diff --git a/0002-Makefile-add-Werror-format-security.patch b/0002-Makefile-add-Werror-format-security.patch new file mode 100644 index 0000000..54192ee --- /dev/null +++ b/0002-Makefile-add-Werror-format-security.patch @@ -0,0 +1,79 @@ +From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001 +Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com> +From: Nikola Pajkovsky +Date: Tue, 3 Dec 2013 12:12:16 +0100 +Subject: [PATCH] Makefile: add -Werror=format-security +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +-Wformat-security + If -Wformat is specified, also warn about uses of format + functions that represent possible security problems. At + present, this warns about calls to printf and scanf functions + where the format string is not a string literal and there are + no format arguments, as in printf (foo);. This may be a + security hole if the format string came from untrusted input + and contains ā€˜%nā€™. (This is currently a subset of what + -Wformat-nonliteral warns about, but in future warnings may be + added to -Wformat-security that are not included in + -Wformat-nonliteral.) + +Signed-off-by: Nikola Pajkovsky +--- + Makefile | 2 +- + src/ipfilter.c | 2 +- + src/othptab.c | 4 ++-- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile b/Makefile +index 46e5632e3287..958b0fbeec0f 100644 +--- a/Makefile ++++ b/Makefile +@@ -18,7 +18,7 @@ VERSION-FILE: FORCE + @$(SHELL_PATH) ./GEN-VERSION-FILE + -include VERSION-FILE + +-CFLAGS = -g -O2 -Wall -W -std=gnu99 ++CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security + LDFLAGS = + ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS) + ALL_LDFLAGS = $(LDFLAGS) +diff --git a/src/ipfilter.c b/src/ipfilter.c +index eb17ec7c7615..8c76e4c801c2 100644 +--- a/src/ipfilter.c ++++ b/src/ipfilter.c +@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask, + snprintf(msgstr, 60, + "Invalid protocol input at or near token \"%s\"", + bptr); +- tui_error(ANYKEY_MSG, msgstr); ++ tui_error(ANYKEY_MSG, "%s", msgstr); + doagain = 1; + } else + doagain = 0; +diff --git a/src/othptab.c b/src/othptab.c +index 5c09241fca99..e23f39e5df45 100644 +--- a/src/othptab.c ++++ b/src/othptab.c +@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry, + break; + } + +- sprintf(scratchpad, rarp_mac_addr); ++ sprintf(scratchpad, "%s", rarp_mac_addr); + strcat(msgstring, scratchpad); + wattrset(table->othpwin, ARPATTR); + break; +@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry, + wattrset(table->othpwin, UNKNIPATTR); + protptr = getprotobynumber(entry->protocol); + if (protptr != NULL) { +- sprintf(protname, protptr->p_aliases[0]); ++ sprintf(protname, "%s", protptr->p_aliases[0]); + } else { + sprintf(protname, "IP protocol"); + unknown = 1; +-- +1.8.3.2 + diff --git a/iptraf-ng.spec b/iptraf-ng.spec index 42e9fe9..4a34eda 100644 --- a/iptraf-ng.spec +++ b/iptraf-ng.spec @@ -1,7 +1,7 @@ Summary: A console-based network monitoring utility Name: iptraf-ng Version: 1.1.4 -Release: 3%{?dist} +Release: 4%{?dist} Source0: https://fedorahosted.org/releases/i/p/iptraf-ng/%{name}-%{version}.tar.gz Source1: iptraf-ng-logrotate.conf URL: https://fedorahosted.org/iptraf-ng/ @@ -11,6 +11,7 @@ BuildRequires: ncurses-devel Obsoletes: iptraf < 3.1 Provides: iptraf = 3.1 Patch01: 0001-BUGFIX-fix-Floating-point-exception-in-tcplog_flowra.patch +Patch02: 0002-Makefile-add-Werror-format-security.patch %description IPTraf-ng is a console-based network monitoring utility. IPTraf gathers @@ -33,9 +34,10 @@ on a wide variety of supported network cards. %prep %setup -q %patch01 -p1 +%patch02 -p1 %build -make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 %{optflags}" +make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 -Werror=format-security %{optflags}" %install rm -rf %{buildroot} @@ -66,6 +68,16 @@ rm -rf %{buildroot} %config(noreplace) %{_sysconfdir}/logrotate.d/iptraf-ng %changelog +* Tue Dec 03 2013 Nikola Pajkovsky - 1.1.4-4 +- iptraf-ng-1.1.4-4 + + Fedora start using -Werror=format-security and iptraf-ng had some + parts where error compilation was trigged. + + 202b2e7b27a1 Makefile: add -Werror=format-security + + Resolved: #1037133 + * Mon Sep 02 2013 Nikola Pajkovsky - 1.1.4-3 - 9b32013 BUGFIX: fix "Floating point exception" in tcplog_flowrate_msg() (Vitezslav Samel)