diff options
| author | salo <salo@pkgsrc.org> | 2005-05-27 14:02:23 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2005-05-27 14:02:23 +0000 |
| commit | 0308b52a859acb55a84d3cb19bf1bd173b66273d (patch) | |
| tree | b96976c15ee0f5995337f651bf19b59484626154 | |
| parent | 24e5cab27c1d582735360d9f8a269bd2f194d425 (diff) | |
| download | pkgsrc-0308b52a859acb55a84d3cb19bf1bd173b66273d.tar.gz | |
Pullup ticket 513 - requested by Matthias Scheler
security fix for net-snmp
Revisions pulled up:
- pkgsrc/net/net-snmp/Makefile patched by hand
- pkgsrc/net/net-snmp/buildlink3.mk patched by hand
- pkgsrc/net/net-snmp/distinfo patched by hand
- pkgsrc/net/net-snmp/patches/patch-ab 1.5
Module Name: pkgsrc
Committed By: tron
Date: Wed May 25 13:49:10 UTC 2005
Modified Files:
pkgsrc/net/net-snmp: Makefile distinfo
Added Files:
pkgsrc/net/net-snmp/patches: patch-ab
Log Message:
Replace "fixproc" script with version from "net-snmp" CVS respository.
This fixes the security problem documented in SA15471. Bump package
revision because of this change.
| -rw-r--r-- | net/net-snmp/Makefile | 4 | ||||
| -rw-r--r-- | net/net-snmp/buildlink3.mk | 4 | ||||
| -rw-r--r-- | net/net-snmp/distinfo | 3 | ||||
| -rw-r--r-- | net/net-snmp/patches/patch-ab | 180 |
4 files changed, 186 insertions, 5 deletions
diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile index 3106819b4c4..f063034ec0e 100644 --- a/net/net-snmp/Makefile +++ b/net/net-snmp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.27 2004/12/28 02:47:47 reed Exp $ +# $NetBSD: Makefile,v 1.27.2.1 2005/05/27 14:02:23 salo Exp $ DISTNAME= net-snmp-5.1.2 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=net-snmp/} \ ftp://ftp.net-smnp.org/pub/sourceforge/net-snmp/ diff --git a/net/net-snmp/buildlink3.mk b/net/net-snmp/buildlink3.mk index c018ff3945e..1c94cf810ff 100644 --- a/net/net-snmp/buildlink3.mk +++ b/net/net-snmp/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.3 2004/11/05 10:33:07 seb Exp $ +# $NetBSD: buildlink3.mk,v 1.3.4.1 2005/05/27 14:02:23 salo Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ NET_SNMP_BUILDLINK3_MK:= ${NET_SNMP_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= net-snmp .if !empty(NET_SNMP_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.net-snmp+= net-snmp>=5.0.9nb3 -BUILDLINK_RECOMMENDED.net-snmp+= net-snmp>=5.1.2nb2 +BUILDLINK_RECOMMENDED.net-snmp+= net-snmp>=5.1.2nb4 BUILDLINK_PKGSRCDIR.net-snmp?= ../../net/net-snmp .endif # NET_SNMP_BUILDLINK3_MK diff --git a/net/net-snmp/distinfo b/net/net-snmp/distinfo index 1351ce26c3e..d6424caf439 100644 --- a/net/net-snmp/distinfo +++ b/net/net-snmp/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.13 2005/02/24 12:13:54 agc Exp $ +$NetBSD: distinfo,v 1.13.2.1 2005/05/27 14:02:23 salo Exp $ SHA1 (net-snmp-5.1.2.tar.gz) = cf82a86d1b44408890cabe471181b62049cb11d0 RMD160 (net-snmp-5.1.2.tar.gz) = e5d50e22dbf59ee75e236abb7359e95d4fc4b6f2 Size (net-snmp-5.1.2.tar.gz) = 3253579 bytes SHA1 (patch-aa) = df9bcea942743e9bcd843724612b7d82ea364eca +SHA1 (patch-ab) = 7e0fc7f52e3947d589bed850e847bd89e8daec1d SHA1 (patch-ac) = 43dbf5519feac2a13b893f659090fa24de773ee8 SHA1 (patch-ad) = 522872c90ac1e442dafb1d210af6e978ac741ce9 SHA1 (patch-ae) = 122cd63fcdfa01e94083a9f635c3c46d364a0237 diff --git a/net/net-snmp/patches/patch-ab b/net/net-snmp/patches/patch-ab new file mode 100644 index 00000000000..9c22ae140b8 --- /dev/null +++ b/net/net-snmp/patches/patch-ab @@ -0,0 +1,180 @@ +$NetBSD: patch-ab,v 1.4.6.1 2005/05/27 14:02:23 salo Exp $ + +--- local/fixproc.orig 2002-04-20 08:30:13.000000000 +0100 ++++ local/fixproc 2005-05-25 14:36:18.000000000 +0100 +@@ -129,6 +129,8 @@ + # + # Timothy Kong 3/1995 + ++use File::Temp qw(tempfile); ++ + $database_file = '/local/etc/fixproc.conf'; + + $debug = 0; # specify debug level using -dN +@@ -191,20 +193,19 @@ + sub create_sh_script + { + local ($file) = pop (@_); ++ local ($fh) = pop (@_); + local ($i) = pop (@_); + +- printf (stderr "create_sh_script\n") if ($debug > 0); ++ printf (STDERR "create_sh_script\n") if ($debug > 0); + + $! = $fixproc_error; +- open (file, ">"."