cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security update to net-snmp-5.1.3.

Browse Source 
- fix potential race condition in fixproc script
- fix DOS vulnerability on tcp connections

help & ok sturm@
This commit is contained in:
bernd 2005-11-05 19:09:38 +00:00
parent b36ea50689
commit 5f484e443f
13 changed files with 87 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
net/net-snmp/Makefile
View File

@ -1,11 +1,10 @@
# $OpenBSD: Makefile,v 1.11 2005/09/09 19:07:46 marcm Exp $
# $OpenBSD: Makefile,v 1.12 2005/11/05 19:09:38 bernd Exp $
COMMENT= "extendable SNMP implementation"
COMMENT-perl= "SNMP modules for Perl"
DISTNAME= net-snmp-5.1.2
PKGNAME= ${DISTNAME}p3
FULLPKGNAME-perl= p5-SNMP-5.1.2p1
DISTNAME= net-snmp-5.1.3
FULLPKGNAME-perl= p5-SNMP-5.1.3
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=net-snmp/}

8
net/net-snmp/distinfo
View File

@ -1,4 +1,4 @@
MD5 (net-snmp-5.1.2.tar.gz) = 8080555ab3f90011f25d5122042d9a8d
RMD160 (net-snmp-5.1.2.tar.gz) = e5d50e22dbf59ee75e236abb7359e95d4fc4b6f2
SHA1 (net-snmp-5.1.2.tar.gz) = cf82a86d1b44408890cabe471181b62049cb11d0
SIZE (net-snmp-5.1.2.tar.gz) = 3253579
MD5 (net-snmp-5.1.3.tar.gz) = 66e54fe54709f98e45a466df069224cd
RMD160 (net-snmp-5.1.3.tar.gz) = d5eedbb563dd990d55289e7d64deac57fbe64832
SHA1 (net-snmp-5.1.3.tar.gz) = 4562ae0fac7eb7ae755034059703aa5b7308bbcc
SIZE (net-snmp-5.1.3.tar.gz) = 3329840

8
net/net-snmp/patches/patch-agent_mibgroup_mibII_interfaces_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-agent_mibgroup_mibII_interfaces_c,v 1.1.1.1 2004/08/03 17:47:12 danh Exp $
--- agent/mibgroup/mibII/interfaces.c.orig Sun Dec 7 16:36:39 2003
+++ agent/mibgroup/mibII/interfaces.c Tue Jul 20 10:28:46 2004
@@ -2120,11 +2120,10 @@ Interface_Scan_Get_Count(void)
$OpenBSD: patch-agent_mibgroup_mibII_interfaces_c,v 1.2 2005/11/05 19:09:38 bernd Exp $
--- agent/mibgroup/mibII/interfaces.c.orig Sun Jun 19 15:47:57 2005
+++ agent/mibgroup/mibII/interfaces.c Thu Nov 3 23:31:04 2005
@@ -2218,11 +2218,10 @@ Interface_Scan_Get_Count(void)
#else /* hpux11 */

12
net/net-snmp/patches/patch-agent_mibgroup_mibII_mta_sendmail_c Normal file
View File

@ -0,0 +1,12 @@
$OpenBSD: patch-agent_mibgroup_mibII_mta_sendmail_c,v 1.1 2005/11/05 19:09:38 bernd Exp $
--- agent/mibgroup/mibII/mta_sendmail.c.orig Fri Nov 4 00:56:43 2005
+++ agent/mibgroup/mibII/mta_sendmail.c Fri Nov 4 00:57:02 2005
@@ -520,7 +520,7 @@ open_sendmailst(BOOL config)
count_queuegroup(struct QGrp *qg)
{
struct QDir *d;
- char cwd[200];
+ char cwd[MAXPATHLEN];
time_t current_time = time(NULL);
if (current_time <= (qg->last + dir_cache_time)) {

