commit: 160ea25bdf79c86107ac0659146db4e76c4b5166 Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> AuthorDate: Sun May 31 04:41:34 2020 +0000 Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> CommitDate: Sun May 31 04:46:52 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=160ea25b
net-mail/relay-ctrl: fix grsec RLIMIT_NOFILE overstep Closes: https://bugs.gentoo.org/348203 Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org> .../files/relay-ctrl-3.1.1-NOFILE-overstep.patch | 25 ++++++++++++++++++++++ net-mail/relay-ctrl/relay-ctrl-3.1.1-r3.ebuild | 1 + 2 files changed, 26 insertions(+) diff --git a/net-mail/relay-ctrl/files/relay-ctrl-3.1.1-NOFILE-overstep.patch b/net-mail/relay-ctrl/files/relay-ctrl-3.1.1-NOFILE-overstep.patch new file mode 100644 index 00000000000..3bcd54c1f94 --- /dev/null +++ b/net-mail/relay-ctrl/files/relay-ctrl-3.1.1-NOFILE-overstep.patch @@ -0,0 +1,25 @@ +--- relay-ctrl-3.1.1/relay-ctrl-chdir.c 2002-04-26 18:07:38.000000000 +0200 ++++ relay-ctrl-3.1.1-patch/relay-ctrl-chdir.c 2010-12-08 20:49:15.449915704 +0100 +@@ -2,6 +2,7 @@ + #include <fcntl.h> + #include <stdlib.h> + #include <sys/stat.h> ++#include <sys/resource.h> + #include <unistd.h> + #include "misc/misc.h" + #include "msg/msg.h" +@@ -14,9 +15,12 @@ + static int move_high(int fd) + { + struct stat s; ++ struct rlimit rl; + int newfd; +- +- for (newfd = fd + 1;; ++newfd) { ++ ++ getrlimit(RLIMIT_NOFILE, &rl); ++ ++ for (newfd = fd + 1; newfd < rl.rlim_cur; ++newfd) { + if (fstat(newfd, &s) != -1) continue; + if (dup2(fd, newfd) == -1) break; + close(fd); diff --git a/net-mail/relay-ctrl/relay-ctrl-3.1.1-r3.ebuild b/net-mail/relay-ctrl/relay-ctrl-3.1.1-r3.ebuild index 88c8668e862..9e71696f848 100644 --- a/net-mail/relay-ctrl/relay-ctrl-3.1.1-r3.ebuild +++ b/net-mail/relay-ctrl/relay-ctrl-3.1.1-r3.ebuild @@ -28,6 +28,7 @@ src_prepare() { eapply_user ht_fix_file "${S}"/Makefile eapply "${FILESDIR}"/authenticated.c-relayfixup.diff + eapply "${FILESDIR}"/relay-ctrl-3.1.1-NOFILE-overstep.patch } src_configure() {