diff --git a/asyncserver.start_selinux.patch b/asyncserver.start_selinux.patch new file mode 100644 index 0000000..7f36ae4 --- /dev/null +++ b/asyncserver.start_selinux.patch @@ -0,0 +1,35 @@ +From 20c717c25c5d180b720bec6902475f07b02f8b87 Mon Sep 17 00:00:00 2001 +From: Jonathan G. Underwood +Date: Sun, 3 Jan 2010 02:16:09 +0000 +Subject: [PATCH] Set socket file descriptor in AsyncServer.start to be CLOEXEC + +https://bugzilla.redhat.com/show_bug.cgi?id=522767 +--- + server/asyncserver.py | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/server/asyncserver.py b/server/asyncserver.py +index 35cebf1..96b62d0 100644 +--- a/server/asyncserver.py ++++ b/server/asyncserver.py +@@ -26,7 +26,7 @@ __license__ = "GPL" + + from pickle import dumps, loads, HIGHEST_PROTOCOL + from common import helpers +-import asyncore, asynchat, socket, os, logging, sys, traceback ++import asyncore, asynchat, socket, os, logging, sys, traceback, fcntl + + # Gets the instance of the logger. + logSys = logging.getLogger("fail2ban.server") +@@ -126,6 +126,8 @@ class AsyncServer(asyncore.dispatcher): + raise AsyncServerException("Server already running") + # Creates the socket. + self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM) ++ fd = self.fileno() ++ fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC) + self.set_reuse_addr() + try: + self.bind(sock) +-- +1.6.5.2 + diff --git a/fail2ban.spec b/fail2ban.spec index b94c8e3..76f5e33 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -4,7 +4,7 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.8.4 -Release: 23%{?dist} +Release: 24%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ @@ -14,6 +14,7 @@ Patch0: fail2ban-0.8.3-init.patch Patch1: fail2ban-0.8.1-sshd.patch Patch3: fail2ban-0.8.2-fd_cloexec.patch Patch6: fail2ban-0.8.3-log2syslog.patch +Patch7: asyncserver.start_selinux.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: python-devel >= 2.3 BuildArch: noarch @@ -33,6 +34,7 @@ failures. It updates firewall rules to reject the IP address. %patch1 -p1 -b .sshd %patch3 -p1 -b .fd_cloexec %patch6 -p1 -b .log2syslog +%patch7 -p1 -b .fd_cloexec2 %build python setup.py build @@ -82,6 +84,10 @@ fi %dir %{_localstatedir}/run/fail2ban %changelog +* Sun Feb 14 2010 Axel Thimm - 0.8.4-24 +- Patch by Jonathan G. Underwood to + cloexec another fd leak. + * Fri Sep 11 2009 Axel Thimm - 0.8.4-23 - update to 0.8.4.