[Pkg-apache-commits] r969 - in /trunk/apr: changelog patches/00list patches/027_cloexec.dpatch
sf at alioth.debian.org
sf at alioth.debian.org
Tue Jun 23 20:09:32 UTC 2009
Author: sf
Date: Tue Jun 23 20:09:31 2009
New Revision: 969
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=969
Log:
mark non-inheritable file descriptors with FD_CLOEXEC
Added:
trunk/apr/patches/027_cloexec.dpatch (with props)
Modified:
trunk/apr/changelog
trunk/apr/patches/00list
Modified: trunk/apr/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr/changelog?rev=969&op=diff
==============================================================================
--- trunk/apr/changelog (original)
+++ trunk/apr/changelog Tue Jun 23 20:09:31 2009
@@ -1,3 +1,11 @@
+apr (1.3.5-2) UNRELEASED; urgency=low
+
+ * Mark non-inheritable file descriptors with FD_CLOEXEC, to prevent leaking
+ them to processes exec'ed by applications that fail to use the apr API
+ correctly (i.e. mod_php). Closes: #366124
+
+ -- Stefan Fritsch <sf at debian.org> Thu, 11 Jun 2009 16:25:26 +0200
+
apr (1.3.5-1) unstable; urgency=low
* New upstream version (really)
Modified: trunk/apr/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr/patches/00list?rev=969&op=diff
==============================================================================
--- trunk/apr/patches/00list (original)
+++ trunk/apr/patches/00list Tue Jun 23 20:09:31 2009
@@ -8,3 +8,4 @@
024_hppa_flock_EWOULDBLOCK_weirdness.dpatch
025_GNU_SOURCE_earlier.dpatch
026_omit_extra_libs.dpatch
+027_cloexec.dpatch
Added: trunk/apr/patches/027_cloexec.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apr/patches/027_cloexec.dpatch?rev=969&op=file
==============================================================================
--- trunk/apr/patches/027_cloexec.dpatch (added)
+++ trunk/apr/patches/027_cloexec.dpatch Tue Jun 23 20:09:31 2009
@@ -1,0 +1,339 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Use FD_CLOEXEC for fds, but don't use the new APIs yet. PR 46425 / #366124
+
+ at DPATCH@
+diff -urNad trunk~/file_io/netware/mktemp.c trunk/file_io/netware/mktemp.c
+--- trunk~/file_io/netware/mktemp.c 2009-06-23 21:33:59.000000000 +0200
++++ trunk/file_io/netware/mktemp.c 2009-06-23 21:47:32.058069935 +0200
+@@ -19,6 +19,7 @@
+ #include "apr_strings.h" /* prototype of apr_mkstemp() */
+ #include "apr_arch_file_io.h" /* prototype of apr_mkstemp() */
+ #include "apr_portable.h" /* for apr_os_file_put() */
++#include "apr_arch_inherit.h"
+
+ #include <stdlib.h> /* for mkstemp() - Single Unix */
+
+@@ -43,6 +44,15 @@
+
+
+ if (!(flags & APR_FILE_NOCLEANUP)) {
++ int flags;
++
++ if ((flags = fcntl((*fp)->filedes, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl((*fp)->filedes, F_SETFD, flags) == -1)
++ return errno;
++
+ apr_pool_cleanup_register((*fp)->pool, (void *)(*fp),
+ apr_unix_file_cleanup,
+ apr_unix_child_file_cleanup);
+diff -urNad trunk~/file_io/unix/filedup.c trunk/file_io/unix/filedup.c
+--- trunk~/file_io/unix/filedup.c 2009-06-23 21:33:59.000000000 +0200
++++ trunk/file_io/unix/filedup.c 2009-06-23 21:48:19.830740673 +0200
+@@ -25,13 +25,27 @@
+ int which_dup)
+ {
+ int rv;
+-
++
+ if (which_dup == 2) {
+ if ((*new_file) == NULL) {
+ /* We can't dup2 unless we have a valid new_file */
+ return APR_EINVAL;
+ }
+ rv = dup2(old_file->filedes, (*new_file)->filedes);
++ if (!((*new_file)->flags & (APR_FILE_NOCLEANUP|APR_INHERIT))) {
++ int flags;
++
++ if (rv == -1)
++ return errno;
++
++ if ((flags = fcntl((*new_file)->filedes, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl((*new_file)->filedes, F_SETFD, flags) == -1)
