Accepting request 69894 from home:dirkmueller:branches:server:mail

- check format strings OBS-URL: https://build.opensuse.org/request/show/69894 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=112
2011-05-10 02:19:32 +00:00 · 2011-05-10 02:19:32 +00:00 · 5900e5f240
commit 5900e5f240
parent d07a79e748
3 changed files with 158 additions and 1 deletions
--- a/exim.changes
+++ b/exim.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon May  9 13:32:55 CEST 2011 - dmueller@suse.de
+
+- check format strings
+
 -------------------------------------------------------------------
 Sat May  7 13:12:08 UTC 2011 - lars@samba.org

--- a/exim.spec
+++ b/exim.spec
@ -63,6 +63,7 @@ Source30:       eximstats-html-update.py
 Source31:       eximstats.conf
 Patch:          exim-4.12-tail.patch
 Patch1:         109066729a54f6ba5c4e8bc174133da33242e930.diff
+Patch2:         format-security.diff
 %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 

 %package -n eximon
@ -130,6 +131,7 @@ Authors:
 %setup -q -n exim-%{version}
 %patch
 %patch1 -p2
+%patch2
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
@ -241,7 +243,7 @@ cat <<-EOF > Local/Makefile
 	# SPOOL_MODE=0640
 	SUPPORT_MOVE_FROZEN_MESSAGES=yes
 	HAVE_IPV6=YES
-	CFLAGS=$RPM_OPT_FLAGS -Wall -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
+	CFLAGS=$RPM_OPT_FLAGS -Wall -Werror=format-security -Werror=missing-format-attribute -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
 	EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie
 EOF
 touch Local/eximon.conf
--- a/format-security.diff
+++ b/format-security.diff
@ -0,0 +1,150 @@
+--- exim_monitor/em_log.c
+++ exim_monitor/em_log.c
+@@ -58,6 +58,8 @@
+ static int size = 0;
+ static int top = 0;
+ 
+static void show_log(char *s, ...) PRINTF_FUNCTION(1,2);
+
+ static void show_log(char *s, ...)
+ {
+ int length, newtop;
+@@ -364,7 +366,7 @@
+ if (log_datestamping)
+   {
+   uschar log_file_wanted[256];
+-  string_format(log_file_wanted, sizeof(log_file_wanted), CS log_file);
+  string_format(log_file_wanted, sizeof(log_file_wanted), "%s", CS log_file);
+   if (Ustrcmp(log_file_wanted, log_file_open) != 0)
+     {
+     if (LOG != NULL)
+--- exim_monitor/em_main.c
+++ exim_monitor/em_main.c
+@@ -656,7 +656,7 @@
+ 
+ if (log_file[0] != 0)
+   {
+-  (void)string_format(log_file_open, sizeof(log_file_open), CS log_file);
+  (void)string_format(log_file_open, sizeof(log_file_open), "%s", CS log_file);
+   log_datestamping = string_datestamp_offset >= 0;
+ 
+   LOG = fopen(CS log_file_open, "r");
+--- exim_monitor/em_text.c
+++ exim_monitor/em_text.c
+@@ -60,6 +60,8 @@
+ *           Display text from format             *
+ *************************************************/
+ 
+void text_showf(Widget w, char *s, ...) PRINTF_FUNCTION(2,3);
+
+ void text_showf(Widget w, char *s, ...)
+ {
+ va_list ap;
+--- src/demime.c
+++ src/demime.c
+@@ -823,7 +823,7 @@
+     (void)string_vformat(US f, 16383,(char *)format, ap);
+     va_end(ap);
+     f-=22;
+-    log_write(0, LOG_MAIN, f);
+    log_write(0, LOG_MAIN, "%s", f);
+     /* then copy to demime_reason_buffer if new
+     level is greater than old level */
+     if (level > demime_errorlevel) {
+--- src/dkim.c
+++ src/dkim.c
+@@ -176,7 +176,7 @@
+     }
+ 
+     logmsg[ptr] = '\0';
+-    log_write(0, LOG_MAIN, (char *)logmsg);
+    log_write(0, LOG_MAIN, "%s", (char *)logmsg);
+ 
+     /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */
+     dkim_signers = string_append(dkim_signers,
+--- src/exim_dbutil.c
+++ src/exim_dbutil.c
+@@ -59,6 +59,7 @@
+ #include "dbstuff.h"
+ #include "osfunctions.h"
+ #include "store.h"
+#include "local_scan.h"
+ 
+ 
+ /* Identifiers for the different database types. */
+--- src/functions.h
