diff options
| author | Hideki Yamane <henrich@debian.org> | 2014-03-30 20:20:13 +0900 |
|---|---|---|
| committer | Hideki Yamane <henrich@debian.org> | 2014-03-30 20:20:13 +0900 |
| commit | de4912f27c82e9aa37dcfa4ff8daa507e52b77a5 (patch) | |
| tree | 2aeb3eb8c89bda9e47577183cff9e863b1a41b49 | |
| parent | 5046c4a92f5924c97399c70ba33a5a0d1441a4bf (diff) | |
| download | pkg-net-snmp-de4912f27c82e9aa37dcfa4ff8daa507e52b77a5.tar.gz | |
fix CVE-2014-2285
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/patches/TrapReceiver.patch | 31 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 33 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 09fc25f..ac7f27f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,7 @@ net-snmp (5.7.2.1~dfsg-1) experimental; urgency=medium - add add_rocommunity6.patch to fix snmpwalk using ipv6 (Closes: #717179) - add fix_manpage-has-errors-from-man.patch - add agentx-crash.patch, taken from Fedora package. + - add TrapReceiver.patch to fix CVE-2014-2285 * debian/control - set Standards-Version: 3.9.5 - add "Build-Depends: libpci-dev" to enable libpci function that was diff --git a/debian/patches/TrapReceiver.patch b/debian/patches/TrapReceiver.patch new file mode 100644 index 0000000..0973f83 --- /dev/null +++ b/debian/patches/TrapReceiver.patch @@ -0,0 +1,31 @@ +Description: Fixes Perl Trap Handler Segfault with old Perl (e.g. Perl 5.8.8) (CVE-2014-2285) +Origin: upstream +Bug: http://sourceforge.net/p/net-snmp/code/ci/76e8d6d100320629d8a23be4b0128619600c919d/ +Last-Update: 2014-03-30 + +--- net-snmp-5.7.2.1~dfsg.orig/perl/TrapReceiver/TrapReceiver.xs ++++ net-snmp-5.7.2.1~dfsg/perl/TrapReceiver/TrapReceiver.xs +@@ -81,18 +81,18 @@ int perl_trapd_handler( netsnmp_pdu + STOREPDUi("securitymodel", pdu->securityModel); + STOREPDUi("securitylevel", pdu->securityLevel); + STOREPDU("contextName", +- newSVpv(pdu->contextName, pdu->contextNameLen)); ++ newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen)); + STOREPDU("contextEngineID", +- newSVpv((char *) pdu->contextEngineID, ++ newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "", + pdu->contextEngineIDLen)); + STOREPDU("securityEngineID", +- newSVpv((char *) pdu->securityEngineID, ++ newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "", + pdu->securityEngineIDLen)); + STOREPDU("securityName", +- newSVpv((char *) pdu->securityName, pdu->securityNameLen)); ++ newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen)); + } else { + STOREPDU("community", +- newSVpv((char *) pdu->community, pdu->community_len)); ++ newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len)); + } + + if (transport && transport->f_fmtaddr) { diff --git a/debian/patches/series b/debian/patches/series index 5824dcd..6a2634c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -22,3 +22,4 @@ fix_manpage-has-errors_break_line.patch add_rocommunity6.patch fix_manpage-has-errors-from-man.patch agentx-crash.patch +TrapReceiver.patch |