[skipfish] Use -Werror=format-security flag (rhbz #1037329)
Athmane Madjoudj
athmane at fedoraproject.org
Sun Dec 8 14:56:30 UTC 2013
commit 2802fc2b275dd5b3247a15e06344ea7d5f1ceafb
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date: Sun Dec 8 15:55:43 2013 +0100
Use -Werror=format-security flag (rhbz #1037329)
skipfish-2.10b-makefile-format-security.patch | 95 +++++++++++++++++++++++++
skipfish.spec | 9 ++-
2 files changed, 101 insertions(+), 3 deletions(-)
---
diff --git a/skipfish-2.10b-makefile-format-security.patch b/skipfish-2.10b-makefile-format-security.patch
new file mode 100644
index 0000000..b8e6b3d
--- /dev/null
+++ b/skipfish-2.10b-makefile-format-security.patch
@@ -0,0 +1,95 @@
+diff -ru skipfish-2.10b.orig/Makefile skipfish-2.10b/Makefile
+--- skipfish-2.10b.orig/Makefile 2012-12-04 14:27:54.000000000 +0100
++++ skipfish-2.10b/Makefile 2013-12-08 15:53:44.442596915 +0100
+@@ -33,14 +33,18 @@
+ OBJFILES = $(patsubst %,$(SRCDIR)/%,$(SFILES))
+ INCFILES = $(patsubst %,$(SRCDIR)/%,$(IFILES))
+
+-CFLAGS_GEN = -Wall -funsigned-char -g -ggdb -I/usr/local/include/ \
+- -I/opt/local/include/ $(CFLAGS) -DVERSION=\"$(VERSION)\"
++CFLAGS_GEN = -Wall -Werror=format-security -Wformat -funsigned-char -g -ggdb \
++ $(CFLAGS) -DVERSION=\"$(VERSION)\"
+ CFLAGS_DBG = -DLOG_STDERR=1 -DDEBUG_ALLOCATOR=1 \
+ $(CFLAGS_GEN)
+ CFLAGS_OPT = -O3 -Wno-format $(CFLAGS_GEN)
+
+-LDFLAGS += -L/usr/local/lib/ -L/opt/local/lib
++#LDFLAGS +=
+ LIBS += -lcrypto -lssl -lidn -lz -lpcre
++PREFIX = /usr
++DATADIR = /share/skipfish
++BINDIR = /bin
++
+
+ all: $(PROGNAME)
+
+@@ -54,6 +58,19 @@
+ @echo "http://code.google.com/p/skipfish/wiki/KnownIssues"
+ @echo
+
++install: $(PROGNAME)
++ install -m 755 -d $(DESTDIR)$(PREFIX)$(DATADIR)
++ install -m 755 -d $(DESTDIR)$(PREFIX)$(BINDIR)
++ install -m 755 skipfish $(DESTDIR)$(PREFIX)$(BINDIR)
++ install -m 755 tools/sfscandiff $(DESTDIR)$(PREFIX)$(BINDIR)
++ cp -r assets $(DESTDIR)$(PREFIX)$(DATADIR)
++ cp -r dictionaries $(DESTDIR)$(PREFIX)$(DATADIR)
++ cp -r signatures $(DESTDIR)$(PREFIX)$(DATADIR)
++# gzip doc/skipfish.1
++ install -m 755 -d $(DESTDIR)$(PREFIX)/share/man/man1
++# cp -r doc/skipfish.1.gz $(DESTDIR)$(PREFIX)/share/man/man1
++ install -m 644 doc/skipfish.1 $(DESTDIR)$(PREFIX)/share/man/man1
++
+ debug: $(SRCDIR)/$(PROGNAME).c $(OBJFILES) $(INCFILES)
+ $(CC) $(LDFLAGS) $(SRCDIR)/$(PROGNAME).c -o $(PROGNAME) \
+ $(CFLAGS_DBG) $(OBJFILES) $(LIBS)
+Only in skipfish-2.10b/: Makefile.orig
+diff -ru skipfish-2.10b.orig/signatures/signatures.conf skipfish-2.10b/signatures/signatures.conf
+--- skipfish-2.10b.orig/signatures/signatures.conf 2012-12-04 14:27:53.000000000 +0100
++++ skipfish-2.10b/signatures/signatures.conf 2013-12-08 15:28:53.054458277 +0100
+@@ -6,23 +6,23 @@
+ # The mime signatures warn about server responses that have an interesting
+ # mime. For example anything that is presented as php-source will likely
+ # be interesting
+-include signatures/mime.sigs
++include /usr/share/skipfish/signatures/mime.sigs
+
+ # The files signature will use the content to determine if a response
+ # is an interesting file. For example, a SVN file.
+-include signatures/files.sigs
++include /usr/share/skipfish/signatures/files.sigs
+
+ # The messages signatures look for interesting server messages. Most
+ # are based on errors, such as caused by incorrect SQL queries or PHP
+ # execution failures.
+-include signatures/messages.sigs
++include /usr/share/skipfish/signatures/messages.sigs
+
+ # The apps signatures will help to find pages and applications who's
+ # functionality is a security risk by default. For example, phpinfo()
+ # pages that leak information or CMS admin interfaces.
+-include signatures/apps.sigs
++include /usr/share/skipfish/signatures/apps.sigs
+
+ # Context signatures are linked to injection tests. They look for strings
+ # that are relevant to the current injection test and help to highlight
+ # potential vulnerabilities.
+-include signatures/context.sigs
++include /usr/share/skipfish/signatures/context.sigs
+diff -ru skipfish-2.10b.orig/src/config.h skipfish-2.10b/src/config.h
+--- skipfish-2.10b.orig/src/config.h 2012-12-04 14:27:53.000000000 +0100
++++ skipfish-2.10b/src/config.h 2013-12-08 15:28:53.055458280 +0100
+@@ -29,10 +29,10 @@
+
+ /* Default paths to runtime files: */
+
+-#define ASSETS_DIR "assets"
++#define ASSETS_DIR "/usr/share/skipfish/assets"
+
+ /* Default signature file */
+-#define SIG_FILE "signatures/signatures.conf"
++#define SIG_FILE "/usr/share/skipfish/signatures/signatures.conf"
+
+ /* Various default settings for HTTP client (cmdline override): */
+
+Only in skipfish-2.10b/src: config.h.orig
diff --git a/skipfish.spec b/skipfish.spec
index 08f3cb9..b3b71a2 100644
--- a/skipfish.spec
+++ b/skipfish.spec
@@ -1,6 +1,6 @@
Name: skipfish
Version: 2.10
-Release: 0.3.b%{?dist}
+Release: 0.4.b%{?dist}
Summary: Web application security scanner
Group: Applications/Internet
@@ -13,8 +13,8 @@ License: ASL 2.0 and BSD and LGPLv3
URL: http://code.google.com/p/skipfish/
Source0: http://%{name}.googlecode.com/files/%{name}-%{version}b.tgz
-#Use common paths and fedora build options
-Patch1: %{name}-makefile.patch
+#Use common paths and fedora build options and use fedora policy compiler flag
+Patch1: skipfish-2.10b-makefile-format-security.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -75,6 +75,9 @@ rm -rf %{buildroot}
%changelog
+* Sun Dec 08 2013 Athmane Madjoudj <athmane at fedoraproject.org> 2.10-0.4.b
+- Use -Werror=format-security flag (rhbz #1037329).
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.10-0.3.b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list