[dnstop/el6] * Mon Sep 15 2014 Paul Wouters <pwouters at redhat.com> - 20140915-1 - Updated to 20140915 with new-gtl

Paul Wouters pwouters at fedoraproject.org
Mon Sep 15 19:48:20 UTC 2014 

commit 00afb488f1fc4cb42cde8d23beb0d43a7a02cea7
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Sep 15 15:39:56 2014 -0400

    * Mon Sep 15 2014 Paul Wouters <pwouters at redhat.com> - 20140915-1
    - Updated to 20140915 with new-gtlds filter support
    - Updated warning patch (partially merged upstream)
    - Added usage patch that was missing the new filter name new-gtlds
    - Enabled hardening as this application takes in network input

 .gitignore                         |    1 +
 dnstop-20140915-fix-warnings.patch |   47 ++++++++++++++++++++++++++++++++++++
 dnstop-20140915-usage.patch        |   11 ++++++++
 dnstop.spec                        |   27 ++++++++++++++------
 sources                            |    2 +-
 5 files changed, 79 insertions(+), 9 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index dbc586e..328230f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 dnstop-20090128.tar.gz
 /dnstop-20110502.tar.gz
 /dnstop-20121017.tar.gz
+/dnstop-20140915.tar.gz
diff --git a/dnstop-20140915-fix-warnings.patch b/dnstop-20140915-fix-warnings.patch
new file mode 100644
index 0000000..24aa49b
--- /dev/null
+++ b/dnstop-20140915-fix-warnings.patch
@@ -0,0 +1,47 @@
+diff -Naur dnstop-20140915-orig/dnstop.c dnstop-20140915/dnstop.c
+--- dnstop-20140915-orig/dnstop.c	2014-09-15 13:54:51.000000000 -0400
++++ dnstop-20140915/dnstop.c	2014-09-15 15:01:07.330360808 -0400
+@@ -18,6 +18,8 @@
+ 
+ #include <netinet/in.h>
+ 
++#include <err.h>
++#include <errno.h>
+ #include <pcap.h>
+ #include <signal.h>
+ #include <stdio.h>
+@@ -328,12 +330,16 @@
+ 	ptr->addr = *orig_addr;
+ 	ptr->data = (void *)(ptr + 1);
+ 	if (4 == inXaddr_version(orig_addr)) {
+-	    (void) read(entropy_fd, buf, 4);
++	    ssize_t rd = read(entropy_fd, buf, 4);
++	    if (rd < 4)
++		err(errno, "read entropy");
+ 	    inXaddr_assign_v4(ptr->data, (struct in_addr *)buf);
+ 	}
+ #if USE_IPV6
+ 	else {
+-	    (void) read(entropy_fd, buf, 16);
++	    ssize_t rd = read(entropy_fd, buf, 16);
++	    if (rd < 16)
++		err(errno, "read entropy");
+ 	    inXaddr_assign_v6(ptr->data, (struct in6_addr *)buf);
+ 	}
+ #endif
+@@ -1581,7 +1587,6 @@
+ UnknownTldFilter(FilterData * fd)
+ {
+     const char *tld = QnameToNld(fd->qname, 1);
+-    unsigned int i;
+     if (NULL == tld)
+ 	return 1;		/* tld is unknown */
+     if (hash_find(tld, KnownTLDs))
+@@ -1593,7 +1598,6 @@
+ NewGTldFilter(FilterData * fd)
+ {
+     const char *tld = QnameToNld(fd->qname, 1);
+-    unsigned int i;
+     if (NULL == tld)
+ 	return 0;		/* tld is unknown */
+     if (hash_find(tld, NewGTLDs))
diff --git a/dnstop-20140915-usage.patch b/dnstop-20140915-usage.patch
new file mode 100644
index 0000000..dbf70cf
--- /dev/null
+++ b/dnstop-20140915-usage.patch
@@ -0,0 +1,11 @@
+diff -Naur dnstop-20140915-orig/dnstop.c dnstop-20140915/dnstop.c
+--- dnstop-20140915-orig/dnstop.c	2014-09-15 15:04:22.269036463 -0400
++++ dnstop-20140915/dnstop.c	2014-09-15 15:05:25.844562897 -0400
+@@ -1808,6 +1808,7 @@
+     fprintf(stderr, "\n");
+     fprintf(stderr, "Available filters:\n");
+     fprintf(stderr, "\tunknown-tlds\n");
++    fprintf(stderr, "\tnew-gtlds\n");
+     fprintf(stderr, "\tA-for-A\n");
+     fprintf(stderr, "\trfc1918-ptr\n");
+     fprintf(stderr, "\trefused\n");
diff --git a/dnstop.spec b/dnstop.spec
index 1a57fbf..d6b361e 100644
--- a/dnstop.spec
+++ b/dnstop.spec
@@ -1,16 +1,14 @@
 Name:           dnstop
-Version:        20121017
-Release:        3%{?dist}
+Version:        20140915
+Release:        1%{?dist}
 Summary:        Displays information about DNS traffic on your network
 Group:          Applications/System
 License:        BSD
 URL:            http://dns.measurement-factory.com/tools/dnstop/
 Source0:        http://dns.measurement-factory.com/tools/dnstop/src/dnstop-%{version}.tar.gz
 
-# At one point int[] arrays are passed to a uint* function; since all
-# callers are signed, changed function to take signed ints.
-# Also, check read(2) for entropy data and abort on short reads.
-Patch0:         dnstop-20121017-fix-warnings.diff
+Patch1:         dnstop-20140915-fix-warnings.patch
+Patch2:         dnstop-20140915-usage.patch
 
 %{?el5:BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)}
 BuildRequires:  libpcap-devel
@@ -32,13 +30,19 @@ tcpdump savefile.
 
 %prep
 %setup -q
-%patch0 -p1
+%patch1 -p1
+%patch2 -p1
 
 %build
 %configure
+# to allow overriding those for hardening
+sed -i "s/CFLAGS=/CFLAGS?=/" Makefile
+sed -i "s/LDFLAGS=/LDFLAGS?=/" Makefile
+# hardening macro not in el6
+export LDFLAGS="-Wl,-z,relro,-z,now"
+export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie"
 make %{?_smp_mflags}
 
-
 %install
 %if 0%{?el5}
 rm -rf $RPM_BUILD_ROOT
@@ -63,7 +67,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/dnstop.8*
 
 
+
 %changelog
+* Mon Sep 15 2014 Paul Wouters <pwouters at redhat.com> - 20140915-1
+- Updated to 20140915 with new-gtlds filter support
+- Updated warning patch (partially merged upstream)
+- Added usage patch that was missing the new filter name new-gtlds
+- Enabled hardening as this application takes in network input
+
 * Mon Mar 03 2014 Denis Fateyev <denis at fateyev.com> - 20121017-3
 - Spec cleanup, epel branches
 
diff --git a/sources b/sources
index 0fd37cf..db31200 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-0407f08e5788b59268048d00cdddd5b6  dnstop-20121017.tar.gz
+f0fe1690b114e076196a51d63266eadc  dnstop-20140915.tar.gz

More information about the scm-commits mailing list