[Pkg-voip-commits] r9982 - in /gnugk/trunk/debian: changelog patches/gnugk-fix-cve-2012-3534.diff patches/series

msp at alioth.debian.org msp at alioth.debian.org
Mon Oct 1 02:39:59 UTC 2012 

Author: msp
Date: Mon Oct  1 02:39:58 2012
New Revision: 9982

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=9982
Log:
* Actually apply the correct patch (Closes: #685969)
  - Fixies "CVE-2012-3534"

Modified:
    gnugk/trunk/debian/changelog
    gnugk/trunk/debian/patches/gnugk-fix-cve-2012-3534.diff
    gnugk/trunk/debian/patches/series

Modified: gnugk/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/gnugk/trunk/debian/changelog?rev=9982&op=diff
==============================================================================
--- gnugk/trunk/debian/changelog (original)
+++ gnugk/trunk/debian/changelog Mon Oct  1 02:39:58 2012
@@ -1,3 +1,10 @@
+gnugk (2:3.0.2-3) UNRELEASED; urgency=medium
+
+  * Actually apply the correct patch (Closes: #685969)
+    - Fixies "CVE-2012-3534"
+
+ -- Mark Purcell <msp at debian.org>  Mon, 01 Oct 2012 12:28:26 +1000
+
 gnugk (2:3.0.2-2) unstable; urgency=medium
 
   * Fix "CVE-2012-3534" Added gnugk-fix-cve-2012-3534.diff (Closes: #685969)

Modified: gnugk/trunk/debian/patches/gnugk-fix-cve-2012-3534.diff
URL: http://svn.debian.org/wsvn/pkg-voip/gnugk/trunk/debian/patches/gnugk-fix-cve-2012-3534.diff?rev=9982&op=diff
==============================================================================
--- gnugk/trunk/debian/patches/gnugk-fix-cve-2012-3534.diff (original)
+++ gnugk/trunk/debian/patches/gnugk-fix-cve-2012-3534.diff Mon Oct  1 02:39:58 2012
@@ -1,24 +1,36 @@
-http://sourceforge.net/mailarchive/forum.php?thread_name=From_willamowius%40users.sourceforge.net_Wed_Aug_15_07%3A08%3A15_2012&forum_name=openh323gk-cvs
-Modified Files:
-	changes.txt GkStatus.cxx GkStatus.h 
-Log Message:
-new switch [Gatekeeper::Main] MaxStatusClients= to limit number of status port connections
-
+Description: CVE-2012-3534 GNU Gatekeeper before 3.1 does not limit the number
+ of connections to the status port, which allows remote attackers to cause a
+ denial of service (connection and thread consumption) via a large number of
+ connections.
+ .
+ Upstream Fix: new switch [Gatekeeper::Main] MaxStatusClients= to limit number of status port connections
+Origin: http://openh323gk.cvs.sourceforge.net/viewvc/openh323gk/openh323gk/GkStatus.cxx?r1=1.132&r2=1.134
+Origin: http://openh323gk.cvs.sourceforge.net/viewvc/openh323gk/openh323gk/GkStatus.h?r1=1.42&r2=1.43
+Bug-Debian: http://bugs.debian.org/685969
+Applied-Upstream: 3.1
 
 Index: gnugk-3.0.2/GkStatus.cxx
 ===================================================================
 --- gnugk-3.0.2.orig/GkStatus.cxx	2011-11-28 23:33:40.000000000 +1100
 +++ gnugk-3.0.2/GkStatus.cxx	2012-09-30 08:40:52.000000000 +1000
-@@ -107,8 +107,6 @@
+@@ -107,7 +107,7 @@
  		int instanceNo
  		);
  		
 -	virtual ~StatusClient() {}
--
++	virtual ~StatusClient();
+ 
  	virtual bool ReadCommand(
  		/// command that has been read (if ReadCommand succeeded)
- 		PString& cmd,
-@@ -817,12 +815,13 @@
+@@ -369,6 +369,7 @@
+ 		ssh_bind_free(sshbind);
+ 	}
+ 	ssh_finalize();
++	GkStatus::Instance()->StatusClientDeleted();
+ }
+ 
+ #ifdef LARGE_FDSET
+@@ -823,12 +824,14 @@
  #endif
  
  	SetName("GkStatus");
@@ -30,20 +42,22 @@
  void GkStatus::AuthenticateClient(StatusClient* newClient)
  {
 -	if (newClient->Authenticate()) {
++	if ((m_statusClients++ < m_maxStatusClients) && (newClient->Authenticate())) {
  		newClient->SetTraceLevel(GkConfig()->GetInteger("StatusTraceLevel", MAX_STATUS_TRACE_LEVEL));
  		PTRACE(1, "STATUS\tNew client authenticated successfully: " << newClient->WhoAmI()
  			<< ", login: " << newClient->GetUser()
-@@ -832,9 +831,6 @@
+@@ -838,9 +841,7 @@
  		newClient->Flush();
  		AddSocket(newClient);
  	} else {
 -		PTRACE(3, "STATUS\tNew client rejected: " << newClient->WhoAmI()
 -			<< ", login: " << newClient->GetUser()
 -			);
++		PTRACE(3, "STATUS\tNew client rejected: " << newClient->WhoAmI() << ", login: " << newClient->GetUser());
  		newClient->WriteString("\r\nAccess forbidden!\r\n");
  		// newClient->Flush();	// dont' flush when access is denied to avoid blocking
  		delete newClient;
-@@ -1127,6 +1123,11 @@
+@@ -1134,6 +1135,11 @@
  	m_isFilteringActive = Toolkit::AsBool(GkConfig()->GetString(filteringsec, "Enable", "0"));
  }
  
@@ -51,7 +65,7 @@
 +{
 +	GkStatus::Instance()->StatusClientDeleted();
 +}
-+ 
++
  bool StatusClient::ReadCommand(
  	/// command that has been read (if ReadCommand succeeded)
  	PString& cmd,
@@ -63,22 +77,23 @@
  		StatusClient* requestingClient
  		);
  
-+	/** Notification form the status client that it has been deleted
++	/** Notification from the status client that it has been deleted
 +	*/
 +	void StatusClientDeleted() { --m_statusClients; }
 + 
  	/** Print a list of all connected status interface users
  		to the requesting client.
  	*/
-@@ -166,7 +170,6 @@
+@@ -166,7 +172,7 @@
  		PStringArray& args
  		);
  
 -private:
++protected:
  	// override from class RegularJob
  	virtual void OnStart();
  
-@@ -176,6 +179,9 @@
+@@ -177,6 +182,9 @@
  
  	/// map for fast (and easy) 'parsing' the commands from the user
  	std::map<PString, int> m_commands;

Modified: gnugk/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/gnugk/trunk/debian/patches/series?rev=9982&op=diff
==============================================================================
--- gnugk/trunk/debian/patches/series (original)
+++ gnugk/trunk/debian/patches/series Mon Oct  1 02:39:58 2012
@@ -1,1 +1,1 @@
-#gnugk-fix-cve-2012-3534.diff
+gnugk-fix-cve-2012-3534.diff

More information about the Pkg-voip-commits mailing list