Hi Dave, Thanks for forwarding! I wonder if you have upstreamed/discussed O_EXCL patch with upstream (CCing upstream to expedite in case if not) -- sounds sensible to me (isn't it Albert? see patch below. quoting entire message for completeness)
Cheers On Tue, 09 Oct 2012, Dave Walker (Daviey) wrote: > Package: freeipmi > Version: 1.1.5-3 > Severity: normal > Tags: patch > User: [email protected] > Usertags: origin-ubuntu quantal ubuntu-patch > In Ubuntu, the attached patch was applied to achieve the following: > * debian/rules: Build with "-pie,-bindnow" > * debian/patches/0002_excel_when_opening_tmp.patch: Open files with O_EXCL. > * debian/patches/fix-Wunused-result.patch: Resolve -Wunused-result's > warnings, by checking for non-0 return. > I'm not sure fix-Wunused-result.patch adds any value to the latest > experimental package. > Thanks for considering the patch. > -- System Information: > Debian Release: wheezy/sid > APT prefers quantal-updates > APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500, > 'quantal') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > Kernel: Linux 3.5.0-10-generic (SMP w/2 CPU cores) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > diff -Nru freeipmi-1.1.5/debian/changelog freeipmi-1.1.5/debian/changelog > diff -Nru freeipmi-1.1.5/debian/patches/0002_excel_when_opening_tmp.patch > freeipmi-1.1.5/debian/patches/0002_excel_when_opening_tmp.patch > --- freeipmi-1.1.5/debian/patches/0002_excel_when_opening_tmp.patch > 1970-01-01 01:00:00.000000000 +0100 > +++ freeipmi-1.1.5/debian/patches/0002_excel_when_opening_tmp.patch > 2012-10-07 20:17:11.000000000 +0100 > @@ -0,0 +1,26 @@ > +Index: freeipmi-1.1.5/libipmiconsole/ipmiconsole_debug.c > +=================================================================== > +--- freeipmi-1.1.5.orig/libipmiconsole/ipmiconsole_debug.c 2012-05-17 > 15:08:55.000000000 -0400 > ++++ freeipmi-1.1.5/libipmiconsole/ipmiconsole_debug.c 2012-10-02 > 10:32:04.755269452 -0400 > +@@ -84,7 +84,7 @@ > + IPMICONSOLE_DEBUG_DIRECTORY, > + IPMICONSOLE_DEBUG_FILENAME); > + > +- if ((console_debug_fd = open (filename, O_CREAT | O_APPEND | > O_WRONLY, 0600)) < 0) > ++ if ((console_debug_fd = open (filename, O_CREAT | O_APPEND | O_WRONLY > | O_EXCL, 0600)) < 0) > + { > + console_debug_flags &= ~IPMICONSOLE_DEBUG_FILE; > + IPMICONSOLE_DEBUG (("open: %s", strerror (errno))); > +Index: freeipmi-1.1.5/libipmiconsole/ipmiconsole_ctx.c > +=================================================================== > +--- freeipmi-1.1.5.orig/libipmiconsole/ipmiconsole_ctx.c 2012-05-17 > 15:08:55.000000000 -0400 > ++++ freeipmi-1.1.5/libipmiconsole/ipmiconsole_ctx.c 2012-10-02 > 10:34:50.559273698 -0400 > +@@ -351,7 +351,7 @@ > + c->config.hostname); > + > + if ((c->debug.debug_fd = open (filename, > +- O_CREAT | O_APPEND | O_WRONLY, > ++ O_CREAT | O_APPEND | O_WRONLY | O_EXCL, > + 0600)) < 0) > + { > + c->config.debug_flags &= ~IPMICONSOLE_DEBUG_FILE; > diff -Nru freeipmi-1.1.5/debian/patches/fix-Wunused-result.patch > freeipmi-1.1.5/debian/patches/fix-Wunused-result.patch > --- freeipmi-1.1.5/debian/patches/fix-Wunused-result.patch 1970-01-01 > 01:00:00.000000000 +0100 > +++ freeipmi-1.1.5/debian/patches/fix-Wunused-result.patch 2012-10-09 > 12:27:26.000000000 +0100 > @@ -0,0 +1,54 @@ > +Description: Resolve -Wunused-result's warnings, by checking for non-0 > return. > + Patch not upstreamed, as trunk has refactored this case out. > +Author: Dave Walker (Daviey) <[email protected]> > +Forwarded: not-needed > + > +--- a/bmc-watchdog/bmc-watchdog.c > ++++ b/bmc-watchdog/bmc-watchdog.c > +@@ -1692,7 +1692,8 @@ > + { > + /* parent terminates */ > + char buf; > +- read(fds[0], &buf, 1); > ++ if (read(fds[0], &buf, 1) < 0) > ++ _err_exit ("read: %s", strerror (errno)); > + close(fds[1]); > + close(fds[0]); > + exit (0); > +@@ -1718,7 +1719,8 @@ > + > + umask (0); > + > +- write(fds[1], "a", 1); > ++ if (write(fds[1], "a", 1) < 0) > ++ _err_exit ("write: %s", strerror (errno)); > + close(fds[1]); > + close(fds[0]); > + for (i = 0; i < 64; i++) > +--- a/ipmidetectd/ipmidetectd.c > ++++ b/ipmidetectd/ipmidetectd.c > +@@ -69,7 +69,8 @@ > + { > + /* Terminate Parent */ > + char buf; > +- read(fds[0], &buf, 1); > ++ if (read(fds[0], &buf, 1) < 0) > ++ IPMIDETECTD_EXIT (("read: %s", strerror (errno))); > + close(fds[1]); > + close(fds[0]); > + exit (0); > +@@ -86,10 +87,12 @@ > + if (pid != 0) /* Terminate 1st Child */ > + exit (0); > + > +- chdir ("/"); > ++ if (chdir ("/") < 0) > ++ IPMIDETECTD_EXIT (("chdir: %s", strerror (errno))); > + > + umask (0); > +- write(fds[1], "a", 1); > ++ if (write(fds[1], "a", 1) < 0) > ++ IPMIDETECTD_EXIT (("write: %s", strerror (errno))); > + close(fds[1]); > + close(fds[0]); > + > diff -Nru freeipmi-1.1.5/debian/patches/series > freeipmi-1.1.5/debian/patches/series > --- freeipmi-1.1.5/debian/patches/series 2012-06-15 02:41:57.000000000 > +0100 > +++ freeipmi-1.1.5/debian/patches/series 2012-10-07 22:17:30.000000000 > +0100 > @@ -1,3 +1,5 @@ > up_fixmanpages > deb_bmc-watchdog_noRUN > 0001-Fix-Wformat-security-warnings.patch > +0002_excel_when_opening_tmp.patch > +fix-Wunused-result.patch > diff -Nru freeipmi-1.1.5/debian/rules freeipmi-1.1.5/debian/rules > --- freeipmi-1.1.5/debian/rules 2012-06-15 02:41:57.000000000 +0100 > +++ freeipmi-1.1.5/debian/rules 2012-10-07 20:17:11.000000000 +0100 > @@ -4,6 +4,8 @@ > # We use some bashisms > SHELL=/bin/bash > +export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow > + > # mega rule -- Joey knows how to do the rest > %: > dh $@ --with autotools_dev > _______________________________________________ > Pkg-freeipmi-devel mailing list > [email protected] > http://lists.alioth.debian.org/mailman/listinfo/pkg-freeipmi-devel -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
