diff options
author | spz <spz> | 2010-11-23 21:24:07 +0000 |
---|---|---|
committer | spz <spz> | 2010-11-23 21:24:07 +0000 |
commit | dad3b32e96458c2e439e9071f11f739d51173143 (patch) | |
tree | e2df28f8212e03f6178ac66d673dda6dbf5455e6 | |
parent | 4cdb04c8a43a28b4673cdc73b256dee65e772d55 (diff) | |
download | pkgsrc-dad3b32e96458c2e439e9071f11f739d51173143.tar.gz |
Pullup ticket 3281 - requested by tron
security fix
Revisions pulled up:
- pkgsrc/devel/libsmi/Makefile 1.17
- pkgsrc/devel/libsmi/distinfo 1.6
Files added:
pkgsrc/devel/libsmi/patches/patch-ae
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 23 11:30:50 UTC 2010
Modified Files:
pkgsrc/devel/libsmi: Makefile distinfo
Added Files:
pkgsrc/devel/libsmi/patches: patch-ae
Log Message:
Add fix for CVE-2010-2891 taken from Debian's GIT repository.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/libsmi/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/libsmi/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/libsmi/patches/patch-ae
-rw-r--r-- | devel/libsmi/Makefile | 3 | ||||
-rw-r--r-- | devel/libsmi/distinfo | 3 | ||||
-rw-r--r-- | devel/libsmi/patches/patch-ae | 25 |
3 files changed, 29 insertions, 2 deletions
diff --git a/devel/libsmi/Makefile b/devel/libsmi/Makefile index fdff8161019..aa3374100f4 100644 --- a/devel/libsmi/Makefile +++ b/devel/libsmi/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.16 2008/07/14 12:56:02 joerg Exp $ +# $NetBSD: Makefile,v 1.16.20.1 2010/11/23 21:24:07 spz Exp $ DISTNAME= libsmi-0.4.8 +PKGREVISION= 1 CATEGORIES= devel net MASTER_SITES= ftp://ftp.ibr.cs.tu-bs.de/pub/local/libsmi/ diff --git a/devel/libsmi/distinfo b/devel/libsmi/distinfo index d8bc3996427..d922e8ed350 100644 --- a/devel/libsmi/distinfo +++ b/devel/libsmi/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2008/07/13 22:26:13 tron Exp $ +$NetBSD: distinfo,v 1.5.20.1 2010/11/23 21:24:07 spz Exp $ SHA1 (libsmi-0.4.8.tar.gz) = 77c512ccbdd29667d152398b0dcde533aed57b49 RMD160 (libsmi-0.4.8.tar.gz) = 66fbe0e0128c4134cce386aaf754a48bb2d2580e @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 0daa795492391e52cce09db2334872838ea654f3 SHA1 (patch-ab) = 2ebd512bfa4e284eaf892a5437f0bf12ad3ff36c SHA1 (patch-ac) = e10b25773c6df404b74a2cd28bac06cbd6183983 SHA1 (patch-ad) = ca9376deac37b3c894f8d34e4b73473af49c7790 +SHA1 (patch-ae) = f8a56ba5ac896a02b09a6cd3139fd8284748324b diff --git a/devel/libsmi/patches/patch-ae b/devel/libsmi/patches/patch-ae new file mode 100644 index 00000000000..1ccd5a850f2 --- /dev/null +++ b/devel/libsmi/patches/patch-ae @@ -0,0 +1,25 @@ +$NetBSD: patch-ae,v 1.1.2.2 2010/11/23 21:24:08 spz Exp $ + +Fix for CVE-2010-2891 taken from here: + +http://git.debian.org/?p=collab-maint/libsmi.git;a=blob_plain;f=debian/patches/cve-2010-2891.patch;hb=1b460ead526610a66d032c75d191dd65bc5727f4 + +--- lib/smi.c.orig 2008-04-18 11:42:50.000000000 +0100 ++++ lib/smi.c 2010-11-23 11:27:28.000000000 +0000 +@@ -1314,10 +1314,15 @@ + } + + if (isdigit((int)node2[0])) { +- for (oidlen = 0, p = strtok(node2, ". "); p; ++ for (oidlen = 0, p = strtok(node2, ". "); ++ p && oidlen < sizeof(oid)/sizeof(oid[0]); + oidlen++, p = strtok(NULL, ". ")) { + oid[oidlen] = strtoul(p, NULL, 0); + } ++ if (p) { ++ /* the numeric OID is too long */ ++ return NULL; ++ } + nodePtr = getNode(oidlen, oid); + if (nodePtr) { + if (modulePtr) { |