From 999846d56f81110daf9a800501cfd1ae053b33e9 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 24 Apr 2012 09:43:54 +0200 Subject: [PATCH] close systemd extra sockets that are not configured --- dovecot-2.0.19-systemdfix.patch | 102 ++++++++++++++++++++++++++++++++ dovecot.spec | 7 ++- 2 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.0.19-systemdfix.patch diff --git a/dovecot-2.0.19-systemdfix.patch b/dovecot-2.0.19-systemdfix.patch new file mode 100644 index 0000000..49c8e39 --- /dev/null +++ b/dovecot-2.0.19-systemdfix.patch @@ -0,0 +1,102 @@ +diff -up dovecot-2.0.20/src/master/service-listen.c.systemdfix dovecot-2.0.20/src/master/service-listen.c +--- dovecot-2.0.20/src/master/service-listen.c.systemdfix 2011-12-13 12:38:27.000000000 +0100 ++++ dovecot-2.0.20/src/master/service-listen.c 2012-04-13 18:29:37.724290656 +0200 +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + + #define MIN_BACKLOG 4 + #define MAX_BACKLOG 511 +@@ -231,16 +232,90 @@ static int service_listen(struct service + return ret; + } + ++static int get_socket_info(int fd, unsigned int *family, unsigned int *port) ++{ ++ union sockaddr_union { ++ struct sockaddr sa; ++ struct sockaddr_in in4; ++ struct sockaddr_in6 in6; ++ } sockaddr; ++ socklen_t l; ++ ++ if (port) *port = -1; ++ if (family) *family = -1; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (family) *family = sockaddr.sa.sa_family; ++ if (port) { ++ if (sockaddr.sa.sa_family == AF_INET) { ++ if (l < sizeof(struct sockaddr_in)) ++ return -EINVAL; ++ ++ *port = ntohs(sockaddr.in4.sin_port); ++ } else { ++ if (l < sizeof(struct sockaddr_in6)) ++ return -EINVAL; ++ ++ *port = ntohs(sockaddr.in6.sin6_port); ++ } ++ } ++ return 0; ++} ++ + int services_listen(struct service_list *service_list) + { + struct service *const *services; + int ret = 1, ret2; + + array_foreach(&service_list->services, services) { + ret2 = service_listen(*services); + if (ret2 < ret) + ret = ret2; + } ++ ++ static int sd_fds = -1; ++ int fd, fd_max; ++ ++ if (sd_fds < 0) { ++ sd_fds = sd_listen_fds(0); ++ if (sd_fds == -1) { ++ i_error("sd_listen_fds() failed: %m"); ++ return -1; ++ } ++ } ++ ++ fd_max = SD_LISTEN_FDS_START + sd_fds - 1; ++ for (fd = SD_LISTEN_FDS_START; fd <= fd_max; fd++) { ++ if (sd_is_socket_inet(fd, 0, SOCK_STREAM, 1, 0) > 0) { ++ int found = FALSE; ++ unsigned int port, family; ++ get_socket_info(fd, &family, &port); ++ ++ array_foreach(&service_list->services, services) { ++ struct service_listener *const *listeners; ++ array_foreach(&(*services)->listeners, listeners) { ++ struct service_listener *l = *listeners; ++ if (l->type != SERVICE_LISTENER_INET) continue; ++ if (l->set.inetset.set->port == port && l->set.inetset.ip.family == family) { ++ found = TRUE; ++ break; ++ } ++ } ++ if (found) break; ++ } ++ if (!found) { ++ i_error("we've got socket that listens on port %d, but it's not configured. Closing.",port); ++ if (shutdown(fd,SHUT_RDWR) < 0 && errno != ENOTCONN) i_error("shutdown() failed: %m"); ++ close(fd); ++ } ++ } ++ } ++ + return ret; + } + diff --git a/dovecot.spec b/dovecot.spec index 4a11cd4..3f3a803 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Name: dovecot Epoch: 1 Version: 2.1.4 #global prever .rc6 -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -28,6 +28,7 @@ Patch2: dovecot-1.0.beta2-mkcert-permissions.patch Patch3: dovecot-1.0.rc7-mkcert-paths.patch Patch4: dovecot-2.1-privatetmp.patch Patch5: dovecot-2.1.4-postreleasefix.patch +Patch6: dovecot-2.0.19-systemdfix.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -113,6 +114,7 @@ This package provides the development files for dovecot. %patch3 -p1 -b .mkcert-paths %patch4 -p1 -b .privatetmp %patch5 -p1 -b .postreleasefix +%patch6 -p1 -b .systemdfix sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in %build @@ -429,6 +431,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Apr 24 2012 Michal Hlavinka - 1:2.1.4-2 +- close systemd extra sockets that are not configured + * Tue Apr 10 2012 Michal Hlavinka - 1:2.1.4-1 - dovecot updated to 2.1.4 - Proxying SSL connections crashed in v2.1.[23]