* [PATCH v1] unzip: fix security issues
@ 2016-05-27 20:29 Edwin Plauchu
2016-05-30 15:37 ` Plauchu Edwin
0 siblings, 1 reply; 5+ messages in thread
From: Edwin Plauchu @ 2016-05-27 20:29 UTC (permalink / raw)
To: openembedded-core; +Cc: Edwin Plauchu
From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
This patch avoids unzip fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9551]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
---
meta/conf/distro/include/security_flags.inc | 1 -
.../unzip/unzip/fix-security-format.patch | 139 +++++++++++++++++++++
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
3 files changed, 140 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/unzip/unzip/fix-security-format.patch
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index febedfa..fc4c581 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -104,7 +104,6 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
SECURITY_STRINGFORMAT_pn-gettext = ""
SECURITY_STRINGFORMAT_pn-kexec-tools = ""
SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
-SECURITY_STRINGFORMAT_pn-unzip = ""
TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
diff --git a/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
new file mode 100644
index 0000000..c82f502
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
@@ -0,0 +1,139 @@
+unzip: Fixing security formatting issues
+
+Fix security formatting issues related to sprintf parameters expeted.
+
+[YOCTO #9551]
+[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
+
+Upstream-Status: Pending
+
+Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
+
+diff --git a/unzpriv.h b/unzpriv.h
+index c8d3eab..85e693a 100644
+--- a/unzpriv.h
++++ b/unzpriv.h
+@@ -1006,7 +1006,7 @@
+ # define LoadFarStringSmall(x) Qstrfix(x)
+ # define LoadFarStringSmall2(x) Qstrfix(x)
+ # else
+-# define LoadFarString(x) (char *)(x)
++# define LoadFarString(x) "%s",(char *)(x)
+ # define LoadFarStringSmall(x) (char *)(x)
+ # define LoadFarStringSmall2(x) (char *)(x)
+ # endif
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..ca779c2 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -588,8 +588,8 @@ unsigned readbuf(__G__ buf, size) /* return number of bytes read into buf */
+ else if (G.incnt < 0) {
+ /* another hack, but no real harm copying same thing twice */
+ (*G.message)((zvoid *)&G,
+- (uch *)LoadFarString(ReadError), /* CANNOT use slide */
+- (ulg)strlen(LoadFarString(ReadError)), 0x401);
++ (uch *)(char*)(ReadError), /* CANNOT use slide */
++ (ulg)strlen((char*)(ReadError)), 0x401);
+ return 0; /* discarding some data; better than lock-up */
+ }
+ /* buffer ALWAYS starts on a block boundary: */
+@@ -631,8 +631,8 @@ int readbyte(__G) /* refill inbuf and return a byte if available, else EOF */
+ } else if (G.incnt < 0) { /* "fail" (abort, retry, ...) returns this */
+ /* another hack, but no real harm copying same thing twice */
+ (*G.message)((zvoid *)&G,
+- (uch *)LoadFarString(ReadError),
+- (ulg)strlen(LoadFarString(ReadError)), 0x401);
++ (uch *)(char*)(ReadError),
++ (ulg)strlen((char*)(ReadError)), 0x401);
+ echon();
+ #ifdef WINDLL
+ longjmp(dll_error_return, 1);
+@@ -1356,7 +1356,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
+ ++((Uz_Globs *)pG)->lines;
+ if (((Uz_Globs *)pG)->lines >= ((Uz_Globs *)pG)->height)
+ (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
