kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add patch from upstream to make network connections (to fetch CRLs)

Browse source 
non-blocking. Blocking can be considered a DOS problem because other
requests are not served in that time. (SA44680, no CVE entry)
bump PKGREV
This commit is contained in:
drochner 2011-05-25 09:29:05 +00:00
parent e72e61347c
commit 9e85c89248
3 changed files with 87 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
security/dirmngr/Makefile
View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.39 2011/04/22 13:44:33 obache Exp $
# $NetBSD: Makefile,v 1.40 2011/05/25 09:29:05 drochner Exp $
DISTNAME= dirmngr-1.1.0
PKGREVISION= 1
PKGREVISION= 2
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/dirmngr/
EXTRACT_SUFX= .tar.bz2

3
security/dirmngr/distinfo
View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.18 2011/03/11 07:20:45 adam Exp $
$NetBSD: distinfo,v 1.19 2011/05/25 09:29:05 drochner Exp $
SHA1 (dirmngr-1.1.0.tar.bz2) = a7a7d1432db9edad2783ea1bce761a8106464165
RMD160 (dirmngr-1.1.0.tar.bz2) = 2f67ad8668cf4aa4a2ec2c1fa857d9225ec01a65
@ -10,4 +10,5 @@ SHA1 (patch-ad) = 94c789bd308208c147a24f05b371602ec74185f4
SHA1 (patch-ae) = 3d77aff4b2ee779106dee329f3a6cd5b8f332e26
SHA1 (patch-af) = b6ae3b526e344ca63af1babb9eb6707b90edc837
SHA1 (patch-ag) = a08f7c82ed32e72f52a69baa64e97a86cbe8fa70
SHA1 (patch-ah) = 676ce6ee92db06225f3da7cf27d51a7e3a2c9f59
SHA1 (patch-doc_Makefile.in) = 61f166b39ca7365e02b9d6510487c5c2d9e61f08

83
security/dirmngr/patches/patch-ah Normal file
View file

@ -0,0 +1,83 @@
$NetBSD: patch-ah,v 1.1 2011/05/25 09:29:05 drochner Exp $
--- src/http.c.orig 2009-08-07 14:23:33.000000000 +0000
+++ src/http.c
@@ -98,6 +98,16 @@ struct srventry
};
#endif/*!USE_DNS_SRV*/
+#ifdef HAVE_PTH
+# define my_select(a,b,c,d,e) pth_select ((a), (b), (c), (d), (e))
+# define my_connect(a,b,c) pth_connect ((a), (b), (c))
+# define my_accept(a,b,c) pth_accept ((a), (b), (c))
+#else
+# define my_select(a,b,c,d,e) select ((a), (b), (c), (d), (e))
+# define my_connect(a,b,c) connect ((a), (b), (c))
+# define my_accept(a,b,c) accept ((a), (b), (c))
+#endif
+
#ifdef HAVE_W32_SYSTEM
#define sock_close(a) closesocket(a)
@@ -1333,14 +1343,14 @@ start_server ()
FD_ZERO (&rfds);
FD_SET (fd, &rfds);
- if (select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
+ if (my_select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
continue; /* ignore any errors */
if (!FD_ISSET (fd, &rfds))
continue;
addrlen = sizeof peer;
- client = accept (fd, (struct sockaddr *) &peer, &addrlen);
+ client = my_accept (fd, (struct sockaddr *) &peer, &addrlen);
if (client == -1)
continue; /* oops */
@@ -1406,7 +1416,7 @@ connect_server (const char *server, unsi
addr.sin_port = htons(port);
memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));
- if (!connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
+ if (!my_connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
return sock;
sock_close(sock);
return -1;
@@ -1474,7 +1484,7 @@ connect_server (const char *server, unsi
return -1;
}
- if (connect (sock, ai->ai_addr, ai->ai_addrlen))
+ if (my_connect (sock, ai->ai_addr, ai->ai_addrlen))
last_errno = errno;
else
connected = 1;
@@ -1528,7 +1538,7 @@ connect_server (const char *server, unsi
for (i = 0; host->h_addr_list[i] && !connected; i++)
{
memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length);
- if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
+ if (my_connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
last_errno = errno;
else
{
@@ -1594,7 +1604,7 @@ cookie_read (void *cookie, void *buffer,
tv.tv_sec = 0;
tv.tv_usec = 50000;
- select (0, NULL, NULL, NULL, &tv);
+ my_select (0, NULL, NULL, NULL, &tv);
goto again;
}
if (nread == GNUTLS_E_REHANDSHAKE)
@@ -1649,7 +1659,7 @@ cookie_write (void *cookie, const void *
tv.tv_sec = 0;
tv.tv_usec = 50000;
- select (0, NULL, NULL, NULL, &tv);
+ my_select (0, NULL, NULL, NULL, &tv);
continue;
}
log_info ("TLS network write failed: %s\n",