diff --git a/iptables-1.4.0-cloexec.patch b/iptables-1.4.0-cloexec.patch index 90d42ec..3fb0bde 100644 --- a/iptables-1.4.0-cloexec.patch +++ b/iptables-1.4.0-cloexec.patch @@ -1,6 +1,66 @@ +diff -up iptables-1.4.0/iptables-save.c.cloexec iptables-1.4.0/iptables-save.c +--- iptables-1.4.0/iptables-save.c.cloexec 2008-03-20 15:17:38.000000000 +0100 ++++ iptables-1.4.0/iptables-save.c 2008-03-20 15:17:40.000000000 +0100 +@@ -255,7 +255,7 @@ static int for_each_table(int (*func)(co + FILE *procfile = NULL; + char tablename[IPT_TABLE_MAXNAMELEN+1]; + +- procfile = fopen("/proc/net/ip_tables_names", "r"); ++ procfile = fopen("/proc/net/ip_tables_names", "re"); + if (!procfile) + exit_error(OTHER_PROBLEM, + "Unable to open /proc/net/ip_tables_names: %s\n", +diff -up iptables-1.4.0/ip6tables-save.c.cloexec iptables-1.4.0/ip6tables-save.c +--- iptables-1.4.0/ip6tables-save.c.cloexec 2008-03-20 15:17:40.000000000 +0100 ++++ iptables-1.4.0/ip6tables-save.c 2008-03-20 15:17:40.000000000 +0100 +@@ -232,7 +232,7 @@ static int for_each_table(int (*func)(co + FILE *procfile = NULL; + char tablename[IP6T_TABLE_MAXNAMELEN+1]; + +- procfile = fopen("/proc/net/ip6_tables_names", "r"); ++ procfile = fopen("/proc/net/ip6_tables_names", "re"); + if (!procfile) + exit_error(OTHER_PROBLEM, + "Unable to open /proc/net/ip6_tables_names: %s\n", +diff -up iptables-1.4.0/ip6tables-restore.c.cloexec iptables-1.4.0/ip6tables-restore.c +--- iptables-1.4.0/ip6tables-restore.c.cloexec 2008-03-20 15:21:36.000000000 +0100 ++++ iptables-1.4.0/ip6tables-restore.c 2008-03-20 15:21:53.000000000 +0100 +@@ -165,7 +165,7 @@ int main(int argc, char *argv[]) + } + + if (optind == argc - 1) { +- in = fopen(argv[optind], "r"); ++ in = fopen(argv[optind], "re"); + if (!in) { + fprintf(stderr, "Can't open %s: %s\n", argv[optind], + strerror(errno)); +diff -up iptables-1.4.0/iptables-xml.c.cloexec iptables-1.4.0/iptables-xml.c +--- iptables-1.4.0/iptables-xml.c.cloexec 2008-03-20 15:17:40.000000000 +0100 ++++ iptables-1.4.0/iptables-xml.c 2008-03-20 15:17:38.000000000 +0100 +@@ -664,7 +664,7 @@ main(int argc, char *argv[]) + } + + if (optind == argc - 1) { +- in = fopen(argv[optind], "r"); ++ in = fopen(argv[optind], "re"); + if (!in) { + fprintf(stderr, "Can't open %s: %s", argv[optind], + strerror(errno)); +diff -up iptables-1.4.0/iptables-restore.c.cloexec iptables-1.4.0/iptables-restore.c +--- iptables-1.4.0/iptables-restore.c.cloexec 2008-03-20 15:17:40.000000000 +0100 ++++ iptables-1.4.0/iptables-restore.c 2008-03-20 15:17:40.000000000 +0100 +@@ -170,7 +170,7 @@ main(int argc, char *argv[]) + } + + if (optind == argc - 1) { +- in = fopen(argv[optind], "r"); ++ in = fopen(argv[optind], "re"); + if (!in) { + fprintf(stderr, "Can't open %s: %s\n", argv[optind], + strerror(errno)); diff -up iptables-1.4.0/xtables.c.cloexec iptables-1.4.0/xtables.c ---- iptables-1.4.0/xtables.c.cloexec 2008-02-11 13:50:20.000000000 +0100 -+++ iptables-1.4.0/xtables.c 2008-02-11 13:51:03.000000000 +0100 +--- iptables-1.4.0/xtables.c.cloexec 2008-03-20 15:17:40.000000000 +0100 ++++ iptables-1.4.0/xtables.c 2008-03-20 15:17:40.000000000 +0100 @@ -428,6 +428,12 @@ static int compatible_revision(const cha exit(1); } diff --git a/iptables.spec b/iptables.spec index 52c0c74..53022f8 100644 --- a/iptables.spec +++ b/iptables.spec @@ -4,7 +4,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities Version: 1.4.0 -Release: 3%{?dist} +Release: 4%{?dist} Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -163,6 +163,9 @@ fi %endif %changelog +* Thu Mar 20 2008 Thomas Woerner 1.4.0-4 +- use O_CLOEXEC for all opened files in all applications (rhbz#438189) + * Mon Mar 3 2008 Thomas Woerner 1.4.0-3 - use the kernel headers from the build tree for iptables for now to be able to compile this package, but this makes the package more kernel dependant