diff options
| author | fhajny <fhajny> | 2017-04-06 09:12:02 +0000 |
|---|---|---|
| committer | fhajny <fhajny> | 2017-04-06 09:12:02 +0000 |
| commit | b984ac0da0757bf999c0aa240c73c40cd035d95a (patch) | |
| tree | 37647cba455cf1a7c61be6653ef6764297d04c1b /sysutils | |
| parent | bda8380bfda6b823a73a9f4cd9f00181c523c661 (diff) | |
| download | pkgsrc-b984ac0da0757bf999c0aa240c73c40cd035d95a.tar.gz | |
Backport fix for CVE-2017-7401. Bump PKGREVISION.
Diffstat (limited to 'sysutils')
| -rw-r--r-- | sysutils/collectd/Makefile | 3 | ||||
| -rw-r--r-- | sysutils/collectd/distinfo | 3 | ||||
| -rw-r--r-- | sysutils/collectd/patches/patch-src_network.c | 41 |
3 files changed, 45 insertions, 2 deletions
diff --git a/sysutils/collectd/Makefile b/sysutils/collectd/Makefile index 552fae105ad..54904466bbc 100644 --- a/sysutils/collectd/Makefile +++ b/sysutils/collectd/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.20 2017/01/25 14:10:18 fhajny Exp $ +# $NetBSD: Makefile,v 1.21 2017/04/06 09:12:02 fhajny Exp $ .include "../../sysutils/collectd/Makefile.common" +PKGREVISION= 1 COMMENT= Statistics collection daemon base RCD_SCRIPTS= collectd diff --git a/sysutils/collectd/distinfo b/sysutils/collectd/distinfo index ace6efa62e2..813da4035a1 100644 --- a/sysutils/collectd/distinfo +++ b/sysutils/collectd/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2017/02/14 21:23:13 joerg Exp $ +$NetBSD: distinfo,v 1.35 2017/04/06 09:12:02 fhajny Exp $ SHA1 (collectd-5.7.1.tar.bz2) = bc77d2493b26e5c38e167a8a44fedfe287742c09 RMD160 (collectd-5.7.1.tar.bz2) = f743ebb21313ac0bae6a3ba78456e5c16f0d15cc @@ -17,6 +17,7 @@ SHA1 (patch-src_irq.c) = 78f1757ff2ed6db9fb1d0e773c2a01eb190d53a0 SHA1 (patch-src_libcollectclient_network__buffer.c) = 62924943831e6d0585b103e567888f9af5c46f9e SHA1 (patch-src_memory.c) = 2934cd50e454fc14d0ec952854c88b0a830fa9a7 SHA1 (patch-src_netstat__udp.c) = 30cb12d25f56c60959658dbd181783212e00cc61 +SHA1 (patch-src_network.c) = 38a537d4b5deef2162bb06c672f936a8aa443daf SHA1 (patch-src_processes.c) = 1a75fdaa42f37eef1a968d299c3549e640fb68b2 SHA1 (patch-src_statsd.c) = 35f4349d2d2c9bddc0f4770344f969157cd012f6 SHA1 (patch-src_swap.c) = 24da6e04e3006639311e8111f26f72e4fab4054a diff --git a/sysutils/collectd/patches/patch-src_network.c b/sysutils/collectd/patches/patch-src_network.c new file mode 100644 index 00000000000..d1ebd4c741b --- /dev/null +++ b/sysutils/collectd/patches/patch-src_network.c @@ -0,0 +1,41 @@ +$NetBSD: patch-src_network.c,v 1.5 2017/04/06 09:12:02 fhajny Exp $ + +Backport fix for CVE-2017-7401. +https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211 + +--- src/network.c.orig 2017-01-23 07:53:57.716449156 +0000 ++++ src/network.c +@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(socken + buffer_len = *ret_buffer_len; + buffer_offset = 0; + +- if (se->data.server.userdb == NULL) { +- c_complain( +- LOG_NOTICE, &complain_no_users, +- "network plugin: Received signed network packet but can't verify it " +- "because no user DB has been configured. Will accept it."); +- return (0); +- } +- + /* Check if the buffer has enough data for this structure. */ + if (buffer_len <= PART_SIGNATURE_SHA256_SIZE) + return (-ENOMEM); +@@ -1027,6 +1019,18 @@ static int parse_part_sign_sha256(socken + return (-1); + } + ++ if (se->data.server.userdb == NULL) { ++ c_complain( ++ LOG_NOTICE, &complain_no_users, ++ "network plugin: Received signed network packet but can't verify it " ++ "because no user DB has been configured. Will accept it."); ++ ++ *ret_buffer = buffer + pss_head_length; ++ *ret_buffer_len -= pss_head_length; ++ ++ return (0); ++ } ++ + /* Copy the hash. */ + BUFFER_READ(pss.hash, sizeof(pss.hash)); + |