+++ src/functions.h
+@@ -82,7 +82,7 @@
+                   int, int, uschar *, bit_table *, int, uschar *, int);
+ extern address_item *deliver_make_addr(uschar *, BOOL);
+ extern int     deliver_message(uschar *, BOOL, BOOL);
+-extern void    deliver_msglog(const char *, ...);
+extern void    deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2);
+ extern void    deliver_set_expansions(address_item *);
+ extern int     deliver_split_address(address_item *);
+ extern void    deliver_succeeded(address_item *);
+@@ -181,9 +181,9 @@
+ extern uschar *moan_check_errorcopy(uschar *);
+ extern BOOL    moan_skipped_syntax_errors(uschar *, error_block *, uschar *,
+                  BOOL, uschar *);
+-extern void    moan_smtp_batch(uschar *, char *, ...);
+extern void    moan_smtp_batch(uschar *, char *, ...) PRINTF_FUNCTION(2,3);
+ extern void    moan_tell_someone(uschar *, address_item *, uschar *, char *,
+-                 ...);
+                 ...) PRINTF_FUNCTION(4,5);
+ extern BOOL    moan_to_sender(int, error_block *, header_line *, FILE *, BOOL);
+ extern void    moan_write_from(FILE *);
+ extern FILE   *modefopen(uschar *, char *, mode_t);
+@@ -271,7 +271,7 @@
+                  int *);
+ extern void   *search_open(uschar *, int, int, uid_t *, gid_t *);
+ extern void    search_tidyup(void);
+-extern void    set_process_info(char *, ...);
+extern void    set_process_info(char *, ...) PRINTF_FUNCTION(1,2);
+ extern void    sha1_end(sha1 *, const uschar *, int, uschar *);
+ extern void    sha1_mid(sha1 *, const uschar *);
+ extern void    sha1_start(sha1 *);
+@@ -299,7 +299,7 @@
+ extern BOOL    smtp_start_session(void);
+ extern int     smtp_ungetc(int);
+ extern BOOL    smtp_verify_helo(void);
+-extern int     smtp_write_command(smtp_outblock *, BOOL, char *, ...);
+extern int     smtp_write_command(smtp_outblock *, BOOL, char *, ...) PRINTF_FUNCTION(3,4);
+ #ifdef WITH_CONTENT_SCAN
+ extern int     spam(uschar **);
+ extern FILE   *spool_mbox(unsigned long *, uschar *);
+@@ -321,13 +321,13 @@
+ extern uschar *string_copylc(uschar *);
+ extern uschar *string_copynlc(uschar *, int);
+ extern uschar *string_dequote(uschar **);
+-extern BOOL    string_format(uschar *, int, char *, ...);
+extern BOOL    string_format(uschar *, int, char *, ...) PRINTF_FUNCTION(3,4);
+ extern uschar *string_format_size(int, uschar *);
+ extern int     string_interpret_escape(uschar **);
+ extern int     string_is_ip_address(uschar *, int *);
+ extern uschar *string_log_address(address_item *, BOOL, BOOL);
+ extern uschar *string_nextinlist(uschar **, int *, uschar *, int);
+-extern uschar *string_open_failed(int, char *, ...);
+extern uschar *string_open_failed(int, char *, ...) PRINTF_FUNCTION(2,3);
+ extern uschar *string_printing2(uschar *, BOOL);
+ extern uschar *string_split_message(uschar *);
+ extern BOOL    string_vformat(uschar *, int, char *, va_list);
+--- src/local_scan.h
+++ src/local_scan.h
+@@ -175,7 +175,7 @@
+ extern void    header_remove(int, uschar *);
+ extern BOOL    header_testname(header_line *, uschar *, int, BOOL);
+ extern BOOL    header_testname_incomplete(header_line *, uschar *, int, BOOL);
+-extern void    log_write(unsigned int, int, char *format, ...);
+extern void    log_write(unsigned int, int, char *format, ...) PRINTF_FUNCTION(3,4);
+ extern int     lss_b64decode(uschar *, uschar **);
+ extern uschar *lss_b64encode(uschar *, int);
+ extern int     lss_match_domain(uschar *, uschar *);
+@@ -190,6 +190,6 @@
+ extern void    smtp_vprintf(char *, va_list);
+ extern uschar *string_copy(uschar *);
+ extern uschar *string_copyn(uschar *, int);
+-extern uschar *string_sprintf(char *, ...);
+extern uschar *string_sprintf(char *, ...) PRINTF_FUNCTION(1,2);
+ 
+ /* End of local_scan.h */