This change is good. please install it. I think we should think of using security flags as default for AB since thats much stricter and will catch more errors than normal flags. Eventually, in 2.3 timeframe we should contemplate hardening toolchain to default to PIE/pie
> On Jul 26, 2016, at 8:26 AM, André Draszik <[email protected]> wrote: > > From: André Draszik <[email protected]> > > Signed-off-by: André Draszik <[email protected]> > --- > ...1-help-fix-printf-format-security-warning.patch | 35 ++++++++++++++++++++++ > meta/recipes-extended/bash/bash_4.3.30.bb | 1 + > 2 files changed, 36 insertions(+) > create mode 100644 > meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch > > diff --git > a/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch > > b/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch > new file mode 100644 > index 0000000..5405c84 > --- /dev/null > +++ > b/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch > @@ -0,0 +1,35 @@ > +From e5837a42f8f48a6a721805ff8f7fcd32861d09ca Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <[email protected]> > +Date: Tue, 26 Jul 2016 13:09:47 +0100 > +Subject: [PATCH] help: fix printf() format security warning > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def: In > function 'help_builtin': > +| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def:130:7: > error: format not a string literal and no format arguments > [-Werror=format-security] > +| printf (ngettext ("Shell commands matching keyword `", "Shell > commands matching keywords `", (list->next ? 2 : 1))); > +| ^~~~~~ > + > +Signed-off-by: André Draszik <[email protected]> > +--- > +Upstream-Status: Pending > + builtins/help.def | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/builtins/help.def b/builtins/help.def > +index 1894f17..cf624c6 100644 > +--- a/builtins/help.def > ++++ b/builtins/help.def > +@@ -127,7 +127,7 @@ help_builtin (list) > + > + if (glob_pattern_p (list->word->word)) > + { > +- printf (ngettext ("Shell commands matching keyword `", "Shell > commands matching keywords `", (list->next ? 2 : 1))); > ++ printf ("%s", ngettext ("Shell commands matching keyword `", "Shell > commands matching keywords `", (list->next ? 2 : 1))); > + print_word_list (list, ", "); > + printf ("'\n\n"); > + } > +-- > +2.8.1 > + > diff --git a/meta/recipes-extended/bash/bash_4.3.30.bb > b/meta/recipes-extended/bash/bash_4.3.30.bb > index 95ed392..16a3139 100644 > --- a/meta/recipes-extended/bash/bash_4.3.30.bb > +++ b/meta/recipes-extended/bash/bash_4.3.30.bb > @@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ > file://fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch \ > file://run-ptest \ > file://fix-run-builtins.patch \ > + file://0001-help-fix-printf-format-security-warning.patch \ > " > > SRC_URI[tarball.md5sum] = "a27b3ee9be83bd3ba448c0ff52b28447" > -- > 2.8.1 > > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
