diff --git a/nut-2.7.4-cloexec.patch b/nut-2.7.4-cloexec.patch new file mode 100644 index 0000000..1061e17 --- /dev/null +++ b/nut-2.7.4-cloexec.patch @@ -0,0 +1,82 @@ +--- nut-2.7.4/common/parseconf.c.cloexec 2018-12-07 15:56:22.989381441 -0800 ++++ nut-2.7.4/common/parseconf.c 2018-12-07 16:48:33.912337591 -0800 +@@ -83,6 +83,7 @@ + #include + #include + #include ++#include + + #include "parseconf.h" + +@@ -443,6 +444,9 @@ + return 0; + } + ++ /* prevent fd leaking to child processes */ ++ fcntl(fileno(ctx->f), F_SETFD, FD_CLOEXEC); ++ + return 1; /* OK */ + } + +--- nut-2.7.4/clients/upsmon.c.cloexec 2018-12-07 16:22:42.185376803 -0800 ++++ nut-2.7.4/clients/upsmon.c 2018-12-07 17:18:44.662093479 -0800 +@@ -24,6 +24,8 @@ + #include + #include + #include ++#include ++#include + + #include "upsclient.h" + #include "upsmon.h" +@@ -1432,6 +1434,9 @@ + /* we're definitely connected now */ + setflag(&ups->status, ST_CONNECTED); + ++ /* prevent connection leaking to NOTIFYCMD */ ++ fcntl(upscli_fd(&ups->conn), F_SETFD, FD_CLOEXEC); ++ + /* now try to authenticate to upsd */ + + ret = do_upsd_auth(ups); +@@ -1715,6 +1720,9 @@ + } + + close(pipefd[0]); ++ ++ /* prevent pipe leaking to NOTIFYCMD */ ++ fcntl(pipefd[1], F_SETFD, FD_CLOEXEC); + } + + static void delete_ups(utype_t *target) +--- nut-2.7.4/clients/upssched.c.cloexec 2018-12-07 17:09:13.081914570 -0800 ++++ nut-2.7.4/clients/upssched.c 2018-12-07 18:28:54.380512191 -0800 +@@ -46,6 +46,8 @@ + #include + #include + #include ++#include ++#include + + #include "upssched.h" + #include "timehead.h" +@@ -297,6 +299,9 @@ + if (ret < 0) + fatal_with_errno(EXIT_FAILURE, "listen(%d, %d) failed", fd, US_LISTEN_BACKLOG); + ++ /* don't leak socket to CMDSCRIPT */ ++ fcntl(fd, F_SETFD, FD_CLOEXEC); ++ + return fd; + } + +@@ -370,6 +375,9 @@ + return; + } + ++ /* don't leak connection to CMDSCRIPT */ ++ fcntl(acc, F_SETFD, FD_CLOEXEC); ++ + /* enable nonblocking I/O */ + + ret = fcntl(acc, F_GETFL, 0); diff --git a/nut.spec b/nut.spec index 85935c5..4ecee65 100644 --- a/nut.spec +++ b/nut.spec @@ -13,7 +13,7 @@ Summary: Network UPS Tools Name: nut Version: 2.7.4 -Release: 21%{?dist} +Release: 23%{?dist} License: GPLv2+ and GPLv3+ Url: http://www.networkupstools.org/ Source: http://www.networkupstools.org/source/2.7/%{name}-%{version}.tar.gz @@ -27,6 +27,7 @@ Patch5: nut-2.6.5-dlfix.patch Patch7: nut-2.6.5-foreground.patch Patch8: nut-2.6.5-unreachable.patch Patch9: nut-2.6.5-rmpidf.patch +Patch10: nut-2.7.4-cloexec.patch Requires(pre): shadow-utils systemd-udev Requires(post): coreutils systemd @@ -86,6 +87,7 @@ Summary: Network UPS Tools client monitoring utilities Requires(post): systemd Requires(preun): systemd Requires(pre): shadow-utils systemd-udev +Requires: pygtk2, pygtk2-libglade #only for python and gui part #Requires: @@ -127,6 +129,7 @@ necessary to develop NUT client applications. %patch7 -p1 -b .foreground %patch8 -p1 -b .unreachable %patch9 -p1 -b .rmpidf +%patch10 -p1 -b .cloexec sed -i 's|=NUT-Monitor|=nut-monitor|' scripts/python/app/nut-monitor.desktop sed -i 's|env python|env python2|' scripts/python/app/NUT-Monitor @@ -430,6 +433,13 @@ fi %{_libdir}/pkgconfig/libnutscan.pc %changelog +* Mon Mar 25 2019 Michal Hlavinka - 2.7.4-23 +- add missing requirements for nut monitor +- fix file descriptor leak for notifycmd + +* Fri Feb 01 2019 Fedora Release Engineering - 2.7.4-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Tue Oct 16 2018 Orion Poplawski - 2.7.4-21 - Cleanup and modernize spec - Fix ownership/permissions of /var/run/nut (bug #1584330, #1580082)