pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q1]: pkgsrc/net/mtr Pullup ticket 2395 - requested by tron
details: https://anonhg.NetBSD.org/pkgsrc/rev/9b5c960b0dcb
branches: pkgsrc-2008Q1
changeset: 540370:9b5c960b0dcb
user: ghen <ghen%pkgsrc.org@localhost>
date: Thu May 22 14:01:10 2008 +0000
description:
Pullup ticket 2395 - requested by tron
security fix for mtr
- pkgsrc/net/mtr/Makefile 1.49
- pkgsrc/net/mtr/distinfo 1.23
- pkgsrc/net/mtr/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: tron
Date: Thu May 22 12:10:49 UTC 2008
Modified Files:
pkgsrc/net/mtr: Makefile distinfo
Added Files:
pkgsrc/net/mtr/patches: patch-ac
Log Message:
Implement a fix for the security vulnerability reported in
<http://seclists.org/fulldisclosure/2008/May/0488.html>.
diffstat:
net/mtr/Makefile | 3 ++-
net/mtr/distinfo | 3 ++-
net/mtr/patches/patch-ac | 45 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 49 insertions(+), 2 deletions(-)
diffs (74 lines):
diff -r 00402e420fef -r 9b5c960b0dcb net/mtr/Makefile
--- a/net/mtr/Makefile Thu May 22 13:54:10 2008 +0000
+++ b/net/mtr/Makefile Thu May 22 14:01:10 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2007/08/16 23:12:20 joerg Exp $
+# $NetBSD: Makefile,v 1.48.6.1 2008/05/22 14:01:10 ghen Exp $
DISTNAME= mtr-0.72
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.bitwizard.nl/mtr/
diff -r 00402e420fef -r 9b5c960b0dcb net/mtr/distinfo
--- a/net/mtr/distinfo Thu May 22 13:54:10 2008 +0000
+++ b/net/mtr/distinfo Thu May 22 14:01:10 2008 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.22 2006/10/03 19:15:20 wiz Exp $
+$NetBSD: distinfo,v 1.22.12.1 2008/05/22 14:01:10 ghen Exp $
SHA1 (mtr-0.72.tar.gz) = afc26c9e8a30eba7ca92ba68d4489b0c9c07977d
RMD160 (mtr-0.72.tar.gz) = 69843b82fb2de2b2a597c21a62d8eb9473df31b6
Size (mtr-0.72.tar.gz) = 295845 bytes
SHA1 (patch-aa) = 3db4ccac08fadcf2fcf75753efc165c6d92a97c3
SHA1 (patch-ab) = 3923fcd252bdcd9475e937fb78d1d7e5ec607180
+SHA1 (patch-ac) = a34b91ff6ff7a89bea4fc8b262d7604017ff6fad
diff -r 00402e420fef -r 9b5c960b0dcb net/mtr/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/mtr/patches/patch-ac Thu May 22 14:01:10 2008 +0000
@@ -0,0 +1,45 @@
+$NetBSD: patch-ac,v 1.2.36.1 2008/05/22 14:01:10 ghen Exp $
+
+--- split.c.orig 2005-01-11 08:34:07.000000000 +0000
++++ split.c 2008-05-22 13:07:48.000000000 +0100
+@@ -100,24 +100,28 @@
+ addr = net_addr(at);
+
+ if( addrcmp( (void *) addr, (void *) &unspec_addr, af ) != 0 ) {
++ int bytes;
+ name = dns_lookup(addr);
+ if(name != NULL) {
+ /* May be we should test name's length */
+- sprintf(newLine, "%s %d %d %d %d %d %d", name,
+- net_loss(at),
+- net_returned(at), net_xmit(at),
+- net_best(at) /1000, net_avg(at)/1000,
+- net_worst(at)/1000);
++ bytes = snprintf(newLine, sizeof(newLine), "%s %d %d %d %d %d %d",
++ name,
++ net_loss(at),
++ net_returned(at), net_xmit(at),
++ net_best(at) /1000, net_avg(at)/1000,
++ net_worst(at)/1000);
+ } else {
+- sprintf(newLine, "%s %d %d %d %d %d %d",
+- strlongip( addr ),
+- net_loss(at),
+- net_returned(at), net_xmit(at),
+- net_best(at) /1000, net_avg(at)/1000,
+- net_worst(at)/1000);
++ bytes = snprintf(newLine, sizeof(newLine), "%s %d %d %d %d %d %d",
++ strlongip( addr ),
++ net_loss(at),
++ net_returned(at), net_xmit(at),
++ net_best(at) /1000, net_avg(at)/1000,
++ net_worst(at)/1000);
+ }
++ if (bytes < 0 || bytes >= sizeof(newLine))
++ strcpy(newLine, "???");
+ } else {
+- sprintf(newLine, "???");
++ strcpy(newLine, "???");
+ }
+
+ if (strcmp(newLine, Lines[at]) == 0) {
Home |
Main Index |
Thread Index |
Old Index