++ return errno;
++
++ }
+ } else {
+ rv = dup(old_file->filedes);
+ }
+diff -urNad trunk~/file_io/unix/mktemp.c trunk/file_io/unix/mktemp.c
+--- trunk~/file_io/unix/mktemp.c 2009-06-23 21:33:59.000000000 +0200
++++ trunk/file_io/unix/mktemp.c 2009-06-23 21:47:32.058069935 +0200
+@@ -51,6 +51,7 @@
+ #include "apr_strings.h" /* prototype of apr_mkstemp() */
+ #include "apr_arch_file_io.h" /* prototype of apr_mkstemp() */
+ #include "apr_portable.h" /* for apr_os_file_put() */
++#include "apr_arch_inherit.h"
+
+ #ifndef HAVE_MKSTEMP
+
+@@ -203,6 +204,15 @@
+ (*fp)->fname = apr_pstrdup(p, template);
+
+ if (!(flags & APR_FILE_NOCLEANUP)) {
++ int flags;
++
++ if ((flags = fcntl(fd, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl(fd, F_SETFD, flags) == -1)
++ return errno;
++
+ apr_pool_cleanup_register((*fp)->pool, (void *)(*fp),
+ apr_unix_file_cleanup,
+ apr_unix_child_file_cleanup);
+diff -urNad trunk~/file_io/unix/open.c trunk/file_io/unix/open.c
+--- trunk~/file_io/unix/open.c 2009-06-23 21:33:59.000000000 +0200
++++ trunk/file_io/unix/open.c 2009-06-23 21:48:35.272286581 +0200
+@@ -155,6 +155,16 @@
+ if (fd < 0) {
+ return errno;
+ }
++ if (!(flag & APR_FILE_NOCLEANUP)) {
++ int flags;
++
++ if ((flags = fcntl(fd, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl(fd, F_SETFD, flags) == -1)
++ return errno;
++ }
+
+ (*new) = (apr_file_t *)apr_pcalloc(pool, sizeof(apr_file_t));
+ (*new)->pool = pool;
+@@ -337,6 +347,15 @@
+ return APR_EINVAL;
+ }
+ if (thefile->flags & APR_INHERIT) {
++ int flags;
++
++ if ((flags = fcntl(thefile->filedes, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl(thefile->filedes, F_SETFD, flags) == -1)
++ return errno;
++
+ thefile->flags &= ~APR_INHERIT;
+ apr_pool_child_cleanup_set(thefile->pool,
+ (void *)thefile,
+diff -urNad trunk~/include/arch/unix/apr_arch_inherit.h trunk/include/arch/unix/apr_arch_inherit.h
+--- trunk~/include/arch/unix/apr_arch_inherit.h 2009-06-23 21:33:59.000000000 +0200
++++ trunk/include/arch/unix/apr_arch_inherit.h 2009-06-23 21:47:32.058069935 +0200
+@@ -27,6 +27,12 @@
+ if (the##name->flag & APR_FILE_NOCLEANUP) \
+ return APR_EINVAL; \
+ if (!(the##name->flag & APR_INHERIT)) { \
++ int flags = fcntl(the##name->name##des, F_GETFD); \
++ if (flags == -1) \
++ return errno; \
++ flags &= ~(FD_CLOEXEC); \
++ if (fcntl(the##name->name##des, F_SETFD, flags) == -1) \
++ return errno; \
+ the##name->flag |= APR_INHERIT; \
+ apr_pool_child_cleanup_set(the##name->pool, \
+ (void *)the##name, \
+@@ -41,6 +47,12 @@
+ if (the##name->flag & APR_FILE_NOCLEANUP) \
+ return APR_EINVAL; \
+ if (the##name->flag & APR_INHERIT) { \
++ int flags; \
++ if ((flags = fcntl(the##name->name##des, F_GETFD)) == -1) \
++ return errno; \
++ flags |= FD_CLOEXEC; \
++ if (fcntl(the##name->name##des, F_SETFD, flags) == -1) \
++ return errno; \
+ the##name->flag &= ~APR_INHERIT; \
+ apr_pool_child_cleanup_set(the##name->pool, \
+ (void *)the##name, \
+diff -urNad trunk~/network_io/unix/sockets.c trunk/network_io/unix/sockets.c
+--- trunk~/network_io/unix/sockets.c 2009-06-23 21:33:59.000000000 +0200
++++ trunk/network_io/unix/sockets.c 2009-06-23 21:48:56.354072152 +0200
+@@ -130,6 +130,17 @@
+ }
+ set_socket_vars(*new, family, type, protocol);
+
++ {
++ int flags;
++
++ if ((flags = fcntl((*new)->socketdes, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl((*new)->socketdes, F_SETFD, flags) == -1)
++ return errno;
++ }
++
+ (*new)->timeout = -1;
+ (*new)->inherit = 0;
