rpms/iptables/devel iptables-1.4.0-cloexec.patch, 1.1, 1.2 iptables.spec, 1.67, 1.68

Thomas Woerner (twoerner) fedora-extras-commits at redhat.com
Thu Mar 20 15:10:35 UTC 2008 

Author: twoerner

Update of /cvs/pkgs/rpms/iptables/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12331

Modified Files:
	iptables-1.4.0-cloexec.patch iptables.spec 
Log Message:
- use O_CLOEXEC for all opened files in all applications (rhbz#438189)


iptables-1.4.0-cloexec.patch:

Index: iptables-1.4.0-cloexec.patch
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables-1.4.0-cloexec.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- iptables-1.4.0-cloexec.patch	11 Feb 2008 13:56:53 -0000	1.1
+++ iptables-1.4.0-cloexec.patch	20 Mar 2008 15:09:55 -0000	1.2
@@ -1,6 +1,66 @@
+diff -up iptables-1.4.0/iptables-save.c.cloexec iptables-1.4.0/iptables-save.c
+--- iptables-1.4.0/iptables-save.c.cloexec	2008-03-20 15:17:38.000000000 +0100
++++ iptables-1.4.0/iptables-save.c	2008-03-20 15:17:40.000000000 +0100
+@@ -255,7 +255,7 @@ static int for_each_table(int (*func)(co
+ 	FILE *procfile = NULL;
+ 	char tablename[IPT_TABLE_MAXNAMELEN+1];
+ 
+-	procfile = fopen("/proc/net/ip_tables_names", "r");
++	procfile = fopen("/proc/net/ip_tables_names", "re");
+ 	if (!procfile)
+ 		exit_error(OTHER_PROBLEM,
+ 			   "Unable to open /proc/net/ip_tables_names: %s\n",
+diff -up iptables-1.4.0/ip6tables-save.c.cloexec iptables-1.4.0/ip6tables-save.c
+--- iptables-1.4.0/ip6tables-save.c.cloexec	2008-03-20 15:17:40.000000000 +0100
++++ iptables-1.4.0/ip6tables-save.c	2008-03-20 15:17:40.000000000 +0100
+@@ -232,7 +232,7 @@ static int for_each_table(int (*func)(co
+ 	FILE *procfile = NULL;
+ 	char tablename[IP6T_TABLE_MAXNAMELEN+1];
+ 
+-	procfile = fopen("/proc/net/ip6_tables_names", "r");
++	procfile = fopen("/proc/net/ip6_tables_names", "re");
+ 	if (!procfile)
+ 		exit_error(OTHER_PROBLEM,
+ 			   "Unable to open /proc/net/ip6_tables_names: %s\n",
+diff -up iptables-1.4.0/ip6tables-restore.c.cloexec iptables-1.4.0/ip6tables-restore.c
+--- iptables-1.4.0/ip6tables-restore.c.cloexec	2008-03-20 15:21:36.000000000 +0100
++++ iptables-1.4.0/ip6tables-restore.c	2008-03-20 15:21:53.000000000 +0100
+@@ -165,7 +165,7 @@ int main(int argc, char *argv[])
+ 	}
+ 	
+ 	if (optind == argc - 1) {
+-		in = fopen(argv[optind], "r");
++		in = fopen(argv[optind], "re");
+ 		if (!in) {
+ 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
+ 				strerror(errno));
+diff -up iptables-1.4.0/iptables-xml.c.cloexec iptables-1.4.0/iptables-xml.c
+--- iptables-1.4.0/iptables-xml.c.cloexec	2008-03-20 15:17:40.000000000 +0100
++++ iptables-1.4.0/iptables-xml.c	2008-03-20 15:17:38.000000000 +0100
+@@ -664,7 +664,7 @@ main(int argc, char *argv[])
+ 	}
+ 
+ 	if (optind == argc - 1) {
+-		in = fopen(argv[optind], "r");
++		in = fopen(argv[optind], "re");
+ 		if (!in) {
+ 			fprintf(stderr, "Can't open %s: %s", argv[optind],
+ 				strerror(errno));
+diff -up iptables-1.4.0/iptables-restore.c.cloexec iptables-1.4.0/iptables-restore.c
+--- iptables-1.4.0/iptables-restore.c.cloexec	2008-03-20 15:17:40.000000000 +0100
++++ iptables-1.4.0/iptables-restore.c	2008-03-20 15:17:40.000000000 +0100
+@@ -170,7 +170,7 @@ main(int argc, char *argv[])
+ 	}
+ 	
+ 	if (optind == argc - 1) {
+-		in = fopen(argv[optind], "r");
++		in = fopen(argv[optind], "re");
+ 		if (!in) {
+ 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
+ 				strerror(errno));
 diff -up iptables-1.4.0/xtables.c.cloexec iptables-1.4.0/xtables.c
---- iptables-1.4.0/xtables.c.cloexec	2008-02-11 13:50:20.000000000 +0100
-+++ iptables-1.4.0/xtables.c	2008-02-11 13:51:03.000000000 +0100
+--- iptables-1.4.0/xtables.c.cloexec	2008-03-20 15:17:40.000000000 +0100
++++ iptables-1.4.0/xtables.c	2008-03-20 15:17:40.000000000 +0100
 @@ -428,6 +428,12 @@ static int compatible_revision(const cha
  		exit(1);
  	}


Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.spec,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- iptables.spec	3 Mar 2008 14:53:35 -0000	1.67
+++ iptables.spec	20 Mar 2008 15:09:55 -0000	1.68
@@ -4,7 +4,7 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 Version: 1.4.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -163,6 +163,9 @@
 %endif
 
 %changelog
+* Thu Mar 20 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-4
+- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
+
 * Mon Mar  3 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-3
 - use the kernel headers from the build tree for iptables for now to be able to 
   compile this package, but this makes the package more kernel dependant

More information about the fedora-extras-commits mailing list