent reply other threads:[~2017-06-02 21:12 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-22 5:00 [PATCH 01/15] musl: Update to latest master Khem Raj
2017-05-22 5:00 ` [PATCH 02/15] libnsl2: Add recipe Khem Raj
2017-05-22 5:00 ` [PATCH 03/15] grub: Update to 2.02 Khem Raj
2017-05-22 5:00 ` [PATCH 04/15] glew: Compile with -D_GNU_SOURCE Khem Raj
2017-05-22 5:00 ` [PATCH 05/15] libidn: Fix hardened build with musl Khem Raj
2017-06-02 21:12 ` Khem Raj [this message]
2017-05-22 5:00 ` [PATCH 06/15] libgcrypt: Do not restrict to ARM ISA Khem Raj
2017-05-22 5:00 ` [PATCH 07/15] webkitgtk: Fix build for armv5 Khem Raj
2017-05-22 5:00 ` [PATCH 08/15] xkeyboard-config: Enable nls support explicitly Khem Raj
2017-05-23 23:50 ` Khem Raj
2017-05-22 5:00 ` [PATCH 09/15] systemd: Make knobs for compiler specific nn, ar, ranlib Khem Raj
2017-05-22 5:00 ` [PATCH 10/15] db: Add --tag=CC to cross libtool invocation Khem Raj
2017-05-23 13:14 ` Burton, Ross
2017-05-23 14:32 ` Khem Raj
2017-05-23 14:44 ` Burton, Ross
2017-05-23 14:48 ` Khem Raj
2017-05-23 14:54 ` Burton, Ross
2017-05-23 15:02 ` Burton, Ross
2017-05-23 15:10 ` Khem Raj
2017-05-22 5:00 ` [PATCH 11/15] linux-yocto: Enable drm by default Khem Raj
2017-05-22 14:46 ` Bruce Ashfield
2017-05-22 17:06 ` Khem Raj
2017-05-23 19:36 ` Bruce Ashfield
2017-05-25 2:40 ` Bruce Ashfield
2017-05-25 2:46 ` Khem Raj
2017-05-25 12:01 ` Bruce Ashfield
2017-05-22 5:00 ` [PATCH 12/15] iproute2: Fix build error due to missing stdint.h> include Khem Raj
2017-05-22 5:00 ` [PATCH 13/15] nfs-utils: " Khem Raj
2017-05-22 5:00 ` [PATCH 14/15] libtirpc: " Khem Raj
2017-05-22 5:00 ` [PATCH 15/15] nspr: " Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMKF1srgnO95oL5gZVbt++sby+7rXYpVNDfg=r+9z7Eujh3oow@mail.gmail.com' \
--to=raj.khem@gmail.com \
--cc=akuster808@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.