diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ab663e7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/lockdev-1.0.4.20111007git.tar.gz diff --git a/.lockdev.metadata b/.lockdev.metadata new file mode 100644 index 0000000..3d21bf2 --- /dev/null +++ b/.lockdev.metadata @@ -0,0 +1 @@ +799423f74018a0fc9742b2d915d8a226b377fff4 SOURCES/lockdev-1.0.4.20111007git.tar.gz diff --git a/SOURCES/lockdev-euidaccess.patch b/SOURCES/lockdev-euidaccess.patch new file mode 100644 index 0000000..89d7caf --- /dev/null +++ b/SOURCES/lockdev-euidaccess.patch @@ -0,0 +1,39 @@ +diff -up lockdev-scm-2011-10-07/src/lockdev.c.access lockdev-scm-2011-10-07/src/lockdev.c +--- lockdev-scm-2011-10-07/src/lockdev.c.access 2011-07-22 09:37:10.000000000 +0200 ++++ lockdev-scm-2011-10-07/src/lockdev.c 2013-06-03 12:34:16.870750845 +0200 +@@ -616,7 +616,10 @@ dev_lock (const char *devname) + if ( stat( device, &statbuf) == -1 ) { + close_n_return(-errno); + } +- if ( access( device, W_OK ) == -1 ) { ++ /* check that the caller has write permission to the device ++ * to prevent denial-of-service attack by unauthorized users ++ */ ++ if ( euidaccess( device, W_OK ) == -1 ) { + close_n_return(-errno); + } + +@@ -780,7 +783,10 @@ dev_relock (const char *devname, + if ( stat( device, &statbuf) == -1 ) { + close_n_return(-errno); + } +- if ( access( device, W_OK ) == -1 ) { ++ /* check that the caller has write permission to the device ++ * to prevent denial-of-service attack by unauthorized users ++ */ ++ if ( euidaccess( device, W_OK ) == -1 ) { + close_n_return(-errno); + } + +@@ -870,7 +876,10 @@ dev_unlock (const char *devname, + if ( stat( device, &statbuf) == -1 ) { + close_n_return(-errno); + } +- if ( access( device, W_OK ) == -1 ) { ++ /* check that the caller has write permission to the device ++ * to prevent denial-of-service attack by unauthorized users ++ */ ++ if ( euidaccess( device, W_OK ) == -1 ) { + close_n_return(-errno); + } + diff --git a/SPECS/lockdev.spec b/SPECS/lockdev.spec new file mode 100644 index 0000000..e58bf44 --- /dev/null +++ b/SPECS/lockdev.spec @@ -0,0 +1,338 @@ +# Where lock files are stored +%global _lockdir %{_localstatedir}/lock/lockdev + +%global checkout 20111007git +%global co_date 2011-10-07 + +#http://lists.fedoraproject.org/pipermail/devel/2011-August/155358.html +%global _hardened_build 1 + +Summary: A library for locking devices +Name: lockdev +Version: 1.0.4 +Release: 0.13.%{checkout}%{?dist} +License: LGPLv2 +Group: System Environment/Libraries +URL: https://alioth.debian.org/projects/lockdev/ + +# This is a nightly snapshot downloaded via +# https://alioth.debian.org/snapshots.php?group_id=100443 +Source0: lockdev-%{version}.%{checkout}.tar.gz + +Patch1: lockdev-euidaccess.patch + +Requires(pre): shadow-utils +Requires(post): glibc +Requires(postun): glibc +Requires: systemd-units >= 13 + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: perl +BuildRequires: perl(ExtUtils::MakeMaker) + +%description +Lockdev provides a reliable way to put an exclusive lock to devices +using both FSSTND and SVr4 methods. + +%package devel +Summary: The header files for the lockdev library +Group: System Environment/Libraries +Requires: lockdev = %{version}-%{release} + +%description devel +The lockdev library provides a reliable way to put an exclusive lock +on devices using both FSSTND and SVr4 methods. The lockdev-devel +package contains the development headers. + + +%prep +%setup -q -n lockdev-scm-%{co_date} + +# Replace access() calls with euidaccess() (600636#c9) +%patch1 -p1 -b .access + +%build +# Generate version information from git release tag +./scripts/git-version > VERSION + +# To satisfy automake +touch