Pullup ticket #5246 - requested by sevan

sysutils/collectd: security update

Revisions pulled up:
- sysutils/collectd/Makefile                                    1.21
- sysutils/collectd/distinfo                                    1.35
- sysutils/collectd/patches/patch-src_network.c                 1.5

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Thu Apr  6 09:12:02 UTC 2017

   Modified Files:
           pkgsrc/sysutils/collectd: Makefile distinfo
   Added Files:
           pkgsrc/sysutils/collectd/patches: patch-src_network.c

   Log Message:
   Backport fix for CVE-2017-7401. Bump PKGREVISION.


   To generate a diff of this commit:
   cvs rdiff -u -r1.20 -r1.21 pkgsrc/sysutils/collectd/Makefile
   cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/collectd/distinfo
   cvs rdiff -u -r0 -r1.5 pkgsrc/sysutils/collectd/patches/patch-src_network.c

3 files changed, 45 insertions, 2 deletions

diff --git a/sysutils/collectd/Makefile b/sysutils/collectd/Makefile
index 552fae105ad..75847ad6fca 100644
--- a/sysutils/collectd/Makefile
+++ b/sysutils/collectd/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.20 2017/01/25 14:10:18 fhajny Exp $
+# $NetBSD: Makefile,v 1.20.2.1 2017/04/08 17:34:36 spz Exp $
 
 .include "../../sysutils/collectd/Makefile.common"
 
+PKGREVISION=	1
 COMMENT=	Statistics collection daemon base
 
 RCD_SCRIPTS=	collectd
diff --git a/sysutils/collectd/distinfo b/sysutils/collectd/distinfo
index ace6efa62e2..23d376d6bc2 100644
--- a/sysutils/collectd/distinfo
+++ b/sysutils/collectd/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2017/02/14 21:23:13 joerg Exp $
+$NetBSD: distinfo,v 1.34.2.1 2017/04/08 17:34:36 spz Exp $
 
 SHA1 (collectd-5.7.1.tar.bz2) = bc77d2493b26e5c38e167a8a44fedfe287742c09
 RMD160 (collectd-5.7.1.tar.bz2) = f743ebb21313ac0bae6a3ba78456e5c16f0d15cc
@@ -17,6 +17,7 @@ SHA1 (patch-src_irq.c) = 78f1757ff2ed6db9fb1d0e773c2a01eb190d53a0
 SHA1 (patch-src_libcollectclient_network__buffer.c) = 62924943831e6d0585b103e567888f9af5c46f9e
 SHA1 (patch-src_memory.c) = 2934cd50e454fc14d0ec952854c88b0a830fa9a7
 SHA1 (patch-src_netstat__udp.c) = 30cb12d25f56c60959658dbd181783212e00cc61
+SHA1 (patch-src_network.c) = 38a537d4b5deef2162bb06c672f936a8aa443daf
 SHA1 (patch-src_processes.c) = 1a75fdaa42f37eef1a968d299c3549e640fb68b2
 SHA1 (patch-src_statsd.c) = 35f4349d2d2c9bddc0f4770344f969157cd012f6
 SHA1 (patch-src_swap.c) = 24da6e04e3006639311e8111f26f72e4fab4054a
diff --git a/sysutils/collectd/patches/patch-src_network.c b/sysutils/collectd/patches/patch-src_network.c
new file mode 100644
index 00000000000..500a15f59bb
--- /dev/null
+++ b/sysutils/collectd/patches/patch-src_network.c
@@ -0,0 +1,41 @@
+$NetBSD: patch-src_network.c,v 1.5.2.2 2017/04/08 17:34:36 spz Exp $
+
+Backport fix for CVE-2017-7401.
+https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211
+
+--- src/network.c.orig	2017-01-23 07:53:57.716449156 +0000
++++ src/network.c
+@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(socken
+   buffer_len = *ret_buffer_len;
+   buffer_offset = 0;
+ 
+-  if (se->data.server.userdb == NULL) {
+-    c_complain(
+-        LOG_NOTICE, &complain_no_users,
+-        "network plugin: Received signed network packet but can't verify it "
+-        "because no user DB has been configured. Will accept it.");
+-    return (0);
+-  }
+-
+   /* Check if the buffer has enough data for this structure. */
+   if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
+     return (-ENOMEM);
+@@ -1027,6 +1019,18 @@ static int parse_part_sign_sha256(socken
+     return (-1);
+   }
+ 
++  if (se->data.server.userdb == NULL) {
++    c_complain(
++        LOG_NOTICE, &complain_no_users,
++        "network plugin: Received signed network packet but can't verify it "
++        "because no user DB has been configured. Will accept it.");
++
++    *ret_buffer = buffer + pss_head_length;
++    *ret_buffer_len -= pss_head_length;
++
++    return (0);
++  }
++
+   /* Copy the hash. */
+   BUFFER_READ(pss.hash, sizeof(pss.hash));
+