[lockdev] Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9)

[Jiří Popelka]

commit 02d51bb1b115a969bedcb0372f8771fe719c9b33
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Mon Jun 3 12:37:32 2013 +0200

    Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9)

 lockdev-euidaccess.patch |   39 +++++++++++++++++++++++++++++++++++++++
 lockdev.spec             |   16 ++++++++++++----
 2 files changed, 51 insertions(+), 4 deletions(-)
---
diff --git a/lockdev-euidaccess.patch b/lockdev-euidaccess.patch
new file mode 100644
index 0000000..89d7caf
--- /dev/null
+++ b/lockdev-euidaccess.patch
@@ -0,0 +1,39 @@
+diff -up lockdev-scm-2011-10-07/src/lockdev.c.access lockdev-scm-2011-10-07/src/lockdev.c
+--- lockdev-scm-2011-10-07/src/lockdev.c.access	2011-07-22 09:37:10.000000000 +0200
++++ lockdev-scm-2011-10-07/src/lockdev.c	2013-06-03 12:34:16.870750845 +0200
+@@ -616,7 +616,10 @@ dev_lock (const char *devname)
+ 	if ( stat( device, &statbuf) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+-	if ( access( device, W_OK ) == -1 ) {
++	/* check that the caller has write permission to the device
++	 * to prevent denial-of-service attack by unauthorized users
++	 */
++	if ( euidaccess( device, W_OK ) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+ 
+@@ -780,7 +783,10 @@ dev_relock (const char  *devname,
+ 	if ( stat( device, &statbuf) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+-	if ( access( device, W_OK ) == -1 ) {
++	/* check that the caller has write permission to the device
++	 * to prevent denial-of-service attack by unauthorized users
++	 */
++	if ( euidaccess( device, W_OK ) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+ 
+@@ -870,7 +876,10 @@ dev_unlock (const char *devname,
+ 	if ( stat( device, &statbuf) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+-	if ( access( device, W_OK ) == -1 ) {
++	/* check that the caller has write permission to the device
++	 * to prevent denial-of-service attack by unauthorized users
++	 */
++	if ( euidaccess( device, W_OK ) == -1 ) {
+ 		close_n_return(-errno);
+ 	}
+ 
diff --git a/lockdev.spec b/lockdev.spec
index a1905f4..464b4d9 100644
--- a/lockdev.spec
+++ b/lockdev.spec
@@ -10,7 +10,7 @@
 Summary: A library for locking devices
 Name: lockdev
 Version: 1.0.4
-Release: 0.6.%{checkout}%{?dist}
+Release: 0.7.%{checkout}%{?dist}
 License: LGPLv2
 Group: System Environment/Libraries
 URL: https://alioth.debian.org/projects/lockdev/
@@ -19,6 +19,8 @@ URL: https://alioth.debian.org/projects/lockdev/
 # https://alioth.debian.org/snapshots.php?group_id=100443
 Source0: lockdev-%{version}.%{checkout}.tar.gz
 
+Patch1: lockdev-euidaccess.patch
+
 Requires(pre): shadow-utils
 Requires(post): glibc
 Requires(postun): glibc
@@ -48,6 +50,9 @@ package contains the development headers.
 %prep
 %setup -q -n lockdev-scm-%{co_date}
 
+# Replace access() calls with euidaccess() (600636#c9)
+%patch1 -p1 -b .access
+
 %build
 # Generate version information from git release tag
 ./scripts/git-version > VERSION
@@ -58,7 +63,7 @@ touch ChangeLog
 # Bootstrap autotools
 autoreconf --verbose --force --install
 
-CFLAGS="${RPM_OPT_FLAGS} -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \
+CFLAGS="${RPM_OPT_FLAGS} -D_GNU_SOURCE -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \
 %configure --disable-static --enable-helper
 
 make %{?_smp_mflags}
@@ -66,9 +71,9 @@ make %{?_smp_mflags}
 %install
 make install DESTDIR=%{buildroot}
 
-rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
+rm -f %{buildroot}%{_libdir}/*.la
 
-mkdir -p $RPM_BUILD_ROOT%{_lockdir}
+mkdir -p %{buildroot}%{_lockdir}
 
 %pre
 getent group lock >/dev/null || groupadd -g 54 -r -f lock
@@ -92,6 +97,9 @@ exit 0
 %{_includedir}/*
 
 %changelog
+* Mon Jun 03 2013 Jiri Popelka <jpopelka at redhat.com> - 1.0.4-0.7.20111007git
+- Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9)
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.4-0.6.20111007git
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild