Package: traceroute
Version: 1:2.0.18-1
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. The hardened build flags exposed missing format
strings, for which I've attached a patch as well.
Cheers,
Moritz
diff -aur traceroute-2.0.18.harden/debian/rules traceroute-2.0.18/debian/rules
--- traceroute-2.0.18.harden/debian/rules 2011-08-28 20:08:01.000000000 +0200
+++ traceroute-2.0.18/debian/rules 2012-01-15 22:10:01.000000000 +0100
@@ -2,6 +2,9 @@
SHELL := sh -e
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
%:
dh ${@}
diff -aur traceroute-2.0.18.harden/Make.rules traceroute-2.0.18/Make.rules
--- traceroute-2.0.18.harden/Make.rules 2012-01-15 22:06:37.000000000 +0100
+++ traceroute-2.0.18/Make.rules 2012-01-15 22:10:29.000000000 +0100
@@ -46,9 +46,6 @@
$(call set, INDENT, true)
gcc = $(findstring gcc,$(CC))
-$(call set, CFLAGS, $(if $(gcc), -O2 -Wall, -O))
-$(call set, CPPFLAGS, )
-$(call set, LDFLAGS, -s)
$(call set, LIBS, )
Nur in traceroute-2.0.18: Make.rules~.
diff -aur traceroute-2.0.18.orig/libsupp/clif.c traceroute-2.0.18/libsupp/clif.c
--- traceroute-2.0.18.orig/libsupp/clif.c 2007-08-06 17:20:17.000000000 +0200
+++ traceroute-2.0.18/libsupp/clif.c 2012-01-15 22:29:52.000000000 +0100
@@ -792,9 +792,9 @@
if (l > 0) {
memset (buf, ' ', l);
buf[l] = '\0';
- fprintf (stderr, buf);
+ fprintf (stderr, "%s", buf);
} else
- fprintf (stderr, spacer);
+ fprintf (stderr, "%s", spacer);
endp = buf + width;
@@ -833,7 +833,7 @@
*p = '\0';
fprintf (stderr, "%s", buf);
- fprintf (stderr, spacer);
+ fprintf (stderr, "%s", spacer);
p++;
for (s = buf; *p; *s++ = *p++) ;
Nur in traceroute-2.0.18/libsupp: clif.c~.
