rpms/iputils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- fixes #662720 - Providing native systemd file

Browse Source 
- freeing memory when capabilities are dropped
This commit is contained in:
Jiri Skala 2010-12-15 16:27:40 +01:00
parent e1736c3c95
commit 3b540d0346
3 changed files with 52 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
iputils-20101006-drop_caps.patch
View File

@ -1,6 +1,6 @@
diff -up iputils-s20101006/Makefile.drop_caps iputils-s20101006/Makefile diff -up iputils-s20101006/Makefile.drop_caps iputils-s20101006/Makefile
--- iputils-s20101006/Makefile.drop_caps 2010-11-08 09:31:42.000000000 +0100 --- iputils-s20101006/Makefile.drop_caps 2010-11-08 14:49:53.334577997 +0100
+++ iputils-s20101006/Makefile 2010-11-08 09:34:26.858580455 +0100 +++ iputils-s20101006/Makefile 2010-11-08 14:49:53.342599113 +0100
@@ -13,7 +13,7 @@ ADDLIB= @@ -13,7 +13,7 @@ ADDLIB=
CC=gcc CC=gcc
# What a pity, all new gccs are buggy and -Werror does not work. Sigh. # What a pity, all new gccs are buggy and -Werror does not work. Sigh.
@ -24,8 +24,8 @@ diff -up iputils-s20101006/Makefile.drop_caps iputils-s20101006/Makefile
ping.o ping6.o ping_common.o: ping_common.h in6_flowlabel.h ping.o ping6.o ping_common.o: ping_common.h in6_flowlabel.h
tftpd.o tftpsubs.o: tftp.h tftpd.o tftpsubs.o: tftp.h
diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c
--- iputils-s20101006/ping6.c.drop_caps 2010-11-08 09:31:42.120827826 +0100 --- iputils-s20101006/ping6.c.drop_caps 2010-11-08 14:49:53.338587611 +0100
+++ iputils-s20101006/ping6.c 2010-11-08 09:31:42.125837869 +0100 +++ iputils-s20101006/ping6.c 2010-12-15 16:06:16.949794002 +0100
@@ -73,6 +73,10 @@ char copyright[] = @@ -73,6 +73,10 @@ char copyright[] =
#include <netinet/icmp6.h> #include <netinet/icmp6.h>
#include <resolv.h> #include <resolv.h>
@ -37,7 +37,7 @@ diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c
#include "ping6_niquery.h" #include "ping6_niquery.h"
#include "in6_flowlabel.h" #include "in6_flowlabel.h"
@@ -533,10 +537,22 @@ int main(int argc, char *argv[]) @@ -533,6 +537,9 @@ int main(int argc, char *argv[])
int csum_offset, sz_opt; int csum_offset, sz_opt;
#endif #endif
static uint32_t scope_id = 0; static uint32_t scope_id = 0;
@ -47,6 +47,9 @@ diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c
icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
socket_errno = errno; socket_errno = errno;
@@ -543,6 +550,16 @@ int main(int argc, char *argv[])
exit(-1);
}
+#ifdef HAVE_CAPABILITIES +#ifdef HAVE_CAPABILITIES
+ /* drop all capabilities unconditionally so even root isn't special anymore */ + /* drop all capabilities unconditionally so even root isn't special anymore */
@ -55,14 +58,15 @@ diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c
+ perror("ping: cap_set_proc"); + perror("ping: cap_set_proc");
+ exit(-1); + exit(-1);
+ } + }
+ cap_free(caps);
+#endif +#endif
+ +
uid = getuid(); source.sin6_family = AF_INET6;
if (setuid(uid)) { memset(&firsthop, 0, sizeof(firsthop));
perror("ping: setuid"); firsthop.sin6_family = AF_INET6;
diff -up iputils-s20101006/ping.c.drop_caps iputils-s20101006/ping.c diff -up iputils-s20101006/ping.c.drop_caps iputils-s20101006/ping.c
--- iputils-s20101006/ping.c.drop_caps 2010-11-08 09:31:42.096854873 +0100 --- iputils-s20101006/ping.c.drop_caps 2010-11-08 14:49:53.314577272 +0100
+++ iputils-s20101006/ping.c 2010-11-08 09:31:42.127870437 +0100 +++ iputils-s20101006/ping.c 2010-12-15 16:05:52.113794002 +0100
@@ -66,6 +66,10 @@ char copyright[] = @@ -66,6 +66,10 @@ char copyright[] =
#include <netinet/ip.h> #include <netinet/ip.h>
#include <netinet/ip_icmp.h> #include <netinet/ip_icmp.h>
@ -84,9 +88,9 @@ diff -up iputils-s20101006/ping.c.drop_caps iputils-s20101006/ping.c
char *idn; char *idn;
int rc = 0; int rc = 0;
@@ -133,6 +140,15 @@ main(int argc, char **argv) @@ -139,6 +146,16 @@ main(int argc, char **argv)
icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); exit(-1);
socket_errno = errno; }
+#ifdef HAVE_CAPABILITIES +#ifdef HAVE_CAPABILITIES
+ /* drop all capabilities unconditionally so even root isn't special anymore */ + /* drop all capabilities unconditionally so even root isn't special anymore */
@ -95,8 +99,9 @@ diff -up iputils-s20101006/ping.c.drop_caps iputils-s20101006/ping.c
+ perror("ping: cap_set_proc"); + perror("ping: cap_set_proc");
+ exit(-1); + exit(-1);
+ } + }
+ cap_free(caps);
+#endif +#endif
+ +
uid = getuid(); source.sin_family = AF_INET;
if (setuid(uid)) {
perror("ping: setuid"); preload = 1;

