Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at Tue May 10 09:16:06 CEST 2011.
-------- --- exim/exim.changes 2011-05-07 15:33:18.000000000 +0200 +++ /mounts/work_src_done/STABLE/exim/exim.changes 2011-05-09 13:33:14.000000000 +0200 @@ -1,0 +2,5 @@ +Mon May 9 13:32:55 CEST 2011 - [email protected] + +- check format strings + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- format-security.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ --- /var/tmp/diff_new_pack.gM2RXA/_old 2011-05-10 09:15:14.000000000 +0200 +++ /var/tmp/diff_new_pack.gM2RXA/_new 2011-05-10 09:15:14.000000000 +0200 @@ -41,7 +41,7 @@ PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif Version: 4.75 -Release: 1 +Release: 3 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel Provides: exim = %version @@ -63,6 +63,7 @@ Source31: eximstats.conf Patch: exim-4.12-tail.patch Patch1: 109066729a54f6ba5c4e8bc174133da33242e930.diff +Patch2: format-security.diff %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %package -n eximon @@ -130,6 +131,7 @@ %setup -q -n exim-%{version} %patch %patch1 -p2 +%patch2 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" @@ -241,7 +243,7 @@ # SPOOL_MODE=0640 SUPPORT_MOVE_FROZEN_MESSAGES=yes HAVE_IPV6=YES - CFLAGS=$RPM_OPT_FLAGS -Wall -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE + CFLAGS=$RPM_OPT_FLAGS -Wall -Werror=format-security -Werror=missing-format-attribute -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie EOF touch Local/eximon.conf ++++++ format-security.diff ++++++ --- exim_monitor/em_log.c +++ exim_monitor/em_log.c @@ -58,6 +58,8 @@ static int size = 0; static int top = 0; +static void show_log(char *s, ...) PRINTF_FUNCTION(1,2); + static void show_log(char *s, ...) { int length, newtop; @@ -364,7 +366,7 @@ if (log_datestamping) { uschar log_file_wanted[256]; - string_format(log_file_wanted, sizeof(log_file_wanted), CS log_file); + string_format(log_file_wanted, sizeof(log_file_wanted), "%s", CS log_file); if (Ustrcmp(log_file_wanted, log_file_open) != 0) { if (LOG != NULL) --- exim_monitor/em_main.c +++ exim_monitor/em_main.c @@ -656,7 +656,7 @@ if (log_file[0] != 0) { - (void)string_format(log_file_open, sizeof(log_file_open), CS log_file); + (void)string_format(log_file_open, sizeof(log_file_open), "%s", CS log_file); log_datestamping = string_datestamp_offset >= 0; LOG = fopen(CS log_file_open, "r"); --- exim_monitor/em_text.c +++ exim_monitor/em_text.c @@ -60,6 +60,8 @@ * Display text from format * *************************************************/ +void text_showf(Widget w, char *s, ...) PRINTF_FUNCTION(2,3); + void text_showf(Widget w, char *s, ...) { va_list ap; --- src/demime.c +++ src/demime.c @@ -823,7 +823,7 @@ (void)string_vformat(US f, 16383,(char *)format, ap); va_end(ap); f-=22; - log_write(0, LOG_MAIN, f); + log_write(0, LOG_MAIN, "%s", f); /* then copy to demime_reason_buffer if new level is greater than old level */ if (level > demime_errorlevel) { --- src/dkim.c +++ src/dkim.c @@ -176,7 +176,7 @@ } logmsg[ptr] = '\0'; - log_write(0, LOG_MAIN, (char *)logmsg); + log_write(0, LOG_MAIN, "%s", (char *)logmsg); /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ dkim_signers = string_append(dkim_signers, --- src/exim_dbutil.c +++ src/exim_dbutil.c @@ -59,6 +59,7 @@ #include "dbstuff.h" #include "osfunctions.h" #include "store.h" +#include "local_scan.h" /* Identifiers for the different database types. */ --- src/functions.h +++ src/functions.h @@ -82,7 +82,7 @@ int, int, uschar *, bit_table *, int, uschar *, int); extern address_item *deliver_make_addr(uschar *, BOOL); extern int deliver_message(uschar *, BOOL, BOOL); -extern void deliver_msglog(const char *, ...); +extern void deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2); extern void deliver_set_expansions(address_item *); extern int deliver_split_address(address_item *); extern void deliver_succeeded(address_item *); @@ -181,9 +181,9 @@ extern uschar *moan_check_errorcopy(uschar *); extern BOOL moan_skipped_syntax_errors(uschar *, error_block *, uschar *, BOOL, uschar *); -extern void moan_smtp_batch(uschar *, char *, ...); +extern void moan_smtp_batch(uschar *, char *, ...) PRINTF_FUNCTION(2,3); extern void moan_tell_someone(uschar *, address_item *, uschar *, char *, - ...); + ...) PRINTF_FUNCTION(4,5); extern BOOL moan_to_sender(int, error_block *, header_line *, FILE *, BOOL); extern void moan_write_from(FILE *); extern FILE *modefopen(uschar *, char *, mode_t); @@ -271,7 +271,7 @@ int *); extern void *search_open(uschar *, int, int, uid_t *, gid_t *); extern void search_tidyup(void); -extern void set_process_info(char *, ...); +extern void set_process_info(char *, ...) PRINTF_FUNCTION(1,2); extern void sha1_end(sha1 *, const uschar *, int, uschar *); extern void sha1_mid(sha1 *, const uschar *); extern void sha1_start(sha1 *); @@ -299,7 +299,7 @@ extern BOOL smtp_start_session(void); extern int smtp_ungetc(int); extern BOOL smtp_verify_helo(void); -extern int smtp_write_command(smtp_outblock *, BOOL, char *, ...); +extern int smtp_write_command(smtp_outblock *, BOOL, char *, ...) PRINTF_FUNCTION(3,4); #ifdef WITH_CONTENT_SCAN extern int spam(uschar **); extern FILE *spool_mbox(unsigned long *, uschar *); @@ -321,13 +321,13 @@ extern uschar *string_copylc(uschar *); extern uschar *string_copynlc(uschar *, int); extern uschar *string_dequote(uschar **); -extern BOOL string_format(uschar *, int, char *, ...); +extern BOOL string_format(uschar *, int, char *, ...) PRINTF_FUNCTION(3,4); extern uschar *string_format_size(int, uschar *); extern int string_interpret_escape(uschar **); extern int string_is_ip_address(uschar *, int *); extern uschar *string_log_address(address_item *, BOOL, BOOL); extern uschar *string_nextinlist(uschar **, int *, uschar *, int); -extern uschar *string_open_failed(int, char *, ...); +extern uschar *string_open_failed(int, char *, ...) PRINTF_FUNCTION(2,3); extern uschar *string_printing2(uschar *, BOOL); extern uschar *string_split_message(uschar *); extern BOOL string_vformat(uschar *, int, char *, va_list); --- src/local_scan.h +++ src/local_scan.h @@ -175,7 +175,7 @@ extern void header_remove(int, uschar *); extern BOOL header_testname(header_line *, uschar *, int, BOOL); extern BOOL header_testname_incomplete(header_line *, uschar *, int, BOOL); -extern void log_write(unsigned int, int, char *format, ...); +extern void log_write(unsigned int, int, char *format, ...) PRINTF_FUNCTION(3,4); extern int lss_b64decode(uschar *, uschar **); extern uschar *lss_b64encode(uschar *, int); extern int lss_match_domain(uschar *, uschar *); @@ -190,6 +190,6 @@ extern void smtp_vprintf(char *, va_list); extern uschar *string_copy(uschar *); extern uschar *string_copyn(uschar *, int); -extern uschar *string_sprintf(char *, ...); +extern uschar *string_sprintf(char *, ...) PRINTF_FUNCTION(1,2); /* End of local_scan.h */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
