From 25814b2f55f19e986187cdff3acda4d9f5247ec7 Mon Sep 17 00:00:00 2001 From: he Date: Thu, 11 Feb 2016 15:12:06 +0000 Subject: Add fix for CVE-2015-5177, lifted from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795429 Bump PKGREVISION. --- net/openslp/Makefile | 4 ++-- net/openslp/distinfo | 3 ++- net/openslp/patches/patch-slpd_slpd__knownda.c | 29 ++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 net/openslp/patches/patch-slpd_slpd__knownda.c diff --git a/net/openslp/Makefile b/net/openslp/Makefile index 95ecc8f8dfb..68248595beb 100644 --- a/net/openslp/Makefile +++ b/net/openslp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.46 2016/01/10 06:49:33 richard Exp $ +# $NetBSD: Makefile,v 1.47 2016/02/11 15:12:06 he Exp $ DISTNAME= openslp-1.2.1 -PKGREVISION= 7 +PKGREVISION= 8 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openslp/} diff --git a/net/openslp/distinfo b/net/openslp/distinfo index 18941569971..2ed051eabe5 100644 --- a/net/openslp/distinfo +++ b/net/openslp/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.18 2015/11/04 00:35:18 agc Exp $ +$NetBSD: distinfo,v 1.19 2016/02/11 15:12:06 he Exp $ SHA1 (openslp-1.2.1.tar.gz) = 47ab19154084d2b467f09525f5351e9ab7193cf9 RMD160 (openslp-1.2.1.tar.gz) = a31d516ba784ad893a740946082fe5e0f15a37ea @@ -14,3 +14,4 @@ SHA1 (patch-aj) = 8e1d32772cf59a938a4d9d9d0957d223f4ea6c06 SHA1 (patch-ak) = e64ede590e4af9d8951177b68c4bbf1b56ebdfae SHA1 (patch-al) = 19fa24e2ac362c3e45413826cd139ced984e8adc SHA1 (patch-am) = 7b8a47f0998202aab9c82278a2c405584eb3fea4 +SHA1 (patch-slpd_slpd__knownda.c) = c01286e4dfedc2112272405934cbe4097f90fd07 diff --git a/net/openslp/patches/patch-slpd_slpd__knownda.c b/net/openslp/patches/patch-slpd_slpd__knownda.c new file mode 100644 index 00000000000..167a149f5d2 --- /dev/null +++ b/net/openslp/patches/patch-slpd_slpd__knownda.c @@ -0,0 +1,29 @@ +$NetBSD: patch-slpd_slpd__knownda.c,v 1.1 2016/02/11 15:12:06 he Exp $ + +Add fix for CVE-2015-5177, lifted from +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795429 + +--- slpd/slpd_knownda.c.orig 2005-02-08 05:34:31.000000000 +0000 ++++ slpd/slpd_knownda.c +@@ -823,15 +823,15 @@ int SLPDKnownDAAdd(SLPMessage msg, SLPBu + */ + SLPDLogDAAdvertisement("Removed",entry); + } ++ /* If we are here, we need to cleanup the message descriptor and the */ ++ /* message buffer because they were not added to the database and not */ ++ /* cleaning them up would result in a memory leak */ ++ /* We also need to make sure the Database handle is closed. */ ++ SLPMessageFree(msg); ++ SLPBufferFree(buf); + } + + CLEANUP: +- /* If we are here, we need to cleanup the message descriptor and the */ +- /* message buffer because they were not added to the database and not */ +- /* cleaning them up would result in a memory leak */ +- /* We also need to make sure the Database handle is closed. */ +- SLPMessageFree(msg); +- SLPBufferFree(buf); + if (dh) SLPDatabaseClose(dh); + + return result; -- cgit v1.2.3