diff -Nru ebtables-2.0.10.4/debian/changelog ebtables-2.0.10.4/debian/changelog --- ebtables-2.0.10.4/debian/changelog 2016-07-28 07:39:00.000000000 -0500 +++ ebtables-2.0.10.4/debian/changelog 2017-04-18 17:34:11.000000000 -0500 @@ -1,3 +1,13 @@ +ebtables (2.0.10.4-3.5ubuntu2) zesty; urgency=medium + + * Use real locking in ebtables (LP: #1645324) + - Prior use of locking by file exclusive access is inadequate + because if ebtables crashes or is killed it will leave a + stale lock file behind which then blocks new ebtables from + running. + + -- Dragan Stancevic Tue, 18 Apr 2017 17:32:38 -0500 + ebtables (2.0.10.4-3.5ubuntu1) yakkety; urgency=medium * Merge with Debian unstable. Remaining changes: diff -Nru ebtables-2.0.10.4/debian/changelog.orig ebtables-2.0.10.4/debian/changelog.orig --- ebtables-2.0.10.4/debian/changelog.orig 2016-05-25 13:37:15.000000000 -0500 +++ ebtables-2.0.10.4/debian/changelog.orig 1969-12-31 18:00:00.000000000 -0600 @@ -1,227 +0,0 @@ -ebtables (2.0.10.4-3.5) unstable; urgency=medium - - * Non-maintainer upload. - * Add native systemd unit file ebtables.service (Closes: #796602) - - this is basically just a wrapper around the init script. - * Add dh-systemd (>= 1.5) build dependency for the above. - - accompanying cdbs versioned dependency was already new enough. - - -- Andreas Henriksson Wed, 25 May 2016 20:34:14 +0200 - -ebtables (2.0.10.4-3.4) unstable; urgency=medium - - * Non-maintainer upload. - * debian/ebtables.postinst: Check if /var/lib/ebtables exists before trying - to delete it (Closes: #813889) - - -- Laurent Bigonville Sun, 07 Feb 2016 21:46:31 +0100 - -ebtables (2.0.10.4-3.3) unstable; urgency=medium - - * Non-maintainer upload. - * Switch the postrm script from /bin/bash to /bin/sh - - -- Laurent Bigonville Fri, 05 Feb 2016 13:53:20 +0100 - -ebtables (2.0.10.4-3.2) unstable; urgency=medium - - * Non-maintainer upload. - * debian/patches/lockdirfix.patch: Move the lock file to /run instead of - /var/lib/ebtables directory (Closes: #813760) - * debian/ebtables.postinst: Remove /var/lib/ebtables during upgrade, that - directory was created by ebtables but not tracked by the package. - - -- Laurent Bigonville Fri, 05 Feb 2016 13:29:39 +0100 - -ebtables (2.0.10.4-3.1) unstable; urgency=medium - - * Non-maintainer upload. - * Use arch:linux-any instead of arch:any (Closes: #745165) - * Ship ebtables-restore and ebtables-save during build (Closes: #813752) - * Bump Standards-Version to 3.9.6 (no further changes) - * Drop obsolete hardening-wrapper and use dpkg-buildflags instead. Also pass - all the *FLAGS to the Makefile so we are sure they are used. - * Drop debian/ebtables.override: All the overrides are not needed anymore. - - -- Laurent Bigonville Fri, 05 Feb 2016 02:11:19 +0100 - -ebtables (2.0.10.4-3) unstable; urgency=low - - * packaging update: - - fix missing dot in DEB_DH_INSTALLINIT_ARGS (Closes: #706885) - - -- William Dauchy Mon, 06 May 2013 14:06:02 +0000 - -ebtables (2.0.10.4-2) unstable; urgency=low - - * packaging update: - - add install init args in rules to fix install warning (Closes: #697275) - - module-init-tools is a transitional package. replacing it with kmod - (Closes: #697276) - - "init script returns 1 when ebtables is removed" (Closes: #684592) - - -- William Dauchy Tue, 20 Mar 2013 15:46:02 +0000 - -ebtables (2.0.10.4-1) unstable; urgency=low - - * New upstream release - - "v2.0.10-1 wish for ipv6-icmp and security" (Closes: #643594). - * packaging update: - * use debhelper & compat version 9. - * standards to 3.9.3 - - "ebtables may use modprobe, so it should recommend module-init-tools" - (Closes: #614919) - * missing cdbs build dependency - * add hardening to debian rules. - * init: add run level 1 to Default-Stop rule - * patchworks: - + refresh patches with new release - + refresh patch headers - * Adding myself as uploaders - * Removing Jan Christoph