packages: milter-greylist/ai_addrconfig.patch (NEW), milter-greylist/cloexe...
glen
glen at pld-linux.org
Mon Aug 8 22:01:00 CEST 2011
Author: glen Date: Mon Aug 8 20:01:00 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- new, based on fedora package
---- Files affected:
packages/milter-greylist:
ai_addrconfig.patch (NONE -> 1.1) (NEW), cloexec.patch (NONE -> 1.1) (NEW), milter-greylist-dkim-reentrant.patch (NONE -> 1.1) (NEW), milter-greylist.spec (NONE -> 1.1) (NEW), spamd-null.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/milter-greylist/ai_addrconfig.patch
diff -u /dev/null packages/milter-greylist/ai_addrconfig.patch:1.1
--- /dev/null Mon Aug 8 22:01:00 2011
+++ packages/milter-greylist/ai_addrconfig.patch Mon Aug 8 22:00:55 2011
@@ -0,0 +1,34 @@
+ISC libbind provides AI_ADDRCONFIG macro, but getaddrinfo() fails with
+EAI_BADFLAGS when invoked with it. This patch retries getaddrinfo()
+without AI_ADDRCONFIG flag in this case.
+
+It is very simple and a ./configure test for working AI_ADDRCONFIG
+might be better.
+
+Index: milter-greylist-4.2.5/spamd.c
+===================================================================
+--- milter-greylist-4.2.5.orig/spamd.c
++++ milter-greylist-4.2.5/spamd.c
+@@ -454,11 +454,21 @@ spamd_inet_socket(host, port)
+
+ bzero(&hints, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
++
+ #ifdef AI_ADDRCONFIG
+ hints.ai_flags = AI_ADDRCONFIG;
++
++again:
++ e = getaddrinfo(host, port, &hints, &ai);
++ if (e == EAI_BADFLAGS && (hints.ai_flags & AI_ADDRCONFIG)) {
++ hints.ai_flags &= ~AI_ADDRCONFIG;
++ goto again;
++ }
++#else
++ e = getaddrinfo(host, port, &hints, &ai);
+ #endif
+
+- if ((e = getaddrinfo(host, port, &hints, &ai))) {
++ if (e) {
+ mg_log(LOG_ERR,
+ "spamd getaddrinfo failed: %s",
+ gai_strerror(e));
================================================================
Index: packages/milter-greylist/cloexec.patch
diff -u /dev/null packages/milter-greylist/cloexec.patch:1.1
--- /dev/null Mon Aug 8 22:01:00 2011
+++ packages/milter-greylist/cloexec.patch Mon Aug 8 22:00:55 2011
@@ -0,0 +1,213 @@
+Set CLOEXEC flags for sockets
+
+Subprocesses spawned by 'stat "| ..."' inherited all open sockets.
+This wastes resources because it keeps lot of half-open sockets in the
+system, can cause problems with SELinux and cause misbehavior because
+sockets seems to be still open for the other side.
+
+E.g. on my system, the stat logger consumes
+
+ # ls /proc/10204/fd | wc -l
+ 166
+
+sockets.
+
+Index: milter-greylist-4.2.5/milter-greylist.h
+===================================================================
+--- milter-greylist-4.2.5.orig/milter-greylist.h
++++ milter-greylist-4.2.5/milter-greylist.h
+@@ -257,6 +257,16 @@ char *fstring_escape(char *);
+ size_t mystrlcat(char *, const char *src, size_t size);
+ #endif
+
++#ifdef USE_CLOEXEC
++/* This requires Linux 2.6.27+ and the conditional must be set manually */
++#define socket_cloexec(_domain, _type, _protocol) \
++ socket(_domain, (_type) | SOCK_CLOEXEC, _protocol)
++#else
++int socket_cloexec(int domain, int type, int protocol);
++#endif
++
++int set_cloexec_flag(int fd, int value);
++
+ /*
+ * Locking management
+ */
+Index: milter-greylist-4.2.5/p0f.c
+===================================================================
+--- milter-greylist-4.2.5.orig/p0f.c
++++ milter-greylist-4.2.5/p0f.c
+@@ -268,7 +268,7 @@ p0f_connect(void)
+ if (!conf.c_p0fsock[0])
+ return -1;
+
+- if ((p0fsock = socket(PF_UNIX,SOCK_STREAM,0)) == -1) {
++ if ((p0fsock = socket_cloexec(PF_UNIX,SOCK_STREAM,0)) == -1) {
