| Message ID | 1469546790-24621-1-git-send-email-git@andred.net |
|---|---|
| State | Accepted |
| Commit | 45bc8a2c4bbe252526d5eee2547f8b9e06165e5a |
| Headers | show |
diff --git a/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch b/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch new file mode 100644 index 0000000..5405c84 --- /dev/null +++ b/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch @@ -0,0 +1,35 @@ +From e5837a42f8f48a6a721805ff8f7fcd32861d09ca Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <adraszik@tycoint.com> +Date: Tue, 26 Jul 2016 13:09:47 +0100 +Subject: [PATCH] help: fix printf() format security warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def: In function 'help_builtin': +| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def:130:7: error: format not a string literal and no format arguments [-Werror=format-security] +| printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); +| ^~~~~~ + +Signed-off-by: André Draszik <adraszik@tycoint.com> +--- +Upstream-Status: Pending + builtins/help.def | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/builtins/help.def b/builtins/help.def +index 1894f17..cf624c6 100644 +--- a/builtins/help.def ++++ b/builtins/help.def +@@ -127,7 +127,7 @@ help_builtin (list) + + if (glob_pattern_p (list->word->word)) + { +- printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); ++ printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); + print_word_list (list, ", "); + printf ("'\n\n"); + } +-- +2.8.1 + diff --git a/meta/recipes-extended/bash/bash_4.3.30.bb b/meta/recipes-extended/bash/bash_4.3.30.bb index 95ed392..16a3139 100644 --- a/meta/recipes-extended/bash/bash_4.3.30.bb +++ b/meta/recipes-extended/bash/bash_4.3.30.bb @@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ file://fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch \ file://run-ptest \ file://fix-run-builtins.patch \ + file://0001-help-fix-printf-format-security-warning.patch \ " SRC_URI[tarball.md5sum] = "a27b3ee9be83bd3ba448c0ff52b28447"
This change is good. please install it. I think we should think of using security flags as default for AB since thats much stricter and will catch more errors than normal flags. Eventually, in 2.3 timeframe we should contemplate hardening toolchain to default to PIE/pie > On Jul 26, 2016, at 8:26 AM, André Draszik <git@andred.net> wrote: > > From: André Draszik <adraszik@tycoint.com> > > Signed-off-by: André Draszik <adraszik@tycoint.com> > --- > ...1-help-fix-printf-format-security-warning.patch | 35 ++++++++++++++++++++++ > meta/recipes-extended/bash/bash_4.3.30.bb | 1 + > 2 files changed, 36 insertions(+) > create mode 100644 meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch > > diff --git a/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch b/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch > new file mode 100644 > index 0000000..5405c84 > --- /dev/null > +++ b/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch > @@ -0,0 +1,35 @@ > +From e5837a42f8f48a6a721805ff8f7fcd32861d09ca Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <adraszik@tycoint.com> > +Date: Tue, 26 Jul 2016 13:09:47 +0100 > +Subject: [PATCH] help: fix printf() format security warning > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def: In function 'help_builtin': > +| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def:130:7: error: format not a string literal and no format arguments [-Werror=format-security] > +| printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); > +| ^~~~~~ > + > +Signed-off-by: André Draszik <adraszik@tycoint.com> > +--- > +Upstream-Status: Pending > + builtins/help.def | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/builtins/help.def b/builtins/help.def > +index 1894f17..cf624c6 100644 > +--- a/builtins/help.def > ++++ b/builtins/help.def > +@@ -127,7 +127,7 @@ help_builtin (list) > + > + if (glob_pattern_p (list->word->word)) > + { > +- printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); > ++ printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); > + print_word_list (list, ", "); > + printf ("'\n\n"); > + } > +-- > +2.8.1 > + > diff --git a/meta/recipes-extended/bash/bash_4.3.30.bb b/meta/recipes-extended/bash/bash_4.3.30.bb > index 95ed392..16a3139 100644 > --- a/meta/recipes-extended/bash/bash_4.3.30.bb > +++ b/meta/recipes-extended/bash/bash_4.3.30.bb > @@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ > file://fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch \ > file://run-ptest \ > file://fix-run-builtins.patch \ > + file://0001-help-fix-printf-format-security-warning.patch \ > " > > SRC_URI[tarball.md5sum] = "a27b3ee9be83bd3ba448c0ff52b28447" > -- > 2.8.1 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core