diff --git a/SOURCES/0001-fix-segfault-in-adding-interface.patch b/SOURCES/0001-fix-segfault-in-adding-interface.patch new file mode 100644 index 0000000..bc5391b --- /dev/null +++ b/SOURCES/0001-fix-segfault-in-adding-interface.patch @@ -0,0 +1,83 @@ +From 0433c9062acfa62b663126485581e22d49a029e2 Mon Sep 17 00:00:00 2001 +From: Phil Cameron +Date: Fri, 15 Apr 2016 13:35:41 -0400 +Subject: [PATCH] fix segfault in adding interface + + bugzilla 1283773 + + Signed-off-by: Phil Cameron +--- + ...tionptr-properly-allocate-newly-created-i.patch | 63 ++++++++++++++++++++++ + iptraf-ng.spec | 7 ++- + 2 files changed, 69 insertions(+), 1 deletion(-) + create mode 100644 0003-bugfix-positionptr-properly-allocate-newly-created-i.patch + +diff --git a/0003-bugfix-positionptr-properly-allocate-newly-created-i.patch b/0003-bugfix-positionptr-properly-allocate-newly-created-i.patch +new file mode 100644 +index 0000000..a850458 +--- /dev/null ++++ b/0003-bugfix-positionptr-properly-allocate-newly-created-i.patch +@@ -0,0 +1,63 @@ ++From 690663d07f29789c1ba2260e59c4f71b8721dea6 Mon Sep 17 00:00:00 2001 ++From: Vitezslav Samel ++Date: Thu, 17 Apr 2014 14:24:23 +0200 ++Subject: [PATCH 001/111] bugfix: positionptr(): properly allocate newly ++ created interfaces ++ ++When creating new entry in interface list (for interface created when ++ifstats() already running) we must allocate/init the rate too. ++ ++Fix this bug by creating new function alloc_iflist_entry() and use it ++where appropriate. ++ ++Signed-off-by: Vitezslav Samel ++Signed-off-by: Nikola Pajkovsky ++--- ++ src/ifstats.c | 16 ++++++++++++---- ++ 1 file changed, 12 insertions(+), 4 deletions(-) ++ ++diff --git a/src/ifstats.c b/src/ifstats.c ++index 2eb51b6..2a5bba4 100644 ++--- a/src/ifstats.c +++++ b/src/ifstats.c ++@@ -126,6 +126,15 @@ static int ifinlist(struct iflist *list, char *ifname) ++ return result; ++ } ++ +++static struct iflist *alloc_iflist_entry(void) +++{ +++ struct iflist *tmp = xmallocz(sizeof(struct iflist)); +++ +++ rate_alloc(&tmp->rate, 5); +++ +++ return tmp; +++} +++ ++ /* ++ * Initialize the list of interfaces. This linked list is used in the ++ * selection boxes as well as in the general interface statistics screen. ++@@ -171,10 +180,9 @@ static void initiflist(struct iflist **list) ++ * At this point, the interface is now sure to be up and running. ++ */ ++ ++- struct iflist *itmp = xmallocz(sizeof(struct iflist)); ++- strcpy(itmp->ifname, ifname); +++ struct iflist *itmp = alloc_iflist_entry(); ++ itmp->ifindex = ifindex; ++- rate_alloc(&itmp->rate, 5); +++ strcpy(itmp->ifname, ifname); ++ ++ /* make the linked list sorted by ifindex */ ++ struct iflist *cur = *list, *last = NULL; ++@@ -211,7 +219,7 @@ static struct iflist *positionptr(struct iflist *iflist, const int ifindex) ++ } ++ /* no interface was found, try to create new one */ ++ if (ptmp == NULL) { ++- struct iflist *itmp = xmallocz(sizeof(struct iflist)); +++ struct iflist *itmp = alloc_iflist_entry(); ++ itmp->ifindex = ifindex; ++ itmp->index = last->index + 1; ++ int r = dev_get_ifname(ifindex, itmp->ifname); ++-- ++2.5.5 ++ diff --git a/SOURCES/0002-Makefile-add-Werror-format-security.patch b/SOURCES/0002-Makefile-add-Werror-format-security.patch new file mode 100644 index 0000000..54192ee --- /dev/null +++ b/SOURCES/0002-Makefile-add-Werror-format-security.patch @@ -0,0 +1,79 @@ +From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001 +Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com> +From: Nikola Pajkovsky +Date: Tue, 3 Dec 2013 12:12:16 +0100 +Subject: [PATCH] Makefile: add -Werror=format-security +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +-Wformat-security + If -Wformat is specified, also warn about uses of format + functions that represent possible security problems. At + present, this warns about calls to printf and scanf functions + where the format string is not a string literal and there are + no format arguments, as in printf (foo);. This may be a + security hole if the format string came from untrusted input + and contains ‘%n’. (This is currently a subset of what + -Wformat-nonliteral warns about, but in future warnings may be + added to -Wformat-security that are not included in + -Wformat-nonliteral.) + +Signed-off-by: Nikola Pajkovsky +--- + Makefile | 2 +- + src/ipfilter.c | 2 +- + src/othptab.c | 4 ++-- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile b/Makefile +index 46e5632e3287..958b0fbeec0f 100644 +--- a/Makefile ++++ b/Makefile +@@ -18,7 +18,7 @@ VERSION-FILE: FORCE + @$(SHELL_PATH) ./GEN-VERSION-FILE + -include VERSION-FILE + +-CFLAGS = -g -O2 -Wall -W -std=gnu99 ++CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security + LDFLAGS = + ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS) + ALL_LDFLAGS = $(LDFLAGS) +diff --git a/src/ipfilter.c b/src/ipfilter.c +index eb17ec7c7615..8c76e4c801c2 100644 +--- a/src/ipfilter.c ++++ b/src/ipfilter.c +@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask, + snprintf(msgstr, 60, + "Invalid protocol input at or near token \"%s\"", + bptr); +- tui_error(ANYKEY_MSG, msgstr); ++ tui_error(ANYKEY_MSG, "%s", msgstr); + doagain = 1; + } else + doagain = 0; +diff --git a/src/othptab.c b/src/othptab.c +index 5c09241fca99..e23f39e5df45 100644 +--- a/src/othptab.c ++++ b/src/othptab.c +@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry, + break; + } + +- sprintf(scratchpad, rarp_mac_addr); ++ sprintf(scratchpad, "%s", rarp_mac_addr); + strcat(msgstring, scratchpad); + wattrset(table->othpwin, ARPATTR); + break; +@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry, + wattrset(table->othpwin, UNKNIPATTR); + protptr = getprotobynumber(entry->protocol); + if (protptr != NULL) { +- sprintf(protname, protptr->p_aliases[0]); ++ sprintf(protname, "%s", protptr->p_aliases[0]); + } else { + sprintf(protname, "IP protocol"); + unknown = 1; +-- +1.8.3.2 + diff --git a/SOURCES/iptraf-ng-logrotate.conf b/SOURCES/iptraf-ng-logrotate.conf index 895ebe3..1b05165 100644 --- a/SOURCES/iptraf-ng-logrotate.conf +++ b/SOURCES/iptraf-ng-logrotate.conf @@ -1,5 +1,5 @@ # Logrotate file for iptraf -/var/log/iptraf/*.log { +/var/log/iptraf-ng/*.log { compress delaycompress missingok diff --git a/SOURCES/iptraf-ng-tmpfiles.conf b/SOURCES/iptraf-ng-tmpfiles.conf new file mode 100644 index 0000000..2c915d8 --- /dev/null +++ b/SOURCES/iptraf-ng-tmpfiles.conf @@ -0,0 +1 @@ +d /run/iptraf-ng 0755 root root - diff --git a/SPECS/iptraf-ng.spec b/SPECS/iptraf-ng.spec index 366a53b..16b4226 100644 --- a/SPECS/iptraf-ng.spec +++ b/SPECS/iptraf-ng.spec @@ -1,9 +1,10 @@ Summary: A console-based network monitoring utility Name: iptraf-ng Version: 1.1.4 -Release: 4%{?dist} +Release: 6%{?dist} Source0: https://fedorahosted.org/releases/i/p/iptraf-ng/%{name}-%{version}.tar.gz -Source1: iptraf-ng-logrotate.conf +Source1: %{name}-logrotate.conf +Source2: %{name}-tmpfiles.conf URL: https://fedorahosted.org/iptraf-ng/ License: GPLv2+ Group: Applications/System @@ -11,13 +12,15 @@ BuildRequires: ncurses-devel Obsoletes: iptraf < 3.1 Provides: iptraf = 3.1 Patch01: 0001-BUGFIX-fix-Floating-point-exception-in-tcplog_flowra.patch +Patch02: 0002-Makefile-add-Werror-format-security.patch +Patch03: 0001-fix-segfault-in-adding-interface.patch %description IPTraf-ng is a console-based network monitoring utility. IPTraf gathers data like TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts. IPTraf-ng features include an IP traffic monitor -which shows TCP flag information, packet and byte counts, ICMP +which shows TCP olag information, packet and byte counts, ICMP details, OSPF packet types, and oversized IP packet warnings; interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity and packet size @@ -33,9 +36,11 @@ on a wide variety of supported network cards. %prep %setup -q %patch01 -p1 +%patch02 -p1 +%patch03 -p1 %build -make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 %{optflags}" +make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 -Werror=format-security %{optflags}" %install rm -rf %{buildroot} @@ -47,7 +52,13 @@ find Documentation -type f | grep -v '\.html$\|\.png$\|/stylesheet' | \ install -D -m 0644 -p %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/iptraf-ng -install -d -m 0755 %{buildroot}%{_localstatedir}/{lock,log,lib}/iptraf-ng +install -d -m 0755 %{buildroot}%{_localstatedir}/{log,lib}/iptraf-ng + +mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d +install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf + +mkdir -p %{buildroot}/run +install -d -m 0755 %{buildroot}/run/%{name}/ %clean rm -rf %{buildroot} @@ -60,12 +71,27 @@ rm -rf %{buildroot} %{_sbindir}/rvnamed-ng %{_mandir}/man8/iptraf-ng.8* %{_mandir}/man8/rvnamed-ng.8* -%{_localstatedir}/lock/iptraf-ng %{_localstatedir}/log/iptraf-ng %{_localstatedir}/lib/iptraf-ng %config(noreplace) %{_sysconfdir}/logrotate.d/iptraf-ng +%dir /run/%{name}/ +%{_prefix}/lib/tmpfiles.d/%{name}.conf %changelog +* Fri Apr 15 2016 Phil Cameron - 1.1.4-6 +- fix 1283773 - segfault in rate_add_rate + + Jun 17 2014 Alejandro Pérez + fix 1109768 bad configuration logrotate + Mar 02 2014 Alejandro Pérez + fix bug 1020552 - rpm report /var/lock/ipraf-ng is missing + added missing file iptraf-nf-tmpfiles.conf + Dec 03 2013 Nikola Pajkovsky + Fedora start using -Werror=format-security and iptraf-ng had some + parts where error compilation was trigged. + 202b2e7b27a1 Makefile: add -Werror=format-security + Resolved: #1037133 + * Fri Jan 24 2014 Daniel Mach - 1.1.4-4 - Mass rebuild 2014-01-24 @@ -99,8 +125,8 @@ rm -rf %{buildroot} * Thu Feb 02 2012 Nikola Pajkovsky - 1.1.1-1 - new upstream iptraf-ng-1.1.1 -* Mon Jan 16 2011 Nikola Pajkovsky - 1.1.0-2 +* Sun Jan 16 2011 Nikola Pajkovsky - 1.1.0-2 - fix wrongly used execl -* Wed Jan 11 2011 Nikola Pajkovsky - 1.1.0-1 +* Tue Jan 11 2011 Nikola Pajkovsky - 1.1.0-1 - Initialization build