rpms/milter-greylist/F-12 cloexec.patch, NONE, 1.1 sources, 1.15, 1.16 milter-greylist.spec, 1.37, 1.38 milter-greylist-dkim-reentrant.patch, 1.1, 1.2 ai_addrconfig.patch, 1.2, 1.3 milter-greylist-p0f-reentrant.patch, 1.1, NONE milter-greylist-geoip-lock.patch, 1.1, NONE
ensc
ensc at fedoraproject.org
Wed Jun 9 20:19:56 UTC 2010
Author: ensc
Update of /cvs/extras/rpms/milter-greylist/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv11881
Modified Files:
sources milter-greylist.spec
milter-greylist-dkim-reentrant.patch ai_addrconfig.patch
Added Files:
cloexec.patch
Removed Files:
milter-greylist-p0f-reentrant.patch
milter-greylist-geoip-lock.patch
Log Message:
- updated to 4.2.5
- added cloexec patch
- rediffed patches
- removed patches which have been applied upstream
cloexec.patch:
conf.c | 1 +
fd_pool.c | 2 ++
milter-greylist.c | 26 ++++++++++++++++++++++++++
milter-greylist.h | 10 ++++++++++
p0f.c | 2 +-
spamd.c | 8 ++++----
stat.c | 2 ++
sync.c | 14 +++++++++-----
8 files changed, 55 insertions(+), 10 deletions(-)
--- NEW FILE cloexec.patch ---
Set CLOEXEC flags for sockets
Subprocesses spawned by 'stat "| ..."' inherited all open sockets.
This wastes resources because it keeps lot of half-open sockets in the
system, can cause problems with SELinux and cause misbehavior because
sockets seems to be still open for the other side.
E.g. on my system, the stat logger consumes
# ls /proc/10204/fd | wc -l
166
sockets.
Index: milter-greylist-4.2.5/milter-greylist.h
===================================================================
--- milter-greylist-4.2.5.orig/milter-greylist.h
+++ milter-greylist-4.2.5/milter-greylist.h
@@ -257,6 +257,16 @@ char *fstring_escape(char *);
size_t mystrlcat(char *, const char *src, size_t size);
#endif
+#ifdef USE_CLOEXEC
+/* This requires Linux 2.6.27+ and the conditional must be set manually */
+#define socket_cloexec(_domain, _type, _protocol) \
+ socket(_domain, (_type) | SOCK_CLOEXEC, _protocol)
+#else
+int socket_cloexec(int domain, int type, int protocol);
+#endif
+
+int set_cloexec_flag(int fd, int value);
+
/*
* Locking management
*/
Index: milter-greylist-4.2.5/p0f.c
===================================================================
--- milter-greylist-4.2.5.orig/p0f.c
+++ milter-greylist-4.2.5/p0f.c
@@ -268,7 +268,7 @@ p0f_connect(void)
if (!conf.c_p0fsock[0])
return -1;
- if ((p0fsock = socket(PF_UNIX,SOCK_STREAM,0)) == -1) {
+ if ((p0fsock = socket_cloexec(PF_UNIX,SOCK_STREAM,0)) == -1) {
mg_log(LOG_ERR, "socket(PF_UNIX, SOCK_STREAM, 0) failed");
exit(EX_OSERR);
}
Index: milter-greylist-4.2.5/spamd.c
===================================================================
--- milter-greylist-4.2.5.orig/spamd.c
+++ milter-greylist-4.2.5/spamd.c
@@ -429,7 +429,7 @@ spamd_unix_socket(path)
sun.sun_family = AF_UNIX;
strncpy(sun.sun_path, path, sizeof(sun.sun_path) - 1);
- if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+ if ((sock = socket_cloexec(AF_UNIX, SOCK_STREAM, 0)) == -1) {
mg_log(LOG_ERR, "spamd socket failed: %s", strerror(errno));
return -1;
}
@@ -476,9 +476,9 @@ again:
}
for (res = ai; res != NULL; res = res->ai_next) {
- sock = socket(res->ai_family,
- res->ai_socktype,
- res->ai_protocol);
+ sock = socket_cloexec(res->ai_family,
+ res->ai_socktype,
+ res->ai_protocol);
if (sock == -1)
continue;
Index: milter-greylist-4.2.5/sync.c
===================================================================
--- milter-greylist-4.2.5.orig/sync.c
+++ milter-greylist-4.2.5/sync.c
@@ -449,7 +449,8 @@ peer_connect(peer) /* peer list is read-
for (res = res0; res; res = res->ai_next) {
/*We only test an address family which kernel supports. */
- s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ s = socket_cloexec(res->ai_family, res->ai_socktype,