21
iputils.spec
View File

@ -1,7 +1,7 @@
Summary: Network monitoring tools including ping Summary: Network monitoring tools including ping
Name: iputils Name: iputils
Version: 20101006 Version: 20101006
Release: 3%{?dist} Release: 4%{?dist}
License: BSD License: BSD
URL: http://www.skbuff.net/iputils URL: http://www.skbuff.net/iputils
Group: System Environment/Daemons Group: System Environment/Daemons
@ -9,6 +9,7 @@ Group: System Environment/Daemons
Source0: http://www.skbuff.net/iputils/%{name}-s%{version}.tar.bz2 Source0: http://www.skbuff.net/iputils/%{name}-s%{version}.tar.bz2
Source1: ifenslave.tar.gz Source1: ifenslave.tar.gz
Source3: rdisc.initd Source3: rdisc.initd
Source4: rdisc.service
Patch0: iputils-20020927-rh.patch Patch0: iputils-20020927-rh.patch
Patch1: iputils-20020124-countermeasures.patch Patch1: iputils-20020124-countermeasures.patch
@ -33,9 +34,12 @@ BuildRequires: libidn-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: libcap-devel BuildRequires: libcap-devel
Requires(post): /sbin/chkconfig Requires(post): /sbin/chkconfig
Requires(post): systemd-units
Requires(preun): /sbin/chkconfig Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service Requires(preun): /sbin/service
Requires(preun): systemd-units
Requires(postun): /sbin/service Requires(postun): /sbin/service
Requires(postun): systemd-units
%description %description
The iputils package contains basic utilities for monitoring a network, The iputils package contains basic utilities for monitoring a network,
@ -79,6 +83,8 @@ rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
mkdir -p ${RPM_BUILD_ROOT}/{bin,sbin} mkdir -p ${RPM_BUILD_ROOT}/{bin,sbin}
mkdir -p $RPM_BUILD_ROOT/lib/systemd/system
install -c clockdiff ${RPM_BUILD_ROOT}%{_sbindir}/ install -c clockdiff ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp arping ${RPM_BUILD_ROOT}/sbin/ install -cp arping ${RPM_BUILD_ROOT}/sbin/
ln -s /sbin/arping ${RPM_BUILD_ROOT}%{_sbindir}/arping ln -s /sbin/arping ${RPM_BUILD_ROOT}%{_sbindir}/arping
@ -106,6 +112,7 @@ ln -s tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz
install -dp ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d install -dp ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d
install -m 755 -p %SOURCE3 ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d/rdisc install -m 755 -p %SOURCE3 ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d/rdisc
install -m 644 %SOURCE4 ${RPM_BUILD_ROOT}/lib/systemd/system
iconv -f ISO88591 -t UTF8 RELNOTES -o RELNOTES.tmp iconv -f ISO88591 -t UTF8 RELNOTES -o RELNOTES.tmp
touch -r RELNOTES RELNOTES.tmp touch -r RELNOTES RELNOTES.tmp
@ -113,19 +120,26 @@ mv -f RELNOTES.tmp RELNOTES
%post %post
/sbin/chkconfig --add rdisc /sbin/chkconfig --add rdisc
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%preun %preun
if [ $1 = 0 ]; then if [ $1 = 0 ]; then
service rdisc stop >/dev/null 2>&1 service rdisc stop >/dev/null 2>&1
/sbin/chkconfig --del rdisc /sbin/chkconfig --del rdisc
/bin/systemctl disable rdisc.service > /dev/null 2>&1 || :
/bin/systemctl stop rdisc.service > /dev/null 2>&1 || :
fi fi
%postun %postun
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ]; then if [ "$1" -ge "1" ]; then
service rdisc status 2>&1 > /dev/null service rdisc status 2>&1 > /dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
service rdisc restart >/dev/null 2>&1 || : service rdisc restart >/dev/null 2>&1 || :
fi fi
/bin/systemctl try-restart rdisc.service >/dev/null 2>&1 || :
fi fi
@ -135,6 +149,7 @@ rm -rf ${RPM_BUILD_ROOT}
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc RELNOTES README.bonding %doc RELNOTES README.bonding
/lib/systemd/system/rdisc.service
%{_sbindir}/clockdiff %{_sbindir}/clockdiff
/sbin/arping /sbin/arping
%{_sbindir}/arping %{_sbindir}/arping
@ -151,6 +166,10 @@ rm -rf ${RPM_BUILD_ROOT}
%{_sysconfdir}/rc.d/init.d/rdisc %{_sysconfdir}/rc.d/init.d/rdisc
%changelog %changelog
* Wed Dec 15 2010 Jiri Skala <jskala@redhat.com> - 20101006-4
- fixes #662720 - Providing native systemd file
- freeing memory when capabilities are dropped
* Mon Nov 08 2010 Jiri Skala <jskala@redhat.com> - 20101006-3 * Mon Nov 08 2010 Jiri Skala <jskala@redhat.com> - 20101006-3
- applied patch dropping capabilities of Ludwig Nussel - applied patch dropping capabilities of Ludwig Nussel
- fixes building ping, pinpg6 with -pie option - fixes building ping, pinpg6 with -pie option

11
rdisc.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=rdisc daemon which discovers routers on the local subnet
After=syslog.target network.target
[Service]
Type=forking
EnvironmentFile=/etc/sysconfig/rdisc
ExecStart=/sbin/rdisc $RDISCOPTS
[Install]
WantedBy=multi-user.target