diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2005-07-06 23:45:20 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2005-07-06 23:45:20 +0000 |
| commit | 056503e7e2a72bea12baba58732da858a48f7e71 (patch) | |
| tree | d8cafd5627fda6f1e257e9318f964930a887799f /sys-auth/nss_ldap/files | |
| parent | Marked ~amd64. (diff) | |
| download | gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.tar.gz gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.tar.bz2 gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.zip | |
Add patch for security problem in bug #96767.
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'sys-auth/nss_ldap/files')
| -rw-r--r-- | sys-auth/nss_ldap/files/digest-nss_ldap-226-r1 | 1 | ||||
| -rw-r--r-- | sys-auth/nss_ldap/files/digest-nss_ldap-239-r1 | 1 | ||||
| -rw-r--r-- | sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch | 42 |
3 files changed, 44 insertions, 0 deletions
diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-226-r1 b/sys-auth/nss_ldap/files/digest-nss_ldap-226-r1 new file mode 100644 index 000000000000..9fca9879a7ff --- /dev/null +++ b/sys-auth/nss_ldap/files/digest-nss_ldap-226-r1 @@ -0,0 +1 @@ +MD5 b741a705c112b8c51f6b32abe2540a5d nss_ldap-226.tar.gz 212923 diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-239-r1 b/sys-auth/nss_ldap/files/digest-nss_ldap-239-r1 new file mode 100644 index 000000000000..10acc3790dd7 --- /dev/null +++ b/sys-auth/nss_ldap/files/digest-nss_ldap-239-r1 @@ -0,0 +1 @@ +MD5 e30e3a3035e75933cd1a0acdeded1394 nss_ldap-239.tar.gz 222276 diff --git a/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch new file mode 100644 index 000000000000..1dbd8dc889a1 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch @@ -0,0 +1,42 @@ +--- ldap-nss.c 2004-09-28 03:20:11.000000000 +0100 ++++ ldap-nss.c.new 2005-07-04 01:32:12.000000000 +0100 +@@ -330,6 +330,39 @@ + + timelimit = __session.ls_config->ldc_bind_timelimit; + ++#ifdef HAVE_LDAP_START_TLS_S ++ if (__session.ls_config->ldc_ssl_on == SSL_START_TLS) ++ { ++ int version; ++ ++ if (ldap_get_option ++ (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION, ++ &version) == LDAP_OPT_SUCCESS) ++ { ++ if (version < LDAP_VERSION3) ++ { ++ version = LDAP_VERSION3; ++ ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION, ++ &version); ++ } ++ } ++ ++ debug ("==> start_tls"); ++ if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS) ++ { ++ debug ("TLS startup succeeded"); ++ } ++ else ++ { ++ debug ("TLS startup failed"); ++ do_close (); ++ debug ("<== do_open"); ++ return NSS_UNAVAIL; ++ } ++ debug ("<== start_tls"); ++ } ++#endif /* HAVE_LDAP_START_TLS_S */ ++ + return do_bind (ld, timelimit, who, cred, with_sasl); + } + #else |