[oe] [meta-xfce][PATCH 37/43] xarchiver: Fix build with security flags turned on
Martin Jansa
martin.jansa at gmail.com
Sun Apr 2 07:16:02 UTC 2017
../../git/src/window.c:234:52: error: incompatible type for argument 4
of 'gtk_message_dialog_new'
dialog = gtk_message_dialog_new (window,mode,type,"%s",button,message1);
^~~~
http://errors.yoctoproject.org/Errors/Details/138844/
On Fri, Mar 31, 2017 at 6:42 PM, Khem Raj <raj.khem at gmail.com> wrote:
> Signed-off-by: Khem Raj <raj.khem at gmail.com>
> ---
> ...formatting-string-to-printf-like-function.patch | 43
> ++++++++++++++++++++++
> meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb | 4 +-
> 2 files changed, 46 insertions(+), 1 deletion(-)
> create mode 100644 meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-
> proper-formatting-string-to-printf-like-function.patch
>
> diff --git a/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-
> proper-formatting-string-to-printf-like-function.patch
> b/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-
> proper-formatting-string-to-printf-like-function.patch
> new file mode 100644
> index 000000000..2d7eb9a5d
> --- /dev/null
> +++ b/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-
> proper-formatting-string-to-printf-like-function.patch
> @@ -0,0 +1,43 @@
> +From baf93ea9acf845c5455d577ac19a6f680dac3d2d Mon Sep 17 00:00:00 2001
> +From: Khem Raj <raj.khem at gmail.com>
> +Date: Thu, 30 Mar 2017 11:22:42 -0700
> +Subject: [PATCH] Add proper formatting string to printf-like functions
> +
> +Avoids potential security holes and makes compiler happy
> +
> +| ../../../../../../../workspace/sources/xarchiver/src/window.c:236:72:
> error: format string is not a string literal (potentially insecure)
> [-Werror,-Wformat-security]
> +| gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG
> (dialog),message2);
> +
> +Signed-off-by: Khem Raj <raj.khem at gmail.com>
> +---
> + src/window.c | 6 +++---
> + 1 file changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/src/window.c b/src/window.c
> +index ca2f69f..3b10e2c 100644
> +--- a/src/window.c
> ++++ b/src/window.c
> +@@ -231,9 +231,9 @@ int xa_show_message_dialog (GtkWindow *window,int
> mode,int type,int button,const
> + {
> + int response;
> +
> +- dialog = gtk_message_dialog_new (window,mode,type,button,
> message1);
> ++ dialog = gtk_message_dialog_new (window,mode,type,"%s",button,
> message1);
> + gtk_dialog_set_default_response (GTK_DIALOG
> (dialog),GTK_RESPONSE_NO);
> +- gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG
> (dialog),message2);
> ++ gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG
> (dialog),"%s",message2);
> + response = gtk_dialog_run (GTK_DIALOG (dialog));
> + gtk_widget_destroy (GTK_WIDGET (dialog));
> + return response;
> +@@ -511,7 +511,7 @@ void xa_list_archive (GtkMenuItem *menuitem,gpointer
> data)
> + g_fprintf (stream,_("Comment:\n"));
> + if (bp)
> + g_fprintf(stream,"</b><pre>");
> +- g_fprintf (stream,archive[idx]->comment->str);
> ++ g_fprintf (stream,"%s",archive[idx]->
> comment->str);
> + if (bp)
> + g_fprintf(stream,"</pre>");
> + g_fprintf (stream,"\n");
> +--
> +2.12.1
> +
> diff --git a/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb
> b/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb
> index ca299223d..ea34a52c1 100644
> --- a/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb
> +++ b/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb
> @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=
> 94d55d512a9ba36caa9b7df079bae19f"
>
> DEPENDS = "gtk+ glib-2.0 xfce4-dev-tools-native intltool-native"
>
> -SRC_URI = "git://github.com/schnitzeltony/xarchiver.git;branch=master"
> +SRC_URI = "git://github.com/schnitzeltony/xarchiver.git;branch=master \
> + file://0001-Add-proper-formatting-string-to-printf-like-function.patch
> \
> + "
> SRCREV = "e80e90528c9aab2fe36d9078b945b44c05cc20d3"
> PV = "0.5.3"
> S = "${WORKDIR}/git"
> --
> 2.12.1
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
More information about the Openembedded-devel
mailing list