diff mbox series

[oe,meta-xfce,37/43] xarchiver: Fix build with security flags turned on

Message ID 20170331164247.5052-37-raj.khem@gmail.com
State Accepted
Commit 2ae91ddd68e1b621873baa319eaa05080719dfd1
Headers show
Series [oe,meta-oe,01/43] gpm: Update to use git src uri | expand

Commit Message

Khem Raj March 31, 2017, 4:42 p.m. UTC 
Signed-off-by: Khem Raj <raj.khem@gmail.com>

---
 ...formatting-string-to-printf-like-function.patch | 43 ++++++++++++++++++++++
 meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb  |  4 +-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-proper-formatting-string-to-printf-like-function.patch

-- 
2.12.1

-- 
_______________________________________________
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Comments

Martin Jansa April 2, 2017, 7:16 a.m. UTC | #1 
../../git/src/window.c:234:52: error: incompatible type for argument 4
of 'gtk_message_dialog_new'
  dialog = gtk_message_dialog_new (window,mode,type,"%s",button,message1);
                                                    ^~~~

http://errors.yoctoproject.org/Errors/Details/138844/


On Fri, Mar 31, 2017 at 6:42 PM, Khem Raj <raj.khem@gmail.com> wrote:

> Signed-off-by: Khem Raj <raj.khem@gmail.com>

> ---

>  ...formatting-string-to-printf-like-function.patch | 43

> ++++++++++++++++++++++

>  meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb  |  4 +-

>  2 files changed, 46 insertions(+), 1 deletion(-)

>  create mode 100644 meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-

> proper-formatting-string-to-printf-like-function.patch

>

> diff --git a/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-

> proper-formatting-string-to-printf-like-function.patch

> b/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-

> proper-formatting-string-to-printf-like-function.patch

> new file mode 100644

> index 000000000..2d7eb9a5d

> --- /dev/null

> +++ b/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-

> proper-formatting-string-to-printf-like-function.patch

> @@ -0,0 +1,43 @@

> +From baf93ea9acf845c5455d577ac19a6f680dac3d2d Mon Sep 17 00:00:00 2001

> +From: Khem Raj <raj.khem@gmail.com>

> +Date: Thu, 30 Mar 2017 11:22:42 -0700

> +Subject: [PATCH] Add proper formatting string to printf-like functions

> +

> +Avoids potential security holes and makes compiler happy

> +

> +| ../../../../../../../workspace/sources/xarchiver/src/window.c:236:72:

> error: format string is not a string literal (potentially insecure)

> [-Werror,-Wformat-security]

> +|         gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG

> (dialog),message2);

> +

> +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> +---

> + src/window.c | 6 +++---

> + 1 file changed, 3 insertions(+), 3 deletions(-)

> +

> +diff --git a/src/window.c b/src/window.c

> +index ca2f69f..3b10e2c 100644

> +--- a/src/window.c

> ++++ b/src/window.c

> +@@ -231,9 +231,9 @@ int xa_show_message_dialog (GtkWindow *window,int

> mode,int type,int button,const

> + {

> +       int response;

> +

> +-      dialog = gtk_message_dialog_new (window,mode,type,button,

> message1);

> ++      dialog = gtk_message_dialog_new (window,mode,type,"%s",button,

> message1);

> +       gtk_dialog_set_default_response (GTK_DIALOG

> (dialog),GTK_RESPONSE_NO);

> +-      gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG

> (dialog),message2);

> ++      gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG

> (dialog),"%s",message2);

> +       response = gtk_dialog_run (GTK_DIALOG (dialog));

> +       gtk_widget_destroy (GTK_WIDGET (dialog));

> +       return response;

> +@@ -511,7 +511,7 @@ void xa_list_archive (GtkMenuItem *menuitem,gpointer

> data)

> +                       g_fprintf (stream,_("Comment:\n"));

> +                       if (bp)

> +                               g_fprintf(stream,"</b><pre>");

> +-                      g_fprintf (stream,archive[idx]->comment->str);

> ++                      g_fprintf (stream,"%s",archive[idx]->

> comment->str);

> +                       if (bp)

> +                               g_fprintf(stream,"</pre>");

> +                       g_fprintf (stream,"\n");

> +--

> +2.12.1

> +

> diff --git a/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb

> b/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb

> index ca299223d..ea34a52c1 100644

> --- a/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb

> +++ b/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb

> @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=

> 94d55d512a9ba36caa9b7df079bae19f"

