CVS commit: [pkgsrc-2017Q1] pkgsrc/sysutils/collectd

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2017Q1] pkgsrc/sysutils/collectd
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Sat, 8 Apr 2017 17:34:36 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Sat Apr  8 17:34:36 UTC 2017

Modified Files:
        pkgsrc/sysutils/collectd [pkgsrc-2017Q1]: Makefile distinfo
Added Files:
        pkgsrc/sysutils/collectd/patches [pkgsrc-2017Q1]: patch-src_network.c

Log Message:
Pullup ticket #5246 - requested by sevan
sysutils/collectd: security update

Revisions pulled up:
- sysutils/collectd/Makefile                                    1.21
- sysutils/collectd/distinfo                                    1.35
- sysutils/collectd/patches/patch-src_network.c                 1.5

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Thu Apr  6 09:12:02 UTC 2017

   Modified Files:
           pkgsrc/sysutils/collectd: Makefile distinfo
   Added Files:
           pkgsrc/sysutils/collectd/patches: patch-src_network.c

   Log Message:
   Backport fix for CVE-2017-7401. Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.20 -r1.21 pkgsrc/sysutils/collectd/Makefile
   cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/collectd/distinfo
   cvs rdiff -u -r0 -r1.5 pkgsrc/sysutils/collectd/patches/patch-src_network.c


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.20.2.1 pkgsrc/sysutils/collectd/Makefile
cvs rdiff -u -r1.34 -r1.34.2.1 pkgsrc/sysutils/collectd/distinfo
cvs rdiff -u -r0 -r1.5.2.2 \
    pkgsrc/sysutils/collectd/patches/patch-src_network.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/sysutils/collectd/Makefile
diff -u pkgsrc/sysutils/collectd/Makefile:1.20 pkgsrc/sysutils/collectd/Makefile:1.20.2.1
--- pkgsrc/sysutils/collectd/Makefile:1.20      Wed Jan 25 14:10:18 2017
+++ pkgsrc/sysutils/collectd/Makefile   Sat Apr  8 17:34:36 2017
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.20 2017/01/25 14:10:18 fhajny Exp $
+# $NetBSD: Makefile,v 1.20.2.1 2017/04/08 17:34:36 spz Exp $
 
 .include "../../sysutils/collectd/Makefile.common"
 
+PKGREVISION=   1
 COMMENT=       Statistics collection daemon base
 
 RCD_SCRIPTS=   collectd

Index: pkgsrc/sysutils/collectd/distinfo
diff -u pkgsrc/sysutils/collectd/distinfo:1.34 pkgsrc/sysutils/collectd/distinfo:1.34.2.1
--- pkgsrc/sysutils/collectd/distinfo:1.34      Tue Feb 14 21:23:13 2017
+++ pkgsrc/sysutils/collectd/distinfo   Sat Apr  8 17:34:36 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2017/02/14 21:23:13 joerg Exp $
+$NetBSD: distinfo,v 1.34.2.1 2017/04/08 17:34:36 spz Exp $
 
 SHA1 (collectd-5.7.1.tar.bz2) = bc77d2493b26e5c38e167a8a44fedfe287742c09
 RMD160 (collectd-5.7.1.tar.bz2) = f743ebb21313ac0bae6a3ba78456e5c16f0d15cc
@@ -17,6 +17,7 @@ SHA1 (patch-src_irq.c) = 78f1757ff2ed6db
 SHA1 (patch-src_libcollectclient_network__buffer.c) = 62924943831e6d0585b103e567888f9af5c46f9e
 SHA1 (patch-src_memory.c) = 2934cd50e454fc14d0ec952854c88b0a830fa9a7
 SHA1 (patch-src_netstat__udp.c) = 30cb12d25f56c60959658dbd181783212e00cc61
+SHA1 (patch-src_network.c) = 38a537d4b5deef2162bb06c672f936a8aa443daf
 SHA1 (patch-src_processes.c) = 1a75fdaa42f37eef1a968d299c3549e640fb68b2
 SHA1 (patch-src_statsd.c) = 35f4349d2d2c9bddc0f4770344f969157cd012f6
 SHA1 (patch-src_swap.c) = 24da6e04e3006639311e8111f26f72e4fab4054a

Added files:

Index: pkgsrc/sysutils/collectd/patches/patch-src_network.c
diff -u /dev/null pkgsrc/sysutils/collectd/patches/patch-src_network.c:1.5.2.2
--- /dev/null   Sat Apr  8 17:34:36 2017
+++ pkgsrc/sysutils/collectd/patches/patch-src_network.c        Sat Apr  8 17:34:36 2017
@@ -0,0 +1,41 @@
+$NetBSD: patch-src_network.c,v 1.5.2.2 2017/04/08 17:34:36 spz Exp $
+
+Backport fix for CVE-2017-7401.
+https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211
+
+--- src/network.c.orig 2017-01-23 07:53:57.716449156 +0000
++++ src/network.c
+@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(socken
+   buffer_len = *ret_buffer_len;
+   buffer_offset = 0;
+ 
+-  if (se->data.server.userdb == NULL) {
+-    c_complain(
+-        LOG_NOTICE, &complain_no_users,
+-        "network plugin: Received signed network packet but can't verify it "
+-        "because no user DB has been configured. Will accept it.");
+-    return (0);
+-  }
+-
+   /* Check if the buffer has enough data for this structure. */
+   if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
+     return (-ENOMEM);
+@@ -1027,6 +1019,18 @@ static int parse_part_sign_sha256(socken
+     return (-1);
+   }
+ 
++  if (se->data.server.userdb == NULL) {
++    c_complain(
++        LOG_NOTICE, &complain_no_users,
++        "network plugin: Received signed network packet but can't verify it "
++        "because no user DB has been configured. Will accept it.");
++
++    *ret_buffer = buffer + pss_head_length;
++    *ret_buffer_len -= pss_head_length;
++
++    return (0);
++  }
++
+   /* Copy the hash. */
+   BUFFER_READ(pss.hash, sizeof(pss.hash));
+

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/mail/serialmail
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/mail/serialmail
Indexes:

Home | Main Index | Thread Index | Old Index