Hello community, here is the log from the commit of package dirmngr for openSUSE:11.4 checked in at Fri Sep 9 16:21:19 CEST 2011.
-------- --- old-versions/11.4/all/dirmngr/dirmngr.changes 2010-11-18 17:21:38.000000000 +0100 +++ 11.4/dirmngr/dirmngr.changes 2011-09-07 13:22:58.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Sep 7 11:19:58 UTC 2011 - [email protected] + +- fixed local DoS (bnc#700091) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/dirmngr Destination is old-versions/11.4/UPDATES/all/dirmngr calling whatdependson for 11.4-i586 New: ---- dirmngr-1.1.0-local-DoS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dirmngr.spec ++++++ --- /var/tmp/diff_new_pack.H8By7E/_old 2011-09-09 16:20:02.000000000 +0200 +++ /var/tmp/diff_new_pack.H8By7E/_new 2011-09-09 16:20:02.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package dirmngr (Version 1.1.0) +# spec file for package dirmngr # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,7 +31,7 @@ BuildRequires: openldap2-devel Url: http://www.gnupg.org/aegypten/ Version: 1.1.0 -Release: 2 +Release: 5.<RELEASE6> Requires: openssl Summary: A Client for Managing and Downloading CRLs License: GPLv2+ @@ -43,6 +43,8 @@ Patch0: dirmngr-1.0.2-optflags.patch # From upstream: Patch1: dirmngr-GPLv3.patch +#PATCH-FIX-UPSTREAM fixes local DoS (bnc#700091) +Patch2: dirmngr-1.1.0-local-DoS.patch %description Dirmngr is a client for managing and downloading certificate revocation @@ -62,6 +64,7 @@ %setup -q -n %{name}-%{version} %patch0 %patch1 +%patch2 -p1 cp %{S:1} . %build ++++++ dirmngr-1.1.0-local-DoS.patch ++++++ --- trunk/src/http.c 2010/12/14 19:22:32 346 +++ trunk/src/http.c 2011/01/20 14:56:48 347 @@ -98,6 +98,16 @@ }; #endif/*!USE_DNS_SRV*/ +#ifdef HAVE_PTH +# define my_select(a,b,c,d,e) pth_select ((a), (b), (c), (d), (e)) +# define my_connect(a,b,c) pth_connect ((a), (b), (c)) +# define my_accept(a,b,c) pth_accept ((a), (b), (c)) +#else +# define my_select(a,b,c,d,e) select ((a), (b), (c), (d), (e)) +# define my_connect(a,b,c) connect ((a), (b), (c)) +# define my_accept(a,b,c) accept ((a), (b), (c)) +#endif + #ifdef HAVE_W32_SYSTEM #define sock_close(a) closesocket(a) @@ -1333,14 +1343,14 @@ FD_ZERO (&rfds); FD_SET (fd, &rfds); - if (select (fd + 1, &rfds, NULL, NULL, NULL) <= 0) + if (my_select (fd + 1, &rfds, NULL, NULL, NULL) <= 0) continue; /* ignore any errors */ if (!FD_ISSET (fd, &rfds)) continue; addrlen = sizeof peer; - client = accept (fd, (struct sockaddr *) &peer, &addrlen); + client = my_accept (fd, (struct sockaddr *) &peer, &addrlen); if (client == -1) continue; /* oops */ @@ -1406,7 +1416,7 @@ addr.sin_port = htons(port); memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr)); - if (!connect (sock,(struct sockaddr *)&addr,sizeof(addr)) ) + if (!my_connect (sock,(struct sockaddr *)&addr,sizeof(addr)) ) return sock; sock_close(sock); return -1; @@ -1474,7 +1484,7 @@ return -1; } - if (connect (sock, ai->ai_addr, ai->ai_addrlen)) + if (my_connect (sock, ai->ai_addr, ai->ai_addrlen)) last_errno = errno; else connected = 1; @@ -1528,7 +1538,7 @@ for (i = 0; host->h_addr_list[i] && !connected; i++) { memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length); - if (connect (sock, (struct sockaddr *) &addr, sizeof (addr))) + if (my_connect (sock, (struct sockaddr *) &addr, sizeof (addr))) last_errno = errno; else { @@ -1594,7 +1604,7 @@ tv.tv_sec = 0; tv.tv_usec = 50000; - select (0, NULL, NULL, NULL, &tv); + my_select (0, NULL, NULL, NULL, &tv); goto again; } if (nread == GNUTLS_E_REHANDSHAKE) @@ -1649,7 +1659,7 @@ tv.tv_sec = 0; tv.tv_usec = 50000; - select (0, NULL, NULL, NULL, &tv); + my_select (0, NULL, NULL, NULL, &tv); continue; } log_info ("TLS network write failed: %s\n", ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
