[jabberd] included patch for "Vulnerability in XMPP Server Dialback Implementations"
Adrian Reber
adrian at fedoraproject.org
Wed Aug 22 06:32:01 UTC 2012
commit 0ce4dd84b6cd4533162004c6c0f9ea3b8d737382
Author: Adrian Reber <adrian at lisas.de>
Date: Wed Aug 22 08:31:55 2012 +0200
included patch for "Vulnerability in XMPP Server Dialback Implementations"
http://xmpp.org/resources/security-notices/server-dialback/
- fixed "Introduce new systemd-rpm macros in jabberd spec file" (#850175)
aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch | 34 ++++++++++++++++++++++++
jabberd.spec | 27 +++++++++----------
2 files changed, 47 insertions(+), 14 deletions(-)
---
diff --git a/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch b/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
new file mode 100644
index 0000000..bc8f1fb
--- /dev/null
+++ b/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
@@ -0,0 +1,34 @@
+From aabcffae560d5fd00cd1d2ffce5d760353cf0a4d Mon Sep 17 00:00:00 2001
+From: Tomasz Sterna <tomek at xiaoka.com>
+Date: Mon, 6 Aug 2012 20:41:23 +0200
+Subject: [PATCH] Fixed possibility of Unsolicited Dialback Attacks
+
+---
+ s2s/out.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/s2s/out.c b/s2s/out.c
+index 0ed9b30..7b9f44f 100644
+--- a/s2s/out.c
++++ b/s2s/out.c
+@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) {
+ rkeylen = strlen(rkey);
+
+ /* key is valid */
+- if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
++ if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
+ log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : "");
+
+ xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID); /* !!! small leak here */
+@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) {
+ rkey = s2s_route_key(NULL, to->domain, from->domain);
+
+ attr = nad_find_attr(nad, 0, -1, "type", "valid");
+- if(attr >= 0) {
++ if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
+ xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
+ log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : "");
+ valid = 1;
+--
+1.7.10
+
diff --git a/jabberd.spec b/jabberd.spec
index c34f1b8..6d1d17c 100644
--- a/jabberd.spec
+++ b/jabberd.spec
@@ -1,7 +1,7 @@
Summary: OpenSource server implementation of the Jabber protocols
Name: jabberd
Version: 2.2.16
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Daemons
Source0: https://github.com/downloads/Jabberd2/jabberd2/jabberd-%{version}.tar.gz
@@ -13,6 +13,9 @@ Source5: jabberd-router.service
Patch0: https://github.com/Jabberd2/jabberd2/commit/41884d9919.patch
# https://github.com/Jabberd2/jabberd2/pull/5
Patch1: https://github.com/Jabberd2/jabberd2/commit/d452eec68b342977cd9fc6863c2e1aee1b99feb3.patch
+# http://xmpp.org/resources/security-notices/server-dialback/
+# Vulnerability in XMPP Server Dialback Implementations
+Patch2: https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
URL: http://codex.xiaoka.com/wiki/jabberd2:start
BuildRequires: openssl-devel libidn-devel expat-devel
BuildRequires: systemd-units cppunit-devel
@@ -47,6 +50,7 @@ This package defaults to use pam and sqlite.
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
export CFLAGS="%{optflags}"
@@ -146,10 +150,8 @@ useradd -r -g jabber -d %{_var}/lib/%{name} -s /sbin/nologin \
exit 0
%post
+%systemd_post %{name}.service
if [ $1 -eq 1 ] ; then
- # Initial installation
- /bin/systemctl daemon-reload >/dev/null 2>&1 || :
-
#replace default passwords, yet another hack
export NEWPASS=$( dd if=/dev/urandom bs=20 count=1 2>/dev/null \
| sha1sum | awk '{print $1}' )
@@ -172,18 +174,10 @@ if [ ! -s server.pem ]; then
fi
%preun
-if [ $1 -eq 0 ] ; then
- # Package removal, not upgrade
- /bin/systemctl --no-reload disable %{name}.service > /dev/null 2>&1 || :
- /bin/systemctl stop %{name}.service > /dev/null 2>&1 || :
-fi
+%systemd_preun %{name}.service
%postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ] ; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart %{name}.service
%triggerun -- jabberd < 2.2.14-3
# Save the current service runlevel info
@@ -217,6 +211,11 @@ fi
%attr(700, jabber, jabber) %{_var}/lib/%{name}
%changelog
+* Wed Aug 22 2012 Adrian Reber <adrian at lisas.de> - 2.2.16-5
+- included patch for "Vulnerability in XMPP Server Dialback Implementations"
+ http://xmpp.org/resources/security-notices/server-dialback/
+- fixed "Introduce new systemd-rpm macros in jabberd spec file" (#850175)
+
* Tue Jul 24 2012 Adrian Reber <adrian at lisas.de> - 2.2.16-4
- added libdb4 include directory to include search path
More information about the scm-commits
mailing list