16
net/net-snmp/patches/patch-agent_mibgroup_mibII_tcpTable_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-agent_mibgroup_mibII_tcpTable_c,v 1.2 2005/06/13 20:33:17 naddy Exp $
--- agent/mibgroup/mibII/tcpTable.c.orig Wed Jul 21 08:26:18 2004
+++ agent/mibgroup/mibII/tcpTable.c Mon Jun 13 22:31:56 2005
@@ -446,7 +446,7 @@ tcpTable_next_entry( void **loop_context
$OpenBSD: patch-agent_mibgroup_mibII_tcpTable_c,v 1.3 2005/11/05 19:09:38 bernd Exp $
--- agent/mibgroup/mibII/tcpTable.c.orig Mon Jun 20 15:17:03 2005
+++ agent/mibgroup/mibII/tcpTable.c Fri Nov 4 01:25:25 2005
@@ -450,7 +450,7 @@ tcpTable_next_entry( void **loop_context
* and update the loop context ready for the next one.
*/
*data_context = (void*)entry;
@ -10,7 +10,7 @@ $OpenBSD: patch-agent_mibgroup_mibII_tcpTable_c,v 1.2 2005/06/13 20:33:17 naddy
return index;
}
@@ -456,7 +456,7 @@ tcpTable_free(netsnmp_cache *cache, void
@@ -460,7 +460,7 @@ tcpTable_free(netsnmp_cache *cache, void
TCPTABLE_ENTRY_TYPE *p;
while (tcp_head) {
p = tcp_head;
@ -19,12 +19,12 @@ $OpenBSD: patch-agent_mibgroup_mibII_tcpTable_c,v 1.2 2005/06/13 20:33:17 naddy
free(p);
}
@@ -792,7 +792,7 @@ tcpTable_load(netsnmp_cache *cache, void
@@ -796,7 +796,7 @@ tcpTable_load(netsnmp_cache *cache, void
nnew->state == 8 /* closeWait */ )
tcp_estab++;
- entry = nnew->inp_queue.cqe_next; /* Next kernel entry */
+ entry = nnew->pcb.inp_queue.cqe_next; /* Next kernel entry */
- entry = nnew->INP_NEXT_SYMBOL; /* Next kernel entry */
+ entry = nnew->inp_next; /* Next kernel entry */
nnew->inp_next = tcp_head;
tcp_head = nnew;

8
net/net-snmp/patches/patch-agent_mibgroup_mibII_var_route_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-agent_mibgroup_mibII_var_route_c,v 1.2 2005/06/13 20:33:17 naddy Exp $
--- agent/mibgroup/mibII/var_route.c.orig Fri Jul 9 02:35:20 2004
+++ agent/mibgroup/mibII/var_route.c Mon Jun 13 22:31:56 2005
@@ -1664,22 +1664,21 @@ TAILQ_HEAD(, snmprt)
$OpenBSD: patch-agent_mibgroup_mibII_var_route_c,v 1.3 2005/11/05 19:09:38 bernd Exp $
--- agent/mibgroup/mibII/var_route.c.orig Fri Dec 10 15:41:42 2004
+++ agent/mibgroup/mibII/var_route.c Thu Nov 3 23:31:04 2005
@@ -1661,22 +1661,21 @@ TAILQ_HEAD(, snmprt)
continue;
switch (bit) {
case RTA_DST:

