rpms/milter-greylist/devel cloexec.patch, NONE, 1.1 milter-greylist.spec, 1.40, 1.41
ensc
ensc at fedoraproject.org
Wed Jun 9 19:58:54 UTC 2010
- Previous message: rpms/milter-greylist/devel .cvsignore, 1.8, 1.9 lastver, 1.7, 1.8 sources, 1.16, 1.17
- Next message: rpms/kernel/devel config-generic, 1.368, 1.369 kernel.spec, 1.2021, 1.2022
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ensc
Update of /cvs/extras/rpms/milter-greylist/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv9326
Modified Files:
milter-greylist.spec
Added Files:
cloexec.patch
Log Message:
- updated to 4.2.5
- added cloexec patch
- rediffed patches
cloexec.patch:
conf.c | 1 +
fd_pool.c | 2 ++
milter-greylist.c | 26 ++++++++++++++++++++++++++
milter-greylist.h | 10 ++++++++++
p0f.c | 2 +-
spamd.c | 8 ++++----
stat.c | 2 ++
sync.c | 14 +++++++++-----
8 files changed, 55 insertions(+), 10 deletions(-)
--- NEW FILE cloexec.patch ---
Set CLOEXEC flags for sockets
Subprocesses spawned by 'stat "| ..."' inherited all open sockets.
This wastes resources because it keeps lot of half-open sockets in the
system, can cause problems with SELinux and cause misbehavior because
sockets seems to be still open for the other side.
E.g. on my system, the stat logger consumes
# ls /proc/10204/fd | wc -l
166
sockets.
Index: milter-greylist-4.2.5/milter-greylist.h
===================================================================
--- milter-greylist-4.2.5.orig/milter-greylist.h
+++ milter-greylist-4.2.5/milter-greylist.h
@@ -257,6 +257,16 @@ char *fstring_escape(char *);
size_t mystrlcat(char *, const char *src, size_t size);
#endif
+#ifdef USE_CLOEXEC
+/* This requires Linux 2.6.27+ and the conditional must be set manually */
+#define socket_cloexec(_domain, _type, _protocol) \
+ socket(_domain, (_type) | SOCK_CLOEXEC, _protocol)
+#else
+int socket_cloexec(int domain, int type, int protocol);
+#endif
+
+int set_cloexec_flag(int fd, int value);
+
/*
* Locking management
*/
Index: milter-greylist-4.2.5/p0f.c
===================================================================
--- milter-greylist-4.2.5.orig/p0f.c
+++ milter-greylist-4.2.5/p0f.c
@@ -268,7 +268,7 @@ p0f_connect(void)
if (!conf.c_p0fsock[0])
return -1;
- if ((p0fsock = socket(PF_UNIX,SOCK_STREAM,0)) == -1) {
+ if ((p0fsock = socket_cloexec(PF_UNIX,SOCK_STREAM,0)) == -1) {
mg_log(LOG_ERR, "socket(PF_UNIX, SOCK_STREAM, 0) failed");
exit(EX_OSERR);
}
Index: milter-greylist-4.2.5/spamd.c
===================================================================
--- milter-greylist-4.2.5.orig/spamd.c
+++ milter-greylist-4.2.5/spamd.c
@@ -429,7 +429,7 @@ spamd_unix_socket(path)
sun.sun_family = AF_UNIX;
strncpy(sun.sun_path, path, sizeof(sun.sun_path) - 1);
- if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+ if ((sock = socket_cloexec(AF_UNIX, SOCK_STREAM, 0)) == -1) {
mg_log(LOG_ERR, "spamd socket failed: %s", strerror(errno));
return -1;
}
@@ -476,9 +476,9 @@ again:
}
for (res = ai; res != NULL; res = res->ai_next) {
- sock = socket(res->ai_family,
- res->ai_socktype,
- res->ai_protocol);
+ sock = socket_cloexec(res->ai_family,
+ res->ai_socktype,
+ res->ai_protocol);
if (sock == -1)
continue;
Index: milter-greylist-4.2.5/sync.c
===================================================================
--- milter-greylist-4.2.5.orig/sync.c
+++ milter-greylist-4.2.5/sync.c
@@ -449,7 +449,8 @@ peer_connect(peer) /* peer list is read-
for (res = res0; res; res = res->ai_next) {
/*We only test an address family which kernel supports. */
- s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ s = socket_cloexec(res->ai_family, res->ai_socktype,
+ res->ai_protocol);
if (s == -1)
continue;
close(s);
@@ -462,7 +463,8 @@ peer_connect(peer) /* peer list is read-
}
for (res = res0; res; res = res->ai_next) {
- s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ s = socket_cloexec(res->ai_family, res->ai_socktype,
+ res->ai_protocol);
if (s == -1)
continue;
@@ -541,7 +543,8 @@ peer_connect(peer) /* peer list is read-
else
proto = pe->p_proto;
- if ((s = socket(SA(&raddr)->sa_family, SOCK_STREAM, proto)) == -1) {
+ if ((s = socket_cloexec(SA(&raddr)->sa_family, SOCK_STREAM,
+ proto)) == -1) {
mg_log(LOG_ERR, "cannot sync with peer %s, "
"socket failed: %s (%d entries queued)",
peer->p_name, strerror(errno), peer->p_qlen);
@@ -779,6 +782,7 @@ sync_master(arg)
