[iptraf-ng] iptraf-ng-1.1.4-4
Nikola Pajkovsky
npajkovs at fedoraproject.org
Tue Dec 3 11:46:05 UTC 2013
commit 9acb648adc434084165550f0f9019be24fc4794e
Author: Nikola Pajkovsky <npajkovs at redhat.com>
Date: Tue Dec 3 12:40:20 2013 +0100
iptraf-ng-1.1.4-4
Fedora start using -Werror=format-security and iptraf-ng had some
parts where error compilation was trigged.
202b2e7b27a1 Makefile: add -Werror=format-security
Resolved: #1037133
Signed-off-by: Nikola Pajkovsky <npajkovs at redhat.com>
0002-Makefile-add-Werror-format-security.patch | 79 ++++++++++++++++++++++++
iptraf-ng.spec | 16 ++++-
2 files changed, 93 insertions(+), 2 deletions(-)
---
diff --git a/0002-Makefile-add-Werror-format-security.patch b/0002-Makefile-add-Werror-format-security.patch
new file mode 100644
index 0000000..54192ee
--- /dev/null
+++ b/0002-Makefile-add-Werror-format-security.patch
@@ -0,0 +1,79 @@
+From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001
+Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs at redhat.com>
+From: Nikola Pajkovsky <npajkovs at redhat.com>
+Date: Tue, 3 Dec 2013 12:12:16 +0100
+Subject: [PATCH] Makefile: add -Werror=format-security
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+-Wformat-security
+ If -Wformat is specified, also warn about uses of format
+ functions that represent possible security problems. At
+ present, this warns about calls to printf and scanf functions
+ where the format string is not a string literal and there are
+ no format arguments, as in printf (foo);. This may be a
+ security hole if the format string came from untrusted input
+ and contains ā%nā. (This is currently a subset of what
+ -Wformat-nonliteral warns about, but in future warnings may be
+ added to -Wformat-security that are not included in
+ -Wformat-nonliteral.)
+
+Signed-off-by: Nikola Pajkovsky <npajkovs at redhat.com>
+---
+ Makefile | 2 +-
+ src/ipfilter.c | 2 +-
+ src/othptab.c | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 46e5632e3287..958b0fbeec0f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -18,7 +18,7 @@ VERSION-FILE: FORCE
+ @$(SHELL_PATH) ./GEN-VERSION-FILE
+ -include VERSION-FILE
+
+-CFLAGS = -g -O2 -Wall -W -std=gnu99
++CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security
+ LDFLAGS =
+ ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS)
+ ALL_LDFLAGS = $(LDFLAGS)
+diff --git a/src/ipfilter.c b/src/ipfilter.c
+index eb17ec7c7615..8c76e4c801c2 100644
+--- a/src/ipfilter.c
++++ b/src/ipfilter.c
+@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask,
+ snprintf(msgstr, 60,
+ "Invalid protocol input at or near token \"%s\"",
+ bptr);
+- tui_error(ANYKEY_MSG, msgstr);
++ tui_error(ANYKEY_MSG, "%s", msgstr);
+ doagain = 1;
+ } else
+ doagain = 0;
+diff --git a/src/othptab.c b/src/othptab.c
+index 5c09241fca99..e23f39e5df45 100644
+--- a/src/othptab.c
++++ b/src/othptab.c
+@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
+ break;
+ }
+
+- sprintf(scratchpad, rarp_mac_addr);
++ sprintf(scratchpad, "%s", rarp_mac_addr);
+ strcat(msgstring, scratchpad);
+ wattrset(table->othpwin, ARPATTR);
+ break;
+@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
+ wattrset(table->othpwin, UNKNIPATTR);
+ protptr = getprotobynumber(entry->protocol);
+ if (protptr != NULL) {
+- sprintf(protname, protptr->p_aliases[0]);
++ sprintf(protname, "%s", protptr->p_aliases[0]);
+ } else {
+ sprintf(protname, "IP protocol");
+ unknown = 1;
+--
+1.8.3.2
+
diff --git a/iptraf-ng.spec b/iptraf-ng.spec
index 42e9fe9..4a34eda 100644
--- a/iptraf-ng.spec
+++ b/iptraf-ng.spec
@@ -1,7 +1,7 @@
Summary: A console-based network monitoring utility
Name: iptraf-ng
Version: 1.1.4
-Release: 3%{?dist}
+Release: 4%{?dist}
Source0: https://fedorahosted.org/releases/i/p/iptraf-ng/%{name}-%{version}.tar.gz
Source1: iptraf-ng-logrotate.conf
URL: https://fedorahosted.org/iptraf-ng/
@@ -11,6 +11,7 @@ BuildRequires: ncurses-devel
Obsoletes: iptraf < 3.1
Provides: iptraf = 3.1
Patch01: 0001-BUGFIX-fix-Floating-point-exception-in-tcplog_flowra.patch
+Patch02: 0002-Makefile-add-Werror-format-security.patch
%description
IPTraf-ng is a console-based network monitoring utility. IPTraf gathers
@@ -33,9 +34,10 @@ on a wide variety of supported network cards.
%prep
%setup -q
%patch01 -p1
+%patch02 -p1
%build
-make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 %{optflags}"
+make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 -Werror=format-security %{optflags}"
%install
rm -rf %{buildroot}
@@ -66,6 +68,16 @@ rm -rf %{buildroot}
%config(noreplace) %{_sysconfdir}/logrotate.d/iptraf-ng
%changelog
+* Tue Dec 03 2013 Nikola Pajkovsky <npajkovs at redhat.com> - 1.1.4-4
+- iptraf-ng-1.1.4-4
+
+ Fedora start using -Werror=format-security and iptraf-ng had some
+ parts where error compilation was trigged.
+
+ 202b2e7b27a1 Makefile: add -Werror=format-security
+
+ Resolved: #1037133
+
* Mon Sep 02 2013 Nikola Pajkovsky <npajkovs at redhat.com> - 1.1.4-3
- 9b32013 BUGFIX: fix "Floating point exception" in tcplog_flowrate_msg() (Vitezslav Samel)
More information about the scm-commits
mailing list