>

>  DEPENDS = "gtk+ glib-2.0 xfce4-dev-tools-native intltool-native"

>

> -SRC_URI = "git://github.com/schnitzeltony/xarchiver.git;branch=master"

> +SRC_URI = "git://github.com/schnitzeltony/xarchiver.git;branch=master \

> +           file://0001-Add-proper-formatting-string-to-printf-like-function.patch

> \

> +           "

>  SRCREV = "e80e90528c9aab2fe36d9078b945b44c05cc20d3"

>  PV = "0.5.3"

>  S = "${WORKDIR}/git"

> --

> 2.12.1

>

> --

> _______________________________________________

> Openembedded-devel mailing list

> Openembedded-devel@lists.openembedded.org

> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

>

-- 
_______________________________________________
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Khem Raj April 5, 2017, 5:14 p.m. UTC | #2 
On Sun, Apr 2, 2017 at 12:16 AM, Martin Jansa <martin.jansa@gmail.com> wrote:
> ../../git/src/window.c:234:52: error: incompatible type for argument 4 of

> 'gtk_message_dialog_new'

>   dialog = gtk_message_dialog_new (window,mode,type,"%s",button,message1);

>                                                     ^~~~

>

> http://errors.yoctoproject.org/Errors/Details/138844/

>


Fixed with

https://github.com/kraj/meta-openembedded/commit/30cfd14c1a50d3f79f58dea4012d897a64082ded

>

> On Fri, Mar 31, 2017 at 6:42 PM, Khem Raj <raj.khem@gmail.com> wrote:

>>

>> Signed-off-by: Khem Raj <raj.khem@gmail.com>

>> ---

>>  ...formatting-string-to-printf-like-function.patch | 43

>> ++++++++++++++++++++++

>>  meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb  |  4 +-

>>  2 files changed, 46 insertions(+), 1 deletion(-)

>>  create mode 100644

>> meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-proper-formatting-string-to-printf-like-function.patch

>>

>> diff --git

>> a/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-proper-formatting-string-to-printf-like-function.patch

>> b/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-proper-formatting-string-to-printf-like-function.patch

>> new file mode 100644

>> index 000000000..2d7eb9a5d

>> --- /dev/null

>> +++

>> b/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-proper-formatting-string-to-printf-like-function.patch

>> @@ -0,0 +1,43 @@

>> +From baf93ea9acf845c5455d577ac19a6f680dac3d2d Mon Sep 17 00:00:00 2001

>> +From: Khem Raj <raj.khem@gmail.com>

>> +Date: Thu, 30 Mar 2017 11:22:42 -0700

>> +Subject: [PATCH] Add proper formatting string to printf-like functions

>> +

>> +Avoids potential security holes and makes compiler happy

>> +

>> +| ../../../../../../../workspace/sources/xarchiver/src/window.c:236:72:

>> error: format string is not a string literal (potentially insecure)

>> [-Werror,-Wformat-security]

>> +|         gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG

>> (dialog),message2);

>> +

>> +Signed-off-by: Khem Raj <raj.khem@gmail.com>

>> +---

>> + src/window.c | 6 +++---

>> + 1 file changed, 3 insertions(+), 3 deletions(-)

>> +

>> +diff --git a/src/window.c b/src/window.c

>> +index ca2f69f..3b10e2c 100644

>> +--- a/src/window.c

>> ++++ b/src/window.c

>> +@@ -231,9 +231,9 @@ int xa_show_message_dialog (GtkWindow *window,int

>> mode,int type,int button,const

>> + {

>> +       int response;

>> +

>> +-      dialog = gtk_message_dialog_new

>> (window,mode,type,button,message1);

>> ++      dialog = gtk_message_dialog_new

>> (window,mode,type,"%s",button,message1);

>> +       gtk_dialog_set_default_response (GTK_DIALOG

>> (dialog),GTK_RESPONSE_NO);

>> +-      gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG

>> (dialog),message2);

>> ++      gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG

>> (dialog),"%s",message2);

>> +       response = gtk_dialog_run (GTK_DIALOG (dialog));

>> +       gtk_widget_destroy (GTK_WIDGET (dialog));

>> +       return response;

>> +@@ -511,7 +511,7 @@ void xa_list_archive (GtkMenuItem *menuitem,gpointer

>> data)

>> +                       g_fprintf (stream,_("Comment:\n"));

