rpms/fail2ban/F-12 asyncserver.start_selinux.patch, NONE, 1.1 fail2ban.spec, 1.21, 1.22
athimm
athimm at fedoraproject.org
Sun Feb 14 16:09:38 UTC 2010
Author: athimm
Update of /cvs/extras/rpms/fail2ban/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9426/F-12
Modified Files:
fail2ban.spec
Added Files:
asyncserver.start_selinux.patch
Log Message:
Fix more selinux cloexec issues.
asyncserver.start_selinux.patch:
asyncserver.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- NEW FILE asyncserver.start_selinux.patch ---
>From 20c717c25c5d180b720bec6902475f07b02f8b87 Mon Sep 17 00:00:00 2001
From: Jonathan G. Underwood <jonathan.underwood at gmail.com>
Date: Sun, 3 Jan 2010 02:16:09 +0000
Subject: [PATCH] Set socket file descriptor in AsyncServer.start to be CLOEXEC
https://bugzilla.redhat.com/show_bug.cgi?id=522767
---
server/asyncserver.py | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/server/asyncserver.py b/server/asyncserver.py
index 35cebf1..96b62d0 100644
--- a/server/asyncserver.py
+++ b/server/asyncserver.py
@@ -26,7 +26,7 @@ __license__ = "GPL"
from pickle import dumps, loads, HIGHEST_PROTOCOL
from common import helpers
-import asyncore, asynchat, socket, os, logging, sys, traceback
+import asyncore, asynchat, socket, os, logging, sys, traceback, fcntl
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.server")
@@ -126,6 +126,8 @@ class AsyncServer(asyncore.dispatcher):
raise AsyncServerException("Server already running")
# Creates the socket.
self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ fd = self.fileno()
+ fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
self.set_reuse_addr()
try:
self.bind(sock)
--
1.6.5.2
Index: fail2ban.spec
===================================================================
RCS file: /cvs/extras/rpms/fail2ban/F-12/fail2ban.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -p -r1.21 -r1.22
--- fail2ban.spec 11 Sep 2009 10:33:46 -0000 1.21
+++ fail2ban.spec 14 Feb 2010 16:09:37 -0000 1.22
@@ -4,7 +4,7 @@
Summary: Ban IPs that make too many password failures
Name: fail2ban
Version: 0.8.4
-Release: 23%{?dist}
+Release: 24%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://fail2ban.sourceforge.net/
@@ -14,6 +14,7 @@ Patch0: fail2ban-0.8.3-init.patch
Patch1: fail2ban-0.8.1-sshd.patch
Patch3: fail2ban-0.8.2-fd_cloexec.patch
Patch6: fail2ban-0.8.3-log2syslog.patch
+Patch7: asyncserver.start_selinux.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: python-devel >= 2.3
BuildArch: noarch
@@ -33,6 +34,7 @@ failures. It updates firewall rules to r
%patch1 -p1 -b .sshd
%patch3 -p1 -b .fd_cloexec
%patch6 -p1 -b .log2syslog
+%patch7 -p1 -b .fd_cloexec2
%build
python setup.py build
@@ -82,6 +84,10 @@ fi
%dir %{_localstatedir}/run/fail2ban
%changelog
+* Sun Feb 14 2010 Axel Thimm <Axel.Thimm at ATrpms.net> - 0.8.4-24
+- Patch by Jonathan G. Underwood <jonathan.underwood at gmail.com> to
+ cloexec another fd leak.
+
* Fri Sep 11 2009 Axel Thimm <Axel.Thimm at ATrpms.net> - 0.8.4-23
- update to 0.8.4.
More information about the scm-commits
mailing list