pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/databases Add patch to fix a libBER Denial of Service ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/6bad09350eca
branches: trunk
changeset: 544032:6bad09350eca
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Thu Jul 03 22:14:50 2008 +0000
description:
Add patch to fix a libBER Denial of Service in OpenLDAP. (CVE-2008-2952)
diffstat:
databases/openldap-client/Makefile | 3 ++-
databases/openldap/distinfo | 3 ++-
databases/openldap/patches/patch-aa | 23 +++++++++++++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
diffs (54 lines):
diff -r 684f22c87cd6 -r 6bad09350eca databases/openldap-client/Makefile
--- a/databases/openldap-client/Makefile Thu Jul 03 22:01:48 2008 +0000
+++ b/databases/openldap-client/Makefile Thu Jul 03 22:14:50 2008 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2008/02/24 20:15:05 ghen Exp $
+# $NetBSD: Makefile,v 1.9 2008/07/03 22:14:50 tonnerre Exp $
PKGNAME= ${DISTNAME:S/-/-client-/}
COMMENT= Lightweight Directory Access Protocol libraries and client programs
+PKGREVISION= 1
CONFLICTS+= openldap<2.3.23nb1
diff -r 684f22c87cd6 -r 6bad09350eca databases/openldap/distinfo
--- a/databases/openldap/distinfo Thu Jul 03 22:01:48 2008 +0000
+++ b/databases/openldap/distinfo Thu Jul 03 22:14:50 2008 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.63 2008/06/09 09:07:38 ghen Exp $
+$NetBSD: distinfo,v 1.64 2008/07/03 22:14:50 tonnerre Exp $
SHA1 (openldap-2.4.9.tgz) = 7c63d8552fd97e2e2e20310ef8c75e0202a624ee
RMD160 (openldap-2.4.9.tgz) = bd6f9a4cf0d36c7def4ee002f2a2b445a8a1e711
Size (openldap-2.4.9.tgz) = 4440456 bytes
+SHA1 (patch-aa) = 8c5c68ef53decb013114d606698cbd8a1c1b4e49
SHA1 (patch-ac) = 905b08c4dea8c61e044ccf66d6af22cc685a3ccc
SHA1 (patch-ad) = 24e7ec27d592dd76bdec1e4805801c5304951daf
SHA1 (patch-af) = 1ae9137e76e885e03d0f44727197a444893ec7c5
diff -r 684f22c87cd6 -r 6bad09350eca databases/openldap/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/openldap/patches/patch-aa Thu Jul 03 22:14:50 2008 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-aa,v 1.10 2008/07/03 22:14:50 tonnerre Exp $
+
+--- libraries/liblber/io.c.orig 2008-02-12 00:26:41.000000000 +0100
++++ libraries/liblber/io.c
+@@ -584,13 +584,11 @@ ber_get_next(
+ return LBER_DEFAULT;
+ }
+ /* Not enough bytes? */
+- if (ber->ber_rwptr - (char *)p < llen) {
+-#if defined( EWOULDBLOCK )
+- sock_errset(EWOULDBLOCK);
+-#elif defined( EAGAIN )
+- sock_errset(EAGAIN);
+-#endif
+- return LBER_DEFAULT;
++ i = ber->ber_rwptr - (char *)p;
++ if (i < llen) {
++ sblen=ber_int_sb_read( sb, ber->ber_rwptr, i );
++ if (sblen<i) return LBER_DEFAULT;
++ ber->ber_rwptr += sblen;
+ }
+ for (i=0; i<llen; i++) {
+ tlen <<=8;
Home |
Main Index |
Thread Index |
Old Index