ChangeLog + +# Bootstrap autotools +autoreconf --verbose --force --install + +CFLAGS="${RPM_OPT_FLAGS} -D_GNU_SOURCE -D_PATH_LOCK=\\\"%{_lockdir}\\\"" \ +%configure --disable-static --enable-helper + +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} + +rm -f %{buildroot}%{_libdir}/*.la + +# %%ghosted, but needs to be in buildroot +# on reboot re-created by %%{_prefix}/lib/tmpfiles.d/legacy.conf +mkdir -p %{buildroot}%{_lockdir} + +%pre +getent group lock >/dev/null 2>&1 || groupadd -g 54 -r -f lock >/dev/null 2>&1 || : + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%files +%doc COPYING AUTHORS +%ghost %dir %attr(0775,root,lock) %{_lockdir} +%attr(2711,root,lock) %{_sbindir}/lockdev +%{_libdir}/*.so.* +%{_mandir}/man8/* + +%files devel +%{_libdir}/*.so +%{_libdir}/pkgconfig/lockdev.pc +%{_mandir}/man3/* +%{_includedir}/* + +%changelog +* Fri Jan 24 2014 Daniel Mach - 1.0.4-0.13.20111007git +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.0.4-0.12.20111007git +- Mass rebuild 2013-12-27 + +* Mon Aug 26 2013 Jiri Popelka - 1.0.4-0.11.20111007git +- Remove the %%post scriptlet completely (#983772) + +* Mon Aug 26 2013 Jiri Popelka - 1.0.4-0.10.20111007git +- Silence possible %%post scriptlet errors (#983772) + +* Sat Aug 03 2013 Fedora Release Engineering - 1.0.4-0.9.20111007git +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Jul 12 2013 Jiri Popelka - 1.0.4-0.8.20111007git +- %%{_lockdir} is %%ghost-ed (#983772) + +* Mon Jun 03 2013 Jiri Popelka - 1.0.4-0.7.20111007git +- Replace access() calls with euidaccess(), build with -D_GNU_SOURCE (600636#c9) + +* Thu Feb 14 2013 Fedora Release Engineering - 1.0.4-0.6.20111007git +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jul 19 2012 Fedora Release Engineering - 1.0.4-0.5.20111007git +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 1.0.4-0.4.20111007git +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Oct 20 2011 Jiri Popelka - 1.0.4-0.3.20111007git +- Define _hardened_build + +* Wed Oct 19 2011 Jiri Popelka - 1.0.4-0.2.20111007git +- Fixed URL +- Removed unused patches + +* Fri Oct 07 2011 Jiri Popelka - 1.0.4-0.1.20111007git +- pre 1.0.4 nightly snapshot + +* Mon Apr 04 2011 Jiri Popelka - 1.0.3-10 +- Revert previous change (#681898) +- /etc/tmpfiles.d/lockdev.conf moved into systemd upstream (#692714) + +* Thu Mar 03 2011 Jan Görig - 1.0.3-9 +- Change /var/lock/lockdev permissions to 1777 (#681898) + +* Tue Feb 08 2011 Fedora Release Engineering - 1.0.3-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Nov 25 2010 Jiri Popelka - 1.0.3-7 +- Fixed some rpmlint warnings + +* Thu Nov 25 2010 Jiri Popelka - 1.0.3-6 +- Added /etc/tmpfiles.d/lockdev.conf to enable lock directory on tmpfs (#656614) +- Don't ship static library at all + +* Mon Apr 19 2010 Jiri Popelka - 1.0.3-5 +- Changed directory for lock files from /var/lock to /var/lock/lockdev (#581884) + +* Thu Jan 21 2010 Jiri Popelka - 1.0.3-4 +- Created -static subpackage to ship static library separately +- Updated lockdev.8 manpage + +* Thu Dec 10 2009 Jiri Popelka - 1.0.3-3 +- Correct rh.patch + +* Thu Dec 10 2009 Jiri Popelka - 1.0.3-2 +- Correct rh.patch + +* Mon Dec 07 2009 Jiri Popelka - 1.0.3-1 +- 1.0.3. No longer need 1.0.0-signal, 1.0.1-subdir, 1.0.1-fcntl, 1.0.1-32bit patches. +- Renumbered patches and sources. + +* Thu Dec 03 2009 Jiri Popelka - 1.0.1-20 +- Fixed pre section (http://fedoraproject.org/wiki/Packaging/UsersAndGroups) +- Added back Buildroot to silence rpmlint's false positive + +* Tue Dec 01 2009 Jiri Popelka - 1.0.1-19 +- Added license text to package + +* Fri Oct 02 2009 Jiri Popelka - 1.0.1-18 +- Fixed mixed-use-of-spaces-and-tabs + +* Fri Oct 02 2009 Jiri Popelka - 1.0.1-17 +- Removed PreReq tag + +* Fri Sep 25 2009 Jiri Popelka - 1.0.1-16 +- Manual page for /usr/sbin/lockdev + +* Sat Jul 25 2009 Fedora Release Engineering - 1.0.1-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 1.0.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Oct 6 2008 Karel Zak - 1.0.1-13 +- refresh patches (due --fuzz=0) +- fix compiler warnings + +* Tue Feb 19 2008 Fedora Release Engineering - 1.0.1-12.1 +- Autorebuild for GCC 4.3 + +* Mon Oct 15 2007 Tom "spot" Callaway - 1.0.1-11.1 +- correct license tag +- add BR: perl(ExtUtils::MakeMaker) + +* Thu Apr 12 2007 Karel Zak - 1.0.1-11 +- fix rpmlint issues +- change lockdev permissions from 2755 to 2711 + +* Wed Jul 19 2006 Karel Zak - 1.0.1-10 +- rebuild + +* Wed Jul 12 2006 Jesse Keating - 1.0.1-9.2.2 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 1.0.1-9.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.0.1-9.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Sep 21 2005 Karel Zak 1.0.1-9 +- fix #165189 - The naming of the lock file by the lockdev command is abnormal. + +* Thu Sep 1 2005 Karel Zak 1.0.1-8 +- fix #163276 - baudboy.h should include fcntl.h + +* Sat Mar 5 2005 Karel Zak 1.0.1-6 +- rebuilt + +* Wed Feb 23 2005 Karel Zak 1.0.1-5 +- lockdev errs on /dev/input/ttyACM0 (3-component pathname) (#126082, #98160, #74454) + +* Fri Oct 22 2004 Adrian Havill 1.0.1-4 +- don't unlock files if pid still exists (#128104) + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Sep 9 2003 Nalin Dahyabhai 1.0.1-1.3 +- rebuild + +* Mon Sep 8 2003 Nalin Dahyabhai 1.0.1-1.2 +- rebuild + +* Wed Aug 20 2003 Adrian Havill 1.0.1-1.1 +- bump n-v-r for 3.0E + +* Fri Aug 15 2003 Adrian Havill 1.0.1-1 +- bumped version +- make the dev rewrite work with ttys in the /dev/input subdir, not just + the base level dir (#98160) + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue Feb 04 2003 Florian La Roche +- add symlink to shared lib + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Fri Nov 29 2002 Jeff Johnson +- don't segfault if device arg is missing. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Wed Jun 5 2002 Jeff Johnson 1.0.0-19 +- fix: don't ignore signals, use default behavior instead (#63468). + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Mon Feb 25 2002 Nalin Dahyabhai 1.0.0-16 +- include liblockdev.so so that programs can link to a shared liblockdev +- fix shared library version numbers + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Thu Nov 29 2001 Trond Eivind Glomsrod 1.0.0-16 +- Rebuilt + +* Fri Oct 26 2001 Trond Eivind Glomsrod 1.0.0-15 +- Add copyright/license info to baudboy.h (#54321) + +* Tue Sep 4 2001 Jeff Johnson +- swap egid and gid for lockdev's access(2) device check (#52029). + +* Tue Aug 28 2001 Jeff Johnson +- typo in include file (#52704). +- map specific errno's into status for return from helper. + +* Tue Aug 14 2001 Jeff Johnson +- set exit status correctly. + +* Thu Aug 9 2001 Bill Nottingham +- check that we can open the device r/w before locking +- fix calling lockdev without any arguments +- fix waitpid() call in baudboy.h +- use umask(002), not umask(0) + +* Wed Aug 8 2001 Bill Nottingham +- add lock group here, own /var/lock as well + +* Sun Aug 5 2001 Jeff Johnson +- include setgid helper binary and baudboy.h. + +* Mon Jun 18 2001 Trond Eivind Glomsrod +- Make the -devel depend on the main package + +* Sun Aug 06 2000 Trond Eivind Glomsrod +- rebuild + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Sat Jun 17 2000 Bill Nottingham +- add %%defattr for -devel + +* Sat Jun 10 2000 Trond Eivind Glomsrod +- use %%{_mandir} + +* Thu May 04 2000 Trond Eivind Glomsrod +- first build