+- LoadFarString(MorePrompt), 1);
++ (char*)(MorePrompt), 1);
+ }
+ #endif /* MORE */
+ if (MSG_STDERR(flag) && ((Uz_Globs *)pG)->UzO.tflag &&
+@@ -1416,7 +1416,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
+ ((Uz_Globs *)pG)->sol = TRUE;
+ q = p + 1;
+ (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
+- LoadFarString(MorePrompt), 1);
++ (char*)(MorePrompt), 1);
+ }
+ }
+ INCSTR(p);
+@@ -2176,7 +2176,7 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
+ q = slide;
+ if (pause && G.extract_flag) /* don't pause for list/test */
+- (*G.mpause)((zvoid *)&G, LoadFarString(QuitPrompt), 0);
++ (*G.mpause)((zvoid *)&G, (char*)(QuitPrompt), 0);
+ }
+ }
+ (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
+diff --git a/unzip.c b/unzip.c
+index 2d94a38..ca135af 100644
+--- a/unzip.c
++++ b/unzip.c
+@@ -1079,7 +1079,7 @@ int unzip(__G__ argc, argv)
+ #ifndef _WIN32_WCE /* Win CE does not support environment variables */
+ if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvZipInfo),
+ LoadFarStringSmall2(EnvZipInfo2))) != PK_OK)
+- perror(LoadFarString(NoMemEnvArguments));
++ perror((char*)(NoMemEnvArguments));
+ #endif
+ } else
+ #endif /* !NO_ZIPINFO */
+@@ -1088,7 +1088,7 @@ int unzip(__G__ argc, argv)
+ #ifndef _WIN32_WCE /* Win CE does not support environment variables */
+ if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvUnZip),
+ LoadFarStringSmall2(EnvUnZip2))) != PK_OK)
+- perror(LoadFarString(NoMemEnvArguments));
++ perror((char*)(NoMemEnvArguments));
+ #endif
+ }
+
+diff --git a/zipinfo.c b/zipinfo.c
+index 0ac75b3..8a0887c 100644
+--- a/zipinfo.c
++++ b/zipinfo.c
+@@ -1640,14 +1640,14 @@ static int zi_long(__G__ pEndprev, error_in_archive)
+
+ *types = '\0';
+ if (*ef_ptr & 1) {
+- strcpy(types, LoadFarString(UTmodification));
++ strcpy(types, (char*)(UTmodification));
+ ++num;
+ }
+ if (*ef_ptr & 2) {
+ len = strlen(types);
+ if (num)
+ types[len++] = '/';
+- strcpy(types+len, LoadFarString(UTaccess));
++ strcpy(types+len, (char*)(UTaccess));
+ ++num;
+ if (*pEndprev > 0L)
+ *pEndprev += 4L;
+@@ -1656,7 +1656,7 @@ static int zi_long(__G__ pEndprev, error_in_archive)
+ len = strlen(types);
+ if (num)
+ types[len++] = '/';
+- strcpy(types+len, LoadFarString(UTcreation));
++ strcpy(types+len, (char *)(UTcreation));
+ ++num;
+ if (*pEndprev > 0L)
+ *pEndprev += 4L;
+@@ -2331,7 +2331,7 @@ static char *zi_time(__G__ datetimez, modtimez, d_t_str)
+ /* time conversion error in verbose listing format,
+ * return string with '?' instead of data
+ */
+- return (strcpy(d_t_str, LoadFarString(lngYMDHMSTimeError)));
++ return (strcpy(d_t_str, (char*)(lngYMDHMSTimeError)));
+ } else
+ t = (struct tm *)NULL;
+ if (t != (struct tm *)NULL) {
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 2397606..547379c 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://11-cve-2014-8141-getzip64data.patch \
file://CVE-2015-7696.patch \
file://CVE-2015-7697.patch \
+ file://fix-security-format.patch \
"
SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v1] unzip: fix security issues
2016-05-27 20:29 [PATCH v1] unzip: fix security issues Edwin Plauchu
@ 2016-05-30 15:37 ` Plauchu Edwin
2016-05-30 21:42 ` Richard Purdie
2016-06-07 21:49 ` Plauchu Edwin
0 siblings, 2 replies; 5+ messages in thread
From: Plauchu Edwin @ 2016-05-30 15:37 UTC (permalink / raw)
To: openembedded-core; +Cc: joshua.g.lock, Edwin Plauchu
Ping!
