[OE-core] [PATCH 05/15] libidn: Fix hardened build with musl
Khem Raj
raj.khem at gmail.com
Fri Jun 2 21:12:27 UTC 2017
Armin
Please backport this patch to pyro as well.
On Sun, May 21, 2017 at 10:00 PM, Khem Raj <raj.khem at gmail.com> wrote:
> Re-introduce the patch that was deemed to be not needed
> but it infact is still needed with musl
>
> Signed-off-by: Khem Raj <raj.khem at gmail.com>
> ---
> .../libidn/0001-idn-format-security-warnings.patch | 181 +++++++++++++++++++++
> meta/recipes-extended/libidn/libidn_1.33.bb | 1 +
> 2 files changed, 182 insertions(+)
> create mode 100644 meta/recipes-extended/libidn/libidn/0001-idn-format-security-warnings.patch
>
> diff --git a/meta/recipes-extended/libidn/libidn/0001-idn-format-security-warnings.patch b/meta/recipes-extended/libidn/libidn/0001-idn-format-security-warnings.patch
> new file mode 100644
> index 0000000000..5adc7d9fd9
> --- /dev/null
> +++ b/meta/recipes-extended/libidn/libidn/0001-idn-format-security-warnings.patch
> @@ -0,0 +1,181 @@
> +From 82f98dcbc429bbe89a9837c533cbcbc02e77c790 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <adraszik at tycoint.com>
> +Date: Tue, 28 Jun 2016 12:43:31 +0100
> +Subject: [PATCH] idn: fix printf() format security warnings
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +| ../../libidn-1.32/src/idn.c: In function 'main':
> +| ../../libidn-1.32/src/idn.c:172:7: error: format not a string literal and no format arguments [-Werror=format-security]
> +| error (0, 0, _("only one of -s, -e, -d, -a, -u or -n can be specified"));
> +| ^~~~~
> +| ../../libidn-1.32/src/idn.c:187:5: error: format not a string literal and no format arguments [-Werror=format-security]
> +| fprintf (stderr, _("Type each input string on a line by itself, "
> +| ^~~~~~~
> +| ../../libidn-1.32/src/idn.c:202:4: error: format not a string literal and no format arguments [-Werror=format-security]
> +| error (EXIT_FAILURE, errno, _("input error"));
> +| ^~~~~
> +| ../../libidn-1.32/src/idn.c:220:8: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:245:8: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:281:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:340:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UCS-4 to UTF-8"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:364:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UCS-4 to UTF-8"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:442:8: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UCS-4 to UTF-8"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:498:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:527:5: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +| ../../libidn-1.32/src/idn.c:540:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +| error (EXIT_FAILURE, 0, _("could not do NFKC normalization"));
> +| ^~~~~
> +| ../../libidn-1.32/src/idn.c:551:5: error: format not a string literal and no format arguments [-Werror=format-security]
> +| _("could not convert from UTF-8 to UCS-4"));
> +| ^
> +
> +Signed-off-by: André Draszik <adraszik at tycoint.com>
> +---
> +Upstream-Status: Pending
> +
> + src/idn.c | 27 ++++++++++++++-------------
> + 1 file changed, 14 insertions(+), 13 deletions(-)
> +
> +diff --git a/src/idn.c b/src/idn.c
> +index be1c7d1..68e4291 100644
> +--- a/src/idn.c
> ++++ b/src/idn.c
> +@@ -170,7 +170,7 @@ main (int argc, char *argv[])
> + (args_info.idna_to_unicode_given ? 1 : 0) +
> + (args_info.nfkc_given ? 1 : 0) != 1)
> + {
> +- error (0, 0, _("only one of -s, -e, -d, -a, -u or -n can be specified"));
> ++ error (0, 0, "%s", _("only one of -s, -e, -d, -a, -u or -n can be specified"));
> + usage (EXIT_FAILURE);
> + }
> +
> +@@ -185,7 +185,7 @@ main (int argc, char *argv[])
> + if (!args_info.quiet_given
> + && args_info.inputs_num == 0
> + && isatty (fileno (stdin)))
> +- fprintf (stderr, _("Type each input string on a line by itself, "
> ++ fprintf (stderr, "%s", _("Type each input string on a line by itself, "
> + "terminated by a newline character.\n"));
> +
> + do
> +@@ -197,7 +197,7 @@ main (int argc, char *argv[])
> + if (feof (stdin))
> + break;
> +
> +- error (EXIT_FAILURE, errno, _("input error"));
> ++ error (EXIT_FAILURE, errno, "%s", _("input error"));
> + }
> +
> + if (strlen (line) > 0)
> +@@ -215,7 +215,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (p);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> + }
> +
> +@@ -240,7 +240,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (r);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> + }
> +
> +@@ -277,7 +277,7 @@ main (int argc, char *argv[])
> + q = stringprep_utf8_to_ucs4 (p, -1, &len);
> + free (p);
> + if (!q)
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> +
> + if (args_info.debug_given)
> +@@ -336,7 +336,7 @@ main (int argc, char *argv[])
> + r = stringprep_ucs4_to_utf8 (q, -1, NULL, NULL);
> + free (q);
> + if (!r)
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UCS-4 to UTF-8"));
> +
> + p = stringprep_utf8_to_locale (r);
> +@@ -360,7 +360,7 @@ main (int argc, char *argv[])
> + q = stringprep_utf8_to_ucs4 (p, -1, NULL);
> + free (p);
> + if (!q)
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UCS-4 to UTF-8"));
> +
> + if (args_info.debug_given)
> +@@ -438,7 +438,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (p);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UCS-4 to UTF-8"));
> + }
> +
> +@@ -494,7 +494,7 @@ main (int argc, char *argv[])
> + r = stringprep_ucs4_to_utf8 (q, -1, NULL, NULL);
> + free (q);
> + if (!r)
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> +
> + p = stringprep_utf8_to_locale (r);
> +@@ -523,7 +523,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (p);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> + }
> +
> +@@ -537,7 +537,8 @@ main (int argc, char *argv[])
> + r = stringprep_utf8_nfkc_normalize (p, -1);
> + free (p);
> + if (!r)
> +- error (EXIT_FAILURE, 0, _("could not do NFKC normalization"));
> ++ error (EXIT_FAILURE, 0, "%s",
> ++ _("could not do NFKC normalization"));
> +
> + if (args_info.debug_given)
> + {
> +@@ -547,7 +548,7 @@ main (int argc, char *argv[])
> + if (!q)
> + {
> + free (r);
> +- error (EXIT_FAILURE, 0,
> ++ error (EXIT_FAILURE, 0, "%s",
> + _("could not convert from UTF-8 to UCS-4"));
> + }
> +
> +--
> +2.8.1
> +
> diff --git a/meta/recipes-extended/libidn/libidn_1.33.bb b/meta/recipes-extended/libidn/libidn_1.33.bb
> index 109cc7f3f5..9e8bdbae18 100644
> --- a/meta/recipes-extended/libidn/libidn_1.33.bb
> +++ b/meta/recipes-extended/libidn/libidn_1.33.bb
> @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/libidn/${BPN}-${PV}.tar.gz \
> file://dont-depend-on-help2man.patch \
> file://0001-idn-fix-printf-format-security-warnings.patch \
> file://gcc7-compatibility.patch \
> + file://0001-idn-format-security-warnings.patch \
> "
>
> SRC_URI[md5sum] = "a9aa7e003665de9c82bd3f9fc6ccf308"
> --
> 2.13.0
>
More information about the Openembedded-core
mailing list