diff --git a/ppp-2.4.4-bogus_dns_addr.patch b/ppp-2.4.4-bogus_dns_addr.patch index 4af8d7e..400dfc6 100644 --- a/ppp-2.4.4-bogus_dns_addr.patch +++ b/ppp-2.4.4-bogus_dns_addr.patch @@ -1,6 +1,6 @@ diff -up ppp-2.4.4/pppd/ipcp.c.bogus_dns_addr ppp-2.4.4/pppd/ipcp.c --- ppp-2.4.4/pppd/ipcp.c.bogus_dns_addr 2005-08-26 01:59:34.000000000 +0200 -+++ ppp-2.4.4/pppd/ipcp.c 2008-12-11 12:39:05.000000000 +0100 ++++ ppp-2.4.4/pppd/ipcp.c 2010-01-06 08:03:55.325096361 +0100 @@ -715,7 +715,8 @@ ipcp_cilen(f) #define LENCIADDRS(neg) (neg ? CILEN_ADDRS : 0) #define LENCIVJ(neg, old) (neg ? (old? CILEN_COMPRESS : CILEN_VJ) : 0) @@ -53,7 +53,29 @@ diff -up ppp-2.4.4/pppd/ipcp.c.bogus_dns_addr ppp-2.4.4/pppd/ipcp.c *lenp -= len; } -@@ -1159,6 +1179,15 @@ ipcp_nakci(f, p, len, treat_as_reject) +@@ -1097,19 +1117,11 @@ ipcp_nakci(f, p, len, treat_as_reject) + ); + + NAKCIDNS(CI_MS_DNS1, req_dns1, +- if (treat_as_reject) { +- try.req_dns1 = 0; +- } else { +- try.dnsaddr[0] = cidnsaddr; +- } ++ try.dnsaddr[0] = cidnsaddr; + ); + + NAKCIDNS(CI_MS_DNS2, req_dns2, +- if (treat_as_reject) { +- try.req_dns2 = 0; +- } else { +- try.dnsaddr[1] = cidnsaddr; +- } ++ try.dnsaddr[1] = cidnsaddr; + ); + + /* +@@ -1159,6 +1171,15 @@ ipcp_nakci(f, p, len, treat_as_reject) try.neg_addr = 1; no.neg_addr = 1; break; @@ -69,7 +91,7 @@ diff -up ppp-2.4.4/pppd/ipcp.c.bogus_dns_addr ppp-2.4.4/pppd/ipcp.c } p = next; } -@@ -1275,6 +1304,21 @@ ipcp_rejci(f, p, len) +@@ -1275,6 +1296,21 @@ ipcp_rejci(f, p, len) try.neg = 0; \ } @@ -91,7 +113,7 @@ diff -up ppp-2.4.4/pppd/ipcp.c.bogus_dns_addr ppp-2.4.4/pppd/ipcp.c REJCIADDRS(CI_ADDRS, !go->neg_addr && go->old_addrs, go->ouraddr, go->hisaddr); -@@ -1288,6 +1332,10 @@ ipcp_rejci(f, p, len) +@@ -1288,6 +1324,10 @@ ipcp_rejci(f, p, len) REJCIDNS(CI_MS_DNS2, req_dns2, go->dnsaddr[1]); diff --git a/ppp-2.4.4-fd_leak.patch b/ppp-2.4.4-fd_leak.patch new file mode 100644 index 0000000..82142b1 --- /dev/null +++ b/ppp-2.4.4-fd_leak.patch @@ -0,0 +1,554 @@ +diff -up ppp-2.4.4/pppd/auth.c.fd_leak ppp-2.4.4/pppd/auth.c +--- ppp-2.4.4/pppd/auth.c.fd_leak 2006-06-18 13:26:00.000000000 +0200 ++++ ppp-2.4.4/pppd/auth.c 2009-10-08 21:22:59.789547513 +0200 +@@ -424,7 +424,7 @@ setupapfile(argv) + option_error("unable to reset uid before opening %s: %m", fname); + return 0; + } +- ufile = fopen(fname, "r"); ++ ufile = fopen_r(fname); + if (seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); + if (ufile == NULL) { +@@ -1404,7 +1404,7 @@ check_passwd(unit, auser, userlen, apass + filename = _PATH_UPAPFILE; + addrs = opts = NULL; + ret = UPAP_AUTHNAK; +- f = fopen(filename, "r"); ++ f = fopen_r(filename); + if (f == NULL) { + error("Can't open PAP password file %s: %m", filename); + +@@ -1649,7 +1649,7 @@ plogin(user, passwd, msg) + struct lastlog ll; + int fd; + +- if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { ++ if ((fd = open_fd_mode(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { + (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET); + memset((void *)&ll, 0, sizeof(ll)); + (void)time(&ll.ll_time); +@@ -1721,7 +1721,7 @@ null_login(unit) + if (ret <= 0) { + filename = _PATH_UPAPFILE; + addrs = NULL; +- f = fopen(filename, "r"); ++ f = fopen_r(filename); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1768,7 +1768,7 @@ get_pap_passwd(passwd) + } + + filename = _PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen_r(filename); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1806,7 +1806,7 @@ have_pap_secret(lacks_ipp) + } + + filename = _PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen_r(filename); + if (f == NULL) + return 0; + +@@ -1851,7 +1851,7 @@ have_chap_secret(client, server, need_ip + } + + filename = _PATH_CHAPFILE; +- f = fopen(filename, "r"); ++ f = fopen_r(filename); + if (f == NULL) + return 0; + +@@ -1893,7 +1893,7 @@ have_srp_secret(client, server, need_ip, + struct wordlist *addrs; + + filename = _PATH_SRPFILE; +- f = fopen(filename, "r"); ++ f = fopen_r(filename); + if (f == NULL) + return 0; + +@@ -1949,7 +1949,7 @@ get_secret(unit, client, server, secret, + addrs = NULL; + secbuf[0] = 0; + +- f = fopen(filename, "r"); ++ f = fopen_r(filename); + if (f == NULL) { + error("Can't open chap secret file %s: %m", filename); + return 0; +@@ -2006,7 +2006,7 @@ get_srp_secret(unit, client, server, sec + filename = _PATH_SRPFILE; + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen_r(filename); + if (fp == NULL) { + error("Can't open srp secret file %s: %m", filename); + return 0; +@@ -2412,7 +2412,7 @@ scan_authfile(f, client, server, secret, + */ + if (word[0] == '@' && word[1] == '/') { + strlcpy(atfile, word+1, sizeof(atfile)); +- if ((sf = fopen(atfile, "r")) == NULL) { ++ if ((sf = fopen_r(atfile)) == NULL) { + warn("can't open indirect secret file %s", atfile); + continue; + } +diff -up ppp-2.4.4/pppd/eap.c.fd_leak ppp-2.4.4/pppd/eap.c +--- ppp-2.4.4/pppd/eap.c.fd_leak 2004-11-09 23:39:25.000000000 +0100 ++++ ppp-2.4.4/pppd/eap.c 2009-10-08 21:22:59.791544181 +0200 +@@ -1226,7 +1226,7 @@ mode_t modebits; + + if ((path = name_of_pn_file()) == NULL) + return (-1); +- fd = open(path, modebits, S_IRUSR | S_IWUSR); ++ fd = open_fd(path, modebits, S_IRUSR | S_IWUSR); + err = errno; + free(path); + errno = err; +diff -up ppp-2.4.4/pppd/main.c.fd_leak ppp-2.4.4/pppd/main.c +--- ppp-2.4.4/pppd/main.c.fd_leak 2009-10-08 21:22:59.769544859 +0200 ++++ ppp-2.4.4/pppd/main.c 2009-10-08 21:30:32.356546561 +0200 +@@ -201,6 +201,8 @@ int ngroups; /* How many groups valid + + static struct timeval start_time; /* Time when link was started. */ + ++static int cloexec_works; /* controlls setting FD_CLOEXEC flag up */ ++ + static struct pppd_stats old_link_stats; + struct pppd_stats link_stats; + unsigned link_connect_time; +@@ -245,6 +247,7 @@ static void holdoff_end __P((void *)); + static void forget_child __P((int pid, int status)); + static int reap_kids __P((void)); + static void childwait_end __P((void *)); ++static void check_cloexec __P((int)); + + #ifdef USE_TDB + static void update_db_entry __P((void)); +@@ -419,7 +422,7 @@ main(argc, argv) + die(0); + + /* Make sure fds 0, 1, 2 are open to somewhere. */ +- fd_devnull = open(_PATH_DEVNULL, O_RDWR); ++ fd_devnull = open_fd(_PATH_DEVNULL, O_RDWR); + if (fd_devnull < 0) + fatal("Couldn't open %s: %m", _PATH_DEVNULL); + while (fd_devnull <= 2) { +@@ -464,7 +467,6 @@ main(argc, argv) + } + syslog(LOG_NOTICE, "pppd %s started by %s, uid %d", VERSION, p, uid); + script_setenv("PPPLOGNAME", p, 0); +- + if (devnam[0]) + script_setenv("DEVICE", devnam, 1); + slprintf(numbuf, sizeof(numbuf), "%d", getpid()); +@@ -606,7 +608,6 @@ static void + handle_events() + { + struct timeval timo; +- + kill_link = open_ccp_flag = 0; + if (sigsetjmp(sigjmp, 1) == 0) { + sigprocmask(SIG_BLOCK, &signals_handled, NULL); +@@ -865,6 +866,104 @@ holdoff_end(arg) + new_phase(PHASE_DORMANT); + } + ++ ++/* ++ * check_cloexec - checks for FD_CLOEXEC flag and adds it if necessary ++ */ ++static void ++check_cloexec(int fd) ++{ ++ if (cloexec_works == 0) { ++ int fl = fcntl(fd, F_GETFD); ++ cloexec_works = (fl & FD_CLOEXEC) ? 