packages: milter-greylist/ai_addrconfig.patch (NEW), milter-greylist/cloexe...

glen glen at pld-linux.org
Mon Aug 8 22:01:00 CEST 2011 

Author: glen                         Date: Mon Aug  8 20:01:00 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- new, based on fedora package

---- Files affected:
packages/milter-greylist:
   ai_addrconfig.patch (NONE -> 1.1)  (NEW), cloexec.patch (NONE -> 1.1)  (NEW), milter-greylist-dkim-reentrant.patch (NONE -> 1.1)  (NEW), milter-greylist.spec (NONE -> 1.1)  (NEW), spamd-null.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/milter-greylist/ai_addrconfig.patch
diff -u /dev/null packages/milter-greylist/ai_addrconfig.patch:1.1
--- /dev/null	Mon Aug  8 22:01:00 2011
+++ packages/milter-greylist/ai_addrconfig.patch	Mon Aug  8 22:00:55 2011
@@ -0,0 +1,34 @@
+ISC libbind provides AI_ADDRCONFIG macro, but getaddrinfo() fails with
+EAI_BADFLAGS when invoked with it.  This patch retries getaddrinfo()
+without AI_ADDRCONFIG flag in this case.
+
+It is very simple and a ./configure test for working AI_ADDRCONFIG
+might be better.
+
+Index: milter-greylist-4.2.5/spamd.c
+===================================================================
+--- milter-greylist-4.2.5.orig/spamd.c
++++ milter-greylist-4.2.5/spamd.c
+@@ -454,11 +454,21 @@ spamd_inet_socket(host, port)
+ 
+ 	bzero(&hints, sizeof(hints));
+ 	hints.ai_socktype = SOCK_STREAM;
++
+ #ifdef AI_ADDRCONFIG
+ 	hints.ai_flags = AI_ADDRCONFIG;
++
++again:
++	e = getaddrinfo(host, port, &hints, &ai);
++	if (e == EAI_BADFLAGS && (hints.ai_flags & AI_ADDRCONFIG)) {
++		hints.ai_flags &= ~AI_ADDRCONFIG;
++		goto again;
++	}
++#else
++	e = getaddrinfo(host, port, &hints, &ai);
+ #endif
+ 
+-	if ((e = getaddrinfo(host, port, &hints, &ai))) {
++	if (e) {
+ 		mg_log(LOG_ERR, 
+ 		       "spamd getaddrinfo failed: %s", 
+ 		       gai_strerror(e));

================================================================
Index: packages/milter-greylist/cloexec.patch
diff -u /dev/null packages/milter-greylist/cloexec.patch:1.1
--- /dev/null	Mon Aug  8 22:01:00 2011
+++ packages/milter-greylist/cloexec.patch	Mon Aug  8 22:00:55 2011
@@ -0,0 +1,213 @@
+Set CLOEXEC flags for sockets
+
+Subprocesses spawned by 'stat "| ..."' inherited all open sockets.
+This wastes resources because it keeps lot of half-open sockets in the
+system, can cause problems with SELinux and cause misbehavior because
+sockets seems to be still open for the other side.
+
+E.g. on my system, the stat logger consumes
+
+ # ls /proc/10204/fd | wc -l
+ 166
+
+sockets.
