[jabberd/el5] included backported patch for "Vulnerability in XMPP Server Dialback Implementations"
Adrian Reber
adrian at fedoraproject.org
Wed Aug 22 07:22:12 UTC 2012
commit dd9f8a3e891d2572222b563858cfcdb2ae6cc0d7
Author: Adrian Reber <adrian at lisas.de>
Date: Wed Aug 22 09:22:06 2012 +0200
included backported patch for "Vulnerability in XMPP Server Dialback Implementations"
http://xmpp.org/resources/security-notices/server-dialback/
jabberd.spec | 14 +++++++++++++-
...y-in-xmpp-server-dialback-implementations.patch | 20 ++++++++++++++++++++
2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/jabberd.spec b/jabberd.spec
index ca7562e..c76e75d 100644
--- a/jabberd.spec
+++ b/jabberd.spec
@@ -1,7 +1,7 @@
Summary: OpenSource server implementation of the Jabber protocols
Name: jabberd
Version: 2.2.11
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Daemons
Source0: http://ftp.xiaoka.com/jabberd2/releases/jabberd-%{version}.tar.bz2
@@ -12,6 +12,13 @@ Source3: jabberd.pam
# Fixes RHBZ#700390, CVE-2011-1755, patch is backported from upstream 2.2.14
Patch0: jabberd-fix-billion-laughs.patch
+# http://xmpp.org/resources/security-notices/server-dialback/
+# Vulnerability in XMPP Server Dialback Implementations
+# original patch at:
+# https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
+# backported to 2.2.11
+Patch1: vulnerability-in-xmpp-server-dialback-implementations.patch
+
URL: http://codex.xiaoka.com/wiki/jabberd2:start
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openssl-devel libidn-devel expat-devel
@@ -46,6 +53,7 @@ This package defaults to use pam and sqlite.
%setup -q
%patch0 -p0
+%patch1 -p0
%build
export CFLAGS="%{optflags}"
@@ -203,6 +211,10 @@ fi
%attr(700, jabber, jabber) %{_var}/lib/%{name}
%changelog
+* Wed Aug 22 2012 Adrian Reber <adrian at lisas.de> - 2.2.11-4
+- included backported patch for "Vulnerability in XMPP Server Dialback Implementations"
+ http://xmpp.org/resources/security-notices/server-dialback/
+
* Thu Jun 02 2011 Dominic Hopf <dmaphy at fedoraproject.org> - 2.2.11-3
- backported patch to fix the billion laughs issue from 2.2.14 (#700390, CVE-2011-1755)
diff --git a/vulnerability-in-xmpp-server-dialback-implementations.patch b/vulnerability-in-xmpp-server-dialback-implementations.patch
new file mode 100644
index 0000000..46a8c43
--- /dev/null
+++ b/vulnerability-in-xmpp-server-dialback-implementations.patch
@@ -0,0 +1,20 @@
+--- s2s/out.c.orig 2010-08-08 17:50:56.000000000 +0200
++++ s2s/out.c 2012-08-22 09:17:26.694418879 +0200
+@@ -1661,7 +1661,7 @@
+ rkeylen = strlen(rkey);
+
+ /* key is valid */
+- if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
++ if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
+ log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "");
+
+ xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID); /* !!! small leak here */
+@@ -1749,7 +1749,7 @@
+ rkey = s2s_route_key(NULL, to->domain, from->domain);
+
+ attr = nad_find_attr(nad, 0, -1, "type", "valid");
+- if(attr >= 0) {
++ if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
+ xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
+ log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "");
+ valid = 1;
More information about the scm-commits
mailing list