summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2011-05-25 09:29:05 +0000
committerdrochner <drochner@pkgsrc.org>2011-05-25 09:29:05 +0000
commitf8c825076d85dbd1cd3da0ea86c417f606c32a42 (patch)
tree1fbf5ad9f4e781e6ea7c3023e25a9831cb988b49 /security
parent6d2bb709fbd0611849633df60dd21bd401daadcd (diff)
downloadpkgsrc-f8c825076d85dbd1cd3da0ea86c417f606c32a42.tar.gz
add patch from upstream to make network connections (to fetch CRLs)
non-blocking. Blocking can be considered a DOS problem because other requests are not served in that time. (SA44680, no CVE entry) bump PKGREV
Diffstat (limited to 'security')
-rw-r--r--security/dirmngr/Makefile4
-rw-r--r--security/dirmngr/distinfo3
-rw-r--r--security/dirmngr/patches/patch-ah83
3 files changed, 87 insertions, 3 deletions
diff --git a/security/dirmngr/Makefile b/security/dirmngr/Makefile
index c9015b35059..28bde023887 100644
--- a/security/dirmngr/Makefile
+++ b/security/dirmngr/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.39 2011/04/22 13:44:33 obache Exp $
+# $NetBSD: Makefile,v 1.40 2011/05/25 09:29:05 drochner Exp $
DISTNAME= dirmngr-1.1.0
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/dirmngr/
EXTRACT_SUFX= .tar.bz2
diff --git a/security/dirmngr/distinfo b/security/dirmngr/distinfo
index c3f92fae294..891861127c1 100644
--- a/security/dirmngr/distinfo
+++ b/security/dirmngr/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.18 2011/03/11 07:20:45 adam Exp $
+$NetBSD: distinfo,v 1.19 2011/05/25 09:29:05 drochner Exp $
SHA1 (dirmngr-1.1.0.tar.bz2) = a7a7d1432db9edad2783ea1bce761a8106464165
RMD160 (dirmngr-1.1.0.tar.bz2) = 2f67ad8668cf4aa4a2ec2c1fa857d9225ec01a65
@@ -10,4 +10,5 @@ SHA1 (patch-ad) = 94c789bd308208c147a24f05b371602ec74185f4
SHA1 (patch-ae) = 3d77aff4b2ee779106dee329f3a6cd5b8f332e26
SHA1 (patch-af) = b6ae3b526e344ca63af1babb9eb6707b90edc837
SHA1 (patch-ag) = a08f7c82ed32e72f52a69baa64e97a86cbe8fa70
+SHA1 (patch-ah) = 676ce6ee92db06225f3da7cf27d51a7e3a2c9f59
SHA1 (patch-doc_Makefile.in) = 61f166b39ca7365e02b9d6510487c5c2d9e61f08
diff --git a/security/dirmngr/patches/patch-ah b/security/dirmngr/patches/patch-ah
new file mode 100644
index 00000000000..13d90bac4f0
--- /dev/null
+++ b/security/dirmngr/patches/patch-ah
@@ -0,0 +1,83 @@
+$NetBSD: patch-ah,v 1.1 2011/05/25 09:29:05 drochner Exp $
+
+--- src/http.c.orig 2009-08-07 14:23:33.000000000 +0000
++++ src/http.c
+@@ -98,6 +98,16 @@ struct srventry
+ };
+ #endif/*!USE_DNS_SRV*/
+
++#ifdef HAVE_PTH
++# define my_select(a,b,c,d,e) pth_select ((a), (b), (c), (d), (e))
++# define my_connect(a,b,c) pth_connect ((a), (b), (c))
++# define my_accept(a,b,c) pth_accept ((a), (b), (c))
++#else
++# define my_select(a,b,c,d,e) select ((a), (b), (c), (d), (e))
++# define my_connect(a,b,c) connect ((a), (b), (c))
++# define my_accept(a,b,c) accept ((a), (b), (c))
++#endif
++
+
+ #ifdef HAVE_W32_SYSTEM
+ #define sock_close(a) closesocket(a)
+@@ -1333,14 +1343,14 @@ start_server ()
+ FD_ZERO (&rfds);
+ FD_SET (fd, &rfds);
+
+- if (select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
++ if (my_select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
+ continue; /* ignore any errors */
+
+ if (!FD_ISSET (fd, &rfds))
+ continue;
+
+ addrlen = sizeof peer;
+- client = accept (fd, (struct sockaddr *) &peer, &addrlen);
++ client = my_accept (fd, (struct sockaddr *) &peer, &addrlen);
+ if (client == -1)
+ continue; /* oops */
+
+@@ -1406,7 +1416,7 @@ connect_server (const char *server, unsi
+ addr.sin_port = htons(port);
+ memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));
+
+- if (!connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
++ if (!my_connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
+ return sock;
+ sock_close(sock);
+ return -1;
+@@ -1474,7 +1484,7 @@ connect_server (const char *server, unsi
+ return -1;
+ }
+
+- if (connect (sock, ai->ai_addr, ai->ai_addrlen))
++ if (my_connect (sock, ai->ai_addr, ai->ai_addrlen))
+ last_errno = errno;
+ else
+ connected = 1;
+@@ -1528,7 +1538,7 @@ connect_server (const char *server, unsi
+ for (i = 0; host->h_addr_list[i] && !connected; i++)
+ {
+ memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length);
+- if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
++ if (my_connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
+ last_errno = errno;
+ else
+ {
+@@ -1594,7 +1604,7 @@ cookie_read (void *cookie, void *buffer,
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 50000;
+- select (0, NULL, NULL, NULL, &tv);
++ my_select (0, NULL, NULL, NULL, &tv);
+ goto again;
+ }
+ if (nread == GNUTLS_E_REHANDSHAKE)
+@@ -1649,7 +1659,7 @@ cookie_write (void *cookie, const void *
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 50000;
+- select (0, NULL, NULL, NULL, &tv);
++ my_select (0, NULL, NULL, NULL, &tv);
+ continue;
+ }
+ log_info ("TLS network write failed: %s\n",