From a25592e5775d7830987e1d303ce69fa3cacc5fe879f5f12f2ffafe004c80291a Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 3 Jun 2013 13:59:38 +0000 Subject: [PATCH] Accepting request 177206 from home:elvigia:branches:network:utilities - tcpd-ocloexec.patch: Use O_CLOEXEC whenever neccesary, otherwise fd leaks will follow. OBS-URL: https://build.opensuse.org/request/show/177206 OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpd?expand=0&rev=17 --- tcpd-ocloexec.patch | 70 +++++++++++++++++++++++++++++++++++++++++++++ tcpd.changes | 6 ++++ tcpd.spec | 3 +- 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 tcpd-ocloexec.patch diff --git a/tcpd-ocloexec.patch b/tcpd-ocloexec.patch new file mode 100644 index 0000000..3fd9b94 --- /dev/null +++ b/tcpd-ocloexec.patch @@ -0,0 +1,70 @@ +--- rfc931.c.orig ++++ rfc931.c +@@ -45,7 +45,7 @@ int protocol; + int s; + FILE *fp; + +- if ((s = socket(domain, type, protocol)) < 0) { ++ if ((s = socket(domain, type | SOCK_CLOEXEC, protocol)) < 0) { + tcpd_warn("socket: %m"); + return (0); + } else { +--- tcpdchk.c.orig ++++ tcpdchk.c +@@ -210,7 +210,7 @@ struct request_info *request; + + saved_context = tcpd_context; /* stupid compilers */ + +- if (fp = fopen(table, "r")) { ++ if (fp = fopen(table, "re")) { + tcpd_context.file = table; + tcpd_context.line = 0; + while (xgets(sv_list, sizeof(sv_list), fp)) { +--- inetcf.c.orig ++++ inetcf.c +@@ -81,12 +81,12 @@ char *conf; + * guesses. + */ + if (conf != 0) { +- if ((fp = fopen(conf, "r")) == 0) { ++ if ((fp = fopen(conf, "re")) == 0) { + fprintf(stderr, percent_m(buf, "open %s: %m\n"), conf); + exit(1); + } + } else { +- for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "r")) == 0; i++) ++ for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "re")) == 0; i++) + /* void */ ; + if (!fp) { + fprintf(stderr, "Cannot find your inetd.conf or tlid.conf file.\n"); +--- options.c.orig ++++ options.c +@@ -227,7 +227,7 @@ struct request_info *request; + FILE *fp; + + sprintf(path, "%s/%s", value, eval_daemon(request)); +- if ((fp = fopen(path, "r")) != 0) { ++ if ((fp = fopen(path, "re")) != 0) { + while ((ch = fgetc(fp)) == 0) + write(request->fd, "", 1); + ungetc(ch, fp); +--- hosts_access.c.orig ++++ hosts_access.c +@@ -173,7 +173,7 @@ struct request_info *request; + * file descriptor leaks. + */ + +- if ((fp = fopen(table, "r")) != 0) { ++ if ((fp = fopen(table, "re")) != 0) { + tcpd_context.file = table; + tcpd_context.line = 0; + while (match == NO && xgets(sv_list, sizeof(sv_list), fp) != 0) { +@@ -283,7 +283,7 @@ struct hosts_info *host; + int match = NO; + FILE *fp; + +- if ((fp = fopen(path, "r")) != 0) { ++ if ((fp = fopen(path, "re")) != 0) { + while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host))) + /* void */ ; + fclose(fp); diff --git a/tcpd.changes b/tcpd.changes index 38f1dba..c4071fd 100644 --- a/tcpd.changes +++ b/tcpd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jun 3 00:17:04 UTC 2013 - crrodriguez@opensuse.org + +- tcpd-ocloexec.patch: Use O_CLOEXEC whenever neccesary, + otherwise fd leaks will follow. + ------------------------------------------------------------------- Fri Apr 5 10:39:36 UTC 2013 - idonmez@suse.com diff --git a/tcpd.spec b/tcpd.spec index 773c28a..f1a2dc8 100644 --- a/tcpd.spec +++ b/tcpd.spec @@ -62,6 +62,7 @@ Patch25: tcp_wrappers_%{version}-shared-lib2.diff Patch26: tcp_wrappers_%{version}-fedora-bug17795.diff Patch27: tcp_wrappers_%{version}-fedora-bug17847.diff Patch28: tcp_wrappers_7.6-implicit-decl.patch +Patch29: tcpd-ocloexec.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -123,7 +124,7 @@ to compile and link programs against the TCP wrapper library. %patch26 %patch27 %patch28 - +%patch29 %build # make RPM_OPT_FLAGS="%{optflags} -fPIC -DPIC -D_REENTRANT -DHAVE_STRERROR" LDFLAGS="-pie" MAJOR=%{LIB_MAJOR} MINOR=%{LIB_MINOR} REL=%{LIB_REL} linux make %{?_smp_mflags} linux CC="gcc"