On 27/05/16 15:29, Edwin Plauchu wrote:
> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>
> This patch avoids unzip fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
>
> [YOCTO #9551]
>
> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
> ---
> meta/conf/distro/include/security_flags.inc | 1 -
> .../unzip/unzip/fix-security-format.patch | 139 +++++++++++++++++++++
> meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
> 3 files changed, 140 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-extended/unzip/unzip/fix-security-format.patch
>
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index febedfa..fc4c581 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -104,7 +104,6 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
> SECURITY_STRINGFORMAT_pn-gettext = ""
> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
> -SECURITY_STRINGFORMAT_pn-unzip = ""
>
> TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
> TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
> diff --git a/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
> new file mode 100644
> index 0000000..c82f502
> --- /dev/null
> +++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
> @@ -0,0 +1,139 @@
> +unzip: Fixing security formatting issues
> +
> +Fix security formatting issues related to sprintf parameters expeted.
> +
> +[YOCTO #9551]
> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
> +
> +diff --git a/unzpriv.h b/unzpriv.h
> +index c8d3eab..85e693a 100644
> +--- a/unzpriv.h
> ++++ b/unzpriv.h
> +@@ -1006,7 +1006,7 @@
> + # define LoadFarStringSmall(x) Qstrfix(x)
> + # define LoadFarStringSmall2(x) Qstrfix(x)
> + # else
> +-# define LoadFarString(x) (char *)(x)
> ++# define LoadFarString(x) "%s",(char *)(x)
> + # define LoadFarStringSmall(x) (char *)(x)
> + # define LoadFarStringSmall2(x) (char *)(x)
> + # endif
> +diff --git a/fileio.c b/fileio.c
> +index 36bfea3..ca779c2 100644
> +--- a/fileio.c
> ++++ b/fileio.c
> +@@ -588,8 +588,8 @@ unsigned readbuf(__G__ buf, size) /* return number of bytes read into buf */
> + else if (G.incnt < 0) {
> + /* another hack, but no real harm copying same thing twice */
> + (*G.message)((zvoid *)&G,
> +- (uch *)LoadFarString(ReadError), /* CANNOT use slide */
> +- (ulg)strlen(LoadFarString(ReadError)), 0x401);
> ++ (uch *)(char*)(ReadError), /* CANNOT use slide */
> ++ (ulg)strlen((char*)(ReadError)), 0x401);
> + return 0; /* discarding some data; better than lock-up */
> + }
> + /* buffer ALWAYS starts on a block boundary: */
> +@@ -631,8 +631,8 @@ int readbyte(__G) /* refill inbuf and return a byte if available, else EOF */
> + } else if (G.incnt < 0) { /* "fail" (abort, retry, ...) returns this */
> + /* another hack, but no real harm copying same thing twice */
> + (*G.message)((zvoid *)&G,
> +- (uch *)LoadFarString(ReadError),
> +- (ulg)strlen(LoadFarString(ReadError)), 0x401);
> ++ (uch *)(char*)(ReadError),
> ++ (ulg)strlen((char*)(ReadError)), 0x401);
> + echon();
> + #ifdef WINDLL
> + longjmp(dll_error_return, 1);
> +@@ -1356,7 +1356,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
> + ++((Uz_Globs *)pG)->lines;
> + if (((Uz_Globs *)pG)->lines >= ((Uz_Globs *)pG)->height)
> + (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
> +- LoadFarString(MorePrompt), 1);
> ++ (char*)(MorePrompt), 1);
> + }
> + #endif /* MORE */
> + if (MSG_STDERR(flag) && ((Uz_Globs *)pG)->UzO.tflag &&
> +@@ -1416,7 +1416,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
> + ((Uz_Globs *)pG)->sol = TRUE;
