From owner-svn-ports-all@FreeBSD.ORG  Tue Sep  4 11:54:31 2012
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B199E106566B;
	Tue,  4 Sep 2012 11:54:31 +0000 (UTC) (envelope-from rea@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 8483D8FC12;
	Tue,  4 Sep 2012 11:54:31 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q84BsV4r049830;
	Tue, 4 Sep 2012 11:54:31 GMT (envelope-from rea@svn.freebsd.org)
Received: (from rea@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q84BsVVN049827;
	Tue, 4 Sep 2012 11:54:31 GMT (envelope-from rea@svn.freebsd.org)
Message-Id: <201209041154.q84BsVVN049827@svn.freebsd.org>
From: Eygene Ryabinkin <rea@FreeBSD.org>
Date: Tue, 4 Sep 2012 11:54:31 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
	svn-ports-head@freebsd.org
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r303651 - in head/net-im/jabberd: . files
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
	<mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
	<mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Sep 2012 11:54:31 -0000

Author: rea
Date: Tue Sep  4 11:54:30 2012
New Revision: 303651
URL: http://svn.freebsd.org/changeset/ports/303651

Log:
  net-im/jabberd: fix CVE-2012-3525
  
  PR:		ports/170894
  Approved by:	maintainer timeout (2 weeks)
  Security:	http://www.vuxml.org/freebsd/4d1d2f6d-ec94-11e1-8bd8-0022156e8794.html
  QA page:	http://codelabs.ru/fbsd/ports/qa/net-im/jabberd/2.2.16_2

Added:
  head/net-im/jabberd/files/patch-cve-2012-3525   (contents, props changed)
Modified:
  head/net-im/jabberd/Makefile

Modified: head/net-im/jabberd/Makefile
==============================================================================
--- head/net-im/jabberd/Makefile	Tue Sep  4 10:56:26 2012	(r303650)
+++ head/net-im/jabberd/Makefile	Tue Sep  4 11:54:30 2012	(r303651)
@@ -7,7 +7,7 @@
 
 PORTNAME=	jabberd
 PORTVERSION=	2.2.16
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net-im
 MASTER_SITES=	http://cloud.github.com/downloads/Jabberd2/jabberd2/
 DIST_SUBDIR=	jabber

Added: head/net-im/jabberd/files/patch-cve-2012-3525
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net-im/jabberd/files/patch-cve-2012-3525	Tue Sep  4 11:54:30 2012	(r303651)
@@ -0,0 +1,25 @@
+Fixes CVE-2012-3525
+
+Obtained-from: https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.diff
+diff --git a/s2s/out.c b/s2s/out.c
+index 0ed9b30..7b9f44f 100644
+--- s2s/out.c
++++ s2s/out.c
+@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) {
+     rkeylen = strlen(rkey);
+ 
+     /* key is valid */
+-    if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
++    if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
+         log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : "");
+ 
+         xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID);    /* !!! small leak here */
+@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) {
+     rkey = s2s_route_key(NULL, to->domain, from->domain);
+ 
+     attr = nad_find_attr(nad, 0, -1, "type", "valid");
+-    if(attr >= 0) {
++    if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
+         xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
+         log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : "");
+         valid = 1;