[lockdev/f18] Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9)
Jiří Popelka
jpopelka at fedoraproject.org
Thu Jun 6 06:35:01 UTC 2013
commit 75415598c55c3067b5843ecbc660af8159fcdfc0
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Mon Jun 3 12:37:32 2013 +0200
Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9)
lockdev-euidaccess.patch | 39 +++++++++++++++++++++++++++++++++++++++
lockdev.spec | 16 ++++++++++++----
2 files changed, 51 insertions(+), 4 deletions(-)
---
diff --git a/lockdev-euidaccess.patch b/lockdev-euidaccess.patch
new file mode 100644
index 0000000..89d7caf
--- /dev/null
+++ b/lockdev-euidaccess.patch
@@ -0,0 +1,39 @@
+diff -up lockdev-scm-2011-10-07/src/lockdev.c.access lockdev-scm-2011-10-07/src/lockdev.c
+--- lockdev-scm-2011-10-07/src/lockdev.c.access 2011-07-22 09:37:10.000000000 +0200
++++ lockdev-scm-2011-10-07/src/lockdev.c 2013-06-03 12:34:16.870750845 +0200
+@@ -616,7 +616,10 @@ dev_lock (const char *devname)
+ if ( stat( device, &statbuf) == -1 ) {
+ close_n_return(-errno);
+ }
+- if ( access( device, W_OK ) == -1 ) {
++ /* check that the caller has write permission to the device
++ * to prevent denial-of-service attack by unauthorized users
++ */
++ if ( euidaccess( device, W_OK ) == -1 ) {
+ close_n_return(-errno);
+ }
+
+@@ -780,7 +783,10 @@ dev_relock (const char *devname,
+ if ( stat( device, &statbuf) == -1 ) {
+ close_n_return(-errno);
+ }
+- if ( access( device, W_OK ) == -1 ) {
++ /* check that the caller has write permission to the device
++ * to prevent denial-of-service attack by unauthorized users
++ */
++ if ( euidaccess( device, W_OK ) == -1 ) {
+ close_n_return(-errno);
+ }
+
+@@ -870,7 +876,10 @@ dev_unlock (const char *devname,
+ if ( stat( device, &statbuf) == -1 ) {
+ close_n_return(-errno);
+ }
+- if ( access( device, W_OK ) == -1 ) {
++ /* check that the caller has write permission to the device
++ * to prevent denial-of-service attack by unauthorized users
++ */
++ if ( euidaccess( device, W_OK ) == -1 ) {
+ close_n_return(-errno);
+ }
+
diff --git a/lockdev.spec b/lockdev.spec
index 14dd816..24be7c7 100644
--- a/lockdev.spec
+++ b/lockdev.spec
@@ -10,7 +10,7 @@
Summary: A library for locking devices
Name: lockdev
Version: 1.0.4
-Release: 0.5.%{checkout}%{?dist}
+Release: 0.6.%{checkout}%{?dist}
License: LGPLv2
Group: System Environment/Libraries
URL: https://alioth.debian.org/projects/lockdev/
@@ -19,6 +19,8 @@ URL: https://alioth.debian.org/projects/lockdev/
# https://alioth.debian.org/snapshots.php?group_id=100443
Source0: lockdev-%{version}.%{checkout}.tar.gz
+Patch1: lockdev-euidaccess.patch
+
Requires(pre): shadow-utils
Requires(post): glibc
Requires(postun): glibc
@@ -48,6 +50,9 @@ package contains the development headers.
%prep
%setup -q -n lockdev-scm-%{co_date}
+# Replace access() calls with euidaccess() (600636#c9)
+%patch1 -p1 -b .access
+
%build
# Generate version information from git release tag
./scripts/git-version > VERSION
@@ -58,7 +63,7 @@ touch ChangeLog
# Bootstrap autotools
autoreconf --verbose --force --install
-CFLAGS="${RPM_OPT_FLAGS} -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \
+CFLAGS="${RPM_OPT_FLAGS} -D_GNU_SOURCE -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \
%configure --disable-static --enable-helper
make %{?_smp_mflags}
@@ -66,9 +71,9 @@ make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot}
-rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
+rm -f %{buildroot}%{_libdir}/*.la
-mkdir -p $RPM_BUILD_ROOT%{_lockdir}
+mkdir -p %{buildroot}%{_lockdir}
%pre
getent group lock >/dev/null || groupadd -g 54 -r -f lock
@@ -92,6 +97,9 @@ exit 0
%{_includedir}/*
%changelog
+* Mon Jun 03 2013 Jiri Popelka <jpopelka at redhat.com> - 1.0.4-0.7.20111007git
+- Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9)
+
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.4-0.5.20111007git
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
More information about the scm-commits
mailing list