diff --git a/file-ocloexec.patch b/file-ocloexec.patch new file mode 100644 index 0000000..58d64ea --- /dev/null +++ b/file-ocloexec.patch @@ -0,0 +1,62 @@ +--- src/compress.c.orig ++++ src/compress.c +@@ -256,7 +256,7 @@ file_pipe2file(struct magic_set *ms, int + errno = r; + } + #else +- tfd = mkstemp(buf); ++ tfd = mkostemp(buf, O_CLOEXEC); + te = errno; + (void)unlink(buf); + errno = te; +--- src/apprentice.c.orig ++++ src/apprentice.c +@@ -676,7 +676,7 @@ load_1(struct magic_set *ms, int action, + char *line = NULL; + ssize_t len; + +- FILE *f = fopen(ms->file = fn, "r"); ++ FILE *f = fopen(ms->file = fn, "re"); + if (f == NULL) { + if (errno != ENOENT) + file_error(ms, errno, "cannot read magic file `%s'", +@@ -2226,7 +2226,7 @@ apprentice_map(struct magic_set *ms, str + if (dbname == NULL) + goto error2; + +- if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1) ++ if ((fd = open(dbname, O_RDONLY|O_BINARY|O_CLOEXEC)) == -1) + goto error2; + + if (fstat(fd, &st) == -1) { +@@ -2324,7 +2324,7 @@ apprentice_compile(struct magic_set *ms, + if (dbname == NULL) + goto out; + +- if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) { ++ if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY|O_CLOEXEC, 0644)) == -1) { + file_error(ms, errno, "cannot open `%s'", dbname); + goto out; + } +--- src/magic.c.orig ++++ src/magic.c +@@ -411,7 +411,7 @@ file_or_fd(struct magic_set *ms, const c + if (fstat(fd, &sb) == 0 && S_ISFIFO(sb.st_mode)) + ispipe = 1; + } else { +- int flags = O_RDONLY|O_BINARY; ++ int flags = O_RDONLY|O_BINARY|O_CLOEXEC; + + if (stat(inname, &sb) == 0 && S_ISFIFO(sb.st_mode)) { + #ifdef O_NONBLOCK +--- src/file.c.orig ++++ src/file.c +@@ -385,7 +385,7 @@ unwrap(struct magic_set *ms, const char + f = stdin; + wid = 1; + } else { +- if ((f = fopen(fn, "r")) == NULL) { ++ if ((f = fopen(fn, "re")) == NULL) { + (void)fprintf(stderr, "%s: Cannot open `%s' (%s).\n", + progname, fn, strerror(errno)); + return 1; diff --git a/file.changes b/file.changes index 78896be..7f13430 100644 --- a/file.changes +++ b/file.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat Nov 5 18:37:25 UTC 2011 - crrodriguez@opensuse.org + +- libmagic: use O_CLOEXEC where needed, as there is no warranty + that calling applications will not fork() and we end up leaking + file descriptors to their child processes. + ------------------------------------------------------------------- Sat Oct 1 05:39:05 UTC 2011 - coolo@suse.com diff --git a/file.spec b/file.spec index f78ad18..2d3d4ce 100644 --- a/file.spec +++ b/file.spec @@ -58,6 +58,7 @@ Patch29: file-5.07-llvm.dif Patch30: file-5.07-visibility.patch Patch31: file-5.07-biorad.dif Patch32: file-5.07-clicfs.dif +Patch33: file-ocloexec.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir /etc %global _miscdir %{_datadir}/misc @@ -107,6 +108,7 @@ to develop applications that require the magic "file" interface. %patch31 -p0 -b .biorad %patch32 -p0 -b .clicfs %patch -b .0 +%patch33 %build export LANG=POSIX @@ -115,7 +117,7 @@ rm -f Magdir/*,v Magdir/*~ rm -f ltcf-c.sh ltconfig ltmain.sh autoreconf -fiv CFLAGS="$RPM_OPT_FLAGS -DHOWMANY=69632" -%configure --datadir=%{_miscdir} --disable-static --with-pic --enable-fsect-man5 +%configure --disable-silent-rules --datadir=%{_miscdir} --disable-static --with-pic --enable-fsect-man5 %{__make} %{?_smp_mflags} pkgdatadir='$(datadir)' %if 0%{?build_python_bindings:1} pushd python