gentoo resync : 10.11.2017

1 files changed, 115 insertions, 0 deletions

diff --git a/net-analyzer/ndoutils/files/format-security.patch b/net-analyzer/ndoutils/files/format-security.patch
new file mode 100644
index 000000000000..75be7dc32103
--- /dev/null
+++ b/net-analyzer/ndoutils/files/format-security.patch
@@ -0,0 +1,115 @@
+From 07891e8fcf692552c57e64429fd52da9e682f6d2 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sat, 22 Jul 2017 16:38:03 -0400
+Subject: [PATCH 1/1] src/queue.c: fix format-security warnings with explicit
+ "%s" format string.
+
+The syslog() function takes as its second argument a format string (a
+la printf), but if the third parameter is a string, then the format
+string can be omitted. This has led to security vulnerabilities in the
+past, and compilers can now warn about it. In particular, GCC has the
+-Wformat-security option, which can be made an error with
+-Werror=format-security.
+
+A few such two-argument calls were present in src/queue.c, where
+constant strings were being logged to syslog. This commit adds the
+second format string parameter (simply "%s" in this case) to avoid the
+compiler warnings.
+
+More information about format-security can be found in Fedora's FAQ:
+
+  https://fedoraproject.org/wiki/Format-Security-FAQ
+---
+ src/queue.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/src/queue.c b/src/queue.c
+index 8cb7445..50bb519 100644
+--- a/src/queue.c
++++ b/src/queue.c
+@@ -50,7 +50,7 @@ void del_queue() {
+ 	struct msqid_ds buf;
+ 
+ 	if (msgctl(queue_id,IPC_RMID,&buf) < 0) {
+-		syslog(LOG_ERR,"Error: queue remove error.\n");
++		syslog(LOG_ERR, "%s", "Error: queue remove error.\n");
+ 	}
+ }
+ 
+@@ -58,7 +58,7 @@ int get_queue_id(int id) {
+ 	key_t key = ftok(NDO_QUEUE_PATH, NDO_QUEUE_ID+id);
+ 
+ 	if ((queue_id = msgget(key, IPC_CREAT | 0600)) < 0) {
+-		syslog(LOG_ERR,"Error: queue init error.\n");
++		syslog(LOG_ERR, "%s", "Error: queue init error.\n");
+ 	}
+ }
+ 
+@@ -99,7 +99,7 @@ void log_retry( void) {
+ 		if(msgctl(queue_id, IPC_STAT, &queue_stats)) {
+ 			sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_STAT: %d", errno);
+ 			sprintf(logmsg, logfmt, curstats);
+-			syslog(LOG_ERR, logmsg);
++			syslog(LOG_ERR, "%s", logmsg);
+ 			}
+ 		else {
+ #if defined( __linux__)
+@@ -108,24 +108,24 @@ void log_retry( void) {
+ 			if( msgmni < 0) {
+ 				sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_INFO: %d", errno);
+ 				sprintf(logmsg, logfmt, curstats);
+-				syslog(LOG_ERR, logmsg);
++				syslog(LOG_ERR, "%s", logmsg);
+ 				}
+ 			else {
+ 				sprintf(curstats, statsfmt, queue_stats.msg_qnum,
+ 						(unsigned long)msgmni, queue_stats.__msg_cbytes,
+ 						queue_stats.msg_qbytes);
+ 				sprintf(logmsg, logfmt, curstats);
+-				syslog(LOG_ERR, logmsg);
++				syslog(LOG_ERR, "%s", logmsg);
+ 				}
+ #else
+ 			sprintf(logmsg, logfmt, "");
+-			syslog(LOG_ERR, logmsg);
++			syslog(LOG_ERR, "%s", logmsg);
+ #endif
+ 			}
+ 		last_retry_log_time = now;
+ 		}
+ 	else {
+-		syslog(LOG_ERR,"Warning: queue send error, retrying...\n");
++		syslog(LOG_ERR, "%s", "Warning: queue send error, retrying...\n");
+ 		}
+ }
+ 
+@@ -155,14 +155,14 @@ void push_into_queue (char* buf) {
+ 					#endif
+ 				}
+ 				if (retrynum < MAX_RETRIES) {
+-					syslog(LOG_ERR,"Message sent to queue.\n");
++					syslog(LOG_ERR, "%s", "Message sent to queue.\n");
+ 					}
+ 				else {
+-					syslog(LOG_ERR,"Error: max retries exceeded sending message to queue. Kernel queue parameters may need to be tuned. See README.\n");
++					syslog(LOG_ERR, "%s", "Error: max retries exceeded sending message to queue. Kernel queue parameters may need to be tuned. See README.\n");
+ 				}
+ 			}
+ 		else {
+-			syslog(LOG_ERR,"Error: queue send error.\n");
++			syslog(LOG_ERR, "%s", "Error: queue send error.\n");
+ 			}
+ 		}
+ 
+@@ -175,7 +175,7 @@ char* pop_from_queue() {
+ 	zero_string(msg.text, NDO_MAX_MSG_SIZE);
+ 
+ 	if (msgrcv(queue_id, &msg, queue_buff_size, NDO_MSG_TYPE, MSG_NOERROR) < 0) {
+-		syslog(LOG_ERR,"Error: queue recv error.\n");
++		syslog(LOG_ERR, "%s", "Error: queue recv error.\n");
+ 	}
+ 
+ 	int size = strlen(msg.text);
+-- 
+2.13.0
+