rpms/ppp/devel ppp-2.4.4-fd_leak.patch,NONE,1.1 ppp.spec,1.55,1.56

Wed Feb 3 22:58:07 UTC 2010

Author: jskala

Update of /cvs/extras/rpms/ppp/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1988

Modified Files:
	ppp.spec 
Added Files:
	ppp-2.4.4-fd_leak.patch 
Log Message:
* Wed Feb 03 2010 Jiri Skala <jskala at redhat.com> - 2.4.5-4
- applied patch fd_leak


ppp-2.4.4-fd_leak.patch:
 auth.c      |   20 +++++------
 eap.c       |    2 -
 main.c      |  105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 options.c   |    6 +--
 pppd.h      |    4 ++
 sys-linux.c |   34 +++++++++----------
 tdb.c       |    4 +-
 tty.c       |    7 ++--
 utils.c     |    6 +--
 9 files changed, 147 insertions(+), 41 deletions(-)

--- NEW FILE ppp-2.4.4-fd_leak.patch ---
diff -up ppp-2.4.4/pppd/auth.c.fd_leak ppp-2.4.4/pppd/auth.c
--- ppp-2.4.4/pppd/auth.c.fd_leak	2006-06-18 13:26:00.000000000 +0200
+++ ppp-2.4.4/pppd/auth.c	2009-10-08 21:22:59.789547513 +0200
@@ -428,7 +428,7 @@ setupapfile(argv)
 	option_error("unable to reset uid before opening %s: %m", fname);
 	return 0;
     }
-    ufile = fopen(fname, "r");
+    ufile = fopen_r(fname);
     if (seteuid(euid) == -1)
 	fatal("unable to regain privileges: %m");
     if (ufile == NULL) {
@@ -1414,7 +1414,7 @@ check_passwd(unit, auser, userlen, apass
     filename = _PATH_UPAPFILE;
     addrs = opts = NULL;
     ret = UPAP_AUTHNAK;
-    f = fopen(filename, "r");
+    f = fopen_r(filename);
     if (f == NULL) {
 	error("Can't open PAP password file %s: %m", filename);
 
@@ -1511,7 +1511,7 @@ null_login(unit)
     if (ret <= 0) {
 	filename = _PATH_UPAPFILE;
 	addrs = NULL;
-	f = fopen(filename, "r");
+	f = fopen_r(filename);
 	if (f == NULL)
 	    return 0;
 	check_access(f, filename);
@@ -1558,7 +1558,7 @@ get_pap_passwd(passwd)
     }
 
     filename = _PATH_UPAPFILE;
-    f = fopen(filename, "r");
+    f = fopen_r(filename);
     if (f == NULL)
 	return 0;
     check_access(f, filename);
@@ -1596,7 +1596,7 @@ have_pap_secret(lacks_ipp)
     }
 
     filename = _PATH_UPAPFILE;
-    f = fopen(filename, "r");
+    f = fopen_r(filename);
     if (f == NULL)
 	return 0;
 
@@ -1641,7 +1641,7 @@ have_chap_secret(client, server, need_ip
     }
 
     filename = _PATH_CHAPFILE;
-    f = fopen(filename, "r");
+    f = fopen_r(filename);
     if (f == NULL)
 	return 0;
 
@@ -1683,7 +1683,7 @@ have_srp_secret(client, server, need_ip,
     struct wordlist *addrs;
 
     filename = _PATH_SRPFILE;
-    f = fopen(filename, "r");
+    f = fopen_r(filename);
     if (f == NULL)
 	return 0;
 
@@ -1739,7 +1739,7 @@ get_secret(unit, client, server, secret,
 	addrs = NULL;
 	secbuf[0] = 0;
 
-	f = fopen(filename, "r");
+	f = fopen_r(filename);
 	if (f == NULL) {
 	    error("Can't open chap secret file %s: %m", filename);
 	    return 0;
@@ -1796,7 +1796,7 @@ get_srp_secret(unit, client, server, sec
 	filename = _PATH_SRPFILE;
 	addrs = NULL;
 
