[iptraf-ng] iptraf-ng-1.1.4-4

Nikola Pajkovsky npajkovs at fedoraproject.org
Tue Dec 3 11:46:05 UTC 2013 

commit 9acb648adc434084165550f0f9019be24fc4794e
Author: Nikola Pajkovsky <npajkovs at redhat.com>
Date:   Tue Dec 3 12:40:20 2013 +0100

    iptraf-ng-1.1.4-4
    
    Fedora start using -Werror=format-security and iptraf-ng had some
    parts where error compilation was trigged.
    
    202b2e7b27a1 Makefile: add -Werror=format-security
    
    Resolved: #1037133
    
    Signed-off-by: Nikola Pajkovsky <npajkovs at redhat.com>

 0002-Makefile-add-Werror-format-security.patch |   79 ++++++++++++++++++++++++
 iptraf-ng.spec                                 |   16 ++++-
 2 files changed, 93 insertions(+), 2 deletions(-)
---
diff --git a/0002-Makefile-add-Werror-format-security.patch b/0002-Makefile-add-Werror-format-security.patch
new file mode 100644
index 0000000..54192ee
--- /dev/null
+++ b/0002-Makefile-add-Werror-format-security.patch
@@ -0,0 +1,79 @@
+From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001
+Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs at redhat.com>
+From: Nikola Pajkovsky <npajkovs at redhat.com>
+Date: Tue, 3 Dec 2013 12:12:16 +0100
+Subject: [PATCH] Makefile: add -Werror=format-security
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+-Wformat-security
+        If -Wformat is specified, also warn about uses of format
+        functions that represent possible security problems. At
+        present, this warns about calls to printf and scanf functions
+        where the format string is not a string literal and there are
+        no format arguments, as in printf (foo);. This may be a
+        security hole if the format string came from untrusted input
+        and contains ā€˜%nā€™. (This is currently a subset of what
+        -Wformat-nonliteral warns about, but in future warnings may be
+        added to -Wformat-security that are not included in
+        -Wformat-nonliteral.)
+
+Signed-off-by: Nikola Pajkovsky <npajkovs at redhat.com>
+---
+ Makefile       | 2 +-
+ src/ipfilter.c | 2 +-
+ src/othptab.c  | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 46e5632e3287..958b0fbeec0f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -18,7 +18,7 @@ VERSION-FILE: FORCE
+ 	@$(SHELL_PATH) ./GEN-VERSION-FILE
+ -include VERSION-FILE
+ 
+-CFLAGS = -g -O2 -Wall -W -std=gnu99
++CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security
+ LDFLAGS =
+ ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS)
+ ALL_LDFLAGS = $(LDFLAGS)
+diff --git a/src/ipfilter.c b/src/ipfilter.c
+index eb17ec7c7615..8c76e4c801c2 100644
+--- a/src/ipfilter.c
++++ b/src/ipfilter.c
+@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask,
+ 				snprintf(msgstr, 60,
+ 					 "Invalid protocol input at or near token \"%s\"",
+ 					 bptr);
+-				tui_error(ANYKEY_MSG, msgstr);
++				tui_error(ANYKEY_MSG, "%s", msgstr);
+ 				doagain = 1;
+ 			} else
+ 				doagain = 0;
+diff --git a/src/othptab.c b/src/othptab.c
+index 5c09241fca99..e23f39e5df45 100644
+--- a/src/othptab.c
++++ b/src/othptab.c
+@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
+ 				break;
+ 			}
+ 
+-			sprintf(scratchpad, rarp_mac_addr);
++			sprintf(scratchpad, "%s", rarp_mac_addr);
+ 			strcat(msgstring, scratchpad);
+ 			wattrset(table->othpwin, ARPATTR);
+ 			break;
+@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
+ 		wattrset(table->othpwin, UNKNIPATTR);
+ 		protptr = getprotobynumber(entry->protocol);
+ 		if (protptr != NULL) {
+-			sprintf(protname, protptr->p_aliases[0]);
++			sprintf(protname, "%s", protptr->p_aliases[0]);
+ 		} else {
+ 			sprintf(protname, "IP protocol");
+ 			unknown = 1;
+-- 
+1.8.3.2
+
diff --git a/iptraf-ng.spec b/iptraf-ng.spec
index 42e9fe9..4a34eda 100644
--- a/iptraf-ng.spec
+++ b/iptraf-ng.spec
@@ -1,7 +1,7 @@
 Summary:        A console-based network monitoring utility
 Name:           iptraf-ng
 Version:        1.1.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 Source0:        https://fedorahosted.org/releases/i/p/iptraf-ng/%{name}-%{version}.tar.gz
 Source1:        iptraf-ng-logrotate.conf
 URL:            https://fedorahosted.org/iptraf-ng/
@@ -11,6 +11,7 @@ BuildRequires:  ncurses-devel
 Obsoletes:      iptraf < 3.1
 Provides:       iptraf = 3.1
 Patch01:        0001-BUGFIX-fix-Floating-point-exception-in-tcplog_flowra.patch
+Patch02:        0002-Makefile-add-Werror-format-security.patch
 
 %description
 IPTraf-ng is a console-based network monitoring utility.  IPTraf gathers
@@ -33,9 +34,10 @@ on a wide variety of supported network cards.
 %prep
 %setup -q
 %patch01 -p1
+%patch02 -p1
 
 %build
-make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 %{optflags}"
+make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 -Werror=format-security %{optflags}"
 
 %install
 rm -rf %{buildroot}
@@ -66,6 +68,16 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/logrotate.d/iptraf-ng
 
 %changelog
+* Tue Dec 03 2013 Nikola Pajkovsky <npajkovs at redhat.com> - 1.1.4-4
+- iptraf-ng-1.1.4-4
+
+  Fedora start using -Werror=format-security and iptraf-ng had some
+  parts where error compilation was trigged.
+
+  202b2e7b27a1 Makefile: add -Werror=format-security
+
+  Resolved: #1037133
+
 * Mon Sep 02 2013 Nikola Pajkovsky <npajkovs at redhat.com> - 1.1.4-3
 - 9b32013 BUGFIX: fix "Floating point exception" in tcplog_flowrate_msg() (Vitezslav Samel)

More information about the scm-commits mailing list