+ mg_log(LOG_ERR, "socket(PF_UNIX, SOCK_STREAM, 0) failed");
+ exit(EX_OSERR);
+ }
+Index: milter-greylist-4.2.5/spamd.c
+===================================================================
+--- milter-greylist-4.2.5.orig/spamd.c
++++ milter-greylist-4.2.5/spamd.c
+@@ -429,7 +429,7 @@ spamd_unix_socket(path)
+ sun.sun_family = AF_UNIX;
+ strncpy(sun.sun_path, path, sizeof(sun.sun_path) - 1);
+
+- if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
++ if ((sock = socket_cloexec(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+ mg_log(LOG_ERR, "spamd socket failed: %s", strerror(errno));
+ return -1;
+ }
+@@ -476,9 +476,9 @@ again:
+ }
+
+ for (res = ai; res != NULL; res = res->ai_next) {
+- sock = socket(res->ai_family,
+- res->ai_socktype,
+- res->ai_protocol);
++ sock = socket_cloexec(res->ai_family,
++ res->ai_socktype,
++ res->ai_protocol);
+ if (sock == -1)
+ continue;
+
+Index: milter-greylist-4.2.5/sync.c
+===================================================================
+--- milter-greylist-4.2.5.orig/sync.c
++++ milter-greylist-4.2.5/sync.c
+@@ -449,7 +449,8 @@ peer_connect(peer) /* peer list is read-
+
+ for (res = res0; res; res = res->ai_next) {
+ /*We only test an address family which kernel supports. */
+- s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++ s = socket_cloexec(res->ai_family, res->ai_socktype,
++ res->ai_protocol);
+ if (s == -1)
+ continue;
+ close(s);
+@@ -462,7 +463,8 @@ peer_connect(peer) /* peer list is read-
+ }
+
+ for (res = res0; res; res = res->ai_next) {
+- s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++ s = socket_cloexec(res->ai_family, res->ai_socktype,
++ res->ai_protocol);
+ if (s == -1)
+ continue;
+
+@@ -541,7 +543,8 @@ peer_connect(peer) /* peer list is read-
+ else
+ proto = pe->p_proto;
+
+- if ((s = socket(SA(&raddr)->sa_family, SOCK_STREAM, proto)) == -1) {
++ if ((s = socket_cloexec(SA(&raddr)->sa_family, SOCK_STREAM,
++ proto)) == -1) {
+ mg_log(LOG_ERR, "cannot sync with peer %s, "
+ "socket failed: %s (%d entries queued)",
+ peer->p_name, strerror(errno), peer->p_qlen);
+@@ -779,6 +782,7 @@ sync_master(arg)
+
+
+ }
++ set_cloexec_flag(fd, 1);
+ unmappedaddr(SA(&raddr), &raddrlen);
+
+ conf_release();
+@@ -945,7 +949,7 @@ sync_listen(addr, port, sms)
+ return;
+ }
+
+- if ((s = socket(SA(&laddr)->sa_family, SOCK_STREAM, proto)) == -1) {
++ if ((s = socket_cloexec(SA(&laddr)->sa_family, SOCK_STREAM, proto)) == -1) {
+ sms->runs = SMS_DISABLED;
+ return;
+ }
+@@ -1510,7 +1514,7 @@ local_addr(sa, salen)
+ break;
+ }
+
+- if ((sfd = socket(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
++ if ((sfd = socket_cloexec(sa->sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+ mg_log(LOG_ERR, "local_addr: socket failed: %s",
+ strerror(errno));
+ return -1;
+Index: milter-greylist-4.2.5/conf.c
+===================================================================
+--- milter-greylist-4.2.5.orig/conf.c
++++ milter-greylist-4.2.5/conf.c
+@@ -184,6 +184,7 @@ conf_load_internal(timestamp)
+ if (conf_cold)
+ exit(EX_OSERR);
+ } else {
++ set_cloexec_flag(fileno(stream), 1);
+ TSS_SET(conf_key, newconf);
+
+ peer_clear();
+Index: milter-greylist-4.2.5/fd_pool.c
+===================================================================
+--- milter-greylist-4.2.5.orig/fd_pool.c
++++ milter-greylist-4.2.5/fd_pool.c
+@@ -122,6 +122,7 @@ int fd_new_desc() {
+ strerror(errno));
+ return -1;
+ }
++ set_cloexec_flag(descriptor, 1);
+ return descriptor;
+ }
+
+@@ -340,6 +341,7 @@ FILE *fopen_ext(char *path, char *mode)