+
+Index: milter-greylist-4.2.5/milter-greylist.h
+===================================================================
+--- milter-greylist-4.2.5.orig/milter-greylist.h
++++ milter-greylist-4.2.5/milter-greylist.h
+@@ -257,6 +257,16 @@ char *fstring_escape(char *);
+ size_t mystrlcat(char *, const char *src, size_t size);
+ #endif
+ 
++#ifdef USE_CLOEXEC
++/* This requires Linux 2.6.27+ and the conditional must be set manually */
++#define socket_cloexec(_domain, _type, _protocol) \
++	socket(_domain, (_type) | SOCK_CLOEXEC, _protocol)
++#else
++int socket_cloexec(int domain, int type, int protocol);
++#endif
++
++int set_cloexec_flag(int fd, int value);
++
+ /*
+  * Locking management
+  */
+Index: milter-greylist-4.2.5/p0f.c
+===================================================================
+--- milter-greylist-4.2.5.orig/p0f.c
++++ milter-greylist-4.2.5/p0f.c
+@@ -268,7 +268,7 @@ p0f_connect(void)
+ 	if (!conf.c_p0fsock[0])
+ 		return -1;
+ 
+-	if ((p0fsock = socket(PF_UNIX,SOCK_STREAM,0)) == -1) {
++	if ((p0fsock = socket_cloexec(PF_UNIX,SOCK_STREAM,0)) == -1) {
+ 		mg_log(LOG_ERR, "socket(PF_UNIX, SOCK_STREAM, 0) failed");
+ 		exit(EX_OSERR);
+ 	}
+Index: milter-greylist-4.2.5/spamd.c
+===================================================================
+--- milter-greylist-4.2.5.orig/spamd.c
++++ milter-greylist-4.2.5/spamd.c
+@@ -429,7 +429,7 @@ spamd_unix_socket(path)
+ 	sun.sun_family = AF_UNIX;
+ 	strncpy(sun.sun_path, path, sizeof(sun.sun_path) - 1);
+ 
+-	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
++	if ((sock = socket_cloexec(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+ 		mg_log(LOG_ERR, "spamd socket failed: %s", strerror(errno));
+ 		return -1;
+ 	}
+@@ -476,9 +476,9 @@ again:
+ 	}
+ 
+ 	for (res = ai; res != NULL; res = res->ai_next) {
+-		sock = socket(res->ai_family, 
+-			      res->ai_socktype, 
+-			      res->ai_protocol);
++		sock = socket_cloexec(res->ai_family,
++				      res->ai_socktype,
++				      res->ai_protocol);
+ 		if (sock == -1)
+ 			continue;
+ 
+Index: milter-greylist-4.2.5/sync.c
+===================================================================
+--- milter-greylist-4.2.5.orig/sync.c
++++ milter-greylist-4.2.5/sync.c
+@@ -449,7 +449,8 @@ peer_connect(peer)	/* peer list is read-
+ 
+ 	for (res = res0; res; res = res->ai_next) {
+ 		/*We only test an address family which kernel supports. */
+-		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++		s = socket_cloexec(res->ai_family, res->ai_socktype,
++				   res->ai_protocol);
+ 		if (s == -1)
+ 			continue;
+ 		close(s);
+@@ -462,7 +463,8 @@ peer_connect(peer)	/* peer list is read-
+ 	}
+ 
+ 	for (res = res0; res; res = res->ai_next) {
+-		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++		s = socket_cloexec(res->ai_family, res->ai_socktype,
++				   res->ai_protocol);
+ 		if (s == -1)
+ 			continue;
+ 
+@@ -541,7 +543,8 @@ peer_connect(peer)	/* peer list is read-
+ 	else
+ 		proto = pe->p_proto;
+ 
+-	if ((s = socket(SA(&raddr)->sa_family, SOCK_STREAM, proto)) == -1) {
++	if ((s = socket_cloexec(SA(&raddr)->sa_family, SOCK_STREAM,
++				proto)) == -1) {
+ 		mg_log(LOG_ERR, "cannot sync with peer %s, "
+ 		    "socket failed: %s (%d entries queued)", 
+ 		    peer->p_name, strerror(errno), peer->p_qlen);
+@@ -779,6 +782,7 @@ sync_master(arg)
+ 
+ 
+ 		}
++		set_cloexec_flag(fd, 1);
+ 		unmappedaddr(SA(&raddr), &raddrlen);
+ 
+ 		conf_release();