+ apr_pool_cleanup_register((*new)->pool, (void *)(*new), socket_cleanup,
+@@ -255,6 +266,17 @@
+ (*new)->local_interface_unknown = 1;
+ }
+
++ {
++ int flags;
++
++ if ((flags = fcntl((*new)->socketdes, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl((*new)->socketdes, F_SETFD, flags) == -1)
++ return errno;
++ }
++
+ (*new)->inherit = 0;
+ apr_pool_cleanup_register((*new)->pool, (void *)(*new), socket_cleanup,
+ socket_cleanup);
+diff -urNad trunk~/poll/unix/epoll.c trunk/poll/unix/epoll.c
+--- trunk~/poll/unix/epoll.c 2009-06-23 21:33:59.000000000 +0200
++++ trunk/poll/unix/epoll.c 2009-06-23 21:47:59.564064269 +0200
+@@ -15,6 +15,7 @@
+ */
+
+ #include "apr_arch_poll_private.h"
++#include "apr_arch_inherit.h"
+
+ #ifdef POLLSET_USES_EPOLL
+
+@@ -101,6 +102,17 @@
+ return errno;
+ }
+
++ {
++ int flags;
++
++ if ((flags = fcntl(fd, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl(fd, F_SETFD, flags) == -1)
++ return errno;
++ }
++
+ *pollset = apr_palloc(p, sizeof(**pollset));
+ #if APR_HAS_THREADS
+ if ((flags & APR_POLLSET_THREADSAFE) &&
+@@ -325,6 +337,17 @@
+ *pollcb = NULL;
+ return apr_get_netos_error();
+ }
++
++ {
++ int flags;
++
++ if ((flags = fcntl(fd, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl(fd, F_SETFD, flags) == -1)
++ return errno;
++ }
+
+ *pollcb = apr_palloc(p, sizeof(**pollcb));
+ (*pollcb)->nalloc = size;
+diff -urNad trunk~/poll/unix/kqueue.c trunk/poll/unix/kqueue.c
+--- trunk~/poll/unix/kqueue.c 2009-06-23 21:33:59.000000000 +0200
++++ trunk/poll/unix/kqueue.c 2009-06-23 21:47:32.058069935 +0200
+@@ -15,6 +15,7 @@
+ */
+
+ #include "apr_arch_poll_private.h"
++#include "apr_arch_inherit.h"
+
+ #ifdef POLLSET_USES_KQUEUE
+
+@@ -101,6 +102,17 @@
+ return apr_get_netos_error();
+ }
+
++ {
++ int flags;
++
++ if ((flags = fcntl((*pollset)->kqueue_fd, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl((*pollset)->kqueue_fd, F_SETFD, flags) == -1)
++ return errno;
++ }
++
+ apr_pool_cleanup_register(p, (void *) (*pollset), backend_cleanup,
+ apr_pool_cleanup_null);
+
+@@ -309,7 +321,18 @@
+ *pollcb = NULL;
+ return apr_get_netos_error();
+ }
+-
++
++ {
++ int flags;
++
++ if ((flags = fcntl(fd, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl(fd, F_SETFD, flags) == -1)
++ return errno;
++ }
++
+ *pollcb = apr_palloc(p, sizeof(**pollcb));
+ (*pollcb)->nalloc = size;
+ (*pollcb)->pool = p;
+diff -urNad trunk~/poll/unix/port.c trunk/poll/unix/port.c
+--- trunk~/poll/unix/port.c 2009-06-23 21:33:59.000000000 +0200
++++ trunk/poll/unix/port.c 2009-06-23 21:47:32.058069935 +0200
+@@ -16,6 +16,7 @@
+
+ #include "apr_arch_poll_private.h"
+ #include "apr_atomic.h"
++#include "apr_arch_inherit.h"
+
+ #ifdef POLLSET_USES_PORT
+
+@@ -127,6 +128,17 @@
+ return APR_ENOMEM;
+ }
+
++ {
++ int flags;
++
++ if ((flags = fcntl((*pollset)->port_fd, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl((*pollset)->port_fd, F_SETFD, flags) == -1)
++ return errno;
++ }
++
+ apr_pool_cleanup_register(p, (void *) (*pollset), backend_cleanup,
+ apr_pool_cleanup_null);
+
+@@ -391,6 +403,17 @@
+ return apr_get_netos_error();
+ }
+
++ {
++ int flags;
++
++ if ((flags = fcntl(fd, F_GETFD)) == -1)
++ return errno;
++
++ flags |= FD_CLOEXEC;
++ if (fcntl(fd, F_SETFD, flags) == -1)
++ return errno;
++ }
++
+ *pollcb = apr_palloc(p, sizeof(**pollcb));
+ (*pollcb)->nalloc = size;
+ (*pollcb)->pool = p;
Propchange: trunk/apr/patches/027_cloexec.dpatch
------------------------------------------------------------------------------
svn:executable = *
More information about the Pkg-apache-commits
mailing list