> + q = p + 1;
> + (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
> +- LoadFarString(MorePrompt), 1);
> ++ (char*)(MorePrompt), 1);
> + }
> + }
> + INCSTR(p);
> +@@ -2176,7 +2176,7 @@ int do_string(__G__ length, option) /* return PK-type error code */
> + (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
> + q = slide;
> + if (pause && G.extract_flag) /* don't pause for list/test */
> +- (*G.mpause)((zvoid *)&G, LoadFarString(QuitPrompt), 0);
> ++ (*G.mpause)((zvoid *)&G, (char*)(QuitPrompt), 0);
> + }
> + }
> + (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
> +diff --git a/unzip.c b/unzip.c
> +index 2d94a38..ca135af 100644
> +--- a/unzip.c
> ++++ b/unzip.c
> +@@ -1079,7 +1079,7 @@ int unzip(__G__ argc, argv)
> + #ifndef _WIN32_WCE /* Win CE does not support environment variables */
> + if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvZipInfo),
> + LoadFarStringSmall2(EnvZipInfo2))) != PK_OK)
> +- perror(LoadFarString(NoMemEnvArguments));
> ++ perror((char*)(NoMemEnvArguments));
> + #endif
> + } else
> + #endif /* !NO_ZIPINFO */
> +@@ -1088,7 +1088,7 @@ int unzip(__G__ argc, argv)
> + #ifndef _WIN32_WCE /* Win CE does not support environment variables */
> + if ((error = envargs(&argc, &argv, LoadFarStringSmall(EnvUnZip),
> + LoadFarStringSmall2(EnvUnZip2))) != PK_OK)
> +- perror(LoadFarString(NoMemEnvArguments));
> ++ perror((char*)(NoMemEnvArguments));
> + #endif
> + }
> +
> +diff --git a/zipinfo.c b/zipinfo.c
> +index 0ac75b3..8a0887c 100644
> +--- a/zipinfo.c
> ++++ b/zipinfo.c
> +@@ -1640,14 +1640,14 @@ static int zi_long(__G__ pEndprev, error_in_archive)
> +
> + *types = '\0';
> + if (*ef_ptr & 1) {
> +- strcpy(types, LoadFarString(UTmodification));
> ++ strcpy(types, (char*)(UTmodification));
> + ++num;
> + }
> + if (*ef_ptr & 2) {
> + len = strlen(types);
> + if (num)
> + types[len++] = '/';
> +- strcpy(types+len, LoadFarString(UTaccess));
> ++ strcpy(types+len, (char*)(UTaccess));
> + ++num;
> + if (*pEndprev > 0L)
> + *pEndprev += 4L;
> +@@ -1656,7 +1656,7 @@ static int zi_long(__G__ pEndprev, error_in_archive)
> + len = strlen(types);
> + if (num)
> + types[len++] = '/';
> +- strcpy(types+len, LoadFarString(UTcreation));
> ++ strcpy(types+len, (char *)(UTcreation));
> + ++num;
> + if (*pEndprev > 0L)
> + *pEndprev += 4L;
> +@@ -2331,7 +2331,7 @@ static char *zi_time(__G__ datetimez, modtimez, d_t_str)
> + /* time conversion error in verbose listing format,
> + * return string with '?' instead of data
> + */
> +- return (strcpy(d_t_str, LoadFarString(lngYMDHMSTimeError)));
> ++ return (strcpy(d_t_str, (char*)(lngYMDHMSTimeError)));
> + } else
> + t = (struct tm *)NULL;
> + if (t != (struct tm *)NULL) {
> +
> diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
> index 2397606..547379c 100644
> --- a/meta/recipes-extended/unzip/unzip_6.0.bb
> +++ b/meta/recipes-extended/unzip/unzip_6.0.bb
> @@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
> file://11-cve-2014-8141-getzip64data.patch \
> file://CVE-2015-7696.patch \
> file://CVE-2015-7697.patch \
> + file://fix-security-format.patch \
> "
>
> SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] unzip: fix security issues
2016-05-30 15:37 ` Plauchu Edwin
@ 2016-05-30 21:42 ` Richard Purdie
2016-06-07 21:49 ` Plauchu Edwin
1 sibling, 0 replies; 5+ messages in thread
From: Richard Purdie @ 2016-05-30 21:42 UTC (permalink / raw)
To: Plauchu Edwin, openembedded-core; +Cc: joshua.g.lock, Edwin Plauchu
On Mon, 2016-05-30 at 10:37 -0500, Plauchu Edwin wrote:
> Ping!