-	fp = fopen(filename, "r");
+	fp = fopen_r(filename);
 	if (fp == NULL) {
 	    error("Can't open srp secret file %s: %m", filename);
 	    return 0;
@@ -2202,7 +2202,7 @@ scan_authfile(f, client, server, secret,
 	     */
 	    if (word[0] == '@' && word[1] == '/') {
 		strlcpy(atfile, word+1, sizeof(atfile));
-		if ((sf = fopen(atfile, "r")) == NULL) {
+		if ((sf = fopen_r(atfile)) == NULL) {
 		    warn("can't open indirect secret file %s", atfile);
 		    continue;
 		}
diff -up ppp-2.4.4/pppd/eap.c.fd_leak ppp-2.4.4/pppd/eap.c
--- ppp-2.4.4/pppd/eap.c.fd_leak	2004-11-09 23:39:25.000000000 +0100
+++ ppp-2.4.4/pppd/eap.c	2009-10-08 21:22:59.791544181 +0200
@@ -1226,7 +1226,7 @@ mode_t modebits;
 
 	if ((path = name_of_pn_file()) == NULL)
 		return (-1);
-	fd = open(path, modebits, S_IRUSR | S_IWUSR);
+	fd = open_fd(path, modebits, S_IRUSR | S_IWUSR);
 	err = errno;
 	free(path);
 	errno = err;
diff -up ppp-2.4.4/pppd/main.c.fd_leak ppp-2.4.4/pppd/main.c
--- ppp-2.4.4/pppd/main.c.fd_leak	2009-10-08 21:22:59.769544859 +0200
+++ ppp-2.4.4/pppd/main.c	2009-10-08 21:30:32.356546561 +0200
@@ -201,6 +201,8 @@ int ngroups;			/* How many groups valid 
 
 static struct timeval start_time;	/* Time when link was started. */
 
+static int cloexec_works; /* controlls setting FD_CLOEXEC flag up */
+
 static struct pppd_stats old_link_stats;
 struct pppd_stats link_stats;
 unsigned link_connect_time;
@@ -245,6 +247,7 @@ static void holdoff_end __P((void *));
 static void forget_child __P((int pid, int status));
 static int reap_kids __P((void));
 static void childwait_end __P((void *));
+static void check_cloexec __P((int));
 
 #ifdef USE_TDB
 static void update_db_entry __P((void));
@@ -419,7 +422,7 @@ main(argc, argv)
 	die(0);
 
     /* Make sure fds 0, 1, 2 are open to somewhere. */
-    fd_devnull = open(_PATH_DEVNULL, O_RDWR);
+    fd_devnull = open_fd(_PATH_DEVNULL, O_RDWR);
     if (fd_devnull < 0)
 	fatal("Couldn't open %s: %m", _PATH_DEVNULL);
     while (fd_devnull <= 2) {
@@ -865,6 +866,104 @@ holdoff_end(arg)
     new_phase(PHASE_DORMANT);
 }
 
+
+/*
+ * check_cloexec - checks for FD_CLOEXEC flag and adds it if necessary
+ */
+static void
+check_cloexec(int fd)
+{
+    if (cloexec_works == 0) {
+        int fl = fcntl(fd, F_GETFD);
+        cloexec_works = (fl & FD_CLOEXEC) ? 1 : -1;
+    }
+    if (cloexec_works > 0)
+        return;
+    fcntl(fd, F_SETFD, FD_CLOEXEC);
+    return;
+}
+
+/*
+ * socket_fd - create an endpoint for communication. uses FD_CLOEXEC if supported
+ */
+int
+socket_fd(int domain, int type, int protocol)
+{
+	int fd;
+
+#ifdef SOCK_CLOEXEC
+	if (cloexec_works != -1)
+		type |= SOCK_CLOEXEC;
+#endif
+	fd = socket(domain, type, protocol);
+	if (fd == -1)
+		return -1;
+	check_cloexec(fd);
+	return fd;
+}
+
+/*
+ * open_fd - open file with FD_CLOEXEC flag
+ */
+int
+open_fd(const char *path, int flags)
+{
+    int fd;
+
+#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC)
+    if (cloexec_works != -1)
+        flags |= O_CLOEXEC;
+#endif
+    fd = open(path, flags);
+    if (fd == -1)
+        return -1;
+    check_cloexec(fd);
+    return fd;
+}
+
+/*
+ * open_fd_mmode - open file with FD_CLOEXEC flag
+ */
+int
+open_fd_mode(const char *path, int flags, int mode)
+{
+    int fd;
+
+#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC)
+    if (cloexec_works != -1)
+        flags |= O_CLOEXEC;
+#endif
+    fd = open(path, flags, mode);
+    if (fd == -1)
+        return -1;
+    check_cloexec(fd);
+    return fd;
+}
+
+/*
+ * fopen_r - open file with FD_CLOEXEC flag
+ */
+FILE *
+fopen_r(const char *path)
+{
+    FILE *f;
+
+#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC)
+    if (cloexec_exec != -1) {
+        f = fopen(path, "re");
+        if (f != NULL) {
+            check_cloexec(fileno(f));
+            return f;
+        }
+    }
+#endif
+    f = fopen(path, "r");
+    if (f == NULL)
+        return NULL;
+    check_cloexec(fileno(f));
+    return f;
+}
+
 /* List of protocol names, to make our messages a little more informative. */
 struct protocol_list {
     u_short	proto;
@@ -1618,7 +1717,7 @@ device_script(program, in, out, dont_wai
     if (log_to_fd >= 0)
 	errfd = log_to_fd;
     else
-	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
+	errfd = open_fd_mode(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
 
     ++conn_running;
     pid = safe_fork(in, out, errfd);
diff -up ppp-2.4.4/pppd/options.c.fd_leak ppp-2.4.4/pppd/options.c
--- ppp-2.4.4/pppd/options.c.fd_leak	2006-06-18 13:26:00.000000000 +0200
+++ ppp-2.4.4/pppd/options.c	2009-10-08 21:22:59.797544174 +0200
@@ -409,7 +409,7 @@ options_from_file(filename, must_exist, 
 	option_error("unable to drop privileges to open %s: %m", filename);
 	return 0;
     }
-    f = fopen(filename, "r");
+    f = fopen_r(filename);
     err = errno;
     if (check_prot && seteuid(euid) == -1)
 	fatal("unable to regain privileges");
@@ -1528,9 +1528,9 @@ setlogfile(argv)
 	option_error("unable to drop permissions to open %s: %m", *argv);
 	return 0;
     }
-    fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
+    fd = open_fd_mode(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
     if (fd < 0 && errno == EEXIST)
-	fd = open(*argv, O_WRONLY | O_APPEND);
+	fd = open_fd(*argv, O_WRONLY | O_APPEND);
     err = errno;
     if (!privileged_option && seteuid(euid) == -1)
 	fatal("unable to regain privileges: %m");
diff -up ppp-2.4.4/pppd/pppd.h.fd_leak ppp-2.4.4/pppd/pppd.h
--- ppp-2.4.4/pppd/pppd.h.fd_leak	2005-08-26 01:59:34.000000000 +0200
+++ ppp-2.4.4/pppd/pppd.h	2009-10-08 21:22:59.800544904 +0200
@@ -494,6 +494,10 @@ int  ppp_send_config __P((int, int, u_in
 int  ppp_recv_config __P((int, int, u_int32_t, int, int));
 const char *protocol_name __P((int));
 void remove_pidfiles __P((void));
+int socket_fd __P((int, int, int));
+int open_fd __P((const char *, int));
+int open_fd_mode __P((const char *, int, int));
+FILE *fopen_r __P((const char *));
 void lock_db __P((void));
 void unlock_db __P((void));
 
diff -up ppp-2.4.4/pppd/sys-linux.c.fd_leak ppp-2.4.4/pppd/sys-linux.c
--- ppp-2.4.4/pppd/sys-linux.c.fd_leak	2009-10-08 21:22:59.778544744 +0200
+++ ppp-2.4.4/pppd/sys-linux.c	2009-10-08 21:22:59.803544377 +0200
@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clea
 void sys_init(void)
 {
     /* Get an internet socket for doing socket ioctls. */
-    sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+    sock_fd = socket_fd(AF_INET, SOCK_DGRAM, 0);
     if (sock_fd < 0)
 	fatal("Couldn't create IP socket: %m(%d)", errno);
 
 #ifdef INET6
-    sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
+    sock6_fd = socket_fd(AF_INET6, SOCK_DGRAM, 0);
     if (sock6_fd < 0)
 	sock6_fd = -errno;	/* save errno for later */
 #endif
@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
 	    goto err;
 	}
 	dbglog("using channel %d", chindex);
-	fd = open("/dev/ppp", O_RDWR);
+	fd = open_fd("/dev/ppp", O_RDWR);
 	if (fd < 0) {
 	    error("Couldn't reopen /dev/ppp: %m");
 	    goto err;
@@ -619,7 +619,7 @@ static int make_ppp_unit()
 		dbglog("in make_ppp_unit, already had /dev/ppp open?");
 		close(ppp_dev_fd);
 	}
-	ppp_dev_fd = open("/dev/ppp", O_RDWR);
+	ppp_dev_fd = open_fd("/dev/ppp", O_RDWR);
 	if (ppp_dev_fd < 0)
 		fatal("Couldn't open /dev/ppp: %m");
 	flags = fcntl(ppp_dev_fd, F_GETFL);
@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
 	if (!new_style_driver)
 		return -1;
 
-	master_fd = open("/dev/ppp", O_RDWR);
+	master_fd = open_fd("/dev/ppp", O_RDWR);
 	if (master_fd < 0)
 		fatal("Couldn't open /dev/ppp: %m");
 	if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *
 	/* Default the mount location of /proc */
 	strlcpy (proc_path, "/proc", sizeof(proc_path));
 	proc_path_len = 5;
-	fp = fopen(MOUNTED, "r");
+	fp = fopen_r(MOUNTED);
 	if (fp != NULL) {
 	    while ((mntent = getmntent(fp)) != NULL) {
 		if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
@@ -1472,7 +1472,7 @@ static int open_route_table (void)
     close_route_table();
 
     path = path_to_procfs("/net/route");
-    route_fd = fopen (path, "r");
+    route_fd = fopen_r(path);
     if (route_fd == NULL) {
 	error("can't open routing table %s: %m", path);
 	return 0;
@@ -1713,7 +1713,7 @@ int sifproxyarp (int unit, u_int32_t his
 	if (tune_kernel) {
 	    forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
 	    if (forw_path != 0) {
-		int fd = open(forw_path, O_WRONLY);
+		int fd = open_fd(forw_path, O_WRONLY);
 		if (fd >= 0) {
 		    if (write(fd, "1", 1) != 1)
 			error("Couldn't enable IP forwarding: %m");
@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
 	struct ifreq ifreq;
 	int ret, sock_fd;
 
-	sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+	sock_fd = socket_fd(AF_INET, SOCK_DGRAM, 0);
 	if (sock_fd < 0)
 		return 0;
 	memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
@@ -2030,7 +2030,7 @@ int ppp_available(void)
     sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
     kernel_version = KVERSION(osmaj, osmin, ospatch);
 
-    fd = open("/dev/ppp", O_RDWR);
+    fd = open_fd("/dev/ppp", O_RDWR);
     if (fd >= 0) {
 	new_style_driver = 1;
 
@@ -2068,7 +2068,7 @@ int ppp_available(void)
 /*
  * Open a socket for doing the ioctl operations.
  */
-    s = socket(AF_INET, SOCK_DGRAM, 0);
+    s = socket_fd(AF_INET, SOCK_DGRAM, 0);
     if (s < 0)
 	return 0;
 
@@ -2318,7 +2318,7 @@ int sifaddr (int unit, u_int32_t our_adr
 	int fd;
 
 	path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
-	if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
+	if (path != 0 && (fd = open_fd(path, O_WRONLY)) >= 0) {
 	    if (write(fd, "1", 1) != 1)
 		error("Couldn't enable dynamic IP addressing: %m");
 	    close(fd);
@@ -2494,7 +2494,7 @@ get_pty(master_fdp, slave_fdp, slave_nam
     /*
      * Try the unix98 way first.
      */
-    mfd = open("/dev/ptmx", O_RDWR);
+    mfd = open_fd("/dev/ptmx", O_RDWR);
     if (mfd >= 0) {
 	int ptn;
 	if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
@@ -2505,7 +2505,7 @@ get_pty(master_fdp, slave_fdp, slave_nam
 	    if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
 		warn("Couldn't unlock pty slave %s: %m", pty_name);
 #endif
-	    if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+	    if ((sfd = open_fd(pty_name, O_RDWR | O_NOCTTY)) < 0)
 		warn("Couldn't open pty slave %s: %m", pty_name);
 	}
     }
@@ -2516,10 +2516,10 @@ get_pty(master_fdp, slave_fdp, slave_nam
 	for (i = 0; i < 64; ++i) {
 	    slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
 		     'p' + i / 16, i % 16);
-	    mfd = open(pty_name, O_RDWR, 0);
+	    mfd = open_fd_mode(pty_name, O_RDWR, 0);
 	    if (mfd >= 0) {
 		pty_name[5] = 't';
-		sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
+		sfd = open_fd_mode(pty_name, O_RDWR | O_NOCTTY, 0);
 		if (sfd >= 0) {
 		    fchown(sfd, uid, -1);
 		    fchmod(sfd, S_IRUSR | S_IWUSR);
@@ -2784,7 +2784,7 @@ ether_to_eui64(eui64_t *p_eui64)
     int skfd;
     const unsigned char *ptr;
 
-    skfd = socket(PF_INET6, SOCK_DGRAM, 0);
+    skfd = socket_fd(PF_INET6, SOCK_DGRAM, 0);
     if(skfd == -1)
     {
         warn("could not open IPv6 socket");
diff -up ppp-2.4.4/pppd/tdb.c.fd_leak ppp-2.4.4/pppd/tdb.c
--- ppp-2.4.4/pppd/tdb.c.fd_leak	2004-11-13 08:13:07.000000000 +0100
+++ ppp-2.4.4/pppd/tdb.c	2009-10-08 21:22:59.806583590 +0200
@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *nam
 		goto internal;
 	}
 
-	if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+	if ((tdb->fd = open_fd_mode(name, open_flags, mode)) == -1) {
 		TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
 			 name, strerror(errno)));
 		goto fail;	/* errno set by open(2) */
@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
 	}
 	if (close(tdb->fd) != 0)
 		TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
-	tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
+	tdb->fd = open_fd_mode(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
 	if (tdb->fd == -1) {
 		TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
 		goto fail;
diff -up ppp-2.4.4/pppd/tty.c.fd_leak ppp-2.4.4/pppd/tty.c
--- ppp-2.4.4/pppd/tty.c.fd_leak	2006-06-04 09:04:57.000000000 +0200
+++ ppp-2.4.4/pppd/tty.c	2009-10-08 21:22:59.809544300 +0200
@@ -569,7 +569,7 @@ int connect_tty()
 				status = EXIT_OPEN_FAILED;
 				goto errret;
 			}
-			real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
+			real_ttyfd = open_fd_mode(devnam, O_NONBLOCK | O_RDWR, 0);
 			err = errno;
 			if (prio < OPRIO_ROOT && seteuid(0) == -1)
 				fatal("Unable to regain privileges");
@@ -723,7 +723,7 @@ int connect_tty()
 	if (connector == NULL && modem && devnam[0] != 0) {
 		int i;
 		for (;;) {
-			if ((i = open(devnam, O_RDWR)) >= 0)
+			if ((i = open_fd(devnam, O_RDWR)) >= 0)
 				break;
 			if (errno != EINTR) {
 				error("Failed to reopen %s: %m", devnam);
@@ -896,7 +896,8 @@ open_socket(dest)
     *sep = ':';
 
     /* get a socket and connect it to the other end */
-    sock = socket(PF_INET, SOCK_STREAM, 0);
+    //sock = socket(PF_INET, SOCK_STREAM, 0);
+    sock = socket_fd(PF_INET, SOCK_STREAM, 0);
     if (sock < 0) {
 	error("Can't create socket: %m");
 	return -1;
diff -up ppp-2.4.4/pppd/utils.c.fd_leak ppp-2.4.4/pppd/utils.c
--- ppp-2.4.4/pppd/utils.c.fd_leak	2009-10-08 21:22:59.620325739 +0200
+++ ppp-2.4.4/pppd/utils.c	2009-10-08 21:22:59.811573725 +0200
@@ -931,14 +931,14 @@ lock(dev)
     slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
 #endif
 
-    while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
+    while ((fd = open_fd_mode(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
 	if (errno != EEXIST) {
 	    error("Can't create lock file %s: %m", lock_file);
 	    break;
 	}
 
 	/* Read the lock file to find out who has the device locked. */
-	fd = open(lock_file, O_RDONLY, 0);
+	fd = open_fd_mode(lock_file, O_RDONLY, 0);
 	if (fd < 0) {
 	    if (errno == ENOENT) /* This is just a timing problem. */
 		continue;
@@ -1017,7 +1017,7 @@ relock(pid)
 
     if (lock_file[0] == 0)
 	return -1;
-    fd = open(lock_file, O_WRONLY, 0);
+    fd = open_fd_mode(lock_file, O_WRONLY, 0);
     if (fd < 0) {
 	error("Couldn't reopen lock file %s: %m", lock_file);
 	lock_file[0] = 0;


Index: ppp.spec
===================================================================
RCS file: /cvs/extras/rpms/ppp/devel/ppp.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -p -r1.55 -r1.56
--- ppp.spec	22 Jan 2010 15:13:21 -0000	1.55
+++ ppp.spec	3 Feb 2010 22:57:47 -0000	1.56
@@ -1,7 +1,7 @@
 Summary: The Point-to-Point Protocol daemon
 Name: ppp
 Version: 2.4.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: BSD and LGPLv2+ and GPLv2+ and Public Domain
 Group: System Environment/Daemons
 URL: http://www.samba.org/ppp
@@ -24,6 +24,7 @@ Patch20: ppp-2.4.3-ipv6-accept-remote.pa
 Patch21: ppp-2.4.3-usepeerdns-var_run_ppp_resolv.conf.patch
 Patch22: ppp-2.4.4-cbcp.patch
 Patch23: ppp-2.4.2-dontwriteetc.patch
+Patch24: ppp-2.4.4-fd_leak.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: pam-devel, libpcap-devel
@@ -63,6 +64,7 @@ This package contains the header files f
 %patch21 -p1 -b .usepeerdns-var_run_ppp_resolv
 %patch22 -p1 -b .cbcp
 %patch23 -p1 -b .dontwriteetc
+%patch24 -p1 -b .fd_leak
 
 rm -f scripts/*.local
 rm -f scripts/*.change_resolv_conf
@@ -127,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT
 %doc PLUGINS
 
 %changelog
+* Wed Feb 03 2010 Jiri Skala <jskala at redhat.com> - 2.4.5-4
+- applied patch fd_leak
+
 * Fri Jan 22 2010 Jiri Skala <jskala at redhat.com> - 2.4.5-3
 - fixed some rpmlint complains
 

