rpms/make/devel make-3.81-fdleak.patch, NONE, 1.1 make.spec, 1.43, 1.44

[Petr Machata]

Author: pmachata

Update of /cvs/pkgs/rpms/make/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29923

Modified Files:
	make.spec 
Added Files:
	make-3.81-fdleak.patch 
Log Message:
- Mark opened files as cloexec to prevent their leaking through fork
- Resolves: #462090


make-3.81-fdleak.patch:

--- NEW FILE make-3.81-fdleak.patch ---
diff -urp make-3.81/read.c make-3.81-leak/read.c
--- make-3.81/read.c	2006-03-17 15:24:20.000000000 +0100
+++ make-3.81-leak/read.c	2008-09-16 16:43:12.000000000 +0200
@@ -296,6 +300,37 @@ restore_conditionals (struct conditional
   conditionals = saved;
 }
 
+/* If possible, open the file and mark it close-on-exec, so that make
+   doesn't leak the descriptor to binaries called via $(shell ...).*/
+static FILE *
+open_makefile (char *filename)
+{
+  FILE *fp;
+
+#if HAVE_FDOPEN
+  int fd = open (filename, O_RDONLY);
+  int save;
+  if (fd < 0)
+    return NULL;
+
+  fp = fdopen (fd, "r");
+  if (fp == NULL)
+    {
+      save = errno;
+      close (fd);
+      errno = save;
+      return NULL;
+    }
+
+  CLOSE_ON_EXEC (fd);
+
+#else
+  fp = fopen (filename, "r");
+#endif
+
+  return fp;
+}
+
 static int
 eval_makefile (char *filename, int flags)
 {
@@ -335,7 +376,8 @@ eval_makefile (char *filename, int flags
 	filename = expanded;
     }
 
-  ebuf.fp = fopen (filename, "r");
+  ebuf.fp = open_makefile (filename);
+
   /* Save the error code so we print the right message later.  */
   makefile_errno = errno;
 
@@ -348,7 +390,7 @@ eval_makefile (char *filename, int flags
       for (i = 0; include_directories[i] != 0; ++i)
 	{
 	  included = concat (include_directories[i], "/", filename);
-	  ebuf.fp = fopen (included, "r");
+	  ebuf.fp = open_makefile (included);
 	  if (ebuf.fp)
 	    {
 	      filename = included;


Index: make.spec
===================================================================
RCS file: /cvs/pkgs/rpms/make/devel/make.spec,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- make.spec	25 Mar 2008 17:38:16 -0000	1.43
+++ make.spec	22 Sep 2008 08:42:20 -0000	1.44
@@ -3,7 +3,7 @@
 Name: make
 Epoch: 1
 Version: 3.81
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: Development/Tools
 URL: http://www.gnu.org/software/make/
@@ -16,6 +16,7 @@
 Patch8: make-3.81-rlimit.patch
 Patch9: make-3.81-newlines.patch
 Patch10: make-3.81-jobserver.patch
+Patch11: make-3.81-fdleak.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires(post): /sbin/install-info
 Requires(preun): /sbin/install-info
@@ -38,6 +39,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 %build
 %configure
@@ -76,6 +78,10 @@
 %{_infodir}/*.info*
 
 %changelog
+* Tue Sep 16 2008 Petr Machata <pmachata at redhat.com> - 1:3.81-13
+- Mark opened files as cloexec to prevent their leaking through fork
+- Resolves: #462090
+
 * Tue Mar 25 2008 Petr Machata <pmachata at redhat.com> - 1:3.81-12
 - Fix the rlimit patch.  The success flag is kept in memory shared
   with parent process after vfork, and so cannot be reset.