r2495 - in glibc-package/trunk/debian: . debhelper.in local local/etc patches patches/any
Author: aurel32
Date: 2007-08-01 14:41:16 +0000 (Wed, 01 Aug 2007)
New Revision: 2495
Added:
glibc-package/trunk/debian/local/etc/
glibc-package/trunk/debian/local/etc/bindresvport.blacklist
glibc-package/trunk/debian/patches/any/local-bindresvport_blacklist.diff
Modified:
glibc-package/trunk/debian/changelog
glibc-package/trunk/debian/debhelper.in/libc.install
glibc-package/trunk/debian/patches/series
Log:
* any/local-bindresvport_blacklist.diff: patch from openSUSE to
add support for /etc/bindresvport.blacklist.
* debian/local/etc/bindresvport.blacklist: new default configuration
file.
* debian/debhelper.in/libc.install: install it!
Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog 2007-08-01 06:10:09 UTC (rev 2494)
+++ glibc-package/trunk/debian/changelog 2007-08-01 14:41:16 UTC (rev 2495)
@@ -1,15 +1,20 @@
glibc (2.6.1-1) unstable; urgency=low
* New upstream version:
- - Workaround bug in java's unwinder. Closes: bug#434484.
+ - Workaround bug in java's unwinder. Closes: #434484.
[ Aurelien Jarno ]
* debian/copyright: update.
* Remove any/cvs-glibc-2_6-branch.diff (merged upstream).
* Remove any/cvs-printf_fp.c.diff (merged upstream).
* Remove sparc/submitted-gscope_flag.diff (merged upstream).
+ * any/local-bindresvport_blacklist.diff: patch from openSUSE to
+ add support for /etc/bindresvport.blacklist.
+ * debian/local/etc/bindresvport.blacklist: new default configuration
+ file.
+ * debian/debhelper.in/libc.install: install it!
- -- Aurelien Jarno <aurel32@debian.org> Wed, 01 Aug 2007 08:09:09 +0200
+ -- Aurelien Jarno <aurel32@debian.org> Wed, 01 Aug 2007 16:40:01 +0200
glibc (2.6-5) unstable; urgency=low
Modified: glibc-package/trunk/debian/debhelper.in/libc.install
===================================================================
--- glibc-package/trunk/debian/debhelper.in/libc.install 2007-08-01 06:10:09 UTC (rev 2494)
+++ glibc-package/trunk/debian/debhelper.in/libc.install 2007-08-01 14:41:16 UTC (rev 2495)
@@ -24,5 +24,6 @@
debian/tmp-libc/etc/ld.so.conf.d /etc
build-tree/glibc-2.*/posix/gai.conf /etc
+debian/local/etc/bindresvport.blacklist /etc
log-test-*-libc usr/share/doc/LIBC
Added: glibc-package/trunk/debian/local/etc/bindresvport.blacklist
===================================================================
--- glibc-package/trunk/debian/local/etc/bindresvport.blacklist (rev 0)
+++ glibc-package/trunk/debian/local/etc/bindresvport.blacklist 2007-08-01 14:41:16 UTC (rev 2495)
@@ -0,0 +1,12 @@
+#
+# This file contains a list of port numbers between 600 and 1024,
+# which should not be used by bindresvport. bindresvport is mostly
+# called by RPC services. This mostly solves the problem, that a
+# RPC service uses a well known port of another service.
+#
+631 # cups
+636 # ldaps
+774 # rpasswd
+921 # lwresd
+993 # imaps
+995 # pops
Added: glibc-package/trunk/debian/patches/any/local-bindresvport_blacklist.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/local-bindresvport_blacklist.diff (rev 0)
+++ glibc-package/trunk/debian/patches/any/local-bindresvport_blacklist.diff 2007-08-01 14:41:16 UTC (rev 2495)
@@ -0,0 +1,150 @@
+Patch from the OpenSUSE glibc
+
+--- sunrpc/bindrsvprt.c
++++ sunrpc/bindrsvprt.c
+@@ -30,28 +30,106 @@
+ * Copyright (c) 1987 by Sun Microsystems, Inc.
