diff --git a/SOURCES/libffi-3.1-closures-Create-temporary-file-with-O_TMPFILE-and-O_.patch b/SOURCES/libffi-3.1-closures-Create-temporary-file-with-O_TMPFILE-and-O_.patch new file mode 100644 index 0000000..16430dc --- /dev/null +++ b/SOURCES/libffi-3.1-closures-Create-temporary-file-with-O_TMPFILE-and-O_.patch @@ -0,0 +1,79 @@ +From 8daeed9570af72eb135c8ded460d2888f05b2e68 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= +Date: Sun, 11 May 2014 22:54:58 +0200 +Subject: [PATCH 626/627] closures: Create temporary file with O_TMPFILE and + O_CLOEXEC when available + +The open_temp_exec_file_dir function can create a temporary file without +file system accessible link. If the O_TMPFILE flag is not defined (old +Linux kernel or libc) the behavior is unchanged. + +The open_temp_exec_file_name function now need a new argument "flags" +(like O_CLOEXEC) used for temporary file creation. + +The O_TMPFILE flag allow temporary file creation without race condition. +This feature/fix prevent another process to access the (future) +executable file from the file system. + +The O_CLOEXEC flag automatically close the temporary file for any +execve. This avoid transmitting (executable) file descriptor to a child +process. +--- + src/closures.c | 29 ++++++++++++++++++++++++----- + 1 file changed, 24 insertions(+), 5 deletions(-) + +diff -rup a/src/closures.c b/src/closures.c +--- a/src/closures.c 2019-06-14 14:24:01.510844835 -0400 ++++ b/src/closures.c 2019-06-14 14:26:48.248924350 -0400 +@@ -265,9 +265,9 @@ static size_t execsize = 0; + + /* Open a temporary file name, and immediately unlink it. */ + static int +-open_temp_exec_file_name (char *name) ++open_temp_exec_file_name (char *name, int flags) + { +- int fd = mkstemp (name); ++ int fd = mkostemp (name, flags); + + if (fd != -1) + unlink (name); +@@ -280,8 +280,28 @@ static int + open_temp_exec_file_dir (const char *dir) + { + static const char suffix[] = "/ffiXXXXXX"; +- size_t lendir = strlen (dir); +- char *tempname = __builtin_alloca (lendir + sizeof (suffix)); ++ size_t lendir; ++ int flags, fd; ++ char *tempname; ++ ++#ifdef O_CLOEXEC ++ flags = O_CLOEXEC; ++#else ++ flags = 0; ++#endif ++ ++#ifdef O_TMPFILE ++ fd = open (dir, flags | O_RDWR | O_EXCL | O_TMPFILE, 0700); ++ /* If the running system does not support the O_TMPFILE flag then retry without it. */ ++ if (fd != -1 || (errno != EINVAL && errno != EISDIR && errno != EOPNOTSUPP)) { ++ return fd; ++ } else { ++ errno = 0; ++ } ++#endif ++ ++ lendir = strlen (dir); ++ tempname = __builtin_alloca (lendir + sizeof (suffix)); + + if (!tempname) + return -1; +@@ -289,7 +309,7 @@ open_temp_exec_file_dir (const char *dir + memcpy (tempname, dir, lendir); + memcpy (tempname + lendir, suffix, sizeof (suffix)); + +- return open_temp_exec_file_name (tempname); ++ return open_temp_exec_file_name (tempname, flags); + } + + /* Open a temporary file in the directory in the named environment diff --git a/SPECS/libffi.spec b/SPECS/libffi.spec index 45b762f..1e30877 100644 --- a/SPECS/libffi.spec +++ b/SPECS/libffi.spec @@ -2,7 +2,7 @@ Name: libffi Version: 3.1 -Release: 18%{?dist} +Release: 21%{?dist} Summary: A portable foreign function interface library Group: System Environment/Libraries @@ -15,6 +15,7 @@ Patch0: libffi-3.1-fix-include-path.patch Patch1: libffi-3.1-fix-exec-stack.patch Patch2: libffi-aarch64-rhbz1174037.patch Patch3: libffi-3.1-aarch64-fix-exec-stack.patch +Patch5: libffi-3.1-closures-Create-temporary-file-with-O_TMPFILE-and-O_.patch %description Compilers for high level languages generate code that follow certain @@ -63,6 +64,7 @@ developing applications that use %{name}. %patch1 -p1 -b .execstack %patch2 -p1 -b .aarch64 %patch3 -p1 -b .aarch64execstack +%patch5 -p1 %build @@ -123,6 +125,15 @@ fi %{_infodir}/libffi.info.gz %changelog +* Thu Aug 1 2019 DJ Delorie - 3.1-21 +- Revert 1652930 until 1721569 can be fixed (#1652930) + +* Fri Jun 14 2019 DJ Delorie - 3.1-20 +- closures: Create temporary file with O_TMPFILE and O_CLOEXEC (#1720600) + +* Fri Jun 14 2019 Florian Weimer - 3.1-19 +- aarch64: Flush code alias mapping after creating closure (#1652930) + * Tue Nov 27 2018 Severin Gehwolf - 3.1-18 - Compile with -Wa,--generate-missing-build-notes=yes