r2495 - in glibc-package/trunk/debian: . debhelper.in local local/etc patches patches/any

To: debian-glibc@lists.debian.org
Subject: r2495 - in glibc-package/trunk/debian: . debhelper.in local local/etc patches patches/any
From: aurel32@alioth.debian.org
Date: Wed, 01 Aug 2007 14:41:16 +0000
Message-id: <[🔎] E1IGFO0-0000iL-RU@alioth.debian.org>
Author: aurel32
Date: 2007-08-01 14:41:16 +0000 (Wed, 01 Aug 2007)
New Revision: 2495

Added:
   glibc-package/trunk/debian/local/etc/
   glibc-package/trunk/debian/local/etc/bindresvport.blacklist
   glibc-package/trunk/debian/patches/any/local-bindresvport_blacklist.diff
Modified:
   glibc-package/trunk/debian/changelog
   glibc-package/trunk/debian/debhelper.in/libc.install
   glibc-package/trunk/debian/patches/series
Log:
  * any/local-bindresvport_blacklist.diff: patch from openSUSE to
    add support for /etc/bindresvport.blacklist.
  * debian/local/etc/bindresvport.blacklist: new default configuration 
    file.
  * debian/debhelper.in/libc.install: install it!



Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog	2007-08-01 06:10:09 UTC (rev 2494)
+++ glibc-package/trunk/debian/changelog	2007-08-01 14:41:16 UTC (rev 2495)
@@ -1,15 +1,20 @@
 glibc (2.6.1-1) unstable; urgency=low
 
   * New upstream version:
-    - Workaround bug in java's unwinder.  Closes: bug#434484.
+    - Workaround bug in java's unwinder.  Closes: #434484.
 
   [ Aurelien Jarno ]
   * debian/copyright: update.
   * Remove any/cvs-glibc-2_6-branch.diff (merged upstream).
   * Remove any/cvs-printf_fp.c.diff (merged upstream).
   * Remove sparc/submitted-gscope_flag.diff (merged upstream).
+  * any/local-bindresvport_blacklist.diff: patch from openSUSE to
+    add support for /etc/bindresvport.blacklist.
+  * debian/local/etc/bindresvport.blacklist: new default configuration 
+    file.
+  * debian/debhelper.in/libc.install: install it!
 
- -- Aurelien Jarno <aurel32@debian.org>  Wed, 01 Aug 2007 08:09:09 +0200
+ -- Aurelien Jarno <aurel32@debian.org>  Wed, 01 Aug 2007 16:40:01 +0200
 
 glibc (2.6-5) unstable; urgency=low
 

Modified: glibc-package/trunk/debian/debhelper.in/libc.install
===================================================================
--- glibc-package/trunk/debian/debhelper.in/libc.install	2007-08-01 06:10:09 UTC (rev 2494)
+++ glibc-package/trunk/debian/debhelper.in/libc.install	2007-08-01 14:41:16 UTC (rev 2495)
@@ -24,5 +24,6 @@
 
 debian/tmp-libc/etc/ld.so.conf.d /etc
 build-tree/glibc-2.*/posix/gai.conf /etc
+debian/local/etc/bindresvport.blacklist /etc
 
 log-test-*-libc usr/share/doc/LIBC

Added: glibc-package/trunk/debian/local/etc/bindresvport.blacklist
===================================================================
--- glibc-package/trunk/debian/local/etc/bindresvport.blacklist	                        (rev 0)
+++ glibc-package/trunk/debian/local/etc/bindresvport.blacklist	2007-08-01 14:41:16 UTC (rev 2495)
@@ -0,0 +1,12 @@
+#
+# This file contains a list of port numbers between 600 and 1024,
+# which should not be used by bindresvport. bindresvport is mostly
+# called by RPC services. This mostly solves the problem, that a
+# RPC service uses a well known port of another service.
+#
+631	# cups
+636	# ldaps
+774	# rpasswd
+921	# lwresd
+993	# imaps
+995	# pops

Added: glibc-package/trunk/debian/patches/any/local-bindresvport_blacklist.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/local-bindresvport_blacklist.diff	                        (rev 0)
+++ glibc-package/trunk/debian/patches/any/local-bindresvport_blacklist.diff	2007-08-01 14:41:16 UTC (rev 2495)
@@ -0,0 +1,150 @@
+Patch from the OpenSUSE glibc
+
+--- sunrpc/bindrsvprt.c
++++ sunrpc/bindrsvprt.c
+@@ -30,28 +30,106 @@
+  * Copyright (c) 1987 by Sun Microsystems, Inc.
+  */
+ 
++#include <stdio.h>
++#include <ctype.h>
+ #include <errno.h>
++#include <stdlib.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ 
++#define STARTPORT 600
++#define LOWPORT 512
++#define ENDPORT (IPPORT_RESERVED - 1)
++#define NPORTS	(ENDPORT - STARTPORT + 1)
++
++/*
++ * Read the file /etc/rpc.blacklisted, so that we don't bind
++ * to this ports.
++ */
++
++static int blacklist_read;
++static int *list;
++static int list_size = 0;
++
++static void
++load_blacklist (void)
++{
++  FILE *fp;
++  char *buf = NULL;
++  size_t buflen = 0;
++  int size = 0, ptr = 0;
++
++  blacklist_read = 1;
++
++  fp = fopen ("/etc/bindresvport.blacklist", "r");
++  if (NULL == fp)
++    return;
++
++  while (!feof (fp))
++    {
++      unsigned long port;
++      char *tmp, *cp;
++      ssize_t n = __getline (&buf, &buflen, fp);
++      if (n < 1)
++        break;
++
++      cp = buf;
++      tmp = strchr (cp, '#');  /* remove comments */
++      if (tmp)
++        *tmp = '\0';
++      while (isspace ((int)*cp))    /* remove spaces and tabs */
++        ++cp;
++      if (*cp == '\0')        /* ignore empty lines */
++        continue;
++      if (cp[strlen (cp) - 1] == '\n')
++        cp[strlen (cp) - 1] = '\0';
++
++      port = strtoul (cp, &tmp, 0);
++      if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
++	continue;
++
++      /* Don't bother with out-of-range ports */
++      if (port < LOWPORT || port > ENDPORT)
++        continue;
++
++      if (ptr >= size)
++	{
++	  size += 10;
++	  list = realloc (list, size * sizeof (int));
++	  if (list == NULL)
++	    {
++	      free (buf);
++	      return;
++	    }
++	}
++
++      list[ptr++] = port;
++    }
++
++  fclose (fp);
++
++  if (buf)
++    free (buf);
++
++  list_size = ptr;
++}
++
+ /*
+  * Bind a socket to a privileged IP port
+  */
+ int
+ bindresvport (int sd, struct sockaddr_in *sin)
+ {
++  static short startport = STARTPORT;
+   static short port;
+   struct sockaddr_in myaddr;
+   int i;
+ 
+-#define STARTPORT 600
+-#define LOWPORT 512
+-#define ENDPORT (IPPORT_RESERVED - 1)
+-#define NPORTS	(ENDPORT - STARTPORT + 1)
+-  static short startport = STARTPORT;
++  if (!blacklist_read)
++    load_blacklist ();
+ 
+   if (sin == (struct sockaddr_in *) 0)
+     {
+@@ -70,6 +148,7 @@
+       port = (__getpid () % NPORTS) + STARTPORT;
+     }
+ 
++  __set_errno (EADDRINUSE);
+   /* Initialize to make gcc happy.  */
+   int res = -1;
+ 
+@@ -78,12 +157,22 @@
+  again:
+   for (i = 0; i < nports; ++i)
+     {
+-      sin->sin_port = htons (port++);
+-      if (port > endport)
+-	port = startport;
++      int j;
++
++      sin->sin_port = htons (port);
++
++      /* Check, if this port is not blacklisted.  */
++      for (j = 0; j < list_size; j++)
++	if (port == list[j])
++	  goto try_next_port;
++
+       res = __bind (sd, sin, sizeof (struct sockaddr_in));
+       if (res >= 0 || errno != EADDRINUSE)
+ 	break;
++
++try_next_port:
++      if (++port > endport)
++	port = startport;
+     }
+ 
+   if (i == nports && startport != LOWPORT)

Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series	2007-08-01 06:10:09 UTC (rev 2494)
+++ glibc-package/trunk/debian/patches/series	2007-08-01 14:41:16 UTC (rev 2495)
@@ -110,6 +110,7 @@
 any/local-asserth-decls.diff -p0
 # any/local-base.diff -p0	#  g: suspended
 any/local-bashisms.diff -p0
+any/local-bindresvport_blacklist.diff -p0
 any/local-dl-execstack.diff -p0
 any/local-fhs-linux-paths.diff -p0
 any/local-forward-backward-collation.diff
Reply to:
Prev by Date: Processed: closing 430832
Next by Date: Bug#435595: libc6 tries to delete file in /sys
Previous by thread: Processed: closing 430832
Next by thread: Bug#435595: libc6 tries to delete file in /sys
Index(es):
- Date
- Thread