+@@ -945,7 +949,7 @@ sync_listen(addr, port, sms)
+ 		return;
+ 	}
+ 
+-	if ((s = socket(SA(&laddr)->sa_family, SOCK_STREAM, proto)) == -1) {
++	if ((s = socket_cloexec(SA(&laddr)->sa_family, SOCK_STREAM, proto)) == -1) {
+ 		sms->runs = SMS_DISABLED;
+ 		return;
+ 	}
+@@ -1510,7 +1514,7 @@ local_addr(sa, salen)
+ 		break;
+ 	}
+ 
+-	if ((sfd = socket(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
++	if ((sfd = socket_cloexec(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+ 		mg_log(LOG_ERR, "local_addr: socket failed: %s",
+ 		    strerror(errno));
+ 		return -1;
+Index: milter-greylist-4.2.5/conf.c
+===================================================================
+--- milter-greylist-4.2.5.orig/conf.c
++++ milter-greylist-4.2.5/conf.c
+@@ -184,6 +184,7 @@ conf_load_internal(timestamp)
+ 		if (conf_cold)
+ 			exit(EX_OSERR);
+ 	} else {
++		set_cloexec_flag(fileno(stream), 1);
+ 		TSS_SET(conf_key, newconf);
+ 
+ 		peer_clear();
+Index: milter-greylist-4.2.5/fd_pool.c
+===================================================================
+--- milter-greylist-4.2.5.orig/fd_pool.c
++++ milter-greylist-4.2.5/fd_pool.c
+@@ -122,6 +122,7 @@ int fd_new_desc() {
+                         strerror(errno));
+                 return -1;
+         }
++	set_cloexec_flag(descriptor, 1);
+ 	return descriptor;
+ }
+ 
+@@ -340,6 +341,7 @@ FILE *fopen_ext(char *path, char *mode) 
+ 	err = errno;
+ 
+ 	if (stream != NULL) {
++		set_cloexec_flag(fileno(stream), 1);
+ 		if ( descriptor == fileno(stream) ) {
+ 			/* we are in luck, fopen has successfully aquired our low descriptor ... */
+ 			return stream;
+Index: milter-greylist-4.2.5/milter-greylist.c
+===================================================================
+--- milter-greylist-4.2.5.orig/milter-greylist.c
++++ milter-greylist-4.2.5/milter-greylist.c
+@@ -3227,3 +3227,29 @@ mg_setreply(ctx, priv, rcpt)
+ 	return r;
+ }
+ 
++#ifndef USE_CLOEXEC
++int socket_cloexec(int domain, int type, int protocol)
++{
++	int		fd = socket(domain, type, protocol);
++
++	if (fd >= 0)
++		set_cloexec_flag(fd, 1);
++
++	return fd;
++}
++#endif
++
++int set_cloexec_flag (int fd, int value)
++{
++	int oldflags = fcntl(fd, F_GETFD, 0);
++
++	if (oldflags < 0)
++		return oldflags;
++
++	if (value)
++		oldflags |= FD_CLOEXEC;
++	else
++		oldflags &= ~FD_CLOEXEC;
++
++	return fcntl(fd, F_SETFD, oldflags);
++}
+Index: milter-greylist-4.2.5/stat.c
+===================================================================
+--- milter-greylist-4.2.5.orig/stat.c
++++ milter-greylist-4.2.5/stat.c
+@@ -126,6 +126,8 @@ mg_stat_def(output, fstring)
+ 		return;
+ 	}
+ 
++	set_cloexec_flag(fileno(outfp), 1);
++
+ 	if ((format = fstring_escape(strdup(fstring))) == NULL) {
+ 		mg_log(LOG_ERR, "strdup failed: %s", strerror(errno));
+ 		exit(EX_OSERR);

================================================================
Index: packages/milter-greylist/milter-greylist-dkim-reentrant.patch
diff -u /dev/null packages/milter-greylist/milter-greylist-dkim-reentrant.patch:1.1
--- /dev/null	Mon Aug  8 22:01:00 2011
+++ packages/milter-greylist/milter-greylist-dkim-reentrant.patch	Mon Aug  8 22:00:55 2011
@@ -0,0 +1,75 @@
+Lock DKIM calls
+
+Index: milter-greylist-4.2.5/dkimcheck.c
+===================================================================
+--- milter-greylist-4.2.5.orig/dkimcheck.c
++++ milter-greylist-4.2.5/dkimcheck.c
+@@ -63,6 +63,7 @@ __RCSID("$Id: dkimcheck.c,v 1.4 2008/10/