+ err = errno;
+
+ if (stream != NULL) {
++ set_cloexec_flag(fileno(stream), 1);
+ if ( descriptor == fileno(stream) ) {
+ /* we are in luck, fopen has successfully aquired our low descriptor ... */
+ return stream;
+Index: milter-greylist-4.2.5/milter-greylist.c
+===================================================================
+--- milter-greylist-4.2.5.orig/milter-greylist.c
++++ milter-greylist-4.2.5/milter-greylist.c
+@@ -3227,3 +3227,29 @@ mg_setreply(ctx, priv, rcpt)
+ return r;
+ }
+
++#ifndef USE_CLOEXEC
++int socket_cloexec(int domain, int type, int protocol)
++{
++ int fd = socket(domain, type, protocol);
++
++ if (fd >= 0)
++ set_cloexec_flag(fd, 1);
++
++ return fd;
++}
++#endif
++
++int set_cloexec_flag (int fd, int value)
++{
++ int oldflags = fcntl(fd, F_GETFD, 0);
++
++ if (oldflags < 0)
++ return oldflags;
++
++ if (value)
++ oldflags |= FD_CLOEXEC;
++ else
++ oldflags &= ~FD_CLOEXEC;
++
++ return fcntl(fd, F_SETFD, oldflags);
++}
+Index: milter-greylist-4.2.5/stat.c
+===================================================================
+--- milter-greylist-4.2.5.orig/stat.c
++++ milter-greylist-4.2.5/stat.c
+@@ -126,6 +126,8 @@ mg_stat_def(output, fstring)
+ return;
+ }
+
++ set_cloexec_flag(fileno(outfp), 1);
++
+ if ((format = fstring_escape(strdup(fstring))) == NULL) {
+ mg_log(LOG_ERR, "strdup failed: %s", strerror(errno));
+ exit(EX_OSERR);
================================================================
Index: packages/milter-greylist/milter-greylist-dkim-reentrant.patch
diff -u /dev/null packages/milter-greylist/milter-greylist-dkim-reentrant.patch:1.1
--- /dev/null Mon Aug 8 22:01:00 2011
+++ packages/milter-greylist/milter-greylist-dkim-reentrant.patch Mon Aug 8 22:00:55 2011
@@ -0,0 +1,75 @@
+Lock DKIM calls
+
+Index: milter-greylist-4.2.5/dkimcheck.c
+===================================================================
+--- milter-greylist-4.2.5.orig/dkimcheck.c
++++ milter-greylist-4.2.5/dkimcheck.c
+@@ -63,6 +63,7 @@ __RCSID("$Id: dkimcheck.c,v 1.4 2008/10/
+ #include "dkimcheck.h"
+
+ static DKIM_LIB *dkim_ptr = NULL;
++static pthread_rwlock_t dkim_lock;
+ static sfsistat dkimcheck_error(struct mlfi_priv *);
+
+ static sfsistat
+@@ -115,28 +116,36 @@ dkimcheck_error(priv)
+ }
+
+ void
+-dkimcheck_init(void)
++dkimcheck_clear(void)
+ {
++ /*
++ * XXX This probably leaves stale handles for messages being processed
++ */
++
++ WRLOCK(&dkim_lock);
++ if (dkim_ptr != NULL)
++ dkim_close(dkim_ptr);
++ dkim_ptr = NULL;
++
+ if ((dkim_ptr = dkim_init(NULL, NULL)) == NULL) {
+ mg_log(LOG_ERR, "dkim_init() failed");
+ exit(EX_OSERR);
+ }
+-
+- return;
++ UNLOCK(&dkim_lock);
+ }
+
+ void
+-dkimcheck_clear(void)
++dkimcheck_init(void)
+ {
+- /*
+- * XXX This probably leaves stale handles for messages being processed
+- */
+- if (dkim_ptr != NULL)
+- dkim_close(dkim_ptr);
+- dkim_ptr = NULL;
++ int error;
+
+- dkimcheck_init();
+- return;
++ if ((error = pthread_rwlock_init(&dkim_lock, NULL)) != 0) {
++ mg_log(LOG_ERR, "pthread_rwlock_init failed: %s",
++ strerror(error));
++ exit(EX_OSERR);
++ }
++
++ dkimcheck_clear();
+ }
+
+ sfsistat
+@@ -159,8 +168,11 @@ dkimcheck_header(name, value, priv)
+ if (priv->priv_dkimstat != DKIM_STAT_OK)
+ return SMFIS_CONTINUE;
+
++ WRLOCK(&dkim_lock);
+ priv->priv_dkim = dkim_verify(dkim_ptr, priv->priv_queueid,
+ NULL, &priv->priv_dkimstat);
++ UNLOCK(&dkim_lock);
++
+ if (priv->priv_dkim == NULL) {
+ mg_log(LOG_ERR, "dkim_verify() failed: %s",
+ dkim_getresultstr(priv->priv_dkimstat));
================================================================
