rpms/fail2ban/F-12 asyncserver.start_selinux.patch, NONE, 1.1 fail2ban.spec, 1.21, 1.22

Sun Feb 14 16:09:38 UTC 2010

Author: athimm

Update of /cvs/extras/rpms/fail2ban/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9426/F-12

Modified Files:
	fail2ban.spec 
Added Files:
	asyncserver.start_selinux.patch 
Log Message:
Fix more selinux cloexec issues.

asyncserver.start_selinux.patch:
 asyncserver.py |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- NEW FILE asyncserver.start_selinux.patch ---
>From 20c717c25c5d180b720bec6902475f07b02f8b87 Mon Sep 17 00:00:00 2001
From: Jonathan G. Underwood <jonathan.underwood at gmail.com>
Date: Sun, 3 Jan 2010 02:16:09 +0000
Subject: [PATCH] Set socket file descriptor in AsyncServer.start to be CLOEXEC

https://bugzilla.redhat.com/show_bug.cgi?id=522767
---
 server/asyncserver.py |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/server/asyncserver.py b/server/asyncserver.py
index 35cebf1..96b62d0 100644
--- a/server/asyncserver.py
+++ b/server/asyncserver.py
@@ -26,7 +26,7 @@ __license__ = "GPL"
 
 from pickle import dumps, loads, HIGHEST_PROTOCOL
 from common import helpers
-import asyncore, asynchat, socket, os, logging, sys, traceback
+import asyncore, asynchat, socket, os, logging, sys, traceback, fcntl
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.server")
@@ -126,6 +126,8 @@ class AsyncServer(asyncore.dispatcher):
 				raise AsyncServerException("Server already running")
 		# Creates the socket.
 		self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
+		fd = self.fileno()
+		fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
 		self.set_reuse_addr()
 		try:
 			self.bind(sock)
-- 
1.6.5.2



Index: fail2ban.spec
===================================================================
RCS file: /cvs/extras/rpms/fail2ban/F-12/fail2ban.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -p -r1.21 -r1.22
--- fail2ban.spec	11 Sep 2009 10:33:46 -0000	1.21
+++ fail2ban.spec	14 Feb 2010 16:09:37 -0000	1.22
@@ -4,7 +4,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.4
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -14,6 +14,7 @@ Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.1-sshd.patch
 Patch3: fail2ban-0.8.2-fd_cloexec.patch
 Patch6: fail2ban-0.8.3-log2syslog.patch
+Patch7: asyncserver.start_selinux.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 BuildArch: noarch
@@ -33,6 +34,7 @@ failures. It updates firewall rules to r
 %patch1 -p1 -b .sshd
 %patch3 -p1 -b .fd_cloexec
 %patch6 -p1 -b .log2syslog
+%patch7 -p1 -b .fd_cloexec2
 
 %build
 python setup.py build
@@ -82,6 +84,10 @@ fi
 %dir %{_localstatedir}/run/fail2ban
 
 %changelog
+* Sun Feb 14 2010 Axel Thimm <Axel.Thimm at ATrpms.net> - 0.8.4-24
+- Patch by Jonathan G. Underwood <jonathan.underwood at gmail.com> to
+  cloexec another fd leak.
+
 * Fri Sep 11 2009 Axel Thimm <Axel.Thimm at ATrpms.net> - 0.8.4-23
 - update to 0.8.4.
 

