diff options
author | drochner <drochner@pkgsrc.org> | 2011-05-25 09:29:05 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2011-05-25 09:29:05 +0000 |
commit | f8c825076d85dbd1cd3da0ea86c417f606c32a42 (patch) | |
tree | 1fbf5ad9f4e781e6ea7c3023e25a9831cb988b49 /security | |
parent | 6d2bb709fbd0611849633df60dd21bd401daadcd (diff) | |
download | pkgsrc-f8c825076d85dbd1cd3da0ea86c417f606c32a42.tar.gz |
add patch from upstream to make network connections (to fetch CRLs)
non-blocking. Blocking can be considered a DOS problem because other
requests are not served in that time. (SA44680, no CVE entry)
bump PKGREV
Diffstat (limited to 'security')
-rw-r--r-- | security/dirmngr/Makefile | 4 | ||||
-rw-r--r-- | security/dirmngr/distinfo | 3 | ||||
-rw-r--r-- | security/dirmngr/patches/patch-ah | 83 |
3 files changed, 87 insertions, 3 deletions
diff --git a/security/dirmngr/Makefile b/security/dirmngr/Makefile index c9015b35059..28bde023887 100644 --- a/security/dirmngr/Makefile +++ b/security/dirmngr/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.39 2011/04/22 13:44:33 obache Exp $ +# $NetBSD: Makefile,v 1.40 2011/05/25 09:29:05 drochner Exp $ DISTNAME= dirmngr-1.1.0 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/dirmngr/ EXTRACT_SUFX= .tar.bz2 diff --git a/security/dirmngr/distinfo b/security/dirmngr/distinfo index c3f92fae294..891861127c1 100644 --- a/security/dirmngr/distinfo +++ b/security/dirmngr/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.18 2011/03/11 07:20:45 adam Exp $ +$NetBSD: distinfo,v 1.19 2011/05/25 09:29:05 drochner Exp $ SHA1 (dirmngr-1.1.0.tar.bz2) = a7a7d1432db9edad2783ea1bce761a8106464165 RMD160 (dirmngr-1.1.0.tar.bz2) = 2f67ad8668cf4aa4a2ec2c1fa857d9225ec01a65 @@ -10,4 +10,5 @@ SHA1 (patch-ad) = 94c789bd308208c147a24f05b371602ec74185f4 SHA1 (patch-ae) = 3d77aff4b2ee779106dee329f3a6cd5b8f332e26 SHA1 (patch-af) = b6ae3b526e344ca63af1babb9eb6707b90edc837 SHA1 (patch-ag) = a08f7c82ed32e72f52a69baa64e97a86cbe8fa70 +SHA1 (patch-ah) = 676ce6ee92db06225f3da7cf27d51a7e3a2c9f59 SHA1 (patch-doc_Makefile.in) = 61f166b39ca7365e02b9d6510487c5c2d9e61f08 diff --git a/security/dirmngr/patches/patch-ah b/security/dirmngr/patches/patch-ah new file mode 100644 index 00000000000..13d90bac4f0 --- /dev/null +++ b/security/dirmngr/patches/patch-ah @@ -0,0 +1,83 @@ +$NetBSD: patch-ah,v 1.1 2011/05/25 09:29:05 drochner Exp $ + +--- src/http.c.orig 2009-08-07 14:23:33.000000000 +0000 ++++ src/http.c +@@ -98,6 +98,16 @@ struct srventry + }; + #endif/*!USE_DNS_SRV*/ + ++#ifdef HAVE_PTH ++# define my_select(a,b,c,d,e) pth_select ((a), (b), (c), (d), (e)) ++# define my_connect(a,b,c) pth_connect ((a), (b), (c)) ++# define my_accept(a,b,c) pth_accept ((a), (b), (c)) ++#else ++# define my_select(a,b,c,d,e) select ((a), (b), (c), (d), (e)) ++# define my_connect(a,b,c) connect ((a), (b), (c)) ++# define my_accept(a,b,c) accept ((a), (b), (c)) ++#endif ++ + + #ifdef HAVE_W32_SYSTEM + #define sock_close(a) closesocket(a) +@@ -1333,14 +1343,14 @@ start_server () + FD_ZERO (&rfds); + FD_SET (fd, &rfds); + +- if (select (fd + 1, &rfds, NULL, NULL, NULL) <= 0) ++ if (my_select (fd + 1, &rfds, NULL, NULL, NULL) <= 0) + continue; /* ignore any errors */ + + if (!FD_ISSET (fd, &rfds)) + continue; + + addrlen = sizeof peer; +- client = accept (fd, (struct sockaddr *) &peer, &addrlen); ++ client = my_accept (fd, (struct sockaddr *) &peer, &addrlen); + if (client == -1) + continue; /* oops */ + +@@ -1406,7 +1416,7 @@ connect_server (const char *server, unsi + addr.sin_port = htons(port); + memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr)); + +- if (!connect (sock,(struct sockaddr *)&addr,sizeof(addr)) ) ++ if (!my_connect (sock,(struct sockaddr *)&addr,sizeof(addr)) ) + return sock; + sock_close(sock); + return -1; +@@ -1474,7 +1484,7 @@ connect_server (const char *server, unsi + return -1; + } + +- if (connect (sock, ai->ai_addr, ai->ai_addrlen)) ++ if (my_connect (sock, ai->ai_addr, ai->ai_addrlen)) + last_errno = errno; + else + connected = 1; +@@ -1528,7 +1538,7 @@ connect_server (const char *server, unsi + for (i = 0; host->h_addr_list[i] && !connected; i++) + { + memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length); +- if (connect (sock, (struct sockaddr *) &addr, sizeof (addr))) ++ if (my_connect (sock, (struct sockaddr *) &addr, sizeof (addr))) + last_errno = errno; + else + { +@@ -1594,7 +1604,7 @@ cookie_read (void *cookie, void *buffer, + + tv.tv_sec = 0; + tv.tv_usec = 50000; +- select (0, NULL, NULL, NULL, &tv); ++ my_select (0, NULL, NULL, NULL, &tv); + goto again; + } + if (nread == GNUTLS_E_REHANDSHAKE) +@@ -1649,7 +1659,7 @@ cookie_write (void *cookie, const void * + + tv.tv_sec = 0; + tv.tv_usec = 50000; +- select (0, NULL, NULL, NULL, &tv); ++ my_select (0, NULL, NULL, NULL, &tv); + continue; + } + log_info ("TLS network write failed: %s\n", |