$file") || die "$0: cannot open $file\n"; + while ( $shell_lines[$i] ne $shell_end_marker ) + { +- printf (file "%s", $shell_lines[$i]); ++ printf ($fh "%s", $shell_lines[$i]); + $i++; + } +- close (file); +- system "chmod +x $file"; +- return file; ++ close ($fh); ++ chmod 0755, $file; + } + + +@@ -212,7 +213,7 @@ + { + local ($proc) = pop(@_); + +- printf (stderr "do_fix\n") if ($debug > 0); ++ printf (STDERR "do_fix\n") if ($debug > 0); + + if ($fix{$proc} eq '') + { +@@ -230,14 +231,13 @@ + else + { + # it must be "shell", so execute the shell script defined in database ++ local ($tmpfh, $tmpfile) = tempfile("fix_XXXXXXXX", DIR => "/tmp"); + +- local ($tmpfile) = "/tmp/fix_$$"; +- +- &create_sh_script ($fix{$proc}, $tmpfile); ++ &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile); + + # return code is number divided by 256 + $error_code = (system "$tmpfile") / 256; +- system "rm $tmpfile"; ++ unlink($tmpfile); + return ($fix_failed_error) if ($error_code != 0); + # sleep needed here? + return &do_exist ($proc); +@@ -249,7 +249,7 @@ + { + local ($proc) = pop(@_); + +- printf (stderr "do_check\n") if ($debug > 0); ++ printf (STDERR "do_check\n") if ($debug > 0); + + if ($check{$proc} eq '') + { +@@ -262,13 +262,13 @@ + # if not "exist", then it must be "shell", so execute the shell script + # defined in database + +- local ($tmpfile) = "/tmp/check_$$"; ++ local ($tmpfh, $tmpfile) = tempfile("check_XXXXXXXX", DIR => "/tmp"); + +- &create_sh_script ($check{$proc}, $tmpfile); ++ &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile); + + # return code is number divided by 256 + $error_code = (system "$tmpfile") / 256; +- system "rm $tmpfile"; ++ unlink($tmpfile); + return ($check_failed_error) if ($error_code != 0); + + # check passed, continue +@@ -281,13 +281,13 @@ + { + local ($proc) = pop(@_); + +- printf (stderr "do_exist\n") if ($debug > 0); ++ printf (STDERR "do_exist\n") if ($debug > 0); + + # do ps, check to see if min <= no. of processes <= max + $! = $fixproc_error; +- open (command, "/bin/ps -e | /bin/grep $proc | /bin/wc -l |") ++ open (COMMAND, "/bin/ps -e | /bin/grep $proc | /bin/wc -l |") + || die "$0: can't run ps-grep-wc command\n"; +- $proc_count = <command>; ++ $proc_count = <COMMAND>; + if (($proc_count < $min{$proc}) || ($proc_count > $max{$proc})) + { + return $check_failed_error; +@@ -301,13 +301,13 @@ + local ($proc) = pop(@_); + local ($second_kill_needed); + +- printf (stderr "do_kill\n") if ($debug > 0); ++ printf (STDERR "do_kill\n") if ($debug > 0); + + # first try kill + $! = $fixproc_error; +- open (command, "/bin/ps -e | /bin/grep $proc |") ++ open (COMMAND, "/bin/ps -e | /bin/grep $proc |") + || die "$0: can't run ps-grep-awk command\n"; +- while (<command>) ++ while (<COMMAND>) + { + # match the first field of ps -e + $! = $fixproc_error; +@@ -318,10 +318,10 @@ + # if process still exist, try kill -9 + sleep 2; + $! = $fixproc_error; +- open (command, "/bin/ps -e | /bin/grep $proc |") ++ open (COMMAND, "/bin/ps -e | /bin/grep $proc |") + || die "$0: can't run ps-grep-awk command\n"; + $second_kill_needed = 0; +- while (<command>) ++ while (<COMMAND>) + { + # match the first field of ps -e + $! = $fixproc_error; +@@ -334,9 +334,9 @@ + # see if kill -9 worked + sleep 2; + $! = $fixproc_error; +- open (command, "/bin/ps -e | /bin/grep $proc |") ++ open (COMMAND, "/bin/ps -e | /bin/grep $proc |") + || die "$0: can't run ps-grep-awk command\n"; +- while (<command>) ++ while (<COMMAND>) + { # a process still exist, return error + return $cannot_kill_error; + } +@@ -349,7 +349,7 @@ + local ($proc) = pop(@_); + local ($error_code); + +- printf (stderr "do_restart\n") if ($debug > 0); ++ printf (STDERR "do_restart\n") if ($debug > 0); + + $error_code = &do_kill ($proc); + return $error_code if ($error_code != $no_error); +@@ -369,7 +369,7 @@ + local ($proc) = pop(@_); + local ($error_code); + +- printf (stderr "work_on_proc\n") if ($debug > 0); ++ printf (STDERR "work_on_proc\n") if ($debug > 0); + + if ($cmd_line_action eq '') + { +@@ -475,8 +475,8 @@ + local ($str2); + + $! = $fixproc_error; +- open (db, $database_file) || die 'cannot open database file $database_file\n'; +- while (<db>) ++ open (DB, $database_file) || die 'cannot open database file $database_file\n'; ++ while (<DB>) + { + if ((! /\S/) || (/^[ \t]*#.*$/)) + { |