diff --git a/coreutils-acl-extended-file-nofollow.patch b/coreutils-acl-extended-file-nofollow.patch new file mode 100644 index 0000000..ad72293 --- /dev/null +++ b/coreutils-acl-extended-file-nofollow.patch @@ -0,0 +1,74 @@ +From 95f7c57ff4090a5dee062044d2c7b99879077808 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka redhat.com> +Date: Fri, 22 Jul 2011 14:48:42 +0200 +Subject: [PATCH] file-has-acl: use acl_extended_file_nofollow if available + +* lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro. +(acl_extended_file): New macro. +* lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow. +* m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow. +This addresses http://bugzilla.redhat.com/692823. +--- + lib/acl-internal.h | 6 ++++++ + lib/file-has-acl.c | 10 +++++++++- + m4/acl.m4 | 2 +- + 3 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/lib/acl-internal.h b/lib/acl-internal.h +index b3160a7..b509666 100644 +--- a/lib/acl-internal.h ++++ b/lib/acl-internal.h +@@ -133,6 +133,12 @@ rpl_acl_set_fd (int fd, acl_t acl) + # endif + + /* Linux-specific */ ++# ifndef HAVE_ACL_EXTENDED_FILE_NOFOLLOW ++# define HAVE_ACL_EXTENDED_FILE_NOFOLLOW false ++# define acl_extended_file_nofollow(name) (-1) ++# endif ++ ++/* Linux-specific */ + # ifndef HAVE_ACL_FROM_MODE + # define HAVE_ACL_FROM_MODE false + # define acl_from_mode(mode) (NULL) +diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c +index 3d4d5c1..2ee6ba2 100644 +--- a/lib/file-has-acl.c ++++ b/lib/file-has-acl.c +@@ -366,12 +366,20 @@ file_has_acl (char const *name, struct stat const *sb) + /* Linux, FreeBSD, MacOS X, IRIX, Tru64 */ + int ret; + +- if (HAVE_ACL_EXTENDED_FILE) /* Linux */ ++ if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */ + { ++# if HAVE_ACL_EXTENDED_FILE_NOFOLLOW ++ /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent ++ unnecessary mounts, but it returns the same result as we already ++ know that NAME is not a symbolic link at this point (modulo the ++ TOCTTOU race condition). */ ++ ret = acl_extended_file_nofollow (name); ++# else + /* On Linux, acl_extended_file is an optimized function: It only + makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for + ACL_TYPE_DEFAULT. */ + ret = acl_extended_file (name); ++# endif + } + else /* FreeBSD, MacOS X, IRIX, Tru64 */ + { +diff --git a/m4/acl.m4 b/m4/acl.m4 +index d6a448a..ecf0384 100644 +--- a/m4/acl.m4 ++++ b/m4/acl.m4 +@@ -33,7 +33,7 @@ AC_DEFUN([gl_FUNC_ACL], + AC_CHECK_FUNCS( + [acl_get_file acl_get_fd acl_set_file acl_set_fd \ + acl_free acl_from_mode acl_from_text \ +- acl_delete_def_file acl_extended_file \ ++ acl_delete_def_file acl_extended_file acl_extended_file_nofollow \ + acl_delete_fd_np acl_delete_file_np \ + acl_copy_ext_native acl_create_entry_np \ + acl_to_short_text acl_free_text]) +-- +1.7.6.586.g302e6 diff --git a/coreutils.spec b/coreutils.spec index 2784cdc..09422e3 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: A set of basic GNU tools commonly used in shell scripts Name: coreutils Version: 8.12 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -32,6 +32,8 @@ Patch103: coreutils-8.2-uname-processortype.patch Patch104: coreutils-df-direct.patch #add note about mkdir --mode behaviour into info documentation(#610559) Patch107: coreutils-8.4-mkdir-modenote.patch +#use acl_extended_file_nofollow if available (#692823) +Patch108: coreutils-acl-extended-file-nofollow.patch # sh-utils #add info about TZ envvar to date manpage @@ -121,6 +123,7 @@ Libraries for coreutils package. %patch103 -p1 -b .sysinfo %patch104 -p1 -b .dfdirect %patch107 -p1 -b .mkdirmode +%patch108 -p1 -b .nofollow # sh-utils %patch703 -p1 -b .dateman @@ -329,6 +332,9 @@ fi %{_libdir}/coreutils %changelog +* Fri Jul 29 2011 Ondrej Vasik - 8.12-3 +- use acl_extended_file_nofollow() if available (#692823) + * Fri Jul 15 2011 Ondrej Vasik - 8.12-2 - support ecryptfs mount of Private (postlogin into su.pamd) (#722323)