From c68018c59b5a5e8dcb50a12811cf2ae44644743d Mon Sep 17 00:00:00 2001
From: salo <salo@pkgsrc.org>
Date: Sun, 20 Mar 2005 18:50:09 +0000
Subject: Backport fix for DoS attack in handling SSL connections from 1.4.3.
 Bump PKGREVISION.

---
 chat/jabberd/Makefile         |  4 ++--
 chat/jabberd/distinfo         |  3 ++-
 chat/jabberd/patches/patch-ad | 29 +++++++++++++++++++++++++++++
 3 files changed, 33 insertions(+), 3 deletions(-)
 create mode 100644 chat/jabberd/patches/patch-ad

(limited to 'chat')

diff --git a/chat/jabberd/Makefile b/chat/jabberd/Makefile
index c47efd275f9..dac9b123e07 100644
--- a/chat/jabberd/Makefile
+++ b/chat/jabberd/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.10 2004/12/28 02:47:41 reed Exp $
+# $NetBSD: Makefile,v 1.11 2005/03/20 18:50:09 salo Exp $
 #
 
 DISTNAME=		jabber-1.4.2
 PKGNAME=		jabberd-1.4.2
-PKGREVISION=		3
+PKGREVISION=		4
 CATEGORIES=		chat
 MASTER_SITES=		http://jabberd.jabberstudio.org/downloads/ \
 			http://jabberd.jabberstudio.org/1.4/dist/
diff --git a/chat/jabberd/distinfo b/chat/jabberd/distinfo
index 7998e36b15b..e3de1a6ea8e 100644
--- a/chat/jabberd/distinfo
+++ b/chat/jabberd/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.2 2004/02/21 05:38:29 xtraeme Exp $
+$NetBSD: distinfo,v 1.3 2005/03/20 18:50:09 salo Exp $
 
 SHA1 (jabber-1.4.2.tar.gz) = aa0bc2e9815e4fa4a1ca8ba7f320bfd3c85ba11f
 Size (jabber-1.4.2.tar.gz) = 690217 bytes
 SHA1 (patch-aa) = 726ff89388dca237ac9acb83113a683feca8a356
 SHA1 (patch-ab) = 8722b0db3870e14eaf3e40f5493544db8a813fc1
 SHA1 (patch-ac) = 3b17761c9ea2d1e17f3194ac8cf54fbca4c80367
+SHA1 (patch-ad) = 0e8f2faa154e8c147b129aa3ca3cfd2dbaff1093
diff --git a/chat/jabberd/patches/patch-ad b/chat/jabberd/patches/patch-ad
new file mode 100644
index 00000000000..03519a07697
--- /dev/null
+++ b/chat/jabberd/patches/patch-ad
@@ -0,0 +1,29 @@
+$NetBSD: patch-ad,v 1.3 2005/03/20 18:50:09 salo Exp $
+
+--- jabberd/mio_ssl.c.orig	2002-02-08 08:39:27.000000000 +0100
++++ jabberd/mio_ssl.c	2005-03-20 19:38:42.000000000 +0100
+@@ -219,6 +219,15 @@
+     SSL_CTX *ctx = NULL;
+     int fd;
+     int sret;
++    int flags;
++
++    fd = accept(m->fd, serv_addr, addrlen);
++
++    /* set the socket to non-blocking as this is not
++       inherited */
++    flags =  fcntl(fd, F_GETFL, 0);
++    flags |= O_NONBLOCK;
++    fcntl(fd, F_SETFL, flags);
+ 
+     if(m->ip == NULL)
+     {
+@@ -226,8 +235,6 @@
+         return -1;
+     }
+ 
+-    fd = accept(m->fd, serv_addr, addrlen);
+-    
+     ctx = ghash_get(ssl__ctxs, m->ip);
+     if(ctx == NULL)
+     {
-- 
cgit v1.2.3