rpms/iptables/devel iptables-1.4.0-cloexec.patch, 1.1, 1.2 iptables.spec, 1.67, 1.68
Thomas Woerner (twoerner)
fedora-extras-commits at redhat.com
Thu Mar 20 15:10:35 UTC 2008
Author: twoerner
Update of /cvs/pkgs/rpms/iptables/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12331
Modified Files:
iptables-1.4.0-cloexec.patch iptables.spec
Log Message:
- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
iptables-1.4.0-cloexec.patch:
Index: iptables-1.4.0-cloexec.patch
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables-1.4.0-cloexec.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- iptables-1.4.0-cloexec.patch 11 Feb 2008 13:56:53 -0000 1.1
+++ iptables-1.4.0-cloexec.patch 20 Mar 2008 15:09:55 -0000 1.2
@@ -1,6 +1,66 @@
+diff -up iptables-1.4.0/iptables-save.c.cloexec iptables-1.4.0/iptables-save.c
+--- iptables-1.4.0/iptables-save.c.cloexec 2008-03-20 15:17:38.000000000 +0100
++++ iptables-1.4.0/iptables-save.c 2008-03-20 15:17:40.000000000 +0100
+@@ -255,7 +255,7 @@ static int for_each_table(int (*func)(co
+ FILE *procfile = NULL;
+ char tablename[IPT_TABLE_MAXNAMELEN+1];
+
+- procfile = fopen("/proc/net/ip_tables_names", "r");
++ procfile = fopen("/proc/net/ip_tables_names", "re");
+ if (!procfile)
+ exit_error(OTHER_PROBLEM,
+ "Unable to open /proc/net/ip_tables_names: %s\n",
+diff -up iptables-1.4.0/ip6tables-save.c.cloexec iptables-1.4.0/ip6tables-save.c
+--- iptables-1.4.0/ip6tables-save.c.cloexec 2008-03-20 15:17:40.000000000 +0100
++++ iptables-1.4.0/ip6tables-save.c 2008-03-20 15:17:40.000000000 +0100
+@@ -232,7 +232,7 @@ static int for_each_table(int (*func)(co
+ FILE *procfile = NULL;
+ char tablename[IP6T_TABLE_MAXNAMELEN+1];
+
+- procfile = fopen("/proc/net/ip6_tables_names", "r");
++ procfile = fopen("/proc/net/ip6_tables_names", "re");
+ if (!procfile)
+ exit_error(OTHER_PROBLEM,
+ "Unable to open /proc/net/ip6_tables_names: %s\n",
+diff -up iptables-1.4.0/ip6tables-restore.c.cloexec iptables-1.4.0/ip6tables-restore.c
+--- iptables-1.4.0/ip6tables-restore.c.cloexec 2008-03-20 15:21:36.000000000 +0100
++++ iptables-1.4.0/ip6tables-restore.c 2008-03-20 15:21:53.000000000 +0100
+@@ -165,7 +165,7 @@ int main(int argc, char *argv[])
+ }
+
+ if (optind == argc - 1) {
+- in = fopen(argv[optind], "r");
++ in = fopen(argv[optind], "re");
+ if (!in) {
+ fprintf(stderr, "Can't open %s: %s\n", argv[optind],
+ strerror(errno));
+diff -up iptables-1.4.0/iptables-xml.c.cloexec iptables-1.4.0/iptables-xml.c
+--- iptables-1.4.0/iptables-xml.c.cloexec 2008-03-20 15:17:40.000000000 +0100
++++ iptables-1.4.0/iptables-xml.c 2008-03-20 15:17:38.000000000 +0100
+@@ -664,7 +664,7 @@ main(int argc, char *argv[])
+ }
+
+ if (optind == argc - 1) {
+- in = fopen(argv[optind], "r");
++ in = fopen(argv[optind], "re");
+ if (!in) {
+ fprintf(stderr, "Can't open %s: %s", argv[optind],
+ strerror(errno));
+diff -up iptables-1.4.0/iptables-restore.c.cloexec iptables-1.4.0/iptables-restore.c
+--- iptables-1.4.0/iptables-restore.c.cloexec 2008-03-20 15:17:40.000000000 +0100
++++ iptables-1.4.0/iptables-restore.c 2008-03-20 15:17:40.000000000 +0100
+@@ -170,7 +170,7 @@ main(int argc, char *argv[])
+ }
+
+ if (optind == argc - 1) {
+- in = fopen(argv[optind], "r");
++ in = fopen(argv[optind], "re");
+ if (!in) {
+ fprintf(stderr, "Can't open %s: %s\n", argv[optind],
+ strerror(errno));
diff -up iptables-1.4.0/xtables.c.cloexec iptables-1.4.0/xtables.c
---- iptables-1.4.0/xtables.c.cloexec 2008-02-11 13:50:20.000000000 +0100
-+++ iptables-1.4.0/xtables.c 2008-02-11 13:51:03.000000000 +0100
+--- iptables-1.4.0/xtables.c.cloexec 2008-03-20 15:17:40.000000000 +0100
++++ iptables-1.4.0/xtables.c 2008-03-20 15:17:40.000000000 +0100
@@ -428,6 +428,12 @@ static int compatible_revision(const cha
exit(1);
}
Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.spec,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- iptables.spec 3 Mar 2008 14:53:35 -0000 1.67
+++ iptables.spec 20 Mar 2008 15:09:55 -0000 1.68
@@ -4,7 +4,7 @@
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
Version: 1.4.0
-Release: 3%{?dist}
+Release: 4%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
@@ -163,6 +163,9 @@
%endif
%changelog
+* Thu Mar 20 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-4
+- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
+
* Mon Mar 3 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-3
- use the kernel headers from the build tree for iptables for now to be able to
compile this package, but this makes the package more kernel dependant
More information about the fedora-extras-commits
mailing list