+ #include "dkimcheck.h"
+ 
+ static DKIM_LIB *dkim_ptr = NULL;
++static pthread_rwlock_t dkim_lock;
+ static sfsistat dkimcheck_error(struct mlfi_priv *);
+ 
+ static sfsistat
+@@ -115,28 +116,36 @@ dkimcheck_error(priv)
+ }
+ 
+ void
+-dkimcheck_init(void)
++dkimcheck_clear(void)
+ {
++	/*
++	 * XXX This probably leaves stale handles for messages being processed
++	 */
++
++	WRLOCK(&dkim_lock);
++	if (dkim_ptr != NULL)
++		dkim_close(dkim_ptr);
++	dkim_ptr = NULL;
++
+ 	if ((dkim_ptr = dkim_init(NULL, NULL)) == NULL) {
+ 		mg_log(LOG_ERR, "dkim_init() failed");
+ 		exit(EX_OSERR);
+ 	}
+-
+-	return;
++	UNLOCK(&dkim_lock);
+ }
+ 
+ void
+-dkimcheck_clear(void)
++dkimcheck_init(void)
+ {
+-	/*
+-	 * XXX This probably leaves stale handles for messages being processed
+-	 */
+-	if (dkim_ptr != NULL)
+-		dkim_close(dkim_ptr);
+-	dkim_ptr = NULL;
++	int error;
+ 
+-	dkimcheck_init();
+-	return;
++	if ((error = pthread_rwlock_init(&dkim_lock, NULL)) != 0) {
++		mg_log(LOG_ERR, "pthread_rwlock_init failed: %s",
++		    strerror(error));
++		exit(EX_OSERR);
++	}
++
++	dkimcheck_clear();
+ }
+ 
+ sfsistat
+@@ -159,8 +168,11 @@ dkimcheck_header(name, value, priv)
+ 		if (priv->priv_dkimstat != DKIM_STAT_OK)
+ 			return SMFIS_CONTINUE;
+ 
++		WRLOCK(&dkim_lock);
+ 		priv->priv_dkim = dkim_verify(dkim_ptr, priv->priv_queueid,
+ 					      NULL, &priv->priv_dkimstat);
++		UNLOCK(&dkim_lock);
++
+ 		if (priv->priv_dkim == NULL) {
+ 			mg_log(LOG_ERR, "dkim_verify() failed: %s",
+ 			       dkim_getresultstr(priv->priv_dkimstat));

================================================================
Index: packages/milter-greylist/milter-greylist.spec
diff -u /dev/null packages/milter-greylist/milter-greylist.spec:1.1
--- /dev/null	Mon Aug  8 22:01:00 2011
+++ packages/milter-greylist/milter-greylist.spec	Mon Aug  8 22:00:55 2011
@@ -0,0 +1,144 @@
+# $Revision$, $Date$
+#
+# Conditional build:
+%bcond_with		spf
+%bcond_with		libbind
+
+Summary:	Milter for greylisting, the next step in the spam control war
+Name:		milter-greylist
+Version:	4.2.7
+Release:	0.1
+License:	BSD with advertising
+Group:		Daemons
+URL:		http://hcpnet.free.fr/milter-greylist/
+Source0:	ftp://ftp.espci.fr/pub/milter-greylist/%{name}-%{version}%{?beta}.tgz
+# Source0-md5:	a47d70e0b8a73d341f0d511b3f693650
+Source1:	%{name}.init
+Patch4:		ai_addrconfig.patch
+Patch7:		%{name}-dkim-reentrant.patch
+# http://tech.groups.yahoo.com/group/milter-greylist/message/5551
+Patch8:		cloexec.patch
+# http://tech.groups.yahoo.com/group/milter-greylist/message/5564
+Patch9:		spamd-null.patch
+Patch10:	config.patch
+BuildRequires:	rpmbuild(macros) >= 1.202
+Requires(postun):	/usr/sbin/userdel
+Requires(pre):	/bin/id
+Requires(pre):	/usr/sbin/useradd
+%{?with_libbind:BuildRequires:	%{_libdir}/libbind.so}
+BuildRequires:	GeoIP-devel
+BuildRequires:	bison
+BuildRequires:	curl-devel
+BuildRequires:	flex
+%{?with_spf:BuildRequires:	libspf-devel}
+BuildRequires:	m4
+BuildRequires:	sendmail-devel
+Provides:	group(%{username})
+Provides:	user(%{username})
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define		username	grmilter
+%define		vardir		%{_var}/lib/%{name}
+%define		dbdir		%{vardir}/db
+%define		rundir		%{_var}/run/%{name}
+
+%description
+Greylisting is a new method of blocking significant amounts of spam at
+the mailserver level, but without resorting to heavyweight statistical
+analysis or other heuristical (and error-prone) approaches.