Index: packages/milter-greylist/milter-greylist.spec
diff -u /dev/null packages/milter-greylist/milter-greylist.spec:1.1
--- /dev/null Mon Aug 8 22:01:00 2011
+++ packages/milter-greylist/milter-greylist.spec Mon Aug 8 22:00:55 2011
@@ -0,0 +1,144 @@
+# $Revision$, $Date$
+#
+# Conditional build:
+%bcond_with spf
+%bcond_with libbind
+
+Summary: Milter for greylisting, the next step in the spam control war
+Name: milter-greylist
+Version: 4.2.7
+Release: 0.1
+License: BSD with advertising
+Group: Daemons
+URL: http://hcpnet.free.fr/milter-greylist/
+Source0: ftp://ftp.espci.fr/pub/milter-greylist/%{name}-%{version}%{?beta}.tgz
+# Source0-md5: a47d70e0b8a73d341f0d511b3f693650
+Source1: %{name}.init
+Patch4: ai_addrconfig.patch
+Patch7: %{name}-dkim-reentrant.patch
+# http://tech.groups.yahoo.com/group/milter-greylist/message/5551
+Patch8: cloexec.patch
+# http://tech.groups.yahoo.com/group/milter-greylist/message/5564
+Patch9: spamd-null.patch
+Patch10: config.patch
+BuildRequires: rpmbuild(macros) >= 1.202
+Requires(postun): /usr/sbin/userdel
+Requires(pre): /bin/id
+Requires(pre): /usr/sbin/useradd
+%{?with_libbind:BuildRequires: %{_libdir}/libbind.so}
+BuildRequires: GeoIP-devel
+BuildRequires: bison
+BuildRequires: curl-devel
+BuildRequires: flex
+%{?with_spf:BuildRequires: libspf-devel}
+BuildRequires: m4
+BuildRequires: sendmail-devel
+Provides: group(%{username})
+Provides: user(%{username})
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define username grmilter
+%define vardir %{_var}/lib/%{name}
+%define dbdir %{vardir}/db
+%define rundir %{_var}/run/%{name}
+
+%description
+Greylisting is a new method of blocking significant amounts of spam at
+the mailserver level, but without resorting to heavyweight statistical
+analysis or other heuristical (and error-prone) approaches.
+Consequently, implementations are fairly lightweight, and may even
+decrease network traffic and processor load on your mailserver.
+
+This package provides a greylist filter for sendmail's milter API.
+
+%prep
+%setup -q
+%patch4 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+
+sed -i -e 's!/libresolv.a!/../../../no-such-lib.a!g' configure
+
+grep -rl /var/milter-greylist . | xargs sed -i -e '
+ s!/var/milter-greylist/milter-greylist.sock!%{rundir}/milter-greylist.sock!g;
+ s!/var/milter-greylist/greylist.db!%{dbdir}/greylist.db!g;
+ s!/var/milter-greylist/milter-greylist.pid!%{_var}/run/milter-greylist.pid!g;
+'
+
+%build
+_comps="%{?with_libbind:libbind} libcurl"
+export CPPFLAGS="-DUSE_CURL -DUSE_GEOIP -D_GNU_SOURCE -D_REENTRANT $(pkg-config --cflags-only-I $_comps)"
+export LDFLAGS="-Wl,--as-needed $(pkg-config --libs $_comps) -lGeoIP"
+
+%configure \
+ --disable-rpath \
+ --with-user=%{username} \
+ --enable-dnsrbl \
+ --enable-spamassassin \
+ --enable-p0f \
+ --disable-drac \
+ --with-drac-db=%{vardir}/drac/drac.db \
+ %{?with_spf:--with-libspf=/usr}
+
+## is not SMP safe :(
+%{__make} -j1 \
+ TEST=false \
+ BINDIR=%{_sbindir}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+install -d $RPM_BUILD_ROOT{%{rundir},%{dbdir},%{_var}/run}
+%{__make} install \
+ TEST=false \
+ USER=%(id -u) \
+ BINDIR=%{_sbindir} \
+ DESTDIR=$RPM_BUILD_ROOT
+
+install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
+
+# create temporary files
+touch $RPM_BUILD_ROOT%{rundir}/milter-greylist.sock
+touch $RPM_BUILD_ROOT%{_var}/run/milter-greylist.pid
+
+%pre
+%groupadd -g 7 -r %{username}
+%useradd -u 7 -r -s /sbin/nologin -M -d %{vardir} -c 'Greylist-milter user' -g %{username} %{username}