1 : -1; ++ } ++ if (cloexec_works > 0) ++ return; ++ fcntl(fd, F_SETFD, FD_CLOEXEC); ++ return; ++} ++ ++/* ++ * socket_fd - create an endpoint for communication. uses FD_CLOEXEC if supported ++ */ ++int ++socket_fd(int domain, int type, int protocol) ++{ ++ int fd; ++ ++#ifdef SOCK_CLOEXEC ++ if (cloexec_works != -1) ++ type |= SOCK_CLOEXEC; ++#endif ++ fd = socket(domain, type, protocol); ++ if (fd == -1) ++ return -1; ++ check_cloexec(fd); ++ return fd; ++} ++ ++/* ++ * open_fd - open file with FD_CLOEXEC flag ++ */ ++int ++open_fd(const char *path, int flags) ++{ ++ int fd; ++ ++#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC) ++ if (cloexec_works != -1) ++ flags |= O_CLOEXEC; ++#endif ++ fd = open(path, flags); ++ if (fd == -1) ++ return -1; ++ check_cloexec(fd); ++ return fd; ++} ++ ++/* ++ * open_fd_mmode - open file with FD_CLOEXEC flag ++ */ ++int ++open_fd_mode(const char *path, int flags, int mode) ++{ ++ int fd; ++ ++#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC) ++ if (cloexec_works != -1) ++ flags |= O_CLOEXEC; ++#endif ++ fd = open(path, flags, mode); ++ if (fd == -1) ++ return -1; ++ check_cloexec(fd); ++ return fd; ++} ++ ++/* ++ * fopen_r - open file with FD_CLOEXEC flag ++ */ ++FILE * ++fopen_r(const char *path) ++{ ++ FILE *f; ++ ++#if defined(O_CLOEXEC) && defined(SOCK_CLOEXEC) ++ if (cloexec_exec != -1) { ++ f = fopen(path, "re"); ++ if (f != NULL) { ++ check_cloexec(fileno(f)); ++ return f; ++ } ++ } ++#endif ++ f = fopen(path, "r"); ++ if (f == NULL) ++ return NULL; ++ check_cloexec(fileno(f)); ++ return f; ++} ++ + /* List of protocol names, to make our messages a little more informative. */ + struct protocol_list { + u_short proto; +@@ -1618,7 +1717,7 @@ device_script(program, in, out, dont_wai + if (log_to_fd >= 0) + errfd = log_to_fd; + else +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); ++ errfd = open_fd_mode(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); + + ++conn_running; + pid = safe_fork(in, out, errfd); +diff -up ppp-2.4.4/pppd/options.c.fd_leak ppp-2.4.4/pppd/options.c +--- ppp-2.4.4/pppd/options.c.fd_leak 2006-06-18 13:26:00.000000000 +0200 ++++ ppp-2.4.4/pppd/options.c 2009-10-08 21:22:59.797544174 +0200 +@@ -409,7 +409,7 @@ options_from_file(filename, must_exist, + option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } +- f = fopen(filename, "r"); ++ f = fopen_r(filename); + err = errno; + if (check_prot && seteuid(euid) == -1) + fatal("unable to regain privileges"); +@@ -1521,9 +1521,9 @@ setlogfile(argv) + option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } +- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); ++ fd = open_fd_mode(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); + if (fd < 0 && errno == EEXIST) +- fd = open(*argv, O_WRONLY | O_APPEND); ++ fd = open_fd(*argv, O_WRONLY | O_APPEND); + err = errno; + if (!privileged_option && seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); +diff -up ppp-2.4.4/pppd/pppd.h.fd_leak ppp-2.4.4/pppd/pppd.h +--- ppp-2.4.4/pppd/pppd.h.fd_leak 