10
net/net-snmp/patches/patch-agent_mibgroup_ucd-snmp_dlmod_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-agent_mibgroup_ucd-snmp_dlmod_c,v 1.1.1.1 2004/08/03 17:47:12 danh Exp $
--- agent/mibgroup/ucd-snmp/dlmod.c.orig Sun Feb 29 19:33:07 2004
+++ agent/mibgroup/ucd-snmp/dlmod.c Tue Jul 20 10:31:30 2004
@@ -179,7 +179,12 @@ dlmod_load_module(struct dlmod *dlm)
$OpenBSD: patch-agent_mibgroup_ucd-snmp_dlmod_c,v 1.2 2005/11/05 19:09:38 bernd Exp $
--- agent/mibgroup/ucd-snmp/dlmod.c.orig Fri May 20 23:34:43 2005
+++ agent/mibgroup/ucd-snmp/dlmod.c Thu Nov 3 23:31:04 2005
@@ -180,7 +180,12 @@ dlmod_load_module(struct dlmod *dlm)
if (dlm->status == DLMOD_ERROR)
return;
}
@ -14,7 +14,7 @@ $OpenBSD: patch-agent_mibgroup_ucd-snmp_dlmod_c,v 1.1.1.1 2004/08/03 17:47:12 da
dl_init = dlsym(dlm->handle, sym_init);
if (dl_init == NULL) {
dlclose(dlm->handle);
@@ -203,7 +208,11 @@ dlmod_unload_module(struct dlmod *dlm)
@@ -204,7 +209,11 @@ dlmod_unload_module(struct dlmod *dlm)
if (!dlm || dlm->status != DLMOD_LOADED)
return;

14
net/net-snmp/patches/patch-agent_mibgroup_ucd_snmp_h
View File

@ -1,10 +1,10 @@
$OpenBSD: patch-agent_mibgroup_ucd_snmp_h,v 1.1.1.1 2004/08/03 17:47:12 danh Exp $
--- agent/mibgroup/ucd_snmp.h.orig Mon Jun 9 18:11:51 2003
+++ agent/mibgroup/ucd_snmp.h Tue Jul 20 10:34:34 2004
@@ -40,8 +40,10 @@ config_arch_require(freebsd5, ucd-snmp/v
config_arch_require(freebsd5, ucd-snmp/memory_freebsd2)
config_arch_require(netbsd1, ucd-snmp/vmstat_netbsd1)
config_arch_require(netbsd1, ucd-snmp/memory_netbsd1)
$OpenBSD: patch-agent_mibgroup_ucd_snmp_h,v 1.2 2005/11/05 19:09:38 bernd Exp $
--- agent/mibgroup/ucd_snmp.h.orig Sat Feb 12 11:17:41 2005
+++ agent/mibgroup/ucd_snmp.h Thu Nov 3 23:49:11 2005
@@ -44,8 +44,10 @@ config_arch_require(netbsd, ucd-snmp/vms
config_arch_require(netbsd, ucd-snmp/memory_netbsd1)
config_arch_require(netbsdelf, ucd-snmp/vmstat_netbsd1)
config_arch_require(netbsdelf, ucd-snmp/memory_netbsd1)
-config_arch_require(openbsd2, ucd-snmp/vmstat_netbsd1)
-config_arch_require(openbsd2, ucd-snmp/memory_netbsd1)
+config_arch_require(openbsd2, ucd-snmp/vmstat_freebsd2)

