Bug 159031 - [PATCH] devel/Ice: Fix close socket and incorporate security patch for IceGrid
Summary: [PATCH] devel/Ice: Fix close socket and incorporate security patch for IceGrid
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-19 15:30 UTC by Michael Gmelin
Modified: 2011-07-31 16:50 UTC (History)
1 user (show)

See Also:

Attachments
Ice-3.4.2_1.patch (30.37 KB, patch)
2011-07-19 15:30 UTC, Michael Gmelin 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Gmelin 2011-07-19 15:30:11 UTC 
Fixes a compatibility issue with FreeBSD's implementation of close(2) which
results in Ice reporting errno ECONNRESET (connection reset by peer).

See http://www.zeroc.com/forums/patches/5435-patch-network-cpp-freebsd-econnreset-close-2-problem.html
for details.

Incorporates a patch orginally written by myself (and "donated" to ZeroC)
that has been perfected and integrated by Benoit Foucher of ZeroC and will most
likely be part of the next release of Ice (which is still a couple of months
away). Controlled by the properties IceGrid.Registry.RequireNodeCertCN and
IceGrid.Registry.RequireReplicaCertCN the patch enables IceGrid to verify
that the common name (CN) of a client certificate presented to the IceGrid
Registry matches the name the IceGrid Node respectively IceGrid Replica
Registry transmitted in the request and therefore helps to tighten security
in an SSL enabled environment.

See http://www.zeroc.com/forums/help-center/5416-icegrid-security-question.html
for a description of the general idea, the rest of the communication
happened directly via e-mail.

Added file(s):
- files/patch-config-PropertyNames.xml
- files/patch-cpp-demo-IceGrid-secure-README
- files/patch-cpp-demo-IceGrid-secure-application.xml
- files/patch-cpp-demo-IceGrid-secure-config.admin
- files/patch-cpp-demo-IceGrid-secure-config.client
- files/patch-cpp-demo-IceGrid-secure-config.master
- files/patch-cpp-demo-IceGrid-secure-config.node
- files/patch-cpp-demo-IceGrid-secure-config.registry
- files/patch-cpp-demo-IceGrid-secure-config.slave
- files/patch-cpp-demo-IceGrid-secure-makecerts.py
- files/patch-cpp-src-Ice-Network.cpp
- files/patch-cpp-src-Ice-PropertyNames.cpp
- files/patch-cpp-src-Ice-PropertyNames.h
- files/patch-cpp-src-IceGrid-Internal.ice
- files/patch-cpp-src-IceGrid-InternalRegistryI.cpp
- files/patch-cpp-src-IceGrid-InternalRegistryI.h
- files/patch-cpp-src-IceGrid-NodeSessionManager.cpp
- files/patch-cpp-src-IceGrid-ReplicaSessionManager.cpp
- files/patch-cs-src-Ice-PropertyNames.cs
- files/patch-java-src-IceInternal-PropertyNames.java

Port maintainer (shoesoft@gmx.net) is cc'd.

Generated with FreeBSD Port Tools 0.99
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-07-19 15:30:33 UTC 
Maintainer of devel/ice,

Please note that PR ports/159031 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/159031

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2011-07-19 15:30:37 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Stefan Ehmann 2011-07-23 16:04:29 UTC 
I have no objections against the first patch (files/patch-cpp-src-Ice-
Network.cpp).

I haven't tried to reproduce the problem, but the patch looks OK.


However, I don't want to include the IceGrid patch (at least for now).

It's not a FreeBSD-specific patch and the security threats seem to be very 
limited.

Also, it seems there are good chances that the patch (or a different solution) 
will be integrated upstream.

Anyway, thanks for improving the Ice FreeBSD Port!
Comment 4 dfilter service freebsd_committer freebsd_triage 2011-07-31 16:43:40 UTC 
arved       2011-07-31 15:43:30 UTC

  FreeBSD ports repository

  Modified files:
    devel/ice            Makefile 
  Added files:
    devel/ice/files      patch-cpp-src-Ice-Network.cpp 
  Log:
  Fix a compatibility issue with FreeBSD's implementation of close(2) which
  results in Ice reporting errno ECONNRESET (connection reset by peer).
  
  PR:             159031
  Submitted by:   Michael Gmelin <freebsd@grem.de>
  Approved by:    maintainer
  
  Revision  Changes    Path
  1.19      +1 -0      ports/devel/ice/Makefile
  1.1       +15 -0     ports/devel/ice/files/patch-cpp-src-Ice-Network.cpp (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Tilman Keskinoz freebsd_committer freebsd_triage 2011-07-31 16:43:54 UTC 
State Changed
From-To: feedback->closed

Commited the first patch. 

Thanks for reporting