You sent this patch late on Friday. Sending a ping by midday on Monday
isn't going to help. If you read the project status email, you'd notice
that I've been away for a couple of days. Its also a holiday in the UK
and US today. We're also struggling with patch review anyway and there
are other patches ahead of yours in the queue.
Please be a bit more patient.
Cheers,
Richard
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] unzip: fix security issues
2016-05-30 15:37 ` Plauchu Edwin
2016-05-30 21:42 ` Richard Purdie
@ 2016-06-07 21:49 ` Plauchu Edwin
2016-06-08 13:30 ` Burton, Ross
1 sibling, 1 reply; 5+ messages in thread
From: Plauchu Edwin @ 2016-06-07 21:49 UTC (permalink / raw)
To: openembedded-core; +Cc: joshua.g.lock, Edwin Plauchu
Ping!
On 30/05/16 10:37, Plauchu Edwin wrote:
> Ping!
>
> On 27/05/16 15:29, Edwin Plauchu wrote:
>> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>
>> This patch avoids unzip fails to compile with compiler flags which
>> elevate common string formatting issues into an error (-Wformat
>> -Wformat-security -Werror=format-security).
>>
>> [YOCTO #9551]
>>
>> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>> ---
>> meta/conf/distro/include/security_flags.inc | 1 -
>> .../unzip/unzip/fix-security-format.patch | 139
>> +++++++++++++++++++++
>> meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
>> 3 files changed, 140 insertions(+), 1 deletion(-)
>> create mode 100644
>> meta/recipes-extended/unzip/unzip/fix-security-format.patch
>>
>> diff --git a/meta/conf/distro/include/security_flags.inc
>> b/meta/conf/distro/include/security_flags.inc
>> index febedfa..fc4c581 100644
>> --- a/meta/conf/distro/include/security_flags.inc
>> +++ b/meta/conf/distro/include/security_flags.inc
>> @@ -104,7 +104,6 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
>> SECURITY_STRINGFORMAT_pn-gettext = ""
>> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
>> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
>> -SECURITY_STRINGFORMAT_pn-unzip = ""
>> TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
>> TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
>> diff --git
>> a/meta/recipes-extended/unzip/unzip/fix-security-format.patch
>> b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
>> new file mode 100644
>> index 0000000..c82f502
>> --- /dev/null
>> +++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
>> @@ -0,0 +1,139 @@
>> +unzip: Fixing security formatting issues
>> +
>> +Fix security formatting issues related to sprintf parameters expeted.
>> +
>> +[YOCTO #9551]
>> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
>> +
>> +Upstream-Status: Pending
>> +
>> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>> +
>> +diff --git a/unzpriv.h b/unzpriv.h
>> +index c8d3eab..85e693a 100644
>> +--- a/unzpriv.h
>> ++++ b/unzpriv.h
>> +@@ -1006,7 +1006,7 @@
>> + # define LoadFarStringSmall(x) Qstrfix(x)
>> + # define LoadFarStringSmall2(x) Qstrfix(x)
>> + # else
>> +-# define LoadFarString(x) (char *)(x)
>> ++# define LoadFarString(x) "%s",(char *)(x)
>> + # define LoadFarStringSmall(x) (char *)(x)
>> + # define LoadFarStringSmall2(x) (char *)(x)
>> + # endif
>> +diff --git a/fileio.c b/fileio.c
>> +index 36bfea3..ca779c2 100644
>> +--- a/fileio.c
>> ++++ b/fileio.c
>> +@@ -588,8 +588,8 @@ unsigned readbuf(__G__ buf, size) /* return
>> number of bytes read into buf */
>> + else if (G.incnt < 0) {
>> + /* another hack, but no real harm copying same
>> thing twice */
>> + (*G.message)((zvoid *)&G,
>> +- (uch *)LoadFarString(ReadError), /* CANNOT use
>> slide */
>> +- (ulg)strlen(LoadFarString(ReadError)), 0x401);
>> ++ (uch *)(char*)(ReadError), /* CANNOT use slide */
>> ++ (ulg)strlen((char*)(ReadError)), 0x401);
>> + return 0; /* discarding some data; better than
>> lock-up */
>> + }
>> + /* buffer ALWAYS starts on a block boundary: */
>> +@@ -631,8 +631,8 @@ int readbyte(__G) /* refill inbuf and return a
>> byte if available, else EOF */
>> + } else if (G.incnt < 0) { /* "fail" (abort, retry, ...)
