iptraf-ng-1.1.4-4

Fedora start using -Werror=format-security and iptraf-ng had some parts where error compilation was trigged. 202b2e7b27a1 Makefile: add -Werror=format-security Resolved: #1037133 Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com>
2013-12-03 12:40:20 +01:00 · 2013-12-03 12:40:20 +01:00 · 9acb648adc
commit 9acb648adc
parent f7284826d5
2 changed files with 93 additions and 2 deletions
--- a/0002-Makefile-add-Werror-format-security.patch
+++ b/0002-Makefile-add-Werror-format-security.patch
@ -0,0 +1,79 @@
+From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001
+Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com>
+From: Nikola Pajkovsky <npajkovs@redhat.com>
+Date: Tue, 3 Dec 2013 12:12:16 +0100
+Subject: [PATCH] Makefile: add -Werror=format-security
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+-Wformat-security
+        If -Wformat is specified, also warn about uses of format
+        functions that represent possible security problems. At
+        present, this warns about calls to printf and scanf functions
+        where the format string is not a string literal and there are
+        no format arguments, as in printf (foo);. This may be a
+        security hole if the format string came from untrusted input
+        and contains ‘%n’. (This is currently a subset of what
+        -Wformat-nonliteral warns about, but in future warnings may be
+        added to -Wformat-security that are not included in
+        -Wformat-nonliteral.)
+
+Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com>
+---
+ Makefile       | 2 +-
+ src/ipfilter.c | 2 +-
+ src/othptab.c  | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 46e5632e3287..958b0fbeec0f 100644
+--- a/Makefile
+++ b/Makefile
+@@ -18,7 +18,7 @@ VERSION-FILE: FORCE
+ 	@$(SHELL_PATH) ./GEN-VERSION-FILE
+ -include VERSION-FILE
+ 
+-CFLAGS = -g -O2 -Wall -W -std=gnu99
+CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security
+ LDFLAGS =
+ ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS)
+ ALL_LDFLAGS = $(LDFLAGS)
+diff --git a/src/ipfilter.c b/src/ipfilter.c
+index eb17ec7c7615..8c76e4c801c2 100644
+--- a/src/ipfilter.c
+++ b/src/ipfilter.c
+@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask,
+ 				snprintf(msgstr, 60,
+ 					 "Invalid protocol input at or near token \"%s\"",
+ 					 bptr);
+-				tui_error(ANYKEY_MSG, msgstr);
+				tui_error(ANYKEY_MSG, "%s", msgstr);
+ 				doagain = 1;
+ 			} else
+ 				doagain = 0;
+diff --git a/src/othptab.c b/src/othptab.c
+index 5c09241fca99..e23f39e5df45 100644
+--- a/src/othptab.c
+++ b/src/othptab.c
+@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
+ 				break;
+ 			}
+ 
+-			sprintf(scratchpad, rarp_mac_addr);
+			sprintf(scratchpad, "%s", rarp_mac_addr);
+ 			strcat(msgstring, scratchpad);
+ 			wattrset(table->othpwin, ARPATTR);
+ 			break;
+@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
+ 		wattrset(table->othpwin, UNKNIPATTR);
+ 		protptr = getprotobynumber(entry->protocol);
+ 		if (protptr != NULL) {
+-			sprintf(protname, protptr->p_aliases[0]);
+			sprintf(protname, "%s", protptr->p_aliases[0]);
+ 		} else {
+ 			sprintf(protname, "IP protocol");
+ 			unknown = 1;
+-- 
+1.8.3.2
+
--- a/iptraf-ng.spec
+++ b/iptraf-ng.spec
@ -1,7 +1,7 @@
 Summary:        A console-based network monitoring utility
 Name:           iptraf-ng
 Version:        1.1.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 Source0:        https://fedorahosted.org/releases/i/p/iptraf-ng/%{name}-%{version}.tar.gz
 Source1:        iptraf-ng-logrotate.conf
 URL:            https://fedorahosted.org/iptraf-ng/
@ -11,6 +11,7 @@ BuildRequires:  ncurses-devel
 Obsoletes:      iptraf < 3.1
 Provides:       iptraf = 3.1
 Patch01:        0001-BUGFIX-fix-Floating-point-exception-in-tcplog_flowra.patch
+Patch02:        0002-Makefile-add-Werror-format-security.patch

 %description
 IPTraf-ng is a console-based network monitoring utility.  IPTraf gathers
@ -33,9 +34,10 @@ on a wide variety of supported network cards.
 %prep
 %setup -q
 %patch01 -p1
+%patch02 -p1

 %build
-make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 %{optflags}"
+make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 -Werror=format-security %{optflags}"

 %install
 rm -rf %{buildroot}
@ -66,6 +68,16 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/logrotate.d/iptraf-ng

 %changelog
+* Tue Dec 03 2013 Nikola Pajkovsky <npajkovs@redhat.com> - 1.1.4-4
+- iptraf-ng-1.1.4-4
+
+  Fedora start using -Werror=format-security and iptraf-ng had some
+  parts where error compilation was trigged.
+
+  202b2e7b27a1 Makefile: add -Werror=format-security
+
+  Resolved: #1037133
+
 * Mon Sep 02 2013 Nikola Pajkovsky <npajkovs@redhat.com> - 1.1.4-3
 - 9b32013 BUGFIX: fix "Floating point exception" in tcplog_flowrate_msg() (Vitezslav Samel)