From 913c6c6d1fb6df1a2a91b37486220f820e6f1217 Mon Sep 17 00:00:00 2001
From: tron <tron>
Date: Wed, 25 May 2005 13:49:10 +0000
Subject: Replace "fixproc" script with version from "net-snmp" CVS
 respository. This fixes the security problem documented in SA15471. Bump
 package revision because of this change.

---
 net/net-snmp/Makefile         |   3 +-
 net/net-snmp/distinfo         |   3 +-
 net/net-snmp/patches/patch-ab | 180 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 184 insertions(+), 2 deletions(-)
 create mode 100644 net/net-snmp/patches/patch-ab

diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile
index aefbfb64662..62562f16591 100644
--- a/net/net-snmp/Makefile
+++ b/net/net-snmp/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.29 2005/04/11 21:46:51 tv Exp $
+# $NetBSD: Makefile,v 1.30 2005/05/25 13:49:10 tron Exp $
 
 DISTNAME=	net-snmp-5.2.1
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=net-snmp/} \
 		ftp://ftp.net-smnp.org/pub/sourceforge/net-snmp/
diff --git a/net/net-snmp/distinfo b/net/net-snmp/distinfo
index d2a5cefb510..aae8198747e 100644
--- a/net/net-snmp/distinfo
+++ b/net/net-snmp/distinfo
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.14 2005/03/30 12:10:58 adam Exp $
+$NetBSD: distinfo,v 1.15 2005/05/25 13:49:10 tron Exp $
 