>> returns this */
>> + /* another hack, but no real harm copying same thing
>> twice */
>> + (*G.message)((zvoid *)&G,
>> +- (uch *)LoadFarString(ReadError),
>> +- (ulg)strlen(LoadFarString(ReadError)), 0x401);
>> ++ (uch *)(char*)(ReadError),
>> ++ (ulg)strlen((char*)(ReadError)), 0x401);
>> + echon();
>> + #ifdef WINDLL
>> + longjmp(dll_error_return, 1);
>> +@@ -1356,7 +1356,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
>> + ++((Uz_Globs *)pG)->lines;
>> + if (((Uz_Globs *)pG)->lines >= ((Uz_Globs
>> *)pG)->height)
>> + (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
>> +- LoadFarString(MorePrompt), 1);
>> ++ (char*)(MorePrompt), 1);
>> + }
>> + #endif /* MORE */
>> + if (MSG_STDERR(flag) && ((Uz_Globs *)pG)->UzO.tflag &&
>> +@@ -1416,7 +1416,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
>> + ((Uz_Globs *)pG)->sol = TRUE;
>> + q = p + 1;
>> + (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
>> +- LoadFarString(MorePrompt), 1);
>> ++ (char*)(MorePrompt), 1);
>> + }
>> + }
>> + INCSTR(p);
>> +@@ -2176,7 +2176,7 @@ int do_string(__G__ length, option) /*
>> return PK-type error code */
>> + (*G.message)((zvoid *)&G, slide,
>> (ulg)(q-slide), 0);
>> + q = slide;
>> + if (pause && G.extract_flag) /* don't pause for
>> list/test */
>> +- (*G.mpause)((zvoid *)&G,
>> LoadFarString(QuitPrompt), 0);
>> ++ (*G.mpause)((zvoid *)&G,
>> (char*)(QuitPrompt), 0);
>> + }
>> + }
>> + (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
>> +diff --git a/unzip.c b/unzip.c
>> +index 2d94a38..ca135af 100644
>> +--- a/unzip.c
>> ++++ b/unzip.c
>> +@@ -1079,7 +1079,7 @@ int unzip(__G__ argc, argv)
>> + #ifndef _WIN32_WCE /* Win CE does not support environment variables */
>> + if ((error = envargs(&argc, &argv,
>> LoadFarStringSmall(EnvZipInfo),
>> + LoadFarStringSmall2(EnvZipInfo2))) != PK_OK)
>> +- perror(LoadFarString(NoMemEnvArguments));
>> ++ perror((char*)(NoMemEnvArguments));
>> + #endif
>> + } else
>> + #endif /* !NO_ZIPINFO */
>> +@@ -1088,7 +1088,7 @@ int unzip(__G__ argc, argv)
>> + #ifndef _WIN32_WCE /* Win CE does not support environment variables */
>> + if ((error = envargs(&argc, &argv,
>> LoadFarStringSmall(EnvUnZip),
>> + LoadFarStringSmall2(EnvUnZip2))) !=
>> PK_OK)
>> +- perror(LoadFarString(NoMemEnvArguments));
>> ++ perror((char*)(NoMemEnvArguments));
>> + #endif
>> + }
>> +
>> +diff --git a/zipinfo.c b/zipinfo.c
>> +index 0ac75b3..8a0887c 100644
>> +--- a/zipinfo.c
>> ++++ b/zipinfo.c
>> +@@ -1640,14 +1640,14 @@ static int zi_long(__G__ pEndprev,
>> error_in_archive)
>> +
>> + *types = '\0';
>> + if (*ef_ptr & 1) {
>> +- strcpy(types,
>> LoadFarString(UTmodification));