+ res->ai_protocol);
if (s == -1)
continue;
close(s);
@@ -462,7 +463,8 @@ peer_connect(peer) /* peer list is read-
}
for (res = res0; res; res = res->ai_next) {
- s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ s = socket_cloexec(res->ai_family, res->ai_socktype,
+ res->ai_protocol);
if (s == -1)
continue;
@@ -541,7 +543,8 @@ peer_connect(peer) /* peer list is read-
else
proto = pe->p_proto;
- if ((s = socket(SA(&raddr)->sa_family, SOCK_STREAM, proto)) == -1) {
+ if ((s = socket_cloexec(SA(&raddr)->sa_family, SOCK_STREAM,
+ proto)) == -1) {
mg_log(LOG_ERR, "cannot sync with peer %s, "
"socket failed: %s (%d entries queued)",
peer->p_name, strerror(errno), peer->p_qlen);
@@ -779,6 +782,7 @@ sync_master(arg)
}
+ set_cloexec_flag(fd, 1);
unmappedaddr(SA(&raddr), &raddrlen);
conf_release();
@@ -945,7 +949,7 @@ sync_listen(addr, port, sms)
return;
}
- if ((s = socket(SA(&laddr)->sa_family, SOCK_STREAM, proto)) == -1) {
+ if ((s = socket_cloexec(SA(&laddr)->sa_family, SOCK_STREAM, proto)) == -1) {
sms->runs = SMS_DISABLED;
return;
}
@@ -1510,7 +1514,7 @@ local_addr(sa, salen)
break;
}
- if ((sfd = socket(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+ if ((sfd = socket_cloexec(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
mg_log(LOG_ERR, "local_addr: socket failed: %s",
strerror(errno));
return -1;
Index: milter-greylist-4.2.5/conf.c
===================================================================
--- milter-greylist-4.2.5.orig/conf.c
+++ milter-greylist-4.2.5/conf.c
@@ -184,6 +184,7 @@ conf_load_internal(timestamp)
if (conf_cold)
exit(EX_OSERR);
} else {
+ set_cloexec_flag(fileno(stream), 1);
TSS_SET(conf_key, newconf);
peer_clear();
Index: milter-greylist-4.2.5/fd_pool.c
===================================================================
--- milter-greylist-4.2.5.orig/fd_pool.c
+++ milter-greylist-4.2.5/fd_pool.c
@@ -122,6 +122,7 @@ int fd_new_desc() {
strerror(errno));
return -1;
}
+ set_cloexec_flag(descriptor, 1);
return descriptor;
}
@@ -340,6 +341,7 @@ FILE *fopen_ext(char *path, char *mode)
err = errno;
if (stream != NULL) {
+ set_cloexec_flag(fileno(stream), 1);
if ( descriptor == fileno(stream) ) {
/* we are in luck, fopen has successfully aquired our low descriptor ... */
return stream;
Index: milter-greylist-4.2.5/milter-greylist.c
===================================================================
--- milter-greylist-4.2.5.orig/milter-greylist.c
+++ milter-greylist-4.2.5/milter-greylist.c
@@ -3227,3 +3227,29 @@ mg_setreply(ctx, priv, rcpt)
return r;
}
+#ifndef USE_CLOEXEC
+int socket_cloexec(int domain, int type, int protocol)
+{
+ int fd = socket(domain, type, protocol);
+
+ if (fd >= 0)
+ set_cloexec_flag(fd, 1);
+
+ return fd;
+}
+#endif
+
+int set_cloexec_flag (int fd, int value)
+{
+ int oldflags = fcntl(fd, F_GETFD, 0);
+
+ if (oldflags < 0)
+ return oldflags;
+
+ if (value)
+ oldflags |= FD_CLOEXEC;
+ else
+ oldflags &= ~FD_CLOEXEC;
+
+ return fcntl(fd, F_SETFD, oldflags);
+}
Index: milter-greylist-4.2.5/stat.c
===================================================================
--- milter-greylist-4.2.5.orig/stat.c
+++ milter-greylist-4.2.5/stat.c
@@ -126,6 +126,8 @@ mg_stat_def(output, fstring)
return;
}
+ set_cloexec_flag(fileno(outfp), 1);
+
if ((format = fstring_escape(strdup(fstring))) == NULL) {
mg_log(LOG_ERR, "strdup failed: %s", strerror(errno));
exit(EX_OSERR);
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/milter-greylist/F-12/sources,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -p -r1.15 -r1.16
--- sources 19 Aug 2009 19:50:38 -0000 1.15
+++ sources 9 Jun 2010 20:19:55 -0000 1.16
@@ -1 +1 @@
-e821a8a4527c1e313f21fe36dbde4a24 milter-greylist-4.2.3.tgz