+Consequently, implementations are fairly lightweight, and may even
+decrease network traffic and processor load on your mailserver.
+
+This package provides a greylist filter for sendmail's milter API.
+
+%prep
+%setup -q
+%patch4 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+
+sed -i -e 's!/libresolv.a!/../../../no-such-lib.a!g' configure
+
+grep -rl /var/milter-greylist . | xargs sed -i -e '
+	s!/var/milter-greylist/milter-greylist.sock!%{rundir}/milter-greylist.sock!g;
+	s!/var/milter-greylist/greylist.db!%{dbdir}/greylist.db!g;
+	s!/var/milter-greylist/milter-greylist.pid!%{_var}/run/milter-greylist.pid!g;
+'
+
+%build
+_comps="%{?with_libbind:libbind} libcurl"
+export CPPFLAGS="-DUSE_CURL -DUSE_GEOIP -D_GNU_SOURCE -D_REENTRANT $(pkg-config --cflags-only-I $_comps)"
+export LDFLAGS="-Wl,--as-needed $(pkg-config --libs $_comps) -lGeoIP"
+
+%configure \
+	--disable-rpath \
+	--with-user=%{username} \
+	--enable-dnsrbl \
+	--enable-spamassassin \
+	--enable-p0f \
+	--disable-drac \
+	--with-drac-db=%{vardir}/drac/drac.db \
+	%{?with_spf:--with-libspf=/usr}
+
+## is not SMP safe :(
+%{__make} -j1 \
+	TEST=false \
+	BINDIR=%{_sbindir}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+install -d $RPM_BUILD_ROOT{%{rundir},%{dbdir},%{_var}/run}
+%{__make} install \
+	TEST=false \
+	USER=%(id -u) \
+	BINDIR=%{_sbindir} \
+	DESTDIR=$RPM_BUILD_ROOT
+
+install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
+
+# create temporary files
+touch $RPM_BUILD_ROOT%{rundir}/milter-greylist.sock
+touch $RPM_BUILD_ROOT%{_var}/run/milter-greylist.pid
+
+%pre
+%groupadd -g  7 -r %{username}
+%useradd -u 7 -r -s /sbin/nologin -M -d %{vardir} -c 'Greylist-milter user' -g %{username} %{username}
+
+%postun
+if [ "$1" = "0" ]; then
+	%userremove  %{username}
+	%groupremove %{username}
+fi
+
+%post
+/sbin/chkconfig --add %{name}
+%service %{name} restart
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%doc ChangeLog README
+%attr(640,root,%{username}) %verify(not mtime) %config(noreplace) %{_sysconfdir}/mail/greylist.conf
+%attr(754,root,root) /etc/rc.d/init.d/milter-greylist
+%attr(755,root,root) %{_sbindir}/milter-greylist
+%{_mandir}/man5/greylist.conf.5*
+%{_mandir}/man8/milter-greylist.8*
+%dir %attr(751,%{username},%{username}) %{vardir}
+%dir %attr(770,root,%{username}) %{dbdir}
+%dir %attr(710,%{username},mail) %{rundir}
+%ghost %{rundir}/milter-greylist.sock
+%ghost %{_var}/run/milter-greylist.pid
+
+%define date	%(echo `LC_ALL="C" date +"%a %b %d %Y"`)
+%changelog
+* %{date} PLD Team <feedback at pld-linux.org>
+All persons listed below can be reached at <cvs_login>@pld-linux.org
+
+$Log$