+ */
+
++#include <stdio.h>
++#include <ctype.h>
+ #include <errno.h>
++#include <stdlib.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+
++#define STARTPORT 600
++#define LOWPORT 512
++#define ENDPORT (IPPORT_RESERVED - 1)
++#define NPORTS (ENDPORT - STARTPORT + 1)
++
++/*
++ * Read the file /etc/rpc.blacklisted, so that we don't bind
++ * to this ports.
++ */
++
++static int blacklist_read;
++static int *list;
++static int list_size = 0;
++
++static void
++load_blacklist (void)
++{
++ FILE *fp;
++ char *buf = NULL;
++ size_t buflen = 0;
++ int size = 0, ptr = 0;
++
++ blacklist_read = 1;
++
++ fp = fopen ("/etc/bindresvport.blacklist", "r");
++ if (NULL == fp)
++ return;
++
++ while (!feof (fp))
++ {
++ unsigned long port;
++ char *tmp, *cp;
++ ssize_t n = __getline (&buf, &buflen, fp);
++ if (n < 1)
++ break;
++
++ cp = buf;
++ tmp = strchr (cp, '#'); /* remove comments */
++ if (tmp)
++ *tmp = '\0';
++ while (isspace ((int)*cp)) /* remove spaces and tabs */
++ ++cp;
++ if (*cp == '\0') /* ignore empty lines */
++ continue;
++ if (cp[strlen (cp) - 1] == '\n')
++ cp[strlen (cp) - 1] = '\0';
++
++ port = strtoul (cp, &tmp, 0);
++ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
++ continue;
++
++ /* Don't bother with out-of-range ports */
++ if (port < LOWPORT || port > ENDPORT)
++ continue;
++
++ if (ptr >= size)
++ {
++ size += 10;
++ list = realloc (list, size * sizeof (int));
++ if (list == NULL)
++ {
++ free (buf);
++ return;
++ }
++ }
++
++ list[ptr++] = port;
++ }
++
++ fclose (fp);
++
++ if (buf)
++ free (buf);
++
++ list_size = ptr;
++}
++
+ /*
+ * Bind a socket to a privileged IP port
+ */
+ int
+ bindresvport (int sd, struct sockaddr_in *sin)
+ {
++ static short startport = STARTPORT;
+ static short port;
+ struct sockaddr_in myaddr;
+ int i;
+
+-#define STARTPORT 600
+-#define LOWPORT 512
+-#define ENDPORT (IPPORT_RESERVED - 1)
+-#define NPORTS (ENDPORT - STARTPORT + 1)
+- static short startport = STARTPORT;
++ if (!blacklist_read)
++ load_blacklist ();
+
+ if (sin == (struct sockaddr_in *) 0)
+ {
+@@ -70,6 +148,7 @@
+ port = (__getpid () % NPORTS) + STARTPORT;
+ }
+
++ __set_errno (EADDRINUSE);
+ /* Initialize to make gcc happy. */
+ int res = -1;
+
+@@ -78,12 +157,22 @@
+ again:
+ for (i = 0; i < nports; ++i)
+ {
+- sin->sin_port = htons (port++);
+- if (port > endport)
+- port = startport;
++ int j;
++
++ sin->sin_port = htons (port);
++
++ /* Check, if this port is not blacklisted. */
++ for (j = 0; j < list_size; j++)
++ if (port == list[j])
++ goto try_next_port;
++
+ res = __bind (sd, sin, sizeof (struct sockaddr_in));
+ if (res >= 0 || errno != EADDRINUSE)
+ break;
++
++try_next_port:
++ if (++port > endport)
++ port = startport;
+ }
+
+ if (i == nports && startport != LOWPORT)
Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series 2007-08-01 06:10:09 UTC (rev 2494)
+++ glibc-package/trunk/debian/patches/series 2007-08-01 14:41:16 UTC (rev 2495)
@@ -110,6 +110,7 @@
any/local-asserth-decls.diff -p0
# any/local-base.diff -p0 # g: suspended
any/local-bashisms.diff -p0
+any/local-bindresvport_blacklist.diff -p0
any/local-dl-execstack.diff -p0
any/local-fhs-linux-paths.diff -p0
any/local-forward-backward-collation.diff
Reply to: