|
|
|
|
|
|
We do not build with -Werror=format-security yet. Could you try without it?
Once we're sure it is this flag, we can try to make sure you can build with it. |
|
|
|
bareos-format-security.patch (594 bytes)
diff -Nuar bareos-Release-18.2.6.org/core/src/tests/lib_tests.cc bareos-Release-18.2.6/core/src/tests/lib_tests.cc
--- bareos-Release-18.2.6.org/core/src/tests/lib_tests.cc 2019-07-13 11:14:57.946726453 +0200
+++ bareos-Release-18.2.6/core/src/tests/lib_tests.cc 2019-07-13 11:27:00.945847448 +0200
@@ -165,7 +165,7 @@
const BareosVersionNumber &version_test)
{
char bashed_client_name[20];
- sprintf(bashed_client_name, client_name);
+ sprintf(bashed_client_name, "%s", client_name);
BashSpaces(bashed_client_name);
char output_text[64];
|
|
|
|
Yes without it will compile.
But, the setting is security relevant and default since Fedora 28, I create an patch for it.
Here the documentation about the options:
https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md
https://fedoraproject.org/wiki/Format-Security-FAQ
I have tested the patch on build for centos7, fedora 29, fedora 30. |
|
|
|
Add patches for CMakeLists.txt and for the problematic format string.
0001-cmake-treat-format-string-warnings-as-errors.patch (1,319 bytes)
From ae348c6baa7e946b489f78f2749582f23da98dd2 Mon Sep 17 00:00:00 2001
From: Andreas Rogge <andreas.rogge@bareos.com>
Date: Mon, 15 Jul 2019 09:47:43 +0200
Subject: [PATCH 1/2] cmake: treat format-string warnings as errors
The build system for newer Fedoras does this by defaults
and it is probably a good idea to watch out for these, so
we enable -Wformat -Werror=format-security if the compiler
supports it.
---
core/CMakeLists.txt | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/core/CMakeLists.txt b/core/CMakeLists.txt
index 9a1f7e2..c62fc8b 100644
--- a/core/CMakeLists.txt
+++ b/core/CMakeLists.txt
@@ -42,6 +42,16 @@ if (${compiler_will_suggest_override})
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wsuggest-override")
endif()
+# make format-security issues a compiler-error
+CHECK_CXX_COMPILER_FLAG(-Wformat compiler_format_security)
+if (${compiler_format_security})
+ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wformat")
+endif()
+CHECK_CXX_COMPILER_FLAG(-Werror=format-security compiler_error_format_security)
+if (${compiler_error_format_security})
+ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror=format-security")
+endif()
+
# warn on sign-conversion
#include(CheckCCompilerFlag)
#CHECK_C_COMPILER_FLAG(-Wsign-conversion c_compiler_will_warn_sign_conversion)
--
1.8.3.1
0002-tests-fix-format-string-problem.patch (886 bytes)
From a261dcd87ae978da4ff5e910dda8127097d04045 Mon Sep 17 00:00:00 2001
From: Andreas Rogge <andreas.rogge@bareos.com>
Date: Mon, 15 Jul 2019 09:52:29 +0200
Subject: [PATCH 2/2] tests: fix format-string problem
Fixes #1072: 18.2.6 build error on tests
---
core/src/tests/lib_tests.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/src/tests/lib_tests.cc b/core/src/tests/lib_tests.cc
index f76cef3..fc7e7a5 100644
--- a/core/src/tests/lib_tests.cc
+++ b/core/src/tests/lib_tests.cc
@@ -186,7 +186,7 @@ static void do_get_name_from_hello_test(const char* client_string_fmt,
const BareosVersionNumber& version_test)
{
char bashed_client_name[20];
- sprintf(bashed_client_name, client_name);
+ strncpy(bashed_client_name, client_name, 20);
BashSpaces(bashed_client_name);
char output_text[64];
--
1.8.3.1
|
|
|
|
Can you please check whether my attached patches work for you (and maybe apply these to your branch to update the PR)?
Thank you. |
|
|
|
I have tried both patches from you, but both are rejected against the 18.2.6 source code. :( |
|
|
|
the patches are for master, you can adapt them for 18.2 yourself if you want. |
|
|
|
OK.
I have back ported both and tested it with 18.2.6.
They will work as expected, so I will add it to the RP.
So I think we can close this ticket. |
|
|
|
Fix committed to bareos master branch with changesetid 11741. |
|