+fa1e68ff0a8b759b946c09f92d40af9d milter-greylist-4.2.5.tgz
Index: milter-greylist.spec
===================================================================
RCS file: /cvs/extras/rpms/milter-greylist/F-12/milter-greylist.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -p -r1.37 -r1.38
--- milter-greylist.spec 21 Feb 2010 11:24:49 -0000 1.37
+++ milter-greylist.spec 9 Jun 2010 20:19:55 -0000 1.38
@@ -19,7 +19,7 @@
Summary: Milter for greylisting, the next step in the spam control war
Name: milter-greylist
-Version: 4.2.3
+Version: 4.2.5
Release: %release_func 1200%{?beta}
License: BSD with advertising
Group: System Environment/Daemons
@@ -28,9 +28,9 @@ Source0: ftp://ftp.espci.fr/pub/milter-g
Source1: README.fedora
Patch0: milter-greylist-2.0.2-sysv.patch
Patch4: ai_addrconfig.patch
-Patch5: milter-greylist-p0f-reentrant.patch
-Patch6: milter-greylist-geoip-lock.patch
Patch7: milter-greylist-dkim-reentrant.patch
+# http://tech.groups.yahoo.com/group/milter-greylist/message/5551
+Patch8: cloexec.patch
BuildRoot: %_tmppath/%name-%version-%release-root
Requires: init(%name)
Provides: user(%username) = 7
@@ -102,9 +102,8 @@ This package provides the upstart initsc
%setup -q %{?beta:-n %name-%version%beta}
%patch0 -p1 -b .sysv
%patch4 -p1
-%patch5 -p1
-%patch6 -p1
%patch7 -p1
+%patch8 -p1
install -p -m0644 %SOURCE1 .
@@ -219,6 +218,12 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jun 9 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 4.2.5-1400
+- updated to 4.2.5
+- added cloexec patch
+- rediffed patches
+- removed patches which have been applied upstream
+
* Sat Feb 20 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 4.2.3-1200
- added patches to fix races in dkim, geoip and p0f modules
milter-greylist-dkim-reentrant.patch:
dkimcheck.c | 36 ++++++++++++++++++++++++------------
1 file changed, 24 insertions(+), 12 deletions(-)
Index: milter-greylist-dkim-reentrant.patch
===================================================================
RCS file: /cvs/extras/rpms/milter-greylist/F-12/milter-greylist-dkim-reentrant.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- milter-greylist-dkim-reentrant.patch 21 Feb 2010 11:24:49 -0000 1.1
+++ milter-greylist-dkim-reentrant.patch 9 Jun 2010 20:19:55 -0000 1.2
@@ -1,7 +1,9 @@
-Index: milter-greylist-4.2.3/dkimcheck.c
+Lock DKIM calls
+
+Index: milter-greylist-4.2.5/dkimcheck.c
===================================================================
---- milter-greylist-4.2.3.orig/dkimcheck.c
-+++ milter-greylist-4.2.3/dkimcheck.c
+--- milter-greylist-4.2.5.orig/dkimcheck.c
++++ milter-greylist-4.2.5/dkimcheck.c
@@ -63,6 +63,7 @@ __RCSID("$Id: dkimcheck.c,v 1.4 2008/10/
#include "dkimcheck.h"
ai_addrconfig.patch:
spamd.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
Index: ai_addrconfig.patch
===================================================================
RCS file: /cvs/extras/rpms/milter-greylist/F-12/ai_addrconfig.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- ai_addrconfig.patch 7 Mar 2009 12:22:30 -0000 1.2
+++ ai_addrconfig.patch 9 Jun 2010 20:19:56 -0000 1.3
@@ -5,10 +5,10 @@ without AI_ADDRCONFIG flag in this case.
It is very simple and a ./configure test for working AI_ADDRCONFIG
might be better.
-Index: milter-greylist-4.2b1/spamd.c
+Index: milter-greylist-4.2.5/spamd.c
===================================================================
---- milter-greylist-4.2b1.orig/spamd.c
-+++ milter-greylist-4.2b1/spamd.c
+--- milter-greylist-4.2.5.orig/spamd.c
++++ milter-greylist-4.2.5/spamd.c
@@ -454,11 +454,21 @@ spamd_inet_socket(host, port)
bzero(&hints, sizeof(hints));
--- milter-greylist-p0f-reentrant.patch DELETED ---
--- milter-greylist-geoip-lock.patch DELETED ---
More information about the scm-commits
mailing list