From 02d51bb1b115a969bedcb0372f8771fe719c9b33 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Mon, 3 Jun 2013 12:37:32 +0200 Subject: [PATCH] Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9) --- lockdev-euidaccess.patch | 39 +++++++++++++++++++++++++++++++++++++++ lockdev.spec | 16 ++++++++++++---- 2 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 lockdev-euidaccess.patch diff --git a/lockdev-euidaccess.patch b/lockdev-euidaccess.patch new file mode 100644 index 0000000..89d7caf --- /dev/null +++ b/lockdev-euidaccess.patch @@ -0,0 +1,39 @@ +diff -up lockdev-scm-2011-10-07/src/lockdev.c.access lockdev-scm-2011-10-07/src/lockdev.c +--- lockdev-scm-2011-10-07/src/lockdev.c.access 2011-07-22 09:37:10.000000000 +0200 ++++ lockdev-scm-2011-10-07/src/lockdev.c 2013-06-03 12:34:16.870750845 +0200 +@@ -616,7 +616,10 @@ dev_lock (const char *devname) + if ( stat( device, &statbuf) == -1 ) { + close_n_return(-errno); + } +- if ( access( device, W_OK ) == -1 ) { ++ /* check that the caller has write permission to the device ++ * to prevent denial-of-service attack by unauthorized users ++ */ ++ if ( euidaccess( device, W_OK ) == -1 ) { + close_n_return(-errno); + } + +@@ -780,7 +783,10 @@ dev_relock (const char *devname, + if ( stat( device, &statbuf) == -1 ) { + close_n_return(-errno); + } +- if ( access( device, W_OK ) == -1 ) { ++ /* check that the caller has write permission to the device ++ * to prevent denial-of-service attack by unauthorized users ++ */ ++ if ( euidaccess( device, W_OK ) == -1 ) { + close_n_return(-errno); + } + +@@ -870,7 +876,10 @@ dev_unlock (const char *devname, + if ( stat( device, &statbuf) == -1 ) { + close_n_return(-errno); + } +- if ( access( device, W_OK ) == -1 ) { ++ /* check that the caller has write permission to the device ++ * to prevent denial-of-service attack by unauthorized users ++ */ ++ if ( euidaccess( device, W_OK ) == -1 ) { + close_n_return(-errno); + } + diff --git a/lockdev.spec b/lockdev.spec index a1905f4..464b4d9 100644 --- a/lockdev.spec +++ b/lockdev.spec @@ -10,7 +10,7 @@ Summary: A library for locking devices Name: lockdev Version: 1.0.4 -Release: 0.6.%{checkout}%{?dist} +Release: 0.7.%{checkout}%{?dist} License: LGPLv2 Group: System Environment/Libraries URL: https://alioth.debian.org/projects/lockdev/ @@ -19,6 +19,8 @@ URL: https://alioth.debian.org/projects/lockdev/ # https://alioth.debian.org/snapshots.php?group_id=100443 Source0: lockdev-%{version}.%{checkout}.tar.gz +Patch1: lockdev-euidaccess.patch + Requires(pre): shadow-utils Requires(post): glibc Requires(postun): glibc @@ -48,6 +50,9 @@ package contains the development headers. %prep %setup -q -n lockdev-scm-%{co_date} +# Replace access() calls with euidaccess() (600636#c9) +%patch1 -p1 -b .access + %build # Generate version information from git release tag ./scripts/git-version > VERSION @@ -58,7 +63,7 @@ touch ChangeLog # Bootstrap autotools autoreconf --verbose --force --install -CFLAGS="${RPM_OPT_FLAGS} -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \ +CFLAGS="${RPM_OPT_FLAGS} -D_GNU_SOURCE -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \ %configure --disable-static --enable-helper make %{?_smp_mflags} @@ -66,9 +71,9 @@ make %{?_smp_mflags} %install make install DESTDIR=%{buildroot} -rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la +rm -f %{buildroot}%{_libdir}/*.la -mkdir -p $RPM_BUILD_ROOT%{_lockdir} +mkdir -p %{buildroot}%{_lockdir} %pre getent group lock >/dev/null || groupadd -g 54 -r -f lock @@ -92,6 +97,9 @@ exit 0 %{_includedir}/* %changelog +* Mon Jun 03 2013 Jiri Popelka - 1.0.4-0.7.20111007git +- Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9) + * Thu Feb 14 2013 Fedora Release Engineering - 1.0.4-0.6.20111007git - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild