Hello community, here is the log from the commit of package pciutils for openSUSE:Factory checked in at 2011-11-16 17:19:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pciutils (Old) and /work/SRC/openSUSE:Factory/.pciutils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pciutils", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/pciutils/pciutils.changes 2011-09-23 12:21:47.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pciutils.new/pciutils.changes 2011-11-16 17:21:07.000000000 +0100 @@ -1,0 +2,7 @@ +Mon Nov 14 22:34:42 UTC 2011 - [email protected] + +- open all file descriptors with O_CLOEXEC,specially important + on libpci and calling apps may fork() and we end up leaking + information to child processes. + +------------------------------------------------------------------- New: ---- pciutils-ocloexec.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pciutils.spec ++++++ --- /var/tmp/diff_new_pack.olja2q/_old 2011-11-16 17:21:11.000000000 +0100 +++ /var/tmp/diff_new_pack.olja2q/_new 2011-11-16 17:21:11.000000000 +0100 @@ -39,6 +39,7 @@ Source2: baselibs.conf Patch: update-pciutils-dist Patch1: %{name}-%{version}_pkgconfig.patch +Patch2: pciutils-ocloexec.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -84,6 +85,7 @@ %setup -q %patch -p1 %patch1 +%patch2 %build make %{?_smp_mflags} OPT="$RPM_OPT_FLAGS -Wall" PREFIX=%{_prefix} LIBDIR=/%{_lib} SBINDIR=/sbin STRIP="" SHARED="yes" ++++++ pciutils-ocloexec.patch ++++++ --- lib/dump.c.orig +++ lib/dump.c @@ -64,7 +64,7 @@ dump_init(struct pci_access *a) if (!a) a->error("dump: File name not given."); - if (!(f = fopen(name, "r"))) + if (!(f = fopen(name, "re"))) a->error("dump: Cannot open %s: %s", name, strerror(errno)); while (fgets(buf, sizeof(buf)-1, f)) { --- lib/proc.c.orig +++ lib/proc.c @@ -62,7 +62,7 @@ proc_scan(struct pci_access *a) if (snprintf(buf, sizeof(buf), "%s/devices", pci_get_param(a, "proc.path")) == sizeof(buf)) a->error("File name too long"); - f = fopen(buf, "r"); + f = fopen(buf, "re"); if (!f) a->error("Cannot open %s", buf); while (fgets(buf, sizeof(buf)-1, f)) @@ -129,7 +129,7 @@ proc_setup(struct pci_dev *d, int rw) if (e < 0 || e >= (int) sizeof(buf)) a->error("File name too long"); a->fd_rw = a->writeable || rw; - a->fd = open(buf, a->fd_rw ? O_RDWR : O_RDONLY); + a->fd = open(buf, (a->fd_rw ? O_RDWR : O_RDONLY) | O_CLOEXEC); if (a->fd < 0) { e = snprintf(buf, sizeof(buf), "%s/%04x:%02x/%02x.%d", @@ -137,7 +137,7 @@ proc_setup(struct pci_dev *d, int rw) d->domain, d->bus, d->dev, d->func); if (e < 0 || e >= (int) sizeof(buf)) a->error("File name too long"); - a->fd = open(buf, a->fd_rw ? O_RDWR : O_RDONLY); + a->fd = open(buf, (a->fd_rw ? O_RDWR : O_RDONLY) | O_CLOEXEC); } if (a->fd < 0) a->warning("Cannot open %s", buf); --- lib/names-parse.c.orig +++ lib/names-parse.c @@ -52,7 +52,7 @@ static pci_file pci_open(struct pci_acce typedef FILE * pci_file; #define pci_gets(f, l, s) fgets(l, s, f) #define pci_eof(f) feof(f) -#define pci_open(a) fopen(a->id_file_name, "r") +#define pci_open(a) fopen(a->id_file_name, "re") #define pci_close(f) fclose(f) #define PCI_ERROR(f, err) if (!err && ferror(f)) err = "I/O error"; #endif --- lib/names-cache.c.orig +++ lib/names-cache.c @@ -62,7 +62,7 @@ pci_id_cache_load(struct pci_access *a, return 0; } - f = fopen(name, "rb"); + f = fopen(name, "rbe"); if (!f) { a->debug("Cache file does not exist\n"); @@ -135,7 +135,7 @@ pci_id_cache_flush(struct pci_access *a) tmpname = pci_malloc(a, strlen(name) + strlen(hostname) + 64); sprintf(tmpname, "%s.tmp-%s-%d", name, hostname, this_pid); - f = fopen(tmpname, "wb"); + f = fopen(tmpname, "wbe"); if (!f) { a->warning("Cannot write to %s: %s", name, strerror(errno)); --- lib/sysfs.c.orig +++ lib/sysfs.c @@ -93,7 +93,7 @@ sysfs_get_value(struct pci_dev *d, char char namebuf[OBJNAMELEN], buf[256]; sysfs_obj_name(d, object, namebuf); - fd = open(namebuf, O_RDONLY); + fd = open(namebuf, O_RDONLY|O_CLOEXEC); if (fd < 0) a->error("Cannot open %s: %s", namebuf, strerror(errno)); n = read(fd, buf, sizeof(buf)); @@ -115,7 +115,7 @@ sysfs_get_resources(struct pci_dev *d) int i; sysfs_obj_name(d, "resource", namebuf); - file = fopen(namebuf, "r"); + file = fopen(namebuf, "re"); if (!file) a->error("Cannot open %s: %s", namebuf, strerror(errno)); for (i = 0; i < 7; i++) @@ -220,7 +220,7 @@ sysfs_fill_slots(struct pci_access *a) n = snprintf(namebuf, OBJNAMELEN, "%s/%s/%s", dirname, entry->d_name, "address"); if (n < 0 || n >= OBJNAMELEN) a->error("File name too long"); - file = fopen(namebuf, "r"); + file = fopen(namebuf, "re"); /* * Old versions of Linux had a fakephp which didn't have an 'address' * file. There's no useful information to be gleaned from these @@ -283,7 +283,7 @@ sysfs_setup(struct pci_dev *d, int inten if (a->fd_vpd < 0) { sysfs_obj_name(d, "vpd", namebuf); - a->fd_vpd = open(namebuf, O_RDONLY); + a->fd_vpd = open(namebuf, O_RDONLY|O_CLOEXEC); /* No warning on error; vpd may be absent or accessible only to root */ } return a->fd_vpd; @@ -293,7 +293,7 @@ sysfs_setup(struct pci_dev *d, int inten { sysfs_obj_name(d, "config", namebuf); a->fd_rw = a->writeable || intent == SETUP_WRITE_CONFIG; - a->fd = open(namebuf, a->fd_rw ? O_RDWR : O_RDONLY); + a->fd = open(namebuf, (a->fd_rw ? O_RDWR : O_RDONLY) | O_CLOEXEC); if (a->fd < 0) a->warning("Cannot open %s", namebuf); a->fd_pos = 0; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
