Package: ebtables
Version: 2.0.10.4-3.5
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu zesty ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* Use real locking in ebtables (LP: #1645324)
- Prior use of locking by file exclusive access is inadequate
because if ebtables crashes or is killed it will leave a
stale lock file behind which then blocks new ebtables from
running.
Thanks for considering the patch.
-- System Information:
Debian Release: stretch/sid
APT prefers xenial-updates
APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500,
'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-70-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru ebtables-2.0.10.4/debian/control ebtables-2.0.10.4/debian/control
--- ebtables-2.0.10.4/debian/control 2016-07-28 07:38:12.000000000 -0500
+++ ebtables-2.0.10.4/debian/control 2017-04-18 19:24:58.000000000 -0500
@@ -1,8 +1,7 @@
Source: ebtables
Section: net
Priority: optional
-Maintainer: Ubuntu Developers <[email protected]>
-XSBC-Original-Maintainer: Jochen Friedrich <[email protected]>
+Maintainer: Jochen Friedrich <[email protected]>
Uploaders: William Dauchy <[email protected]>
Standards-Version: 3.9.6
Build-Depends: debhelper (>= 9), cdbs (>= 0.4.127), dh-systemd (>= 1.5)
diff -Nru ebtables-2.0.10.4/debian/patches/series ebtables-2.0.10.4/debian/patches/series
--- ebtables-2.0.10.4/debian/patches/series 2016-07-28 07:38:12.000000000 -0500
+++ ebtables-2.0.10.4/debian/patches/series 2017-04-18 17:29:23.000000000 -0500
@@ -4,3 +4,4 @@
compensate-for-missing-aligned-u64.patch
lockdirfix.patch
link_with_no-as-needed.patch
+use_real_locking.patch
diff -Nru ebtables-2.0.10.4/debian/patches/use_real_locking.patch ebtables-2.0.10.4/debian/patches/use_real_locking.patch
--- ebtables-2.0.10.4/debian/patches/use_real_locking.patch 1969-12-31 18:00:00.000000000 -0600
+++ ebtables-2.0.10.4/debian/patches/use_real_locking.patch 2017-04-18 17:32:14.000000000 -0500
@@ -0,0 +1,76 @@
+Description: Use real locking in ebtables
+ Prior use of locking by file exclusive access is inadequate
+ because if ebtables crashes or is killed it will leave a
+ stale lock file behind which then blocks new ebtables from
+ running.
+Author: [email protected]
+Bug: https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/1645324
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: ebtables-2.0.10.4/libebtc.c
+===================================================================
+--- ebtables-2.0.10.4.orig/libebtc.c
++++ ebtables-2.0.10.4/libebtc.c
+@@ -137,28 +137,19 @@ void ebt_list_extensions()
+ #define LOCKDIR "/run"
+ #define LOCKFILE LOCKDIR"/ebtables.lock"
+ #endif
+-static int lockfd = -1, locked;
++static volatile int lockfd = -1;
+ int use_lockfd;
+ /* Returns 0 on success, -1 when the file is locked by another process
+ * or -2 on any other error. */
+ static int lock_file()
+ {
+- int try = 0;
+- int ret = 0;
+- sigset_t sigset;
++ int try = 0, ret = 0;
++ struct flock fl = {0,};
+
+ tryagain:
+- /* the SIGINT handler will call unlock_file. To make sure the state
+- * of the variable locked is correct, we need to temporarily mask the
+- * SIGINT interrupt. */
+- sigemptyset(&sigset);
+- sigaddset(&sigset, SIGINT);
+- sigprocmask(SIG_BLOCK, &sigset, NULL);
+- lockfd = open(LOCKFILE, O_CREAT | O_EXCL | O_WRONLY, 00600);
++ lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 00600);
+ if (lockfd < 0) {
+- if (errno == EEXIST)
+- ret = -1;
+- else if (try == 1)
++ if (try == 1)
+ ret = -2;
+ else {
+ if (mkdir(LOCKDIR, 00700))
+@@ -169,18 +160,22 @@ tryagain:
+ }
+ }
+ } else {
+- close(lockfd);
+- locked = 1;
++ fl.l_type = F_WRLCK;
++ ret = fcntl(lockfd, F_SETLK, &fl);
++ if (ret == -1 && errno != (EAGAIN || EACCES))
++ ret = -2;
+ }
+- sigprocmask(SIG_UNBLOCK, &sigset, NULL);
+ return ret;
+ }
+
+ void unlock_file()
+ {
+- if (locked) {
+- remove(LOCKFILE);
+- locked = 0;
++ struct flock fl = {0,};
++
++ if (lockfd > -1) {
++ fl.l_type = F_UNLCK;
++ fcntl(lockfd, F_SETLK, &fl);
++ close(lockfd);
+ }
+ }
+
