[libfcgi-perl] 01/01: Imported Debian patch 0.71-1+squeeze1+deb6u1
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 25 13:06:21 UTC 2016
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch squeeze
in repository libfcgi-perl.
commit 96b0681a87ce4904cf71653bf331dcb41fb4988e
Author: Chris Lamb <lamby at debian.org>
Date: Thu Feb 25 10:25:44 2016 +0000
Imported Debian patch 0.71-1+squeeze1+deb6u1
---
debian/changelog | 7 ++++
debian/patches/cve-2012-6687.patch | 79 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 87 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index b5f34e9..a51f045 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libfcgi-perl (0.71-1+squeeze1+deb6u1) squeeze-lts; urgency=high
+
+ * CVE-2012-6687: Fix remote denial of service via a large number of
+ connections. (Closes: #815840)
+
+ -- Chris Lamb <lamby at debian.org> Thu, 25 Feb 2016 10:25:44 +0000
+
libfcgi-perl (0.71-1+squeeze1) stable-security; urgency=high
* Team upload
diff --git a/debian/patches/cve-2012-6687.patch b/debian/patches/cve-2012-6687.patch
new file mode 100644
index 0000000..1c1e7b6
--- /dev/null
+++ b/debian/patches/cve-2012-6687.patch
@@ -0,0 +1,79 @@
+--- libfcgi-perl-0.71.orig/os_unix.c
++++ libfcgi-perl-0.71/os_unix.c
+@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_uni
+ #include <sys/time.h>
+ #include <sys/un.h>
+ #include <signal.h>
++#include <poll.h>
+
+ #ifdef HAVE_NETDB_H
+ #include <netdb.h>
+@@ -103,6 +104,9 @@ static int volatile maxFd = -1;
+ static int shutdownPending = FALSE;
+ static int shutdownNow = FALSE;
+
++static int libfcgiOsClosePollTimeout = 2000;
++static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
++
+ void OS_ShutdownPending()
+ {
+ shutdownPending = TRUE;
+@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3])
+ if(libInitialized)
+ return 0;
+
++ char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
++ if(libfcgiOsClosePollTimeoutStr) {
++ libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
++ }
++
++ char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
++ if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
++ libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
++ }
++
+ asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
+ if(asyncIoTable == NULL) {
+ errno = ENOMEM;
+@@ -757,19 +771,16 @@ int OS_Close(int fd, int shutdown_ok)
+ {
+ if (shutdown(fd, 1) == 0)
+ {
+- struct timeval tv;
+- fd_set rfds;
++ struct pollfd pfd;
+ int rv;
+ char trash[1024];
+
+- FD_ZERO(&rfds);
++ pfd.fd = fd;
++ pfd.events = POLLIN;
+
+ do
+ {
+- FD_SET(fd, &rfds);
+- tv.tv_sec = 2;
+- tv.tv_usec = 0;
+- rv = select(fd + 1, &rfds, NULL, NULL, &tv);
++ rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
+ }
+ while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
+ }
+@@ -1119,13 +1130,11 @@ static int is_reasonable_accept_errno (c
+ */
+ static int is_af_unix_keeper(const int fd)
+ {
+- struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
+- fd_set read_fds;
+-
+- FD_ZERO(&read_fds);
+- FD_SET(fd, &read_fds);
++ struct pollfd pfd;
++ pfd.fd = fd;
++ pfd.events = POLLIN;
+
+- return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
++ return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
+ }
+
+ /*
diff --git a/debian/patches/series b/debian/patches/series
index a574581..c1f9c09 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
fix-pod-spelling.patch
cve-2011-2766.patch
+cve-2012-6687.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libfcgi-perl.git
More information about the Pkg-perl-cvs-commits
mailing list