 SHA1 (net-snmp-5.2.1.tar.gz) = f8ec23b4d2706bef50cbc2d37ad9d292e107b0fb
 RMD160 (net-snmp-5.2.1.tar.gz) = ad7a57cfe0552a71a6dadb263ac300c84d98b541
 Size (net-snmp-5.2.1.tar.gz) = 3971320 bytes
 SHA1 (patch-aa) = df9bcea942743e9bcd843724612b7d82ea364eca
+SHA1 (patch-ab) = 7e0fc7f52e3947d589bed850e847bd89e8daec1d
 SHA1 (patch-ac) = 43dbf5519feac2a13b893f659090fa24de773ee8
 SHA1 (patch-ad) = 9703dc9451f3fa7a61bae9c8d13b916aa52c0a6b
 SHA1 (patch-ae) = 750412088b9ccd5fb50bd6e7fc049903f6113a39
diff --git a/net/net-snmp/patches/patch-ab b/net/net-snmp/patches/patch-ab
new file mode 100644
index 00000000000..f5ddf92d325
--- /dev/null
+++ b/net/net-snmp/patches/patch-ab
@@ -0,0 +1,180 @@
+$NetBSD: patch-ab,v 1.5 2005/05/25 13:49:10 tron Exp $
+
+--- local/fixproc.orig	2002-04-20 08:30:13.000000000 +0100
++++ local/fixproc	2005-05-25 14:36:18.000000000 +0100
+@@ -129,6 +129,8 @@
+ #
+ # Timothy Kong		3/1995
+ 
++use File::Temp qw(tempfile);
++
+ $database_file = '/local/etc/fixproc.conf';
+ 
+ $debug = 0;			# specify debug level using -dN
+@@ -191,20 +193,19 @@
+ sub create_sh_script
+ {
+   local ($file) = pop (@_);
++  local ($fh) = pop (@_);
+   local ($i) = pop (@_);
+ 
+-  printf (stderr "create_sh_script\n") if ($debug > 0);
++  printf (STDERR "create_sh_script\n") if ($debug > 0);
+ 
+   $! = $fixproc_error;
+-  open (file, ">"."$file") || die "$0: cannot open $file\n";
+   while ( $shell_lines[$i] ne $shell_end_marker )
+     {
+-      printf (file "%s", $shell_lines[$i]);
++      printf ($fh "%s", $shell_lines[$i]);
+       $i++;
+     }
+-  close (file);
+-  system "chmod +x $file";
+-  return file;
++  close ($fh);
++  chmod 0755, $file;
+ }
+ 
+ 
+@@ -212,7 +213,7 @@
+ {
+   local ($proc) = pop(@_);
+ 
+-  printf (stderr "do_fix\n") if ($debug > 0);
++  printf (STDERR "do_fix\n") if ($debug > 0);
+ 
+   if ($fix{$proc} eq '')
+     {
+@@ -230,14 +231,13 @@
+   else
+     {
+       # it must be "shell", so execute the shell script defined in database
++      local ($tmpfh, $tmpfile) = tempfile("fix_XXXXXXXX", DIR => "/tmp");
+ 
+-      local ($tmpfile) = "/tmp/fix_$$";
+-
+-      &create_sh_script ($fix{$proc}, $tmpfile);
++      &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile);
+ 
+       	# return code is number divided by 256
+       $error_code = (system "$tmpfile") / 256;
+-      system "rm $tmpfile";
++      unlink($tmpfile);
+       return ($fix_failed_error) if ($error_code != 0);
+         # sleep needed here?
+       return &do_exist ($proc);
+@@ -249,7 +249,7 @@
+ {
+   local ($proc) = pop(@_);
+ 
+-  printf (stderr "do_check\n") if ($debug > 0);
++  printf (STDERR "do_check\n") if ($debug > 0);
+ 
+   if ($check{$proc} eq '')
+     {
+@@ -262,13 +262,13 @@
+       # if not "exist", then it must be "shell", so execute the shell script
+       # defined in database
+ 
+-      local ($tmpfile) = "/tmp/check_$$";
++      local ($tmpfh, $tmpfile) = tempfile("check_XXXXXXXX", DIR => "/tmp");
+ 
+-      &create_sh_script ($check{$proc}, $tmpfile);
++      &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile);
+ 
+       	# return code is number divided by 256
+       $error_code = (system "$tmpfile") / 256;
+-      system "rm $tmpfile";
++      unlink($tmpfile);
+       return ($check_failed_error) if ($error_code != 0);
+ 
+       # check passed, continue
+@@ -281,13 +281,13 @@
+ {
+   local ($proc) = pop(@_);
+ 
+-  printf (stderr "do_exist\n") if ($debug > 0);
++  printf (STDERR "do_exist\n") if ($debug > 0);
+ 
+   # do ps, check to see if min <= no. of processes <= max
+   $! = $fixproc_error;
+-  open (command, "/bin/ps -e | /bin/grep $proc | /bin/wc -l |")
++  open (COMMAND, "/bin/ps -e | /bin/grep $proc | /bin/wc -l |")
+     || die "$0: can't run ps-grep-wc command\n";
+-  $proc_count = <command>;
++  $proc_count = <COMMAND>;
+   if (($proc_count < $min{$proc}) || ($proc_count > $max{$proc}))
+     {
+       return $check_failed_error;
+@@ -301,13 +301,13 @@
+   local ($proc) = pop(@_);
+   local ($second_kill_needed);
+ 
+-  printf (stderr "do_kill\n") if ($debug > 0);
++  printf (STDERR "do_kill\n") if ($debug > 0);
+ 
+   # first try kill
+   $! = $fixproc_error;
+-  open (command, "/bin/ps -e | /bin/grep $proc |")
++  open (COMMAND, "/bin/ps -e | /bin/grep $proc |")
+     || die "$0: can't run ps-grep-awk command\n";
+-  while (<command>)
++  while (<COMMAND>)
+     {
+       # match the first field of ps -e
+       $! = $fixproc_error;
+@@ -318,10 +318,10 @@
+   # if process still exist, try kill -9
+   sleep 2;
+   $! = $fixproc_error;
+-  open (command, "/bin/ps -e | /bin/grep $proc |")
++  open (COMMAND, "/bin/ps -e | /bin/grep $proc |")
+     || die "$0: can't run ps-grep-awk command\n";
+   $second_kill_needed = 0;
+-  while (<command>)
++  while (<COMMAND>)
+     {
+       # match the first field of ps -e
+       $! = $fixproc_error;
+@@ -334,9 +334,9 @@
+   # see if kill -9 worked
+   sleep 2;
+   $! = $fixproc_error;
+-  open (command, "/bin/ps -e | /bin/grep $proc |")
++  open (COMMAND, "/bin/ps -e | /bin/grep $proc |")
+     || die "$0: can't run ps-grep-awk command\n";
+-  while (<command>)
++  while (<COMMAND>)
+     {				# a process still exist, return error
+       return $cannot_kill_error;
+     }
+@@ -349,7 +349,7 @@
+   local ($proc) = pop(@_);
+   local ($error_code);
+ 
+-  printf (stderr "do_restart\n") if ($debug > 0);
++  printf (STDERR "do_restart\n") if ($debug > 0);
+ 
+   $error_code = &do_kill ($proc);
+   return $error_code if ($error_code != $no_error);
+@@ -369,7 +369,7 @@
+   local ($proc) = pop(@_);
+   local ($error_code);
+ 
+-  printf (stderr "work_on_proc\n") if ($debug > 0);
++  printf (STDERR "work_on_proc\n") if ($debug > 0);
+ 
+   if ($cmd_line_action eq '')
+     {
+@@ -475,8 +475,8 @@
+   local ($str2);
+ 
+   $! = $fixproc_error;
+-  open (db, $database_file) || die 'cannot open database file $database_file\n';
+-  while (<db>)
++  open (DB, $database_file) || die 'cannot open database file $database_file\n';
++  while (<DB>)
+     {
+       if ((! /\S/) || (/^[ \t]*#.*$/))
+ 	{
-- 
cgit v1.2.3