60
net/net-snmp/patches/patch-configure
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-configure,v 1.2 2005/06/13 20:33:17 naddy Exp $
--- configure.orig Sat Aug 7 10:14:33 2004
+++ configure Mon Jun 13 22:31:57 2005
@@ -6954,6 +6954,7 @@ openbsd*)
$OpenBSD: patch-configure,v 1.3 2005/11/05 19:09:38 bernd Exp $
--- configure.orig Thu Jun 30 04:45:09 2005
+++ configure Thu Nov 3 23:55:00 2005
@@ -7452,6 +7452,7 @@ openbsd*)
need_lib_prefix=no
need_version=no
if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
@ -9,7 +9,7 @@ $OpenBSD: patch-configure,v 1.2 2005/06/13 20:33:17 naddy Exp $
case "$host_os" in
openbsd2.[89] | openbsd2.[89].*)
shlibpath_overrides_runpath=no
@@ -6966,7 +6967,7 @@ openbsd*)
@@ -7464,7 +7465,7 @@ openbsd*)
shlibpath_overrides_runpath=yes
fi
library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
@ -18,7 +18,7 @@ $OpenBSD: patch-configure,v 1.2 2005/06/13 20:33:17 naddy Exp $
shlibpath_var=LD_LIBRARY_PATH
;;
@@ -9206,34 +9207,6 @@ fi
@@ -9807,34 +9808,6 @@ fi
echo "$as_me:$LINENO: result: $EXTRACPPFLAGS" >&5
echo "${ECHO_T}$EXTRACPPFLAGS" >&6
@ -53,36 +53,28 @@ $OpenBSD: patch-configure,v 1.2 2005/06/13 20:33:17 naddy Exp $
# Set SNMPLIBPATH & SNMPSHAREPATH
SNMPLIBPATH=""
@@ -11383,6 +11356,7 @@ _ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <sys/types.h>
#include <tcpd.h>
int allow_severity = 0;
int deny_severity = 0;
@@ -11575,6 +11549,7 @@ _ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <sys/types.h>
#include <tcpd.h>
int allow_severity = 0;
int deny_severity = 0;
@@ -14158,7 +14133,7 @@ done
-for ac_header in malloc.h sys/param.h net/if_dl.h sys/sysctl.h stdlib.h net/if_mib.h net/if_types.h net/if_var.h sys/queue.h osreldate.h machine/types.h sys/socketvar.h
+for ac_header in sys/param.h net/if_dl.h sys/sysctl.h stdlib.h net/if_mib.h net/if_types.h net/if_var.h sys/queue.h osreldate.h machine/types.h sys/socketvar.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
if eval "test \"\${$as_ac_Header+set}\" = set"; then
@@ -14181,6 +14156,7 @@ cat confdefs.h >>conftest.$ac_ext
@@ -14282,6 +14255,7 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
+#include <sys/param.h>
#include <$ac_header>
+#include <sys/types.h>
#include <tcpd.h>
_ACEOF
rm -f conftest.$ac_objext
@@ -14326,6 +14300,7 @@ _ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <sys/types.h>
#include <tcpd.h>
_ACEOF
if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
@@ -17818,7 +17793,7 @@ done
-for ac_header in malloc.h sys/param.h net/if_dl.h sys/sysctl.h stdlib.h net/if_types.h sys/queue.h osreldate.h machine/types.h sys/socketvar.h sys/user.h sys/proc.h sys/mbuf.h sys/mount.h
+for ac_header in sys/param.h net/if_dl.h sys/sysctl.h stdlib.h net/if_types.h sys/queue.h osreldate.h machine/types.h sys/socketvar.h sys/user.h sys/proc.h sys/mbuf.h sys/mount.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_header" >&5

72
net/net-snmp/patches/patch-local_fixproc
View File

@ -1,72 +0,0 @@
$OpenBSD: patch-local_fixproc,v 1.2 2005/06/13 20:33:17 naddy Exp $
--- local/fixproc.orig Sat Apr 20 09:30:13 2002
+++ local/fixproc Mon Jun 13 22:31:57 2005
@@ -129,6 +129,8 @@
#
# Timothy Kong 3/1995
+use File::Temp qw(tempfile);
+
$database_file = '/local/etc/fixproc.conf';
$debug = 0; # specify debug level using -dN
@@ -191,20 +193,19 @@ for $proc ( @proc_list )
sub create_sh_script
{
local ($file) = pop (@_);
+ local ($fh) = pop (@_);
local ($i) = pop (@_);
printf (stderr "create_sh_script\n") if ($debug > 0);
$! = $fixproc_error;
- open (file, ">"."$file") || die "$0: cannot open $file\n";
while ( $shell_lines[$i] ne $shell_end_marker )
{
- printf (file "%s", $shell_lines[$i]);
+ printf ($fh "%s", $shell_lines[$i]);
$i++;
}
- close (file);
- system "chmod +x $file";
- return file;
+ close ($fh);
+ chmod 0755, $file;
}
@@ -230,14 +231,13 @@ sub do_fix
else
{
# it must be "shell", so execute the shell script defined in database
+ local ($tmpfh, $tmpfile) = tempfile("fix_XXXXXXXX", DIR => "/tmp");
- local ($tmpfile) = "/tmp/fix_$$";
+ &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile);
- &create_sh_script ($fix{$proc}, $tmpfile);
-
# return code is number divided by 256
$error_code = (system "$tmpfile") / 256;
- system "rm $tmpfile";
+ unlink($tmpfile);
return ($fix_failed_error) if ($error_code != 0);
# sleep needed here?
return &do_exist ($proc);
@@ -262,13 +262,13 @@ sub do_check
# if not "exist", then it must be "shell", so execute the shell script
# defined in database
- local ($tmpfile) = "/tmp/check_$$";
+ local ($tmpfh, $tmpfile) = tempfile("check_XXXXXXXX", DIR => "/tmp");
- &create_sh_script ($check{$proc}, $tmpfile);
+ &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile);
# return code is number divided by 256
$error_code = (system "$tmpfile") / 256;
- system "rm $tmpfile";
+ unlink($tmpfile);
return ($check_failed_error) if ($error_code != 0);
# check passed, continue

