a local IP address is set. Cause is a use-after-free, OpenBSD's malloc
helpfully often picks these up early (with relatively low impact on
performance), often turning what would be a hidden bug into a likely
crash.
Reported and analysis from Andrea Biscuola of Zabbix,
https://support.zabbix.com/browse/ZBX-12726https://sourceforge.net/p/net-snmp/bugs/2803/
Diff from me. I was going to wait for confirmation from Andrea that it
fixes the issue, but having read more of the code I'm confident that this
change or something like it is needed, so committing now to make it pre 6.2.
ok naddy
Date/time conversion specifiers are expanded after replacing buffer
local variables in name of log files. In some cases, this can lead to
an error in function strftime and a crash caused by the use of an
uninitialized buffer.
ok jca@, "that should go in" sthen@
in the checks.
Someone clearly did not read the autoconf documentation because
using the following functions with a function declaration inside
the body will end up declaring a function inside a function.
- AC_TRY_COMPILE( [], [ int main() { return 0; } ],
- AC_LANG_PROGRAM([[]], [[int main (void) { return 0; }]])],
- AC_TRY_LINK([], [int main (void) { return 0; }],
Result:
int
main ()
{
int main (void) { return 0; }
;
return 0;
}
nested functions is a gcc extension which is not supported by
clang.
test.c:4:17: error: function definition is not allowed here
int main (void) { return 0; }
^
1 error generated.
This causes tests to fail in the configure scripts resulting in
missing compile and link time flags from the builds.
This resulted in weird behaviour of several software, like gnome
hanging completely due to gtk+3 not being built properly.
This change intrudces the following fixes:
- remove int main() declaration from AC_TRY_COMPILE, AC_LANG_PROGRAM, AC_TRY_LINK
as it comes with a declaration already, and people misused them
- change to use AC_LANG_SOURCE when needed in case a complete source block is specified
Most of the changes are in configure.(ac|in), however there were some cases
where autoconf is either broken or the build failed because of an autoconf
generated configure script. Everytihng else is switched to autoconf, so
the maintainers can go ahead and upstream these diffs.
There are more to come, we are continously checking the tree for these issues
and in the future the infrastructure will error if such a case is found.
o CVE-2017-12150 (SMB1/2/3 connections may not require signing where
they should)
o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS
redirects)
o CVE-2017-12163 (Server memory information leak over SMB1)
