[gnome-continuous-yocto/gnomeostree-3.28-rocko: 388/8267] stat: fix security issues

[Emmanuele Bassi <ebassi src gnome org>]

commit 8ed25517a9ba01b85153a0ffb93fd62b09b21756
Author: Edwin Plauchu <edwin plauchu camacho intel com>
Date:   Tue May 17 14:25:35 2016 -0500

    stat: fix security issues
    
    This patch avoids stat fails to compile with compiler flags which
    elevate common string formatting issues into an error (-Wformat
    -Wformat-security -Werror=format-security).
    
    [YOCTO #9550]
    
    (From OE-Core rev: f03c1f41933e9997a01a8b1dcdf9fb18579de1d1)
    
    Signed-off-by: Edwin Plauchu <edwin plauchu camacho intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/conf/distro/include/security_flags.inc        |    1 -
 .../stat/stat-3.3/fix-security-format.patch        |   68 ++++++++++++++++++++
 meta/recipes-extended/stat/stat_3.3.bb             |    1 +
 3 files changed, 69 insertions(+), 1 deletions(-)
---
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 7a91cec..5ae6dd8 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
 SECURITY_STRINGFORMAT_pn-kexec-tools = ""
 SECURITY_STRINGFORMAT_pn-makedevs = ""
 SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
-SECURITY_STRINGFORMAT_pn-stat = ""
 SECURITY_STRINGFORMAT_pn-unzip = ""
 SECURITY_STRINGFORMAT_pn-zip = ""
 
diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch 
b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
new file mode 100644
index 0000000..0c01ed0
--- /dev/null
+++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
@@ -0,0 +1,68 @@
+stat: Fixing security formatting issues
+
+Fix security formatting issues related to printf without NULL argument 
+
+stat.c: In function 'print_human_access':
+stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
+     printf (access);
+             ^
+stat.c: In function 'print_human_time':
+stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
+   if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
+                                                         ^
+stat.c: In function 'print_it':
+stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
+      printf(b);
+      ^
+stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
+      printf(b);
+      ^
+
+[YOCTO #9550]
+[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
+
+Upstream-Status: Pending
+
+Signed-off-by: Edwin Plauchu <edwin plauchu camacho intel com>
+
+diff --git a/stat.c b/stat.c
+index 1ed07a9..2be6f62 100644
+--- a/stat.c
++++ b/stat.c
+@@ -289,15 +289,15 @@ void print_human_access(struct stat *statbuf)
+     default:
+       access[0] = '?';
+     }
+-    printf (access);
++    fputs(access,stdout);
+ }
+ 
+ void print_human_time(time_t *t)
+ {
+   char str[40];
+   
+-  if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
+-  else printf("Cannot calculate human readable time, sorry");
++  if (strftime(str, 40, "%c", localtime(t)) > 0) fputs(str,stdout);
++  else fputs("Cannot calculate human readable time, sorry",stdout);
+ }
+ 
+ /* print statfs info */
+@@ -610,7 +610,7 @@ void print_it(char *masterformat, char *filename,
+       {
+           strcpy (pformat, "%");
+           *m++ = '\0';
+-          printf(b);
++          fputs(b,stdout);
+ 
+           /* copy all format specifiers to our format string */
+           while (isdigit(*m) || strchr("#0-+. I", *m))
+@@ -639,7 +639,7 @@ void print_it(char *masterformat, char *filename,
+       }
+       else
+       {
+-          printf(b);
++          fputs(b,stdout);
+           b = NULL;
+       }
+     }
diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
index a5ece07..0697c73 100644
--- a/meta/recipes-extended/stat/stat_3.3.bb
+++ b/meta/recipes-extended/stat/stat_3.3.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
                     file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
 
 SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
+           file://fix-security-format.patch \
            file://fix-error-return.patch"
 
 SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"