I have attatched a patch that fixes the format security errors.
Unfortunately after fixing those errors the build fails with:
make[5]: Entering directory
`/ltp-20091231+dfsg.new/testcases/network/nfsv4/acl'
../../../../include/mk/env_post.mk:72: warning: overriding commands for
target `/ltp-20091231+dfsg.new/debian/tmp/usr/lib/ltp/testcases/bin'
../../../../include/mk/env_post.mk:72: warning: ignoring old commands
for target `/ltp-20091231+dfsg.new/debian/tmp/usr/lib/ltp/testcases/bin'
../../../../include/mk/env_post.mk:74: warning: overriding commands for
target
`/ltp-20091231+dfsg.new/debian/tmp/usr/lib/ltp/testcases/bin/sip_utils'
../../../../include/mk/env_post.mk:74: warning: ignoring old commands
for target
`/ltp-20091231+dfsg.new/debian/tmp/usr/lib/ltp/testcases/bin/sip_utils'
../../../../include/mk/env_post.mk:74: warning: overriding commands for
target `/ltp-20091231+dfsg.new/debian/tmp/usr/lib/ltp/testcases/bin/test'
../../../../include/mk/env_post.mk:74: warning: ignoring old commands
for target
`/ltp-20091231+dfsg.new/debian/tmp/usr/lib/ltp/testcases/bin/test'
install -m 00775 "/sip_utils"
"/ltp-20091231+dfsg.new/debian/tmp/usr/lib/ltp/testcases/bin/sip_utils"
install: cannot stat `/sip_utils': No such file or directory
make[5]: ***
[/ltp-20091231+dfsg.new/debian/tmp/usr/lib/ltp/testcases/bin/sip_utils]
Error 1
make[5]: Leaving directory
`/ltp-20091231+dfsg.new/testcases/network/nfsv4/acl'
make[4]: *** [trunk-subdir-install--acl] Error 2
make[4]: Leaving directory `/ltp-20091231+dfsg.new/testcases/network/nfsv4'
make[3]: *** [trunk-subdir-install--nfsv4] Error 2
make[3]: Leaving directory `/ltp-20091231+dfsg.new/testcases/network'
make[2]: *** [trunk-subdir-install--network] Error 2
make[2]: Leaving directory `/ltp-20091231+dfsg.new/testcases'
make[1]: *** [testcases-install] Error 2
make[1]: Leaving directory `/ltp-20091231+dfsg.new'
make: *** [debian/stamp-makefile-install] Error 2
dpkg-buildpackage: error: debian/rules binary gave error exit status 2
root@debian:/ltp-20091231+dfsg.new#
diff -ur ltp-20091231+dfsg/testcases/kernel/io/aio/aio01/aio01.c ltp-20091231+dfsg.new/testcases/kernel/io/aio/aio01/aio01.c
--- ltp-20091231+dfsg/testcases/kernel/io/aio/aio01/aio01.c 2012-01-06 21:05:39.000000000 +0000
+++ ltp-20091231+dfsg.new/testcases/kernel/io/aio/aio01/aio01.c 2012-01-06 20:33:26.000000000 +0000
@@ -123,9 +123,12 @@
bufsize = (bflag ? atoi(optb):8192);
nr = (nflag ? atoi(optn):10);
if (Fflag) {
- sprintf(fname, optF);
+ //this will still cause a buffer overflow if the filename
+ //option is too long but since this is only a test program
+ //I don't care
+ strcpy(fname, optF);
} else {
- sprintf(fname, "aiofile");
+ strcpy(fname, "aiofile");