Nordholz from uploaders - - -- William Dauchy Thu, 24 May 2012 12:24:02 +0000 - -ebtables (2.0.9.2-2.1) unstable; urgency=high - - * Non-maintainer upload. - * Fix FTBFS due to missing __aligned_u64 definition (Closes: #661449): - - 04compensate-for-missing-aligned-u64.patch - * Set urgency to “high” for RC bug fix. - - -- Cyril Brulebois Sat, 03 Mar 2012 15:24:02 +0000 - -ebtables (2.0.9.2-2) unstable; urgency=low - - * Add a lintian override concerning the usage of -rpath that got lost - in the last revision. - - -- Jochen Friedrich Mon, 10 May 2010 14:08:01 +0200 - -ebtables (2.0.9.2-1) unstable; urgency=low - - * New upstream release - * Refresh patches - * Switch to dpkg-source 3.0 (quilt) format - * Bump Standards version to 3.8.4 - * Added homepage tag - - -- Jochen Friedrich Fri, 07 May 2010 16:50:04 +0200 - -ebtables (2.0.9.1-1) unstable; urgency=low - - * New upstream release: - * New modules for ip6 and nflog. - * Bump Standards version to 3.8.2: - * Catch postrm errors. - * Specify GPL version and cleanup copyright file. - * Bump debhelper level to 7. - - -- Jan Christoph Nordholz Sun, 28 Jun 2009 20:01:25 +0200 - -ebtables (2.0.8.2-4) unstable; urgency=low - - * Don't have the initscript probe for kernel support if it is not going - to actually do something. Thanks to Patrick McHardy for report and patch! - Closes: #476429. - * While I'm at it, make a few minor (unrelated) improvements to the - initscript. - - -- Jan Christoph Nordholz Sun, 20 Apr 2008 00:56:39 +0200 - -ebtables (2.0.8.2-3) unstable; urgency=low - - * Fix NAME section in ebtables(8) manpage. - - -- Jan Christoph Nordholz Fri, 11 Apr 2008 01:48:33 +0200 - -ebtables (2.0.8.2-2) unstable; urgency=low - - * Replace call to $(LD) with $(CC) to fix FTBFS on hppa. - - -- Jan Christoph Nordholz Sun, 04 Nov 2007 14:38:12 +0100 - -ebtables (2.0.8.2-1) unstable; urgency=low - - * New upstream release. - * Replace dpatches 10-12 with new 02makefile_adjustments - as upstream has incorporated most of our changes. - - -- Jan Christoph Nordholz Sun, 23 Sep 2007 15:28:36 +0200 - -ebtables (2.0.8.1-2) unstable; urgency=low - - * Thoroughly clean up the installation logic of upstream's - Makefile. Closes: #431345. - - -- Jan Christoph Nordholz Mon, 02 Jul 2007 23:05:34 +0200 - -ebtables (2.0.8.1-1) unstable; urgency=low - - * New upstream release. Closes: #428924, #403674. - (428924: FTBFS with linux-libc-dev) - (403674: wishlist bug: new upstream available) - * Bump Standards version to 3.7.2. - * Replace debhelper+cdbs with debhelper+dpatch (personal - preference). - * Write a debian-specific initscript. The upstream one is - too closely tied to redhat. - * Add a lintian override concerning the usage of -rpath for the - time being, as fixing this will require invasive upstream - code changes. - * Fix watch file. - * Add myself as uploader. - - -- Jan Christoph Nordholz Sat, 23 Jun 2007 22:54:05 +0200 - -ebtables (2.0.6-3) unstable; urgency=low - - * Applied patch from Andreas Jochens to make - ebtables compile with gcc-4.0 (Closes: #288975). - - -- Jochen Friedrich Sat, 29 Jan 2005 22:55:59 +0100 - -ebtables (2.0.6-2) unstable; urgency=low - - * Fix FTBFS with gcc-3.4 (Closes: #258636). - Thanks to Andreas Jochens for the patch. - - -- Jochen Friedrich Wed, 14 Jul 2004 17:21:49 +0200 - -ebtables (2.0.6-1) unstable; urgency=low - - * New upstream release - + added arpreply and among modules - + added limit match - - -- Jochen Friedrich Fri, 2 Jan 2004 22:29:45 +0100 - -ebtables (2.0.5-2) unstable; urgency=low - - * The "I should really check what i upload" revision - * New maintainer (Closes: #211788) - * Changed build system to cdbs - * Bumped policy to 3.6.1 - * New upstream homepage - * Removed conffiles, files in /etc are automatically flagged as - conffiles in compat level 4 used by cdbs - - -- Jochen Friedrich Mon, 29 Sep 2003 19:46:31 +0200 - -ebtables (2.0.5-1) unstable; urgency=low - - * New upstream release - - -- Jochen Friedrich Thu, 25 Sep 2003 23:29:34 +0200 - -ebtables (2.0.3-1) unstable; urgency=low - - * New upstream release. - - -- David Kimdon Fri, 23 May 2003 22:00:36 -0700 - -ebtables (2.0.2-1) unstable; urgency=low - - * Initial Release. - - -- David Kimdon Fri, 17 Jan 2003 20:05:00 -0800 diff -Nru ebtables-2.0.10.4/debian/changelog.rej ebtables-2.0.10.4/debian/changelog.rej --- ebtables-2.0.10.4/debian/changelog.rej 2016-07-28 07:38:12.000000000 -0500 +++ ebtables-2.0.10.4/debian/changelog.rej 1969-12-31 18:00:00.000000000 -0600 @@ -1,14 +0,0 @@ ---- debian/changelog 2016-02-07 20:46:35.000000000 +0000 -+++ debian/changelog 2016-03-15 14:46:05.000000000 +0000 -@@ -1,3 +1,11 @@ -+ebtables (2.0.10.4-3.4ubuntu1) xenial; urgency=medium -+ -+ * Merge with Debian unstable (LP: #1556300). Remaining changes: -+ - Link ebtables with --no-as-needed and adjust the link order to fix -+ crash when running ebtables. -+ -+ -- Nishanth Aravamudan Fri, 11 Mar 2016 14:12:56 -0800 -+ - ebtables (2.0.10.4-3.4) unstable; urgency=medium - - * Non-maintainer upload. diff -Nru ebtables-2.0.10.4/debian/patches/series ebtables-2.0.10.4/debian/patches/series --- ebtables-2.0.10.4/debian/patches/series 2016-07-28 07:38:12.000000000 -0500 +++ ebtables-2.0.10.4/debian/patches/series 2017-04-18 17:29:23.000000000 -0500 @@ -4,3 +4,4 @@ compensate-for-missing-aligned-u64.patch lockdirfix.patch link_with_no-as-needed.patch +use_real_locking.patch diff -Nru ebtables-2.0.10.4/debian/patches/use_real_locking.patch ebtables-2.0.10.4/debian/patches/use_real_locking.patch --- ebtables-2.0.10.4/debian/patches/use_real_locking.patch 1969-12-31 18:00:00.000000000 -0600 +++ ebtables-2.0.10.4/debian/patches/use_real_locking.patch 2017-04-18 17:32:14.000000000 -0500 @@ -0,0 +1,76 @@ +Description: Use real locking in ebtables + Prior use of locking by file exclusive access is inadequate + because if ebtables crashes or is killed it will leave a + stale lock file behind which then blocks new ebtables from + running. +Author: dragan.stancevic@canonical.com +Bug: https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/1645324 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: ebtables-2.0.10.4/libebtc.c +=================================================================== +--- ebtables-2.0.10.4.orig/libebtc.c ++++ ebtables-2.0.10.4/libebtc.c +@@ -137,28 +137,19 @@ void ebt_list_extensions() + #define LOCKDIR "/run" + #define LOCKFILE LOCKDIR"/ebtables.lock" + #endif +-static int lockfd = -1, locked; ++static volatile int lockfd = -1; + int use_lockfd; + /* Returns 0 on success, -1 when the file is locked by another process + * or -2 on any other error. */ + static int lock_file() + { +- int try = 0; +- int ret = 0; +- sigset_t sigset; ++ int try = 0, ret = 0; ++ struct flock fl = {0,}; + + tryagain: +- /* the SIGINT handler will call unlock_file. To make sure the state +- * of the variable locked is correct, we need to temporarily mask the +- * SIGINT interrupt. */ +- sigemptyset(&sigset); +- sigaddset(&sigset, SIGINT); +- sigprocmask(SIG_BLOCK, &sigset, NULL); +- lockfd = open(LOCKFILE, O_CREAT | O_EXCL | O_WRONLY, 00600); ++ lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 00600); + if (lockfd < 0) { +- if (errno == EEXIST) +- ret = -1; +- else if (try == 1) ++ if (try == 1) + ret = -2; + else { + if (mkdir(LOCKDIR, 00700)) +@@ -169,18 +160,22 @@ tryagain: + } + } + } else { +- close(lockfd); +- locked = 1; ++ fl.l_type = F_WRLCK; ++ ret = fcntl(lockfd, F_SETLK, &fl); ++ if (ret == -1 && errno != (EAGAIN || EACCES)) ++ ret = -2; + } +- sigprocmask(SIG_UNBLOCK, &sigset, NULL); + return ret; + } + + void unlock_file() + { +- if (locked) { +- remove(LOCKFILE); +- locked = 0; ++ struct flock fl = {0,}; ++ ++ if (lockfd > -1) { ++ fl.l_type = F_UNLCK; ++ fcntl(lockfd, F_SETLK, &fl); ++ close(lockfd); + } + } +