Hello community, here is the log from the commit of package glibc for openSUSE:Factory checked in at 2013-06-11 06:32:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/glibc (Old) and /work/SRC/openSUSE:Factory/.glibc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glibc" Changes: -------- --- /work/SRC/openSUSE:Factory/glibc/glibc-testsuite.changes 2013-05-27 09:49:33.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.glibc.new/glibc-testsuite.changes 2013-06-11 09:27:22.000000000 +0200 @@ -1,0 +2,8 @@ +Mon Jun 10 08:33:46 UTC 2013 - [email protected] + +- glibc-bindresvport-blacklist.diff: Renamed from + glibc-2.3.90-bindresvport.blacklist.diff; fix resource leaks + (bnc#824046) +- Remove glibc-armhf-compat.patch + +------------------------------------------------------------------- glibc-utils.changes: same change glibc.changes: same change Old: ---- glibc-2.3.90-bindresvport.blacklist.diff glibc-armhf-compat.patch New: ---- glibc-bindresvport-blacklist.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc-testsuite.spec ++++++ --- /var/tmp/diff_new_pack.RB4tDA/_old 2013-06-11 09:27:24.000000000 +0200 +++ /var/tmp/diff_new_pack.RB4tDA/_new 2013-06-11 09:27:24.000000000 +0200 @@ -203,13 +203,11 @@ # PATCH-FIX-OPENSUSE -- Make --no-archive default for localedef - [email protected] Patch13: glibc-2.3.2.no_archive.diff # PATCH-FIX-OPENSUSE -- add blacklist for bindresvport -Patch14: glibc-2.3.90-bindresvport.blacklist.diff +Patch14: glibc-bindresvport-blacklist.diff # PATCH-FIX-OPENSUSE prefer -lang rpm packages Patch15: glibc-2.3.90-langpackdir.diff # PATCH-FEATURE-SLE increase cpusetsize to 4096, needs to be kept for compatibility [email protected] (XXX: Review) Patch18: glibc-cpusetsize.diff -# PATCH-FIX-OPENSUSE Allow ARM binaries with old linker path to run - [email protected] -Patch20: glibc-armhf-compat.patch # PATCH-FIX-OPENSUSE Fix check abi for crypt additions Patch21: glibc-fix-check-abi.patch # PATCH-FIX-OPENSUSE Disable badsalttest which expects that crypt can fail @@ -479,10 +477,6 @@ %patch305 -p1 %patch306 -p1 -%ifarch armv7l armv7hl -%patch20 -p1 -%endif - %patch1000 -p1 %patch1001 -p1 %patch1002 -p1 glibc-utils.spec: same change ++++++ glibc.spec ++++++ --- /var/tmp/diff_new_pack.RB4tDA/_old 2013-06-11 09:27:24.000000000 +0200 +++ /var/tmp/diff_new_pack.RB4tDA/_new 2013-06-11 09:27:24.000000000 +0200 @@ -203,13 +203,11 @@ # PATCH-FIX-OPENSUSE -- Make --no-archive default for localedef - [email protected] Patch13: glibc-2.3.2.no_archive.diff # PATCH-FIX-OPENSUSE -- add blacklist for bindresvport -Patch14: glibc-2.3.90-bindresvport.blacklist.diff +Patch14: glibc-bindresvport-blacklist.diff # PATCH-FIX-OPENSUSE prefer -lang rpm packages Patch15: glibc-2.3.90-langpackdir.diff # PATCH-FEATURE-SLE increase cpusetsize to 4096, needs to be kept for compatibility [email protected] (XXX: Review) Patch18: glibc-cpusetsize.diff -# PATCH-FIX-OPENSUSE Allow ARM binaries with old linker path to run - [email protected] -Patch20: glibc-armhf-compat.patch # PATCH-FIX-OPENSUSE Fix check abi for crypt additions Patch21: glibc-fix-check-abi.patch # PATCH-FIX-OPENSUSE Disable badsalttest which expects that crypt can fail @@ -479,10 +477,6 @@ %patch305 -p1 %patch306 -p1 -%ifarch armv7l armv7hl -%patch20 -p1 -%endif - %patch1000 -p1 %patch1001 -p1 %patch1002 -p1 ++++++ glibc-bindresvport-blacklist.diff ++++++ Index: glibc-2.17/sunrpc/bindrsvprt.c =================================================================== --- glibc-2.17.orig/sunrpc/bindrsvprt.c +++ glibc-2.17/sunrpc/bindrsvprt.c @@ -29,6 +29,9 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include <stdio.h> +#include <ctype.h> +#include <stdlib.h> #include <errno.h> #include <unistd.h> #include <string.h> @@ -42,6 +45,93 @@ */ __libc_lock_define_initialized (static, lock); +#define STARTPORT 600 +#define LOWPORT 512 +#define ENDPORT (IPPORT_RESERVED - 1) +#define NPORTS (ENDPORT - STARTPORT + 1) + +/* Read the file /etc/rpc.blacklisted, so that we don't bind to these + ports. */ + +static int blacklist_read; +static int *list; +static int list_size = 0; + +static void +load_blacklist (void) +{ + FILE *fp; + char *buf = NULL; + size_t buflen = 0; + int size = 0, ptr = 0; + + __libc_lock_lock (lock); + if (blacklist_read) + goto unlock; + blacklist_read = 1; + + fp = fopen ("/etc/bindresvport.blacklist", "r"); + if (fp == NULL) + goto unlock; + + while (!feof_unlocked (fp)) + { + unsigned long port; + char *tmp, *cp; + ssize_t n = __getline (&buf, &buflen, fp); + if (n < 1) + break; + + cp = buf; + /* Remove comments. */ + tmp = strchr (cp, '#'); + if (tmp) + *tmp = '\0'; + /* Remove spaces and tabs. */ + while (isspace ((unsigned char) *cp)) + ++cp; + /* Ignore empty lines. */ + if (*cp == '\0') + continue; + if (cp[strlen (cp) - 1] == '\n') + cp[strlen (cp) - 1] = '\0'; + + port = strtoul (cp, &tmp, 0); + while (isspace ((unsigned char) *tmp)) + ++tmp; + if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE)) + continue; + + /* Don't bother with out-of-range ports. */ + if (port < LOWPORT || port > ENDPORT) + continue; + + if (ptr >= size) + { + size += 10; + int *new_list = realloc (list, size * sizeof (int)); + if (new_list == NULL) + { + free (list); + list = NULL; + free (buf); + goto unlock; + } + list = new_list; + } + + list[ptr++] = port; + } + + fclose (fp); + free (buf); + list_size = ptr; + + unlock: + __libc_lock_unlock (lock); +} + + /* * Bind a socket to a privileged IP port */ @@ -52,12 +142,11 @@ bindresvport (int sd, struct sockaddr_in struct sockaddr_in myaddr; int i; -#define STARTPORT 600 -#define LOWPORT 512 -#define ENDPORT (IPPORT_RESERVED - 1) -#define NPORTS (ENDPORT - STARTPORT + 1) static short startport = STARTPORT; + if (!blacklist_read) + load_blacklist (); + if (sin == (struct sockaddr_in *) 0) { sin = &myaddr; @@ -75,6 +164,7 @@ bindresvport (int sd, struct sockaddr_in port = (__getpid () % NPORTS) + STARTPORT; } + __set_errno (EADDRINUSE); /* Initialize to make gcc happy. */ int res = -1; @@ -86,12 +176,22 @@ bindresvport (int sd, struct sockaddr_in again: for (i = 0; i < nports; ++i) { - sin->sin_port = htons (port++); - if (port > endport) - port = startport; + int j; + + sin->sin_port = htons (port); + + /* Check that this port is not blacklisted. */ + for (j = 0; j < list_size; j++) + if (port == list[j]) + goto try_next_port; + res = __bind (sd, sin, sizeof (struct sockaddr_in)); if (res >= 0 || errno != EADDRINUSE) break; + + try_next_port: + if (++port > endport) + port = startport; } if (i == nports && startport != LOWPORT) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