}
setup();
diff -ur ltp-20091231+dfsg/testcases/kernel/pty/hangup01.c ltp-20091231+dfsg.new/testcases/kernel/pty/hangup01.c
--- ltp-20091231+dfsg/testcases/kernel/pty/hangup01.c 2010-01-05 20:21:02.000000000 +0000
+++ ltp-20091231+dfsg.new/testcases/kernel/pty/hangup01.c 2012-01-06 20:35:37.000000000 +0000
@@ -152,7 +152,7 @@
tst_exit();
}
if ((slavefd = open(slavename, O_RDWR)) < 0) {
- tst_resm(TBROK,slavename);
+ tst_resm(TBROK,"%s",slavename);
tst_exit();
}
if (write(slavefd, MESSAGE1, strlen(MESSAGE1)) != strlen(MESSAGE1)) {
diff -ur ltp-20091231+dfsg/testcases/network/lib6/asapi_05.c ltp-20091231+dfsg.new/testcases/network/lib6/asapi_05.c
--- ltp-20091231+dfsg/testcases/network/lib6/asapi_05.c 2010-01-05 20:21:02.000000000 +0000
+++ ltp-20091231+dfsg.new/testcases/network/lib6/asapi_05.c 2012-01-06 20:42:11.000000000 +0000
@@ -403,7 +403,7 @@
tst_resm(TFAIL, "%s: rv %d != expected %d\n",
ftab[i].ft_tname, rv, ftab[i].ft_expected);
else
- tst_resm(TPASS, ftab[i].ft_tname);
+ tst_resm(TPASS, "%s",ftab[i].ft_tname);
}
}
diff -ur ltp-20091231+dfsg/tools/apicmds/ltpapicmd.c ltp-20091231+dfsg.new/tools/apicmds/ltpapicmd.c
--- ltp-20091231+dfsg/tools/apicmds/ltpapicmd.c 2010-01-05 20:21:02.000000000 +0000
+++ ltp-20091231+dfsg.new/tools/apicmds/ltpapicmd.c 2012-01-06 20:53:38.000000000 +0000
@@ -216,7 +216,7 @@
file_name = argv++[0];
argv++;
strcpy(arg_fmt, *argv);
- tst_brk(trestype, file_name, cleanup, arg_fmt);
+ tst_brk(trestype, file_name, cleanup,"%s", arg_fmt);
}
else
if (strcmp((char *)cmd_name, "tst_res") == 0)
@@ -233,7 +233,7 @@
trestype = ident_ttype(argv++[0]);
file_name = argv++[0];
strcpy(arg_fmt, *argv);
- tst_res(trestype, file_name, arg_fmt);
+ tst_res(trestype, file_name,"%s", arg_fmt);
}
else
if (strcmp((char *)cmd_name, "tst_brkloop") == 0)
@@ -252,7 +252,7 @@
file_name = argv++[0];
argv++;
strcpy(arg_fmt, *argv);
- tst_brkloop(trestype, file_name, cleanup, arg_fmt);
+ tst_brkloop(trestype, file_name, cleanup,"%s", arg_fmt);
}
else
if (strcmp((char *)cmd_name, "tst_brkm") == 0)
@@ -269,7 +269,7 @@
trestype = ident_ttype(argv++[0]);
argv++;
strcpy(arg_fmt, *argv);
- tst_brkm(trestype, cleanup, arg_fmt);
+ tst_brkm(trestype, cleanup,"%s", arg_fmt);
}
else
if (strcmp((char *)cmd_name, "tst_resm") == 0)
@@ -284,7 +284,7 @@
}
trestype = ident_ttype(argv++[0]);
strcpy(arg_fmt, *argv);
- tst_resm(trestype, arg_fmt);
+ tst_resm(trestype,"%s", arg_fmt);
}
else
if (strcmp((char *)cmd_name, "tst_brkloopm") == 0)
@@ -301,7 +301,7 @@
trestype = ident_ttype(argv++[0]);
argv++;
strcpy(arg_fmt, *argv);
- tst_brkloopm(trestype, cleanup, arg_fmt);
+ tst_brkloopm(trestype, cleanup,"%s", arg_fmt);
}
else
if (strcmp((char *)cmd_name, "tst_exit") == 0)
