[skipfish] Use -Werror=format-security flag (rhbz #1037329)

Athmane Madjoudj athmane at fedoraproject.org
Sun Dec 8 14:56:30 UTC 2013 

commit 2802fc2b275dd5b3247a15e06344ea7d5f1ceafb
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date:   Sun Dec 8 15:55:43 2013 +0100

    Use -Werror=format-security flag (rhbz #1037329)

 skipfish-2.10b-makefile-format-security.patch |   95 +++++++++++++++++++++++++
 skipfish.spec                                 |    9 ++-
 2 files changed, 101 insertions(+), 3 deletions(-)
---
diff --git a/skipfish-2.10b-makefile-format-security.patch b/skipfish-2.10b-makefile-format-security.patch
new file mode 100644
index 0000000..b8e6b3d
--- /dev/null
+++ b/skipfish-2.10b-makefile-format-security.patch
@@ -0,0 +1,95 @@
+diff -ru skipfish-2.10b.orig/Makefile skipfish-2.10b/Makefile
+--- skipfish-2.10b.orig/Makefile	2012-12-04 14:27:54.000000000 +0100
++++ skipfish-2.10b/Makefile	2013-12-08 15:53:44.442596915 +0100
+@@ -33,14 +33,18 @@
+ OBJFILES   = $(patsubst %,$(SRCDIR)/%,$(SFILES))
+ INCFILES   = $(patsubst %,$(SRCDIR)/%,$(IFILES))
+ 
+-CFLAGS_GEN = -Wall -funsigned-char -g -ggdb -I/usr/local/include/ \
+-             -I/opt/local/include/ $(CFLAGS) -DVERSION=\"$(VERSION)\"
++CFLAGS_GEN = -Wall -Werror=format-security -Wformat -funsigned-char -g -ggdb  \
++             $(CFLAGS) -DVERSION=\"$(VERSION)\"
+ CFLAGS_DBG = -DLOG_STDERR=1 -DDEBUG_ALLOCATOR=1 \
+              $(CFLAGS_GEN)
+ CFLAGS_OPT =  -O3 -Wno-format $(CFLAGS_GEN)
+ 
+-LDFLAGS   += -L/usr/local/lib/ -L/opt/local/lib
++#LDFLAGS   += 
+ LIBS      += -lcrypto -lssl -lidn -lz -lpcre
++PREFIX     = /usr
++DATADIR    = /share/skipfish
++BINDIR     = /bin
++
+ 
+ all: $(PROGNAME)
+ 
+@@ -54,6 +58,19 @@
+ 	@echo "http://code.google.com/p/skipfish/wiki/KnownIssues"
+ 	@echo
+ 
++install: $(PROGNAME)
++	install -m 755 -d $(DESTDIR)$(PREFIX)$(DATADIR)
++	install -m 755 -d $(DESTDIR)$(PREFIX)$(BINDIR)
++	install -m 755 skipfish $(DESTDIR)$(PREFIX)$(BINDIR)
++	install -m 755 tools/sfscandiff $(DESTDIR)$(PREFIX)$(BINDIR)
++	cp -r assets $(DESTDIR)$(PREFIX)$(DATADIR)
++	cp -r dictionaries $(DESTDIR)$(PREFIX)$(DATADIR)
++	cp -r signatures $(DESTDIR)$(PREFIX)$(DATADIR)
++#	gzip doc/skipfish.1
++	install -m 755 -d $(DESTDIR)$(PREFIX)/share/man/man1
++#	cp -r doc/skipfish.1.gz $(DESTDIR)$(PREFIX)/share/man/man1
++	install -m 644 doc/skipfish.1 $(DESTDIR)$(PREFIX)/share/man/man1
++
+ debug: $(SRCDIR)/$(PROGNAME).c $(OBJFILES) $(INCFILES)
+ 	$(CC) $(LDFLAGS) $(SRCDIR)/$(PROGNAME).c -o $(PROGNAME) \
+         $(CFLAGS_DBG) $(OBJFILES) $(LIBS)
+Only in skipfish-2.10b/: Makefile.orig
+diff -ru skipfish-2.10b.orig/signatures/signatures.conf skipfish-2.10b/signatures/signatures.conf
+--- skipfish-2.10b.orig/signatures/signatures.conf	2012-12-04 14:27:53.000000000 +0100
++++ skipfish-2.10b/signatures/signatures.conf	2013-12-08 15:28:53.054458277 +0100
+@@ -6,23 +6,23 @@
+ # The mime signatures warn about server responses that have an interesting
+ # mime. For example anything that is presented as php-source will likely
+ # be interesting
+-include signatures/mime.sigs
++include /usr/share/skipfish/signatures/mime.sigs
+ 
+ # The files signature will use the content to determine if a response
+ # is an interesting file. For example, a SVN file.
+-include signatures/files.sigs
++include /usr/share/skipfish/signatures/files.sigs
+ 
+ # The messages signatures look for interesting server messages. Most
+ # are based on errors, such as caused by incorrect SQL queries or PHP
+ # execution failures.
+-include signatures/messages.sigs
++include /usr/share/skipfish/signatures/messages.sigs
+ 
+ # The apps signatures will help to find pages and applications who's
+ # functionality is a security risk by default. For example, phpinfo()
+ # pages that leak information or CMS admin interfaces.
+-include signatures/apps.sigs
++include /usr/share/skipfish/signatures/apps.sigs
+ 
+ # Context signatures are linked to injection tests. They look for strings
+ # that are relevant to the current injection test and help to highlight
+ # potential vulnerabilities.
+-include signatures/context.sigs
++include /usr/share/skipfish/signatures/context.sigs
+diff -ru skipfish-2.10b.orig/src/config.h skipfish-2.10b/src/config.h
+--- skipfish-2.10b.orig/src/config.h	2012-12-04 14:27:53.000000000 +0100
++++ skipfish-2.10b/src/config.h	2013-12-08 15:28:53.055458280 +0100
+@@ -29,10 +29,10 @@
+ 
+ /* Default paths to runtime files: */
+ 
+-#define ASSETS_DIR              "assets"
++#define ASSETS_DIR              "/usr/share/skipfish/assets"
+ 
+ /* Default signature file */
+-#define SIG_FILE                "signatures/signatures.conf"
++#define SIG_FILE                "/usr/share/skipfish/signatures/signatures.conf"
+ 
+ /* Various default settings for HTTP client (cmdline override): */
+ 
+Only in skipfish-2.10b/src: config.h.orig
diff --git a/skipfish.spec b/skipfish.spec
index 08f3cb9..b3b71a2 100644
--- a/skipfish.spec
+++ b/skipfish.spec
@@ -1,6 +1,6 @@
 Name:           skipfish
 Version:        2.10
-Release:        0.3.b%{?dist}
+Release:        0.4.b%{?dist}
 Summary:        Web application security scanner
 
 Group:          Applications/Internet
@@ -13,8 +13,8 @@ License:        ASL 2.0 and BSD and LGPLv3
 URL:            http://code.google.com/p/skipfish/
 Source0:        http://%{name}.googlecode.com/files/%{name}-%{version}b.tgz
 
-#Use common paths and fedora build options
-Patch1:         %{name}-makefile.patch
+#Use common paths and fedora build options and use fedora policy compiler flag
+Patch1:         skipfish-2.10b-makefile-format-security.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -75,6 +75,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Sun Dec 08 2013 Athmane Madjoudj <athmane at fedoraproject.org>  2.10-0.4.b
+- Use -Werror=format-security flag (rhbz #1037329).
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.10-0.3.b
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list