diff options
| author | he <he@pkgsrc.org> | 2016-02-11 15:12:06 +0000 |
|---|---|---|
| committer | he <he@pkgsrc.org> | 2016-02-11 15:12:06 +0000 |
| commit | 54cfddf1b5137dee887a8d0f8fd175d4e074c58a (patch) | |
| tree | 29b0187c887d88feca44f2f175dc73ac7304ed8e /net | |
| parent | e2d155752f5b5a373ff52463690ffe832b3e5e01 (diff) | |
| download | pkgsrc-54cfddf1b5137dee887a8d0f8fd175d4e074c58a.tar.gz | |
Add fix for CVE-2015-5177, lifted from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795429
Bump PKGREVISION.
Diffstat (limited to 'net')
| -rw-r--r-- | net/openslp/Makefile | 4 | ||||
| -rw-r--r-- | net/openslp/distinfo | 3 | ||||
| -rw-r--r-- | net/openslp/patches/patch-slpd_slpd__knownda.c | 29 |
3 files changed, 33 insertions, 3 deletions
diff --git a/net/openslp/Makefile b/net/openslp/Makefile index 95ecc8f8dfb..68248595beb 100644 --- a/net/openslp/Makefile +++ b/net/openslp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.46 2016/01/10 06:49:33 richard Exp $ +# $NetBSD: Makefile,v 1.47 2016/02/11 15:12:06 he Exp $ DISTNAME= openslp-1.2.1 -PKGREVISION= 7 +PKGREVISION= 8 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openslp/} diff --git a/net/openslp/distinfo b/net/openslp/distinfo index 18941569971..2ed051eabe5 100644 --- a/net/openslp/distinfo +++ b/net/openslp/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.18 2015/11/04 00:35:18 agc Exp $ +$NetBSD: distinfo,v 1.19 2016/02/11 15:12:06 he Exp $ SHA1 (openslp-1.2.1.tar.gz) = 47ab19154084d2b467f09525f5351e9ab7193cf9 RMD160 (openslp-1.2.1.tar.gz) = a31d516ba784ad893a740946082fe5e0f15a37ea @@ -14,3 +14,4 @@ SHA1 (patch-aj) = 8e1d32772cf59a938a4d9d9d0957d223f4ea6c06 SHA1 (patch-ak) = e64ede590e4af9d8951177b68c4bbf1b56ebdfae SHA1 (patch-al) = 19fa24e2ac362c3e45413826cd139ced984e8adc SHA1 (patch-am) = 7b8a47f0998202aab9c82278a2c405584eb3fea4 +SHA1 (patch-slpd_slpd__knownda.c) = c01286e4dfedc2112272405934cbe4097f90fd07 diff --git a/net/openslp/patches/patch-slpd_slpd__knownda.c b/net/openslp/patches/patch-slpd_slpd__knownda.c new file mode 100644 index 00000000000..167a149f5d2 --- /dev/null +++ b/net/openslp/patches/patch-slpd_slpd__knownda.c @@ -0,0 +1,29 @@ +$NetBSD: patch-slpd_slpd__knownda.c,v 1.1 2016/02/11 15:12:06 he Exp $ + +Add fix for CVE-2015-5177, lifted from +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795429 + +--- slpd/slpd_knownda.c.orig 2005-02-08 05:34:31.000000000 +0000 ++++ slpd/slpd_knownda.c +@@ -823,15 +823,15 @@ int SLPDKnownDAAdd(SLPMessage msg, SLPBu + */ + SLPDLogDAAdvertisement("Removed",entry); + } ++ /* If we are here, we need to cleanup the message descriptor and the */ ++ /* message buffer because they were not added to the database and not */ ++ /* cleaning them up would result in a memory leak */ ++ /* We also need to make sure the Database handle is closed. */ ++ SLPMessageFree(msg); ++ SLPBufferFree(buf); + } + + CLEANUP: +- /* If we are here, we need to cleanup the message descriptor and the */ +- /* message buffer because they were not added to the database and not */ +- /* cleaning them up would result in a memory leak */ +- /* We also need to make sure the Database handle is closed. */ +- SLPMessageFree(msg); +- SLPBufferFree(buf); + if (dh) SLPDatabaseClose(dh); + + return result; |