>> ++ strcpy(types, (char*)(UTmodification));
>> + ++num;
>> + }
>> + if (*ef_ptr & 2) {
>> + len = strlen(types);
>> + if (num)
>> + types[len++] = '/';
>> +- strcpy(types+len,
>> LoadFarString(UTaccess));
>> ++ strcpy(types+len, (char*)(UTaccess));
>> + ++num;
>> + if (*pEndprev > 0L)
>> + *pEndprev += 4L;
>> +@@ -1656,7 +1656,7 @@ static int zi_long(__G__ pEndprev,
>> error_in_archive)
>> + len = strlen(types);
>> + if (num)
>> + types[len++] = '/';
>> +- strcpy(types+len,
>> LoadFarString(UTcreation));
>> ++ strcpy(types+len, (char *)(UTcreation));
>> + ++num;
>> + if (*pEndprev > 0L)
>> + *pEndprev += 4L;
>> +@@ -2331,7 +2331,7 @@ static char *zi_time(__G__ datetimez,
>> modtimez, d_t_str)
>> + /* time conversion error in verbose listing format,
>> + * return string with '?' instead of data
>> + */
>> +- return (strcpy(d_t_str,
>> LoadFarString(lngYMDHMSTimeError)));
>> ++ return (strcpy(d_t_str, (char*)(lngYMDHMSTimeError)));
>> + } else
>> + t = (struct tm *)NULL;
>> + if (t != (struct tm *)NULL) {
>> +
>> diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb
>> b/meta/recipes-extended/unzip/unzip_6.0.bb
>> index 2397606..547379c 100644
>> --- a/meta/recipes-extended/unzip/unzip_6.0.bb
>> +++ b/meta/recipes-extended/unzip/unzip_6.0.bb
>> @@ -16,6 +16,7 @@ SRC_URI =
>> "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
>> file://11-cve-2014-8141-getzip64data.patch \
>> file://CVE-2015-7696.patch \
>> file://CVE-2015-7697.patch \
>> + file://fix-security-format.patch \
>> "
>> SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] unzip: fix security issues
2016-06-07 21:49 ` Plauchu Edwin
@ 2016-06-08 13:30 ` Burton, Ross
0 siblings, 0 replies; 5+ messages in thread
From: Burton, Ross @ 2016-06-08 13:30 UTC (permalink / raw)
To: Plauchu Edwin; +Cc: Joshua G Lock, Edwin Plauchu, OE-core
[-- Attachment #1: Type: text/plain, Size: 387 bytes --]
On 7 June 2016 at 22:49, Plauchu Edwin <
edwin.plauchu.camacho@linux.intel.com> wrote:
> Ping!
>
This is merged already:
Author: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
AuthorDate: Fri May 27 15:29:21 2016 -0500
Commit: Richard Purdie <richard.purdie@linuxfoundation.org>
CommitDate: Wed Jun 1 12:38:43 2016 +0100
unzip: fix security issues
Ross
[-- Attachment #2: Type: text/html, Size: 1271 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-06-08 13:31 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-27 20:29 [PATCH v1] unzip: fix security issues Edwin Plauchu
2016-05-30 15:37 ` Plauchu Edwin
2016-05-30 21:42 ` Richard Purdie
2016-06-07 21:49 ` Plauchu Edwin
2016-06-08 13:30 ` Burton, Ross
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox