From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29020 invoked by alias); 25 Jun 2019 18:43:10 -0000 Mailing-List: contact bzip2-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Id: Sender: bzip2-devel-owner@sourceware.org Received: (qmail 29010 invoked by uid 89); 25 Jun 2019 18:43:10 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.4 required=5.0 tests=AWL,BAYES_00,SPF_NEUTRAL autolearn=no version=3.3.1 spammy=HX-Envelope-From:sk:federic, pasting, practically, opened X-Spam-Status: No, score=0.4 required=5.0 tests=AWL,BAYES_00,SPF_NEUTRAL autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: mx1.suse.de X-Virus-Scanned: by amavisd-new at test-mx.suse.de Message-ID: <9177da2cea5575fecb89ef49a3ac1abe4adecc34.camel@gnome.org> Subject: Re: Some cherry-picks (Was: [PATCH] bzip2: Fix return value when combining --test,-t and -q.) From: Federico Mena Quintero To: Mark Wielaard , Santiago Ruano =?ISO-8859-1?Q?Rinc=F3n?= Cc: bzip2-devel@sourceware.org, Anibal Monsalve Salazar , Anthony Fok Date: Tue, 01 Jan 2019 00:00:00 -0000 In-Reply-To: <909f618c164a1aee716dac9f6620aa90c5260ece.camel@klomp.org> References: <1561362056-4393-1-git-send-email-mark@klomp.org> <20190624083116.GN6125@bartik> <909f618c164a1aee716dac9f6620aa90c5260ece.camel@klomp.org> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.4 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-SW-Source: 2019-q2/txt/msg00010.txt.bz2 On Mon, 2019-06-24 at 15:55 +0200, Mark Wielaard wrote: > The only remaining difference between the trees (for the C sources) > is the fix for O_CLOEXEC. I would like to better understand the > (different) Debian solution for that: > > https://sources.debian.org/patches/bzip2/1.0.6-9/bzip2recover-race-open-output.diff/ This fix is partially correct, and I've pushed it to the repository in gitlab with one change: - Use practically the same fopen_output_safely() that is used in bzip2.c. This has a change to *not* use IntNative, to avoid cutting&pasting even more #ifdefs from bzip2.c. To make the fix fully correct, it would actually print different errors when the output file exists, versus when it cannot be opened due to an I/O error. But that can wait. I think the Debian patch may be confusing because it maintains the description "fix unsafe race condition in opening output files" from the bug report for bzip2-0.9.5... back then it *was* for a minor race condition in bzip2, but these days it's only to avoid overwriting files in bzip2recover. Federico