XMPP Standards Foundation reported that some XMPP implementations, including jabberd 2.x, are prone to the domain spoofing via the server dialback protocol [1]. Jabberd developers already fixed this in their Git repository [2]. I had added VuXML entry 4d1d2f6d-ec94-11e1-8bd8-0022156e8794 to the FreeBSD VuXML index [3], please, use it in the commit log. [1] http://xmpp.org/resources/security-notices/server-dialback/ [2] https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d [3] http://svnweb.freebsd.org/ports?view=revision&revision=302966 Fix: Patch is available at http://codelabs.ru/fbsd/ports/jabberd/jabberd-cve-2012-3525.diff It just adds vendor patch to the current port. I had briefly tested it our CodeLabs Jabber server. No problems were yet found. How-To-Repeat: Look at [1] and [2].
Responsible Changed From-To: freebsd-ports-bugs->mm Over to maintainer (via the GNATS Auto Assign Tool)
Author: rea Date: Tue Sep 4 11:54:30 2012 New Revision: 303651 URL: http://svn.freebsd.org/changeset/ports/303651 Log: net-im/jabberd: fix CVE-2012-3525 PR: ports/170894 Approved by: maintainer timeout (2 weeks) Security: http://www.vuxml.org/freebsd/4d1d2f6d-ec94-11e1-8bd8-0022156e8794.html QA page: http://codelabs.ru/fbsd/ports/qa/net-im/jabberd/2.2.16_2 Added: head/net-im/jabberd/files/patch-cve-2012-3525 (contents, props changed) Modified: head/net-im/jabberd/Makefile Modified: head/net-im/jabberd/Makefile ============================================================================== --- head/net-im/jabberd/Makefile Tue Sep 4 10:56:26 2012 (r303650) +++ head/net-im/jabberd/Makefile Tue Sep 4 11:54:30 2012 (r303651) @@ -7,7 +7,7 @@ PORTNAME= jabberd PORTVERSION= 2.2.16 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net-im MASTER_SITES= http://cloud.github.com/downloads/Jabberd2/jabberd2/ DIST_SUBDIR= jabber Added: head/net-im/jabberd/files/patch-cve-2012-3525 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-im/jabberd/files/patch-cve-2012-3525 Tue Sep 4 11:54:30 2012 (r303651) @@ -0,0 +1,25 @@ +Fixes CVE-2012-3525 + +Obtained-from: https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.diff +diff --git a/s2s/out.c b/s2s/out.c +index 0ed9b30..7b9f44f 100644 +--- s2s/out.c ++++ s2s/out.c +@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) { + rkeylen = strlen(rkey); + + /* key is valid */ +- if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) { ++ if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) { + log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : ""); + + xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID); /* !!! small leak here */ +@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) { + rkey = s2s_route_key(NULL, to->domain, from->domain); + + attr = nad_find_attr(nad, 0, -1, "type", "valid"); +- if(attr >= 0) { ++ if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) { + xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID); + log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : ""); + valid = 1; _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed the fix.