}
+ set_cloexec_flag(fd, 1);
unmappedaddr(SA(&raddr), &raddrlen);
conf_release();
@@ -945,7 +949,7 @@ sync_listen(addr, port, sms)
return;
}
- if ((s = socket(SA(&laddr)->sa_family, SOCK_STREAM, proto)) == -1) {
+ if ((s = socket_cloexec(SA(&laddr)->sa_family, SOCK_STREAM, proto)) == -1) {
sms->runs = SMS_DISABLED;
return;
}
@@ -1510,7 +1514,7 @@ local_addr(sa, salen)
break;
}
- if ((sfd = socket(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+ if ((sfd = socket_cloexec(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
mg_log(LOG_ERR, "local_addr: socket failed: %s",
strerror(errno));
return -1;
Index: milter-greylist-4.2.5/conf.c
===================================================================
--- milter-greylist-4.2.5.orig/conf.c
+++ milter-greylist-4.2.5/conf.c
@@ -184,6 +184,7 @@ conf_load_internal(timestamp)
if (conf_cold)
exit(EX_OSERR);
} else {
+ set_cloexec_flag(fileno(stream), 1);
TSS_SET(conf_key, newconf);
peer_clear();
Index: milter-greylist-4.2.5/fd_pool.c
===================================================================
--- milter-greylist-4.2.5.orig/fd_pool.c
+++ milter-greylist-4.2.5/fd_pool.c
@@ -122,6 +122,7 @@ int fd_new_desc() {
strerror(errno));
return -1;
}
+ set_cloexec_flag(descriptor, 1);
return descriptor;
}
@@ -340,6 +341,7 @@ FILE *fopen_ext(char *path, char *mode)
err = errno;
if (stream != NULL) {
+ set_cloexec_flag(fileno(stream), 1);
if ( descriptor == fileno(stream) ) {
/* we are in luck, fopen has successfully aquired our low descriptor ... */
return stream;
Index: milter-greylist-4.2.5/milter-greylist.c
===================================================================
--- milter-greylist-4.2.5.orig/milter-greylist.c
+++ milter-greylist-4.2.5/milter-greylist.c
@@ -3227,3 +3227,29 @@ mg_setreply(ctx, priv, rcpt)
return r;
}
+#ifndef USE_CLOEXEC
+int socket_cloexec(int domain, int type, int protocol)
+{
+ int fd = socket(domain, type, protocol);
+
+ if (fd >= 0)
+ set_cloexec_flag(fd, 1);
+
+ return fd;
+}
+#endif
+
+int set_cloexec_flag (int fd, int value)
+{
+ int oldflags = fcntl(fd, F_GETFD, 0);
+
+ if (oldflags < 0)
+ return oldflags;
+
+ if (value)
+ oldflags |= FD_CLOEXEC;
+ else
+ oldflags &= ~FD_CLOEXEC;
+
+ return fcntl(fd, F_SETFD, oldflags);
+}
Index: milter-greylist-4.2.5/stat.c
===================================================================
--- milter-greylist-4.2.5.orig/stat.c
+++ milter-greylist-4.2.5/stat.c
@@ -126,6 +126,8 @@ mg_stat_def(output, fstring)
return;
}
+ set_cloexec_flag(fileno(outfp), 1);
+
if ((format = fstring_escape(strdup(fstring))) == NULL) {
mg_log(LOG_ERR, "strdup failed: %s", strerror(errno));
exit(EX_OSERR);
Index: milter-greylist.spec
===================================================================
RCS file: /cvs/extras/rpms/milter-greylist/devel/milter-greylist.spec,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -p -r1.40 -r1.41
--- milter-greylist.spec 18 Apr 2010 09:18:57 -0000 1.40
+++ milter-greylist.spec 9 Jun 2010 19:58:54 -0000 1.41
@@ -23,7 +23,7 @@
Summary: Milter for greylisting, the next step in the spam control war
Name: milter-greylist
-Version: 4.2.4
+Version: 4.2.5
Release: %release_func 1400
License: BSD with advertising
Group: System Environment/Daemons
@@ -33,6 +33,8 @@ Source1: README.fedora
Patch0: milter-greylist-2.0.2-sysv.patch
Patch4: ai_addrconfig.patch
Patch7: milter-greylist-dkim-reentrant.patch
+# http://tech.groups.yahoo.com/group/milter-greylist/message/5551
+Patch8: cloexec.patch
BuildRoot: %_tmppath/%name-%version-%release-root
Requires: init(%name)
Provides: user(%username) = 7
@@ -105,6 +107,7 @@ This package provides the upstart initsc
%patch0 -p1 -b .sysv
%apply -n4 -p1
%apply -n7 -p1
+%apply -n8 -p1
install -p -m0644 %SOURCE1 .
@@ -223,6 +226,11 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 9 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 4.2.5-1400
+- updated to 4.2.5
+- added cloexec patch
+- rediffed patches
+
* Sun Apr 18 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 4.2.4-1400
- updated to 4.2.4
- removed patches which have been applied upstream
- Previous message: rpms/milter-greylist/devel .cvsignore, 1.8, 1.9 lastver, 1.7, 1.8 sources, 1.16, 1.17
- Next message: rpms/kernel/devel config-generic, 1.368, 1.369 kernel.spec, 1.2021, 1.2022
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list