diff options
| author | tron <tron> | 2010-11-23 11:30:50 +0000 |
|---|---|---|
| committer | tron <tron> | 2010-11-23 11:30:50 +0000 |
| commit | 4558188943abf389c9912f47f17d7a7bc0d6ec66 (patch) | |
| tree | 9537bbe0b4b246c65b4eb5e5d534d4e9f55827fd /devel | |
| parent | 5524608559c76613f30bc5989506fe87a4022ecc (diff) | |
| download | pkgsrc-4558188943abf389c9912f47f17d7a7bc0d6ec66.tar.gz | |
Add fix for CVE-2010-2891 taken from Debian's GIT repository.
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/libsmi/Makefile | 3 | ||||
| -rw-r--r-- | devel/libsmi/distinfo | 3 | ||||
| -rw-r--r-- | devel/libsmi/patches/patch-ae | 25 |
3 files changed, 29 insertions, 2 deletions
diff --git a/devel/libsmi/Makefile b/devel/libsmi/Makefile index fdff8161019..be17ce90c88 100644 --- a/devel/libsmi/Makefile +++ b/devel/libsmi/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.16 2008/07/14 12:56:02 joerg Exp $ +# $NetBSD: Makefile,v 1.17 2010/11/23 11:30:50 tron Exp $ DISTNAME= libsmi-0.4.8 +PKGREVISION= 1 CATEGORIES= devel net MASTER_SITES= ftp://ftp.ibr.cs.tu-bs.de/pub/local/libsmi/ diff --git a/devel/libsmi/distinfo b/devel/libsmi/distinfo index d8bc3996427..1ed224af94c 100644 --- a/devel/libsmi/distinfo +++ b/devel/libsmi/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2008/07/13 22:26:13 tron Exp $ +$NetBSD: distinfo,v 1.6 2010/11/23 11:30:50 tron Exp $ SHA1 (libsmi-0.4.8.tar.gz) = 77c512ccbdd29667d152398b0dcde533aed57b49 RMD160 (libsmi-0.4.8.tar.gz) = 66fbe0e0128c4134cce386aaf754a48bb2d2580e @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 0daa795492391e52cce09db2334872838ea654f3 SHA1 (patch-ab) = 2ebd512bfa4e284eaf892a5437f0bf12ad3ff36c SHA1 (patch-ac) = e10b25773c6df404b74a2cd28bac06cbd6183983 SHA1 (patch-ad) = ca9376deac37b3c894f8d34e4b73473af49c7790 +SHA1 (patch-ae) = f8a56ba5ac896a02b09a6cd3139fd8284748324b diff --git a/devel/libsmi/patches/patch-ae b/devel/libsmi/patches/patch-ae new file mode 100644 index 00000000000..2fe9dedbb99 --- /dev/null +++ b/devel/libsmi/patches/patch-ae @@ -0,0 +1,25 @@ +$NetBSD: patch-ae,v 1.1 2010/11/23 11:30:50 tron Exp $ + +Fix for CVE-2010-2891 taken from here: + +http://git.debian.org/?p=collab-maint/libsmi.git;a=blob_plain;f=debian/patches/cve-2010-2891.patch;hb=1b460ead526610a66d032c75d191dd65bc5727f4 + +--- lib/smi.c.orig 2008-04-18 11:42:50.000000000 +0100 ++++ lib/smi.c 2010-11-23 11:27:28.000000000 +0000 +@@ -1314,10 +1314,15 @@ + } + + if (isdigit((int)node2[0])) { +- for (oidlen = 0, p = strtok(node2, ". "); p; ++ for (oidlen = 0, p = strtok(node2, ". "); ++ p && oidlen < sizeof(oid)/sizeof(oid[0]); + oidlen++, p = strtok(NULL, ". ")) { + oid[oidlen] = strtoul(p, NULL, 0); + } ++ if (p) { ++ /* the numeric OID is too long */ ++ return NULL; ++ } + nodePtr = getNode(oidlen, oid); + if (nodePtr) { + if (modulePtr) { |