+Revision 1.1  2011/08/08 20:00:55  glen
+- new, based on fedora package

================================================================
Index: packages/milter-greylist/spamd-null.patch
diff -u /dev/null packages/milter-greylist/spamd-null.patch:1.1
--- /dev/null	Mon Aug  8 22:01:00 2011
+++ packages/milter-greylist/spamd-null.patch	Mon Aug  8 22:00:55 2011
@@ -0,0 +1,72 @@
+Index: milter-greylist-4.2.5/milter-greylist.c
+===================================================================
+--- milter-greylist-4.2.5.orig/milter-greylist.c
++++ milter-greylist-4.2.5/milter-greylist.c
+@@ -735,6 +735,7 @@ real_header(ctx, name, value)
+ 	strcat(h->h_line, sep);
+ 	strcat(h->h_line, value);
+ 	strcat(h->h_line, crlf);
++	h->h_len = len;
+ 
+ 	TAILQ_INSERT_TAIL(&priv->priv_header, h, h_list);
+ 
+@@ -814,6 +815,7 @@ real_body(ctx, chunk, size)
+ 			exit(EX_OSERR);
+ 		}
+ 
++		b->b_len = strlen(crlf);
+ 		TAILQ_INSERT_TAIL(&priv->priv_body, b, b_list);
+ 
+ 		priv->priv_msgcount += strlen(crlf);
+@@ -847,6 +849,7 @@ real_body(ctx, chunk, size)
+ 
+ 		memcpy(b->b_lines + priv->priv_buflen, chunk, i);
+ 		b->b_lines[linelen] = '\0';
++		b->b_len = linelen;
+ 		priv->priv_buflen = 0;
+ 
+ 		TAILQ_INSERT_TAIL(&priv->priv_body, b, b_list);
+@@ -904,6 +907,7 @@ real_eom(ctx)
+ 		}
+ 
+ 		b->b_lines = priv->priv_buf;
++		b->b_len = priv->priv_buflen - 1;
+ 		b->b_lines[priv->priv_buflen - 1] = '\0';
+ 
+ 		priv->priv_buf = NULL;
+Index: milter-greylist-4.2.5/milter-greylist.h
+===================================================================
+--- milter-greylist-4.2.5.orig/milter-greylist.h
++++ milter-greylist-4.2.5/milter-greylist.h
+@@ -173,11 +173,13 @@ struct rcpt {
+ 
+ struct header {
+ 	char *h_line;
++	size_t h_len;
+ 	TAILQ_ENTRY(header) h_list;
+ };
+ 
+ struct body {
+ 	char *b_lines;
++	size_t b_len;
+ 	TAILQ_ENTRY(body) b_list;
+ };
+ 
+Index: milter-greylist-4.2.5/spamd.c
+===================================================================
+--- milter-greylist-4.2.5.orig/spamd.c
++++ milter-greylist-4.2.5/spamd.c
+@@ -186,11 +186,11 @@ spamd_check(ad, stage, ap, priv)
+ 			return -1;
+ 
+ 	TAILQ_FOREACH(h, &priv->priv_header, h_list)
+-		if (spamd_write(sock, h->h_line, strlen(h->h_line)) == -1)
++		if (spamd_write(sock, h->h_line, h->h_len) == -1)
+ 			return -1;
+ 			
+ 	TAILQ_FOREACH(b, &priv->priv_body, b_list)
+-		if (spamd_write(sock, b->b_lines, strlen(b->b_lines)) == -1)
++		if (spamd_write(sock, b->b_lines, b->b_len) == -1)
+ 			return -1;
+ 
+ 	if (spamd_read(sock, buffer, SPAMD_BUFLEN) == -1)
================================================================

More information about the pld-cvs-commit mailing list