[Pkg-mongodb-maintainers] [pkg-mongodb] 312/394: Backport disable SSLv3 ciphers from pre-2.4.13

Apollon Oikonomopoulos apoikos at moszumanska.debian.org
Wed Sep 21 13:59:50 UTC 2016 

This is an automated email from the git hooks/post-receive script.

apoikos pushed a commit to branch master
in repository pkg-mongodb.

commit 2d417f15a442cc7e156bf6e109b7bc8d827f4f87
Author: Laszlo Boszormenyi (GCS) <gcs at debian.org>
Date:   Tue Jun 30 16:06:16 2015 +0000

    Backport disable SSLv3 ciphers from pre-2.4.13
---
 debian/changelog                                   |  1 +
 .../656f78711632a5dc37221422c99e3c4619bcc58f.patch | 22 +++++++++++++++++++
 .../8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch | 25 ++++++++++++++++++++++
 debian/patches/series                              |  2 ++
 4 files changed, 50 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index b4e5674..591f215 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 mongodb (1:2.4.10-4) unstable; urgency=high
 
   * Backport potential information leak security fix from 2.4.11 .
+  * Backport disable SSLv3 ciphers from pre-2.4.13 to fix CVE-2014-3566 .
 
  -- Laszlo Boszormenyi (GCS) <gcs at debian.org>  Mon, 10 Nov 2014 18:24:57 +0000
 
diff --git a/debian/patches/656f78711632a5dc37221422c99e3c4619bcc58f.patch b/debian/patches/656f78711632a5dc37221422c99e3c4619bcc58f.patch
new file mode 100644
index 0000000..603a2f9
--- /dev/null
+++ b/debian/patches/656f78711632a5dc37221422c99e3c4619bcc58f.patch
@@ -0,0 +1,22 @@
+From 656f78711632a5dc37221422c99e3c4619bcc58f Mon Sep 17 00:00:00 2001
+From: Dan Pasette <dan at 10gen.com>
+Date: Mon, 27 Oct 2014 23:49:33 -0400
+Subject: [PATCH] SERVER-15673 fix typo in backport
+
+---
+ src/mongo/util/net/ssl_manager.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
+index 0efdd7c..de49e38 100644
+--- a/src/mongo/util/net/ssl_manager.cpp
++++ b/src/mongo/util/net/ssl_manager.cpp
+@@ -142,7 +142,7 @@ namespace mongo {
+         // Activate all bug workaround options, to support buggy client SSL's.
+         // SSL_OP_NO_SSLv2 - Disable SSL v2 support
+         // SSL_OP_NO_SSLv3 - Disable SSL v3 support
+-        SSL_CTX_set_options(*context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
++        SSL_CTX_set_options(_context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
+ 
+         // If renegotiation is needed, don't return from recv() or send() until it's successful.
+         // Note: this is for blocking sockets only.
diff --git a/debian/patches/8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch b/debian/patches/8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
new file mode 100644
index 0000000..10a6617
--- /dev/null
+++ b/debian/patches/8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
@@ -0,0 +1,25 @@
+From 8b9242837510e6410ddcf4f19969da4c7b01b2f7 Mon Sep 17 00:00:00 2001
+From: Dan Pasette <dan at 10gen.com>
+Date: Mon, 27 Oct 2014 22:45:56 -0400
+Subject: [PATCH] SERVER-15673 Disable SSLv3 ciphers (CVE-2014-3566 "POODLE")
+
+(cherry picked from commit 035b5a90f56d653e930fcbe20c89f4dda7e48a30)
+---
+ src/mongo/util/net/ssl_manager.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
+index dd8b3a2..0efdd7c 100644
+--- a/src/mongo/util/net/ssl_manager.cpp
++++ b/src/mongo/util/net/ssl_manager.cpp
+@@ -140,7 +140,9 @@ namespace mongo {
+                 _context);
+    
+         // Activate all bug workaround options, to support buggy client SSL's.
+-        SSL_CTX_set_options(_context, SSL_OP_ALL);
++        // SSL_OP_NO_SSLv2 - Disable SSL v2 support
++        // SSL_OP_NO_SSLv3 - Disable SSL v3 support
++        SSL_CTX_set_options(*context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
+ 
+         // If renegotiation is needed, don't return from recv() or send() until it's successful.
+         // Note: this is for blocking sockets only.
diff --git a/debian/patches/series b/debian/patches/series
index 18b9e89..b207b0a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,5 @@
 no-unused-function.patch
 9105b69e1ded5b7d0d384d574103b0ee6bbb6122.patch
 cefb0ef38f050b73b2bf8211add55f3749753e0a.patch
+8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
+656f78711632a5dc37221422c99e3c4619bcc58f.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mongodb/pkg-mongodb.git

More information about the Pkg-mongodb-maintainers mailing list