[Pkg-mongodb-maintainers] [pkg-mongodb] 312/394: Backport disable SSLv3 ciphers from pre-2.4.13
Apollon Oikonomopoulos
apoikos at moszumanska.debian.org
Wed Sep 21 13:59:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
apoikos pushed a commit to branch master
in repository pkg-mongodb.
commit 2d417f15a442cc7e156bf6e109b7bc8d827f4f87
Author: Laszlo Boszormenyi (GCS) <gcs at debian.org>
Date: Tue Jun 30 16:06:16 2015 +0000
Backport disable SSLv3 ciphers from pre-2.4.13
---
debian/changelog | 1 +
.../656f78711632a5dc37221422c99e3c4619bcc58f.patch | 22 +++++++++++++++++++
.../8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch | 25 ++++++++++++++++++++++
debian/patches/series | 2 ++
4 files changed, 50 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index b4e5674..591f215 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
mongodb (1:2.4.10-4) unstable; urgency=high
* Backport potential information leak security fix from 2.4.11 .
+ * Backport disable SSLv3 ciphers from pre-2.4.13 to fix CVE-2014-3566 .
-- Laszlo Boszormenyi (GCS) <gcs at debian.org> Mon, 10 Nov 2014 18:24:57 +0000
diff --git a/debian/patches/656f78711632a5dc37221422c99e3c4619bcc58f.patch b/debian/patches/656f78711632a5dc37221422c99e3c4619bcc58f.patch
new file mode 100644
index 0000000..603a2f9
--- /dev/null
+++ b/debian/patches/656f78711632a5dc37221422c99e3c4619bcc58f.patch
@@ -0,0 +1,22 @@
+From 656f78711632a5dc37221422c99e3c4619bcc58f Mon Sep 17 00:00:00 2001
+From: Dan Pasette <dan at 10gen.com>
+Date: Mon, 27 Oct 2014 23:49:33 -0400
+Subject: [PATCH] SERVER-15673 fix typo in backport
+
+---
+ src/mongo/util/net/ssl_manager.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
+index 0efdd7c..de49e38 100644
+--- a/src/mongo/util/net/ssl_manager.cpp
++++ b/src/mongo/util/net/ssl_manager.cpp
+@@ -142,7 +142,7 @@ namespace mongo {
+ // Activate all bug workaround options, to support buggy client SSL's.
+ // SSL_OP_NO_SSLv2 - Disable SSL v2 support
+ // SSL_OP_NO_SSLv3 - Disable SSL v3 support
+- SSL_CTX_set_options(*context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
++ SSL_CTX_set_options(_context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
+
+ // If renegotiation is needed, don't return from recv() or send() until it's successful.
+ // Note: this is for blocking sockets only.
diff --git a/debian/patches/8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch b/debian/patches/8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
new file mode 100644
index 0000000..10a6617
--- /dev/null
+++ b/debian/patches/8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
@@ -0,0 +1,25 @@
+From 8b9242837510e6410ddcf4f19969da4c7b01b2f7 Mon Sep 17 00:00:00 2001
+From: Dan Pasette <dan at 10gen.com>
+Date: Mon, 27 Oct 2014 22:45:56 -0400
+Subject: [PATCH] SERVER-15673 Disable SSLv3 ciphers (CVE-2014-3566 "POODLE")
+
+(cherry picked from commit 035b5a90f56d653e930fcbe20c89f4dda7e48a30)
+---
+ src/mongo/util/net/ssl_manager.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
+index dd8b3a2..0efdd7c 100644
+--- a/src/mongo/util/net/ssl_manager.cpp
++++ b/src/mongo/util/net/ssl_manager.cpp
+@@ -140,7 +140,9 @@ namespace mongo {
+ _context);
+
+ // Activate all bug workaround options, to support buggy client SSL's.
+- SSL_CTX_set_options(_context, SSL_OP_ALL);
++ // SSL_OP_NO_SSLv2 - Disable SSL v2 support
++ // SSL_OP_NO_SSLv3 - Disable SSL v3 support
++ SSL_CTX_set_options(*context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
+
+ // If renegotiation is needed, don't return from recv() or send() until it's successful.
+ // Note: this is for blocking sockets only.
diff --git a/debian/patches/series b/debian/patches/series
index 18b9e89..b207b0a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,5 @@
no-unused-function.patch
9105b69e1ded5b7d0d384d574103b0ee6bbb6122.patch
cefb0ef38f050b73b2bf8211add55f3749753e0a.patch
+8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
+656f78711632a5dc37221422c99e3c4619bcc58f.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mongodb/pkg-mongodb.git
More information about the Pkg-mongodb-maintainers
mailing list