8
net/net-snmp/patches/patch-snmplib_container_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-snmplib_container_c,v 1.1.1.1 2004/08/03 17:47:12 danh Exp $
--- snmplib/container.c.orig Mon Feb 23 01:00:18 2004
+++ snmplib/container.c Tue Jul 20 08:25:07 2004
@@ -28,7 +28,7 @@ _factory_free(container_type *data, void
$OpenBSD: patch-snmplib_container_c,v 1.2 2005/11/05 19:09:38 bernd Exp $
--- snmplib/container.c.orig Fri May 20 23:34:42 2005
+++ snmplib/container.c Thu Nov 3 23:31:05 2005
@@ -29,7 +29,7 @@ _factory_free(void *dat, void *context)
if (data->name != NULL) {
DEBUGMSGTL(("container", " _factory_free_list() called for %s\n",
data->name));

12
net/net-snmp/pkg/PFRAG.shared
View File

@ -1,6 +1,6 @@
@comment $OpenBSD: PFRAG.shared,v 1.3 2005/09/09 19:10:52 marcm Exp $
@lib lib/libnetsnmp.so.6.2
@lib lib/libnetsnmpagent.so.6.2
@lib lib/libnetsnmphelpers.so.6.2
@lib lib/libnetsnmpmibs.so.6.2
@lib lib/libnetsnmptrapd.so.6.2
@comment $OpenBSD: PFRAG.shared,v 1.4 2005/11/05 19:09:38 bernd Exp $
@lib lib/libnetsnmp.so.6.3
@lib lib/libnetsnmpagent.so.6.3
@lib lib/libnetsnmphelpers.so.6.3
@lib lib/libnetsnmpmibs.so.6.3
@lib lib/libnetsnmptrapd.so.6.3

5
net/net-snmp/pkg/PLIST
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST,v 1.8 2005/09/09 19:10:52 marcm Exp $
@comment $OpenBSD: PLIST,v 1.9 2005/11/05 19:09:38 bernd Exp $
%%SHARED%%
bin/encode_keychange
bin/fixproc
@ -136,11 +136,14 @@ include/net-snmp/system/bsdi3.h
include/net-snmp/system/bsdi4.h
include/net-snmp/system/cygwin.h
include/net-snmp/system/darwin.h
include/net-snmp/system/darwin7.h
include/net-snmp/system/dynix.h
include/net-snmp/system/freebsd.h
include/net-snmp/system/freebsd2.h
include/net-snmp/system/freebsd3.h
include/net-snmp/system/freebsd4.h
include/net-snmp/system/freebsd5.h
include/net-snmp/system/freebsd6.h
include/net-snmp/system/generic.h
include/net-snmp/system/hpux.h
include/net-snmp/system/irix.h