Hello community, here is the log from the commit of package dirmngr for openSUSE:11.3 checked in at Fri Sep 9 16:17:15 CEST 2011. -------- --- old-versions/11.3/all/dirmngr/dirmngr.changes 2010-04-14 22:53:30.000000000 +0200 +++ 11.3/dirmngr/dirmngr.changes 2011-09-08 17:06:34.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Sep 7 11:19:58 UTC 2011 - vcizek@suse.com + +- fixed local DoS (bnc#700091) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/dirmngr Destination is old-versions/11.3/UPDATES/all/dirmngr calling whatdependson for 11.3-i586 New: ---- dirmngr-1.1.0-local-DoS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dirmngr.spec ++++++ --- /var/tmp/diff_new_pack.S3LAfl/_old 2011-09-09 16:15:49.000000000 +0200 +++ /var/tmp/diff_new_pack.S3LAfl/_new 2011-09-09 16:15:49.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package dirmngr (Version 1.0.91) +# spec file for package dirmngr # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +32,7 @@ BuildRequires: openldap2-devel Url: http://www.gnupg.org/aegypten/ Version: 1.0.91 -Release: 2 +Release: 3.<RELEASE2> Requires: openssl Summary: A Client for Managing and Downloading CRLs License: GPLv2+ @@ -41,6 +41,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %install_info_prereq Patch0: dirmngr-1.0.2-optflags.patch +#PATCH-FIX-UPSTREAM fixes local DoS (bnc#700091) +Patch2: dirmngr-1.1.0-local-DoS.patch %description Dirmngr is a client for managing and downloading certificate revocation @@ -59,6 +61,7 @@ %prep %setup -q -n %{name}-%{tar_ver} %patch0 +%patch2 -p1 %build ./autogen.sh ++++++ dirmngr-1.1.0-local-DoS.patch ++++++ --- trunk/src/http.c 2010/12/14 19:22:32 346 +++ trunk/src/http.c 2011/01/20 14:56:48 347 @@ -98,6 +98,16 @@ }; #endif/*!USE_DNS_SRV*/ +#ifdef HAVE_PTH +# define my_select(a,b,c,d,e) pth_select ((a), (b), (c), (d), (e)) +# define my_connect(a,b,c) pth_connect ((a), (b), (c)) +# define my_accept(a,b,c) pth_accept ((a), (b), (c)) +#else +# define my_select(a,b,c,d,e) select ((a), (b), (c), (d), (e)) +# define my_connect(a,b,c) connect ((a), (b), (c)) +# define my_accept(a,b,c) accept ((a), (b), (c)) +#endif + #ifdef HAVE_W32_SYSTEM #define sock_close(a) closesocket(a) @@ -1333,14 +1343,14 @@ FD_ZERO (&rfds); FD_SET (fd, &rfds); - if (select (fd + 1, &rfds, NULL, NULL, NULL) <= 0) + if (my_select (fd + 1, &rfds, NULL, NULL, NULL) <= 0) continue; /* ignore any errors */ if (!FD_ISSET (fd, &rfds)) continue; addrlen = sizeof peer; - client = accept (fd, (struct sockaddr *) &peer, &addrlen); + client = my_accept (fd, (struct sockaddr *) &peer, &addrlen); if (client == -1) continue; /* oops */ @@ -1406,7 +1416,7 @@ addr.sin_port = htons(port); memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr)); - if (!connect (sock,(struct sockaddr *)&addr,sizeof(addr)) ) + if (!my_connect (sock,(struct sockaddr *)&addr,sizeof(addr)) ) return sock; sock_close(sock); return -1; @@ -1474,7 +1484,7 @@ return -1; } - if (connect (sock, ai->ai_addr, ai->ai_addrlen)) + if (my_connect (sock, ai->ai_addr, ai->ai_addrlen)) last_errno = errno; else connected = 1; @@ -1528,7 +1538,7 @@ for (i = 0; host->h_addr_list[i] && !connected; i++) { memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length); - if (connect (sock, (struct sockaddr *) &addr, sizeof (addr))) + if (my_connect (sock, (struct sockaddr *) &addr, sizeof (addr))) last_errno = errno; else { @@ -1594,7 +1604,7 @@ tv.tv_sec = 0; tv.tv_usec = 50000; - select (0, NULL, NULL, NULL, &tv); + my_select (0, NULL, NULL, NULL, &tv); goto again; } if (nread == GNUTLS_E_REHANDSHAKE) @@ -1649,7 +1659,7 @@ tv.tv_sec = 0; tv.tv_usec = 50000; - select (0, NULL, NULL, NULL, &tv); + my_select (0, NULL, NULL, NULL, &tv); continue; } log_info ("TLS network write failed: %s\n", ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de