From 1dde4686dbe6fec4984203352c1e0a7850d0f027 Mon Sep 17 00:00:00 2001 From: "Gary R. Van Sickle" Date: Mon, 8 Feb 2016 17:20:39 -0600 Subject: [PATCH 1/3] Added -Werror=format-security to configure.ac. --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index 022f3771..639e2f64 100644 --- a/configure.ac +++ b/configure.ac @@ -177,6 +177,7 @@ AS_IF([test -n $CXX11_FLAG], # Boost generates a ton of these warnings. AX_APPEND_COMPILE_FLAGS([-Wno-unused-local-typedefs], [AM_CXXFLAGS]) AX_APPEND_COMPILE_FLAGS([-pthread], [AM_CXXFLAGS]) +AX_APPEND_COMPILE_FLAGS([-Werror=format-security],[AM_CXXFLAGS]) # Put this back in to help with profiling. #AX_APPEND_COMPILE_FLAGS([-fno-omit-frame-pointer], [AM_CXXFLAGS]) AC_LANG_POP([C++]) From 439f436cda6153c16879d3634626cc315de2cb68 Mon Sep 17 00:00:00 2001 From: "Gary R. Van Sickle" Date: Mon, 8 Feb 2016 18:06:36 -0600 Subject: [PATCH 2/3] configure.ac: Added -Wformat -Wformat-security and -Werror=format-security to AM_CXXFLAGS, if compiler supports it. Makefile.am: Added --long option to git describe. Resolves #56. ArgParse.cpp: Changed fprintf() to fputs() to print a non-literal but const string. --- Makefile.am | 4 ++-- configure.ac | 3 ++- src/ArgParse.cpp | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 570026bf..c6460243 100644 --- a/Makefile.am +++ b/Makefile.am @@ -53,7 +53,7 @@ build_info.cpp: FORCE verify-provenance GIT_DESCRIBE=$$(cat $(top_srcdir)/.tarball-version); \ elif (which git && cd $(top_srcdir) && git describe > /dev/null); then \ : We are building from a git repo. ; \ - GIT_DESCRIBE="$$(cd $(top_srcdir) && git describe --dirty)"; \ + GIT_DESCRIBE="$$(cd $(top_srcdir) && git describe --long --dirty)"; \ else GIT_DESCRIBE="unknown"; \ fi; \ echo "const char *g_git_describe = \"$${GIT_DESCRIBE}\";" >> "$@" @@ -74,7 +74,7 @@ verify-provenance: fi; dist-hook: - echo -n "$$(cd $(top_srcdir) && git describe --dirty | tr -d '\r\n')-tarball" > "$(distdir)/.tarball-version" + echo -n "$$(cd $(top_srcdir) && git describe --long --dirty | tr -d '\r\n')-tarball" > "$(distdir)/.tarball-version" ucg_CPPFLAGS = -I $(top_srcdir)/src \ $(BOOST_TR1_CPPFLAGS) $(BOOST_CPPFLAGS) \ diff --git a/configure.ac b/configure.ac index 639e2f64..34804a11 100644 --- a/configure.ac +++ b/configure.ac @@ -177,7 +177,8 @@ AS_IF([test -n $CXX11_FLAG], # Boost generates a ton of these warnings. AX_APPEND_COMPILE_FLAGS([-Wno-unused-local-typedefs], [AM_CXXFLAGS]) AX_APPEND_COMPILE_FLAGS([-pthread], [AM_CXXFLAGS]) -AX_APPEND_COMPILE_FLAGS([-Werror=format-security],[AM_CXXFLAGS]) +AX_APPEND_COMPILE_FLAGS([-Wformat -Wformat-security],[AM_CXXFLAGS]) +AX_APPEND_COMPILE_FLAGS(['-Werror=format-security'],[AM_CXXFLAGS],[-Wformat -Wformat-security]) # Put this back in to help with profiling. #AX_APPEND_COMPILE_FLAGS([-fno-omit-frame-pointer], [AM_CXXFLAGS]) AC_LANG_POP([C++]) diff --git a/src/ArgParse.cpp b/src/ArgParse.cpp index 028c8a88..f7697930 100644 --- a/src/ArgParse.cpp +++ b/src/ArgParse.cpp @@ -343,7 +343,7 @@ void ArgParse::Parse(int argc, char **argv) void ArgParse::PrintVersionText(FILE* stream, struct argp_state* state) { // Print the version string and copyright notice. - std::fprintf(stream, argp_program_version); + std::fputs(argp_program_version, stream); // In addition, we want to print the compiler/version we were built with, the libpcre version and some other info on it, // and any source control version info we can get. From 617543aed057cedca1b6fd6e70930c2095541e19 Mon Sep 17 00:00:00 2001 From: "Gary R. Van Sickle" Date: Mon, 8 Feb 2016 18:09:29 -0600 Subject: [PATCH 3/3] Updated NEWS.md. --- NEWS.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/NEWS.md b/NEWS.md index 8f05663f..d3863d9c 100644 --- a/NEWS.md +++ b/NEWS.md @@ -6,7 +6,7 @@ Minor bugfix/feature release of UniversalCodeGrep (ucg). ### Added -- Added auto-versioning support, improved --version output to display built-from vcs/tarball info, compiler version, libpcre version and info. Resolves #4. +- Added auto-versioning support, improved --version output to display built-from vcs/tarball info, compiler version, libpcre version and info. Resolves #4, #56. - Added performance test vs. grep on Boost --cpp files with regex 'BOOST.*HPP' to testsuite. - Added color-vs-file and color-vs-tty tests to the testsuite. - Performance test suite now captures version info of the programs that are being compared. Resolves #22. @@ -21,6 +21,8 @@ Minor bugfix/feature release of UniversalCodeGrep (ucg). - Fixed extra newline at the start of tty output. Resolves #50. - Merged pull request #54 from ismail/clang-fix: Add sstream include to fix compilation with clang with libc++. +### Security +- Now compiling with -Wformat, -Wformat-security, -Werror=format-security if compiler supports it. Resolves #57. ## [0.2.0] - 2015-12-28 - No news yet.