Package: openswan
Version: 1:2.6.37-1
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. Building with the hardened build flags exposed
two cases of missing format strings, for which I attached a
patch as well.
Cheers,
Moritz
diff -aur openswan-2.6.37.orig/debian/rules openswan-2.6.37/debian/rules
--- openswan-2.6.37.orig/debian/rules 2011-12-21 05:15:35.000000000 +0100
+++ openswan-2.6.37/debian/rules 2012-01-08 20:07:58.000000000 +0100
@@ -6,8 +6,11 @@
#export DH_VERBOSE=1
export DH_OPTIONS
-export CXXFLAGS = -fno-strict-aliasing
-export CFLAGS = -fno-strict-aliasing
+
+DPKG_EXPORT_BUILDFLAGS = 1
+DEB_CFLAGS_MAINT_APPEND=-fno-strict-aliasing
+DEB_CXXFLAGS_MAINT_APPEND=-fno-strict-aliasing
+include /usr/share/dpkg/buildflags.mk
configure: configure-stamp
configure-stamp:
Nur in openswan-2.6.37/debian: rules~.
diff -aur openswan-2.6.37.orig/lib/libpluto/packet.c openswan-2.6.37/lib/libpluto/packet.c
--- openswan-2.6.37.orig/lib/libpluto/packet.c 2011-10-28 23:11:53.000000000 +0200
+++ openswan-2.6.37/lib/libpluto/packet.c 2012-01-08 20:13:27.000000000 +0100
@@ -1433,7 +1433,7 @@
}
/* some failure got us here: report it */
- openswan_loglog(RC_LOG_SERIOUS, ugh);
+ openswan_loglog(RC_LOG_SERIOUS, "%s", ugh);
return FALSE;
}
@@ -1653,7 +1653,7 @@
}
/* some failure got us here: report it */
- loglog(RC_LOG_SERIOUS, ugh); /* ??? serious, but errno not relevant */
+ loglog(RC_LOG_SERIOUS, "%s", ugh); /* ??? serious, but errno not relevant */
return FALSE;
}
Nur in openswan-2.6.37/lib/libpluto: packet.c~.