>> +                       if (bp)

>> +                               g_fprintf(stream,"</b><pre>");

>> +-                      g_fprintf (stream,archive[idx]->comment->str);

>> ++                      g_fprintf

>> (stream,"%s",archive[idx]->comment->str);

>> +                       if (bp)

>> +                               g_fprintf(stream,"</pre>");

>> +                       g_fprintf (stream,"\n");

>> +--

>> +2.12.1

>> +

>> diff --git a/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb

>> b/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb

>> index ca299223d..ea34a52c1 100644

>> --- a/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb

>> +++ b/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb

>> @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM =

>> "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"

>>

>>  DEPENDS = "gtk+ glib-2.0 xfce4-dev-tools-native intltool-native"

>>

>> -SRC_URI = "git://github.com/schnitzeltony/xarchiver.git;branch=master"

>> +SRC_URI = "git://github.com/schnitzeltony/xarchiver.git;branch=master \

>> +

>> file://0001-Add-proper-formatting-string-to-printf-like-function.patch \

>> +           "

>>  SRCREV = "e80e90528c9aab2fe36d9078b945b44c05cc20d3"

>>  PV = "0.5.3"

>>  S = "${WORKDIR}/git"

>> --

>> 2.12.1

>>

>> --

>> _______________________________________________

>> Openembedded-devel mailing list

>> Openembedded-devel@lists.openembedded.org

>> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

>

>

-- 
_______________________________________________
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
diff mbox series

Patch

diff --git a/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-proper-formatting-string-to-printf-like-function.patch b/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-proper-formatting-string-to-printf-like-function.patch
new file mode 100644
index 000000000..2d7eb9a5d
--- /dev/null
+++ b/meta-xfce/recipes-apps/xarchiver/xarchiver/0001-Add-proper-formatting-string-to-printf-like-function.patch
@@ -0,0 +1,43 @@ 
+From baf93ea9acf845c5455d577ac19a6f680dac3d2d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 30 Mar 2017 11:22:42 -0700
+Subject: [PATCH] Add proper formatting string to printf-like functions
+
+Avoids potential security holes and makes compiler happy
+
+| ../../../../../../../workspace/sources/xarchiver/src/window.c:236:72: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
+|         gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog),message2);
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/window.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/window.c b/src/window.c
+index ca2f69f..3b10e2c 100644
+--- a/src/window.c
++++ b/src/window.c
+@@ -231,9 +231,9 @@ int xa_show_message_dialog (GtkWindow *window,int mode,int type,int button,const
+ {
+ 	int response;
+ 
+-	dialog = gtk_message_dialog_new (window,mode,type,button,message1);
++	dialog = gtk_message_dialog_new (window,mode,type,"%s",button,message1);
+ 	gtk_dialog_set_default_response (GTK_DIALOG (dialog),GTK_RESPONSE_NO);
+-	gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog),message2);
++	gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog),"%s",message2);
+ 	response = gtk_dialog_run (GTK_DIALOG (dialog));
+ 	gtk_widget_destroy (GTK_WIDGET (dialog));
+ 	return response;
+@@ -511,7 +511,7 @@ void xa_list_archive (GtkMenuItem *menuitem,gpointer data)
+ 			g_fprintf (stream,_("Comment:\n"));
+ 			if (bp)
+ 				g_fprintf(stream,"</b><pre>");
+-			g_fprintf (stream,archive[idx]->comment->str);
++			g_fprintf (stream,"%s",archive[idx]->comment->str);
+ 			if (bp)
+ 				g_fprintf(stream,"</pre>");
+ 			g_fprintf (stream,"\n");
+-- 
+2.12.1
+
diff --git a/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb b/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb
index ca299223d..ea34a52c1 100644
--- a/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb
+++ b/meta-xfce/recipes-apps/xarchiver/xarchiver_git.bb
@@ -7,7 +7,9 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
 DEPENDS = "gtk+ glib-2.0 xfce4-dev-tools-native intltool-native"
 
-SRC_URI = "git://github.com/schnitzeltony/xarchiver.git;branch=master"
+SRC_URI = "git://github.com/schnitzeltony/xarchiver.git;branch=master \
+           file://0001-Add-proper-formatting-string-to-printf-like-function.patch \
+           "
 SRCREV = "e80e90528c9aab2fe36d9078b945b44c05cc20d3"
 PV = "0.5.3"
 S = "${WORKDIR}/git"