[pkgsrc/trunk]: pkgsrc/net/net-snmp Add a patch from the "net-snmp" repositor...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a54f7cbee97e
branches:  trunk
changeset: 554489:a54f7cbee97e
user:      tron <tron%pkgsrc.org@localhost>
date:      Sun Feb 15 11:31:51 2009 +0000

description:
Add a patch from the "net-snmp" repository to close the vulnerability
reported in SA33884/CVE-2008-6123.

diffstat:

 net/net-snmp/Makefile         |   3 ++-
 net/net-snmp/distinfo         |   3 ++-
 net/net-snmp/patches/patch-ad |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (53 lines):

diff -r 67367f6ed9d4 -r a54f7cbee97e net/net-snmp/Makefile
--- a/net/net-snmp/Makefile     Sun Feb 15 11:23:04 2009 +0000
+++ b/net/net-snmp/Makefile     Sun Feb 15 11:31:51 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.75 2008/11/02 08:30:07 adam Exp $
+# $NetBSD: Makefile,v 1.76 2009/02/15 11:31:51 tron Exp $
 
 DISTNAME=      net-snmp-5.4.2.1
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=net-snmp/}
 
diff -r 67367f6ed9d4 -r a54f7cbee97e net/net-snmp/distinfo
--- a/net/net-snmp/distinfo     Sun Feb 15 11:23:04 2009 +0000
+++ b/net/net-snmp/distinfo     Sun Feb 15 11:31:51 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2008/11/02 08:30:07 adam Exp $
+$NetBSD: distinfo,v 1.52 2009/02/15 11:31:51 tron Exp $
 
 SHA1 (net-snmp-5.4.2.1.tar.gz) = 4f2df9ea62344fe840f493d0e08abe5de3697862
 RMD160 (net-snmp-5.4.2.1.tar.gz) = 2148c42d486ed88f9cfc3ca1d50c68abcd7e3d63
@@ -6,6 +6,7 @@
 SHA1 (patch-aa) = 34f85e513ace26c1c2b05bb1c4b72a23491861cf
 SHA1 (patch-ab) = 3227eeb8b54b37813d8b6949f8c6ddc446038bf2
 SHA1 (patch-ac) = becbd7d3f7bbd16d6ddd1a6ea5467a127553caa4
+SHA1 (patch-ad) = 4af27886f93bf018f6794c3f8b8dcb9b08389163
 SHA1 (patch-ae) = 721e62bb42b6d3787f36316cf2628cd71ae6a6ce
 SHA1 (patch-af) = 15a18d1a8f3a8ffaba5facb37420668791944d29
 SHA1 (patch-ag) = 7021f7238c37635c9c32ceca681fd42aa125437f
diff -r 67367f6ed9d4 -r a54f7cbee97e net/net-snmp/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/net-snmp/patches/patch-ad     Sun Feb 15 11:31:51 2009 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ad,v 1.7 2009/02/15 11:31:51 tron Exp $
+
+Patch for CVE-2008-6123, taken from here:
+
+http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/snmplib/snmpUDPDomain.c?r1=17312&r2=17367&pathrev=17367
+
+--- snmplib/snmpUDPDomain.c.orig       2007-10-11 21:46:30.000000000 +0100
++++ snmplib/snmpUDPDomain.c    2009-02-15 11:21:10.000000000 +0000
+@@ -107,9 +107,9 @@
+             sprintf(tmp, "UDP: [%s]->unknown",
+                     inet_ntoa(addr_pair->local_addr));
+         } else {
+-            sprintf(tmp, "UDP: [%s]->", inet_ntoa(addr_pair->local_addr));
+-            sprintf(tmp + strlen(tmp), "[%s]:%hd",
++            sprintf(tmp, "UDP: [%s]:%hu->",
+                     inet_ntoa(to->sin_addr), ntohs(to->sin_port));
++            sprintf(tmp + strlen(tmp), "[%s]", inet_ntoa(addr_pair->local_addr));
+         }
+         return strdup(tmp);
+     }