[jabberd] included patch for "Vulnerability in XMPP Server Dialback Implementations"

Wed Aug 22 06:32:01 UTC 2012

commit 0ce4dd84b6cd4533162004c6c0f9ea3b8d737382
Author: Adrian Reber <adrian at lisas.de>
Date:   Wed Aug 22 08:31:55 2012 +0200

    included patch for "Vulnerability in XMPP Server Dialback Implementations"
    
      http://xmpp.org/resources/security-notices/server-dialback/
    - fixed "Introduce new systemd-rpm macros in jabberd spec file" (#850175)

 aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch |   34 ++++++++++++++++++++++++
 jabberd.spec                                   |   27 +++++++++----------
 2 files changed, 47 insertions(+), 14 deletions(-)
---

diff --git a/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch b/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
new file mode 100644
index 0000000..bc8f1fb
--- /dev/null
+++ b/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
@@ -0,0 +1,34 @@
+From aabcffae560d5fd00cd1d2ffce5d760353cf0a4d Mon Sep 17 00:00:00 2001
+From: Tomasz Sterna <tomek at xiaoka.com>
+Date: Mon, 6 Aug 2012 20:41:23 +0200
+Subject: [PATCH] Fixed possibility of Unsolicited Dialback Attacks
+
+---
+ s2s/out.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/s2s/out.c b/s2s/out.c
+index 0ed9b30..7b9f44f 100644
+--- a/s2s/out.c
++++ b/s2s/out.c
+@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) {
+     rkeylen = strlen(rkey);
+ 
+     /* key is valid */
+-    if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
++    if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
+         log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : "");
+ 
+         xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID);    /* !!! small leak here */
+@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) {
+     rkey = s2s_route_key(NULL, to->domain, from->domain);
+ 
+     attr = nad_find_attr(nad, 0, -1, "type", "valid");
+-    if(attr >= 0) {
++    if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
+         xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
+         log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : "");
+         valid = 1;
+-- 
+1.7.10
+
diff --git a/jabberd.spec b/jabberd.spec
index c34f1b8..6d1d17c 100644
--- a/jabberd.spec
+++ b/jabberd.spec
@@ -1,7 +1,7 @@
 Summary:        OpenSource server implementation of the Jabber protocols
 Name:           jabberd
 Version:        2.2.16
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2+
 Group:          System Environment/Daemons
 Source0:        https://github.com/downloads/Jabberd2/jabberd2/jabberd-%{version}.tar.gz
@@ -13,6 +13,9 @@ Source5:        jabberd-router.service
 Patch0:         https://github.com/Jabberd2/jabberd2/commit/41884d9919.patch
 # https://github.com/Jabberd2/jabberd2/pull/5
 Patch1:         https://github.com/Jabberd2/jabberd2/commit/d452eec68b342977cd9fc6863c2e1aee1b99feb3.patch
+# http://xmpp.org/resources/security-notices/server-dialback/
+# Vulnerability in XMPP Server Dialback Implementations
+Patch2:		https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
 URL:            http://codex.xiaoka.com/wiki/jabberd2:start
 BuildRequires:  openssl-devel libidn-devel expat-devel
 BuildRequires:  systemd-units cppunit-devel
@@ -47,6 +50,7 @@ This package defaults to use pam and sqlite.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 export CFLAGS="%{optflags}"
@@ -146,10 +150,8 @@ useradd -r -g jabber -d %{_var}/lib/%{name} -s /sbin/nologin \
 exit 0
 
 %post
+%systemd_post %{name}.service
 if [ $1 -eq 1 ] ; then 
-        # Initial installation 
-        /bin/systemctl daemon-reload >/dev/null 2>&1 || :
-
         #replace default passwords, yet another hack
         export NEWPASS=$( dd if=/dev/urandom bs=20 count=1 2>/dev/null \
                                 | sha1sum | awk '{print $1}' )
@@ -172,18 +174,10 @@ if [ ! -s server.pem ]; then
 fi
 
 %preun
-if [ $1 -eq 0 ] ; then
-        # Package removal, not upgrade
-        /bin/systemctl --no-reload disable %{name}.service > /dev/null 2>&1 || :
-        /bin/systemctl stop %{name}.service > /dev/null 2>&1 || :
-fi
+%systemd_preun %{name}.service
 
 %postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ] ; then
-        # Package upgrade, not uninstall
-        /bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart %{name}.service
 
 %triggerun -- jabberd < 2.2.14-3
 # Save the current service runlevel info
@@ -217,6 +211,11 @@ fi
 %attr(700, jabber, jabber) %{_var}/lib/%{name}
 
 %changelog
+* Wed Aug 22 2012 Adrian Reber <adrian at lisas.de> - 2.2.16-5
+- included patch for "Vulnerability in XMPP Server Dialback Implementations"
+  http://xmpp.org/resources/security-notices/server-dialback/
+- fixed "Introduce new systemd-rpm macros in jabberd spec file" (#850175)
+
 * Tue Jul 24 2012 Adrian Reber <adrian at lisas.de> - 2.2.16-4
 - added libdb4 include directory to include search path
 
