From ecdddd60656db2fa84e0e84a7e82378a7202da6c Mon Sep 17 00:00:00 2001 From: fendo Date: Mon, 16 Sep 2013 18:22:57 +0200 Subject: [PATCH] * Enabled hardened build flags, thanks Moritz Muehlenhoff (closes: #657846) * Packaging updates * Move to 3.0 (native) source format * Bump DH compat level to 8 * Fix ordering of stdio.h/syslog.h includes (closes: #707385) * Create accounting_dir in init script if necessary (closes: #418156) * Bump Standards-Version to 3.9.4.0 * Add build-arch/build-indep targets to debian/rules * Fix: compiling Warning --- Makefile | 12 +++++------- cli.c | 10 +++++----- debian/compat | 2 +- debian/control | 6 +++--- debian/init.d | 4 ++++ debian/preinst | 13 ------------- debian/rules | 12 +++++------- debian/source/format | 1 + garden.c | 11 ++++++----- l2tpns.c | 10 +++++----- 10 files changed, 35 insertions(+), 46 deletions(-) delete mode 100644 debian/preinst create mode 100644 debian/source/format diff --git a/Makefile b/Makefile index 23189e0..29799e4 100644 --- a/Makefile +++ b/Makefile @@ -10,20 +10,18 @@ DEFINES = DEFINES += -DLIBDIR='"$(libdir)"' DEFINES += -DETCDIR='"$(etcdir)"' -OPTIM = -OPTIM += -g -OPTIM += -O3 +DEB_CFLAGS_MAINT_APPEND=-Wall -O3 -Wno-format-zero-length CC = gcc LD = gcc INCLUDES = -I. -CPPFLAGS = $(INCLUDES) $(DEFINES) -CFLAGS = -Wall -Wformat-security -Wno-format-zero-length $(OPTIM) -LDFLAGS = +CPPFLAGS = `dpkg-buildflags --get CPPFLAGS` $(INCLUDES) $(DEFINES) +CFLAGS = `dpkg-buildflags --get CFLAGS` +LDFLAGS = `dpkg-buildflags --get LDFLAGS` LDLIBS = INSTALL = install -c -D -o root -g root -l2tpns.LIBS = -lm -lcli -ldl +l2tpns.LIBS = -lcli -ldl OBJS = arp.o cli.o cluster.o constants.o control.o icmp.o l2tpns.o \ ll.o md5.o ppp.o radius.o tbf.o util.o pppoe.o l2tplac.o diff --git a/cli.c b/cli.c index d2262d5..f280330 100644 --- a/cli.c +++ b/cli.c @@ -730,7 +730,7 @@ static int cmd_show_counters(struct cli_def *cli, const char *command, char **ar GET_STAT(tun_tx_bytes), GET_STAT(tun_tx_packets), GET_STAT(tun_tx_errors)); - cli_print(cli, ""); + cli_print(cli, " "); cli_print(cli, "%-10s %10s %10s %10s %10s", "Tunnel", "Bytes", "Packets", "Errors", "Retries"); cli_print(cli, "%-10s %10u %10u %10u", "RX", @@ -742,7 +742,7 @@ static int cmd_show_counters(struct cli_def *cli, const char *command, char **ar GET_STAT(tunnel_tx_packets), GET_STAT(tunnel_tx_errors), GET_STAT(tunnel_retries)); - cli_print(cli, ""); + cli_print(cli, " "); cli_print(cli, "%-30s%-10s", "Counter", "Value"); cli_print(cli, "-----------------------------------------"); @@ -808,7 +808,7 @@ static int cmd_show_counters(struct cli_def *cli, const char *command, char **ar char *p = strchr(t, '\n'); if (p) *p = 0; - cli_print(cli, ""); + cli_print(cli, " "); cli_print(cli, "Last counter reset %s", t); } @@ -1791,7 +1791,7 @@ static int cmd_uptime(struct cli_def *cli, const char *command, char **argv, int return CLI_HELP_NO_ARGS; fh = fopen("/proc/loadavg", "r"); - fgets(buf, 100, fh); + p = fgets(buf, 100, fh); fclose(fh); for (i = 0; i < 3; i++) @@ -2220,7 +2220,7 @@ static int cmd_show_bgp(struct cli_def *cli, const char *command, char **argv, i if (!hdr++) { - cli_print(cli, ""); + cli_print(cli, " "); cli_print(cli, "Peer AS Address " "State Retries Retry in Route Pend Timers"); cli_print(cli, "------------------ ----- --------------- " diff --git a/debian/compat b/debian/compat index b8626c4..45a4fb7 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -4 +8 diff --git a/debian/control b/debian/control index cc11d4b..b60e24f 100644 --- a/debian/control +++ b/debian/control @@ -2,12 +2,12 @@ Source: l2tpns Section: net Priority: optional Maintainer: Jonathan McDowell -Build-Depends: debhelper (>> 4), libcli-dev (>> 1.8.5) -Standards-Version: 3.7.2.0 +Build-Depends: debhelper (>> 8), libcli-dev (>> 1.8.5) +Standards-Version: 3.9.4.0 Package: l2tpns Architecture: any -Depends: ${shlibs:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} Description: layer 2 tunnelling protocol network server (LNS) l2tpns is a daemon designed to terminate large volumes of layer 2 tunnelling protocol (RFC 2661: L2TP) sessions. diff --git a/debian/init.d b/debian/init.d index 3da046d..737ce46 100644 --- a/debian/init.d +++ b/debian/init.d @@ -19,6 +19,7 @@ DAEMON=/usr/sbin/l2tpns NAME=l2tpns DESC=l2tpns ARGS="-d" +ACCTDIR=$(grep "set accounting_dir" /etc/l2tpns/startup-config | sed -e 's/.