+
+%postun
+if [ "$1" = "0" ]; then
+ %userremove %{username}
+ %groupremove %{username}
+fi
+
+%post
+/sbin/chkconfig --add %{name}
+%service %{name} restart
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%doc ChangeLog README
+%attr(640,root,%{username}) %verify(not mtime) %config(noreplace) %{_sysconfdir}/mail/greylist.conf
+%attr(754,root,root) /etc/rc.d/init.d/milter-greylist
+%attr(755,root,root) %{_sbindir}/milter-greylist
+%{_mandir}/man5/greylist.conf.5*
+%{_mandir}/man8/milter-greylist.8*
+%dir %attr(751,%{username},%{username}) %{vardir}
+%dir %attr(770,root,%{username}) %{dbdir}
+%dir %attr(710,%{username},mail) %{rundir}
+%ghost %{rundir}/milter-greylist.sock
+%ghost %{_var}/run/milter-greylist.pid
+
+%define date %(echo `LC_ALL="C" date +"%a %b %d %Y"`)
+%changelog
+* %{date} PLD Team <feedback at pld-linux.org>
+All persons listed below can be reached at <cvs_login>@pld-linux.org
+
+$Log$
+Revision 1.1 2011/08/08 20:00:55 glen
+- new, based on fedora package
================================================================
Index: packages/milter-greylist/spamd-null.patch
diff -u /dev/null packages/milter-greylist/spamd-null.patch:1.1
--- /dev/null Mon Aug 8 22:01:00 2011
+++ packages/milter-greylist/spamd-null.patch Mon Aug 8 22:00:55 2011
@@ -0,0 +1,72 @@
+Index: milter-greylist-4.2.5/milter-greylist.c
+===================================================================
+--- milter-greylist-4.2.5.orig/milter-greylist.c
++++ milter-greylist-4.2.5/milter-greylist.c
+@@ -735,6 +735,7 @@ real_header(ctx, name, value)
+ strcat(h->h_line, sep);
+ strcat(h->h_line, value);
+ strcat(h->h_line, crlf);
++ h->h_len = len;
+
+ TAILQ_INSERT_TAIL(&priv->priv_header, h, h_list);
+
+@@ -814,6 +815,7 @@ real_body(ctx, chunk, size)
+ exit(EX_OSERR);
+ }
+
++ b->b_len = strlen(crlf);
+ TAILQ_INSERT_TAIL(&priv->priv_body, b, b_list);
+
+ priv->priv_msgcount += strlen(crlf);
+@@ -847,6 +849,7 @@ real_body(ctx, chunk, size)
+
+ memcpy(b->b_lines + priv->priv_buflen, chunk, i);
+ b->b_lines[linelen] = '\0';
++ b->b_len = linelen;
+ priv->priv_buflen = 0;
+
+ TAILQ_INSERT_TAIL(&priv->priv_body, b, b_list);
+@@ -904,6 +907,7 @@ real_eom(ctx)
+ }
+
+ b->b_lines = priv->priv_buf;
++ b->b_len = priv->priv_buflen - 1;
+ b->b_lines[priv->priv_buflen - 1] = '\0';
+
+ priv->priv_buf = NULL;
+Index: milter-greylist-4.2.5/milter-greylist.h
+===================================================================
+--- milter-greylist-4.2.5.orig/milter-greylist.h
++++ milter-greylist-4.2.5/milter-greylist.h
+@@ -173,11 +173,13 @@ struct rcpt {
+
+ struct header {
+ char *h_line;
++ size_t h_len;
+ TAILQ_ENTRY(header) h_list;
+ };
+
+ struct body {
+ char *b_lines;
++ size_t b_len;
+ TAILQ_ENTRY(body) b_list;
+ };
+
+Index: milter-greylist-4.2.5/spamd.c
+===================================================================
+--- milter-greylist-4.2.5.orig/spamd.c
++++ milter-greylist-4.2.5/spamd.c
+@@ -186,11 +186,11 @@ spamd_check(ad, stage, ap, priv)
+ return -1;
+
+ TAILQ_FOREACH(h, &priv->priv_header, h_list)
+- if (spamd_write(sock, h->h_line, strlen(h->h_line)) == -1)
++ if (spamd_write(sock, h->h_line, h->h_len) == -1)
+ return -1;
+
+ TAILQ_FOREACH(b, &priv->priv_body, b_list)
+- if (spamd_write(sock, b->b_lines, strlen(b->b_lines)) == -1)
++ if (spamd_write(sock, b->b_lines, b->b_len) == -1)
+ return -1;
+
+ if (spamd_read(sock, buffer, SPAMD_BUFLEN) == -1)
================================================================
More information about the pld-cvs-commit
mailing list