diff options
author | spz <spz@pkgsrc.org> | 2017-04-08 17:34:36 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2017-04-08 17:34:36 +0000 |
commit | 478b433a140447c604a46fd796cec6dd2606a7b9 (patch) | |
tree | 6decb29d5d2a64eb10f24f9d92cb94ea32647620 /sysutils | |
parent | f7540da0a8e7449dbf8d9054c37ae9b86fb7f8a6 (diff) | |
download | pkgsrc-478b433a140447c604a46fd796cec6dd2606a7b9.tar.gz |
Pullup ticket #5246 - requested by sevan
sysutils/collectd: security update
Revisions pulled up:
- sysutils/collectd/Makefile 1.21
- sysutils/collectd/distinfo 1.35
- sysutils/collectd/patches/patch-src_network.c 1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: fhajny
Date: Thu Apr 6 09:12:02 UTC 2017
Modified Files:
pkgsrc/sysutils/collectd: Makefile distinfo
Added Files:
pkgsrc/sysutils/collectd/patches: patch-src_network.c
Log Message:
Backport fix for CVE-2017-7401. Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/sysutils/collectd/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/collectd/distinfo
cvs rdiff -u -r0 -r1.5 pkgsrc/sysutils/collectd/patches/patch-src_network.c
Diffstat (limited to 'sysutils')
-rw-r--r-- | sysutils/collectd/Makefile | 3 | ||||
-rw-r--r-- | sysutils/collectd/distinfo | 3 | ||||
-rw-r--r-- | sysutils/collectd/patches/patch-src_network.c | 41 |
3 files changed, 45 insertions, 2 deletions
diff --git a/sysutils/collectd/Makefile b/sysutils/collectd/Makefile index 552fae105ad..75847ad6fca 100644 --- a/sysutils/collectd/Makefile +++ b/sysutils/collectd/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.20 2017/01/25 14:10:18 fhajny Exp $ +# $NetBSD: Makefile,v 1.20.2.1 2017/04/08 17:34:36 spz Exp $ .include "../../sysutils/collectd/Makefile.common" +PKGREVISION= 1 COMMENT= Statistics collection daemon base RCD_SCRIPTS= collectd diff --git a/sysutils/collectd/distinfo b/sysutils/collectd/distinfo index ace6efa62e2..23d376d6bc2 100644 --- a/sysutils/collectd/distinfo +++ b/sysutils/collectd/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2017/02/14 21:23:13 joerg Exp $ +$NetBSD: distinfo,v 1.34.2.1 2017/04/08 17:34:36 spz Exp $ SHA1 (collectd-5.7.1.tar.bz2) = bc77d2493b26e5c38e167a8a44fedfe287742c09 RMD160 (collectd-5.7.1.tar.bz2) = f743ebb21313ac0bae6a3ba78456e5c16f0d15cc @@ -17,6 +17,7 @@ SHA1 (patch-src_irq.c) = 78f1757ff2ed6db9fb1d0e773c2a01eb190d53a0 SHA1 (patch-src_libcollectclient_network__buffer.c) = 62924943831e6d0585b103e567888f9af5c46f9e SHA1 (patch-src_memory.c) = 2934cd50e454fc14d0ec952854c88b0a830fa9a7 SHA1 (patch-src_netstat__udp.c) = 30cb12d25f56c60959658dbd181783212e00cc61 +SHA1 (patch-src_network.c) = 38a537d4b5deef2162bb06c672f936a8aa443daf SHA1 (patch-src_processes.c) = 1a75fdaa42f37eef1a968d299c3549e640fb68b2 SHA1 (patch-src_statsd.c) = 35f4349d2d2c9bddc0f4770344f969157cd012f6 SHA1 (patch-src_swap.c) = 24da6e04e3006639311e8111f26f72e4fab4054a diff --git a/sysutils/collectd/patches/patch-src_network.c b/sysutils/collectd/patches/patch-src_network.c new file mode 100644 index 00000000000..500a15f59bb --- /dev/null +++ b/sysutils/collectd/patches/patch-src_network.c @@ -0,0 +1,41 @@ +$NetBSD: patch-src_network.c,v 1.5.2.2 2017/04/08 17:34:36 spz Exp $ + +Backport fix for CVE-2017-7401. +https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211 + +--- src/network.c.orig 2017-01-23 07:53:57.716449156 +0000 ++++ src/network.c +@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(socken + buffer_len = *ret_buffer_len; + buffer_offset = 0; + +- if (se->data.server.userdb == NULL) { +- c_complain( +- LOG_NOTICE, &complain_no_users, +- "network plugin: Received signed network packet but can't verify it " +- "because no user DB has been configured. Will accept it."); +- return (0); +- } +- + /* Check if the buffer has enough data for this structure. */ + if (buffer_len <= PART_SIGNATURE_SHA256_SIZE) + return (-ENOMEM); +@@ -1027,6 +1019,18 @@ static int parse_part_sign_sha256(socken + return (-1); + } + ++ if (se->data.server.userdb == NULL) { ++ c_complain( ++ LOG_NOTICE, &complain_no_users, ++ "network plugin: Received signed network packet but can't verify it " ++ "because no user DB has been configured. Will accept it."); ++ ++ *ret_buffer = buffer + pss_head_length; ++ *ret_buffer_len -= pss_head_length; ++ ++ return (0); ++ } ++ + /* Copy the hash. */ + BUFFER_READ(pss.hash, sizeof(pss.hash)); + |