2005-08-26 01:59:34.000000000 +0200 ++++ ppp-2.4.4/pppd/pppd.h 2009-10-08 21:22:59.800544904 +0200 +@@ -494,6 +494,10 @@ int ppp_send_config __P((int, int, u_in + int ppp_recv_config __P((int, int, u_int32_t, int, int)); + const char *protocol_name __P((int)); + void remove_pidfiles __P((void)); ++int socket_fd __P((int, int, int)); ++int open_fd __P((const char *, int)); ++int open_fd_mode __P((const char *, int, int)); ++FILE *fopen_r __P((const char *)); + void lock_db __P((void)); + void unlock_db __P((void)); + +diff -up ppp-2.4.4/pppd/sys-linux.c.fd_leak ppp-2.4.4/pppd/sys-linux.c +--- ppp-2.4.4/pppd/sys-linux.c.fd_leak 2009-10-08 21:22:59.778544744 +0200 ++++ ppp-2.4.4/pppd/sys-linux.c 2009-10-08 21:22:59.803544377 +0200 +@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clea + void sys_init(void) + { + /* Get an internet socket for doing socket ioctls. */ +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket_fd(AF_INET, SOCK_DGRAM, 0); + if (sock_fd < 0) + fatal("Couldn't create IP socket: %m(%d)", errno); + + #ifdef INET6 +- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); ++ sock6_fd = socket_fd(AF_INET6, SOCK_DGRAM, 0); + if (sock6_fd < 0) + sock6_fd = -errno; /* save errno for later */ + #endif +@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd) + goto err; + } + dbglog("using channel %d", chindex); +- fd = open("/dev/ppp", O_RDWR); ++ fd = open_fd("/dev/ppp", O_RDWR); + if (fd < 0) { + error("Couldn't reopen /dev/ppp: %m"); + goto err; +@@ -619,7 +619,7 @@ static int make_ppp_unit() + dbglog("in make_ppp_unit, already had /dev/ppp open?"); + close(ppp_dev_fd); + } +- ppp_dev_fd = open("/dev/ppp", O_RDWR); ++ ppp_dev_fd = open_fd("/dev/ppp", O_RDWR); + if (ppp_dev_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + flags = fcntl(ppp_dev_fd, F_GETFL); +@@ -693,7 +693,7 @@ int bundle_attach(int ifnum) + if (!new_style_driver) + return -1; + +- master_fd = open("/dev/ppp", O_RDWR); ++ master_fd = open_fd("/dev/ppp", O_RDWR); + if (master_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { +@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char * + /* Default the mount location of /proc */ + strlcpy (proc_path, "/proc", sizeof(proc_path)); + proc_path_len = 5; +- fp = fopen(MOUNTED, "r"); ++ fp = fopen_r(MOUNTED); + if (fp != NULL) { + while ((mntent = getmntent(fp)) != NULL) { + if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) +@@ -1472,7 +1472,7 @@ static int open_route_table (void) + close_route_table(); + + path = path_to_procfs("/net/route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen_r(path); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; +@@ -1713,7 +1713,7 @@ int sifproxyarp (int unit, u_int32_t his + if (tune_kernel) { + forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); + if (forw_path != 0) { +- int fd = open(forw_path, O_WRONLY); ++ int fd = open_fd(forw_path, O_WRONLY); + if (fd >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable IP forwarding: %m"); +@@ -1855,7 +1855,7 @@ get_if_hwaddr(u_char *addr, char *name) + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket_fd(AF_INET, SOCK_DGRAM, 0); + if (sock_fd < 0) + return 0; + memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); +@@ -2036,19 +2036,19 @@ int ppp_available(void) + sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); + kernel_version = KVERSION(osmaj, osmin, ospatch); + +- fd = open("/dev/ppp", O_RDWR); ++ fd = open_fd("/dev/ppp", O_RDWR); + #if 0 + if (fd < 0 && errno == ENOENT) { + /* try making it and see if that helps. */ + if (mknod("/dev/ppp", S_IFCHR | S_IRUSR | S_IWUSR, + makedev(108, 0)) >= 0) { +- fd = open("/dev/ppp", O_RDWR); ++ fd = open_fd("/dev/ppp", O_RDWR); + if (fd >= 0) + info("Created /dev/ppp device node"); + else + unlink("/dev/ppp"); /* didn't work, undo the mknod */ + } else if (errno == EEXIST) { +- fd = open("/dev/ppp", O_RDWR); ++ fd = open_fd("/dev/ppp", O_RDWR); + } + } + #endif /* 0 */ +@@ -2075,7 +2075,7 @@ int ppp_available(void) + /* + * Open a socket for doing the ioctl operations. + */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket_fd(AF_INET, SOCK_DGRAM, 0); + if (s < 0) + return 0; + +@@ -2323,7 +2323,7 @@ int sifaddr (int unit, u_int32_t our_adr + int fd; + + path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); +- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { ++ if (path != 0 && (fd = open_fd(path, O_WRONLY)) >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable dynamic IP addressing: %m"); + close(fd); +@@ -2499,7 +2499,7 @@ get_pty(master_fdp, slave_fdp, slave_nam + /* + * Try the unix98 way first. + */ +- mfd = open("/dev/ptmx", O_RDWR); ++ mfd = open_fd("/dev/ptmx", O_RDWR); + if (mfd >= 0) { + int ptn; + if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { +@@ -2510,7 +2510,7 @@ get_pty(master_fdp, slave_fdp, slave_nam + if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) + warn("Couldn't unlock pty slave %s: %m", pty_name); + #endif +- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) ++ if ((sfd = open_fd(pty_name, O_RDWR | O_NOCTTY)) < 0) + warn("Couldn't open pty slave %s: %m", pty_name); + } + } +@@ -2521,10 +2521,10 @@ get_pty(master_fdp, slave_fdp, slave_nam + for (i = 0; i < 64; ++i) { + slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", + 'p' + i / 16, i % 16); +- mfd = open(pty_name, O_RDWR, 0); ++ mfd = open_fd_mode(pty_name, O_RDWR, 0); + if (mfd >= 0) { + pty_name[5] = 't'; +- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); ++ sfd = open_fd_mode(pty_name, O_RDWR | O_NOCTTY, 0); + if (sfd >= 0) { + fchown(sfd, uid, -1); + fchmod(sfd, S_IRUSR | S_IWUSR); +@@ -2789,7 +2789,7 @@ ether_to_eui64(eui64_t *p_eui64) + int skfd; + const unsigned char *ptr; + +- skfd = socket(PF_INET6, SOCK_DGRAM, 0); ++ skfd = socket_fd(PF_INET6, SOCK_DGRAM, 0); + if(skfd == -1) + { + warn("could not open IPv6 socket"); +diff -up ppp-2.4.4/pppd/tdb.c.fd_leak ppp-2.4.4/pppd/tdb.c +--- ppp-2.4.4/pppd/tdb.c.fd_leak 2004-11-13 08:13:07.000000000 +0100 ++++ ppp-2.4.4/pppd/tdb.c 2009-10-08 21:22:59.806583590 +0200 +@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *nam + goto internal; + } + +- if ((tdb->fd = open(name, open_flags, mode)) == -1) { ++ if ((tdb->fd = open_fd_mode(name, open_flags, mode)) == -1) { + TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", + name, strerror(errno))); + goto fail; /* errno set by open(2) */ +@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb) + } + if (close(tdb->fd) != 0) + TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); +- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); ++ tdb->fd = open_fd_mode(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); + if (tdb->fd == -1) { + TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); + goto fail; +diff -up ppp-2.4.4/pppd/tty.c.fd_leak ppp-2.4.4/pppd/tty.c +--- ppp-2.4.4/pppd/tty.c.fd_leak 2006-06-04 09:04:57.000000000 +0200 ++++ ppp-2.4.4/pppd/tty.c 2009-10-08 21:22:59.809544300 +0200 +@@ -569,7 +569,7 @@ int connect_tty() + status = EXIT_OPEN_FAILED; + goto errret; + } +- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); ++ real_ttyfd = open_fd_mode(devnam, O_NONBLOCK | O_RDWR, 0); + err = errno; + if (prio < OPRIO_ROOT && seteuid(0) == -1) + fatal("Unable to regain privileges"); +@@ -723,7 +723,7 @@ int connect_tty() + if (connector == NULL && modem && devnam[0] != 0) { + int i; + for (;;) { +- if ((i = open(devnam, O_RDWR)) >= 0) ++ if ((i = open_fd(devnam, O_RDWR)) >= 0) + break; + if (errno != EINTR) { + error("Failed to reopen %s: %m", devnam); +@@ -893,7 +893,8 @@ open_socket(dest) + *sep = ':'; + + /* get a socket and connect it to the other end */ +- sock = socket(PF_INET, SOCK_STREAM, 0); ++ //sock = socket(PF_INET, SOCK_STREAM, 0); ++ sock = socket_fd(PF_INET, SOCK_STREAM, 0); + if (sock < 0) { + error("Can't create socket: %m"); + return -1; +diff -up ppp-2.4.4/pppd/utils.c.fd_leak ppp-2.4.4/pppd/utils.c +--- ppp-2.4.4/pppd/utils.c.fd_leak 2009-10-08 21:22:59.620325739 +0200 ++++ ppp-2.4.4/pppd/utils.c 2009-10-08 21:22:59.811573725 +0200 +@@ -931,14 +931,14 @@ lock(dev) + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); + #endif + +- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { ++ while ((fd = open_fd_mode(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { + if (errno != EEXIST) { + error("Can't create lock file %s: %m", lock_file); + break; + } + + /* Read the lock file to find out who has the device locked. */ +- fd = open(lock_file, O_RDONLY, 0); ++ fd = open_fd_mode(lock_file, O_RDONLY, 0); + if (fd < 0) { + if (errno == ENOENT) /* This is just a timing problem. */ + continue; +@@ -1017,7 +1017,7 @@ relock(pid) + + if (lock_file[0] == 0) + return -1; +- fd = open(lock_file, O_WRONLY, 0); ++ fd = open_fd_mode(lock_file, O_WRONLY, 0); + if (fd < 0) { + error("Couldn't reopen lock file %s: %m", lock_file); + lock_file[0] = 0; diff --git a/ppp.spec b/ppp.spec index a139c81..fe76c94 100644 --- a/ppp.spec +++ b/ppp.spec @@ -1,7 +1,7 @@ Summary: The PPP (Point-to-Point Protocol) daemon. Name: ppp Version: 2.4.4 -Release: 11%{?dist} +Release: 12%{?dist} License: BSD and LGPLv2+ and GPLv2+ and Public Domain Group: System Environment/Daemons Source0: ftp://ftp.samba.org/pub/ppp/ppp-%{version}.tar.gz @@ -28,6 +28,7 @@ Patch24: ppp-2.4.4-closelog.patch Patch25: ppp-2.4.4-response_len.patch Patch26: ppp-2.4.4-new_speeds.patch Patch27: ppp-2.4.4-bogus_dns_addr.patch +Patch28: ppp-2.4.4-fd_leak.patch BuildRoot: %{_tmppath}/%{name}-root BuildPrereq: pam-devel, libpcap-devel @@ -72,6 +73,7 @@ This package contains the header files for building plugins for ppp. %patch25 -p1 -b .response_len %patch26 -p1 -b .new_speeds %patch27 -p1 -b .bogus_dns_addr +%patch28 -p1 -b .fd_leak rm -f scripts/*.local rm -f scripts/*.change_resolv_conf @@ -136,6 +138,10 @@ rm -rf $RPM_BUILD_ROOT %doc PLUGINS %changelog +* Wed Jan 06 2010 - Jiri Skala 2.4.4-12 +- fixed #467004 - PPP sometimes gets incorrect DNS servers for mobile connection +- added close-on-exec due to #498789 + * Fri Mar 06 2009 - Jiri Skala 2.4.4-11 - fixed #488764 - package upgrade should not replace configuration files