* "//' -e 's/".*//') test -f $DAEMON || exit 0 @@ -27,6 +28,9 @@ set -e case "$1" in start) echo -n "Starting $DESC: " + if [ ! -d "$ACCTDIR" ]; then + mkdir -p "$ACCTDIR" + fi start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $ARGS echo "$NAME." diff --git a/debian/preinst b/debian/preinst deleted file mode 100644 index 61b4735..0000000 --- a/debian/preinst +++ /dev/null @@ -1,13 +0,0 @@ -#! /bin/sh -# preinst script for l2tpns - -set -e - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 - - diff --git a/debian/rules b/debian/rules index 0580bd7..cf9fe8d 100755 --- a/debian/rules +++ b/debian/rules @@ -2,9 +2,6 @@ # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. -ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) - CFLAGS += -g -endif ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) INSTALL_PROGRAM += -s endif @@ -16,8 +13,9 @@ configure-stamp: touch configure-stamp -build: build-stamp - +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp build-stamp: configure-stamp dh_testdir @@ -33,14 +31,14 @@ clean: rm -f build-stamp configure-stamp # Add here commands to clean up after the build process. - -$(MAKE) clean + [ ! -f Makefile ] || $(MAKE) clean dh_clean install: build dh_testdir dh_testroot - dh_clean -k + dh_prep dh_installdirs $(MAKE) install DESTDIR=$(CURDIR)/debian/l2tpns diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/garden.c b/garden.c index 994ecb5..ea5bb99 100644 --- a/garden.c +++ b/garden.c @@ -157,7 +157,7 @@ int plugin_become_master(void) for (i = 0; up_commands[i] && *up_commands[i]; i++) { f->log(3, 0, 0, "Running %s\n", up_commands[i]); - system(up_commands[i]); + int status = system(up_commands[i]); } return PLUGIN_RET_OK; @@ -176,6 +176,7 @@ int garden_session(sessiont *s, int flag, char *newuser) { char cmd[2048]; sessionidt sess; + int status; if (!s) return 0; if (!s->opened) return 0; @@ -191,7 +192,7 @@ int garden_session(sessiont *s, int flag, char *newuser) f->fmtaddr(htonl(s->ip), 0)); f->log(3, sess, s->tunnel, "%s\n", cmd); - system(cmd); + status = system(cmd); s->walled_garden = 1; } else @@ -229,7 +230,7 @@ int garden_session(sessiont *s, int flag, char *newuser) f->log(3, sess, s->tunnel, "%s\n", cmd); while (--count) { - int status = system(cmd); + status = system(cmd); if (WEXITSTATUS(status) != 0) break; } @@ -272,7 +273,7 @@ int plugin_init(struct pluginfuncs *funcs) for (i = 0; down_commands[i] && *down_commands[i]; i++) { f->log(3, 0, 0, "Running %s\n", down_commands[i]); - system(down_commands[i]); + int status = system(down_commands[i]); } } @@ -289,7 +290,7 @@ void plugin_done() for (i = 0; down_commands[i] && *down_commands[i]; i++) { f->log(3, 0, 0, "Running %s\n", down_commands[i]); - system(down_commands[i]); + int status = system(down_commands[i]); } } diff --git a/l2tpns.c b/l2tpns.c index fcd054d..63d110d 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -10,6 +10,7 @@ #include #include #define SYSLOG_NAMES +#include #include #include #include @@ -19,7 +20,6 @@ #include #include #include -#include #include #include #include @@ -5050,9 +5050,9 @@ int main(int argc, char *argv[]) case 'd': if (fork()) exit(0); setsid(); - freopen("/dev/null", "r", stdin); - freopen("/dev/null", "w", stdout); - freopen("/dev/null", "w", stderr); + FILE *in = freopen("/dev/null", "r", stdin); + FILE *out = freopen("/dev/null", "w", stdout); + FILE *err = freopen("/dev/null", "w", stderr); break; case 'v': optdebug++; @@ -5103,7 +5103,7 @@ int main(int argc, char *argv[]) LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno)); // Make core dumps go to /tmp - chdir("/tmp"); + int ret = chdir("/tmp"); } if (config->scheduler_fifo) -- 2.20.1