diff options
| author |   Tobias Scherbaum <dertobi123@gentoo.org> | 2009-07-10 21:58:29 +0000 |
|---|---|---|
| committer | Tobias Scherbaum <dertobi123@gentoo.org> | 2009-07-10 21:58:29 +0000 |
| commit | 51ed42292df445783331cda670ad08280353c9b7 (patch) | |
| tree | 77f189dcb0b7427ff20815ecd3462268c1eb6cbc /net-analyzer/net-snmp | |
| parent | Version bump, with amd64 support (diff) | |
| download | gentoo-2-51ed42292df445783331cda670ad08280353c9b7.tar.gz gentoo-2-51ed42292df445783331cda670ad08280353c9b7.tar.bz2 gentoo-2-51ed42292df445783331cda670ad08280353c9b7.zip | |
Revbump, include upstream fix for CVE-2008-6123, fixed #250429
(Portage version: 2.2_rc33/cvs/Linux i686)
Diffstat (limited to 'net-analyzer/net-snmp')
| -rw-r--r-- | net-analyzer/net-snmp/ChangeLog | 8 | ||||
| -rw-r--r-- | net-analyzer/net-snmp/files/CVE-2008-6123.patch | 50 | ||||
| -rw-r--r-- | net-analyzer/net-snmp/net-snmp-5.4.2.1-r1.ebuild | 192 |
3 files changed, 249 insertions, 1 deletions
diff --git a/net-analyzer/net-snmp/ChangeLog b/net-analyzer/net-snmp/ChangeLog index 38e233341701..ed1e5ffde637 100644 --- a/net-analyzer/net-snmp/ChangeLog +++ b/net-analyzer/net-snmp/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-analyzer/net-snmp # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/ChangeLog,v 1.190 2009/05/31 07:00:59 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/ChangeLog,v 1.191 2009/07/10 21:58:28 dertobi123 Exp $ + +*net-snmp-5.4.2.1-r1 (10 Jul 2009) + + 10 Jul 2009; Tobias Scherbaum <dertobi123@gentoo.org> + +net-snmp-5.4.2.1-r1.ebuild, +files/CVE-2008-6123.patch: + Revbump, include upstream fix for CVE-2008-6123, fixed #250429 31 May 2009; Jeroen Roovers <jer@gentoo.org> -files/net-snmp-5.4.1-CVE-2008-2292.patch, diff --git a/net-analyzer/net-snmp/files/CVE-2008-6123.patch b/net-analyzer/net-snmp/files/CVE-2008-6123.patch new file mode 100644 index 000000000000..557d71b85539 --- /dev/null +++ b/net-analyzer/net-snmp/files/CVE-2008-6123.patch @@ -0,0 +1,50 @@ +diff -Naur snmplib.orig/snmpUDPDomain.c snmplib/snmpUDPDomain.c +--- snmplib.orig/snmpUDPDomain.c 2007-10-11 22:46:30.000000000 +0200 ++++ snmplib/snmpUDPDomain.c 2009-07-10 23:41:37.000000000 +0200 +@@ -65,6 +65,12 @@ + #define INADDR_NONE -1 + #endif + ++#ifdef MSG_DONTWAIT ++#define NETSNMP_DONTWAIT MSG_DONTWAIT ++#else ++#define NETSNMP_DONTWAIT 0 ++#endif ++ + static netsnmp_tdomain udpDomain; + + typedef struct netsnmp_udp_addr_pair_s { +@@ -104,12 +110,12 @@ + char tmp[64]; + to = (struct sockaddr_in *) &(addr_pair->remote_addr); + if (to == NULL) { +- sprintf(tmp, "UDP: [%s]->unknown", ++ sprintf(tmp, "UDP: unknown->[%s]", + inet_ntoa(addr_pair->local_addr)); + } else { +- sprintf(tmp, "UDP: [%s]->", inet_ntoa(addr_pair->local_addr)); +- sprintf(tmp + strlen(tmp), "[%s]:%hd", ++ sprintf(tmp, "UDP: [%s]:%hu->", + inet_ntoa(to->sin_addr), ntohs(to->sin_port)); ++ sprintf(tmp + strlen(tmp), "[%s]", inet_ntoa(addr_pair->local_addr)); + } + return strdup(tmp); + } +@@ -140,7 +146,7 @@ + msg.msg_control = &cmsg; + msg.msg_controllen = sizeof(cmsg); + +- r = recvmsg(s, &msg, 0); ++ r = recvmsg(s, &msg, NETSNMP_DONTWAIT); + + if (r == -1) { + return -1; +@@ -215,7 +221,7 @@ + #if defined(linux) && defined(IP_PKTINFO) + rc = netsnmp_udp_recvfrom(t->sock, buf, size, from, &fromlen, &(addr_pair->local_addr)); + #else +- rc = recvfrom(t->sock, buf, size, 0, from, &fromlen); ++ rc = recvfrom(t->sock, buf, size, NETSNMP_DONTWAIT, from, &fromlen); + #endif /* linux && IP_PKTINFO */ + if (rc < 0 && errno != EINTR) { + break; diff --git a/net-analyzer/net-snmp/net-snmp-5.4.2.1-r1.ebuild b/net-analyzer/net-snmp/net-snmp-5.4.2.1-r1.ebuild new file mode 100644 index 000000000000..1cbac65a7282 --- /dev/null +++ b/net-analyzer/net-snmp/net-snmp-5.4.2.1-r1.ebuild @@ -0,0 +1,192 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/net-snmp-5.4.2.1-r1.ebuild,v 1.1 2009/07/10 21:58:28 dertobi123 Exp $ + +inherit fixheadtails flag-o-matic perl-module python autotools + +DESCRIPTION="Software for generating and retrieving SNMP data" +HOMEPAGE="http://net-snmp.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="as-is BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="diskio doc elf ipv6 lm_sensors mfd-rewrites minimal perl python rpm selinux smux ssl tcpd X sendmail extensible" + +DEPEND="ssl? ( >=dev-libs/openssl-0.9.6d ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + rpm? ( + app-arch/rpm + dev-libs/popt + app-arch/bzip2 + >=sys-libs/zlib-1.1.4 + ) + elf? ( dev-libs/elfutils ) + lm_sensors? ( =sys-apps/lm_sensors-2* ) + python? ( dev-python/setuptools )" + +RDEPEND="${DEPEND} + perl? ( + X? ( dev-perl/perl-tk ) + !minimal? ( dev-perl/TermReadKey ) + ) + selinux? ( sec-policy/selinux-snmpd )" + +# Dependency on autoconf due to bug #225893 +DEPEND="${DEPEND} + >=sys-devel/autoconf-2.61-r2 + >=sys-apps/sed-4 + doc? ( app-doc/doxygen )" + +src_unpack() { + unpack ${A} + cd "${S}" + + # Fix CVE-2008-6123 + epatch "${FILESDIR}/CVE-2008-6123.patch" + + # fix access violation in make check + sed -i -e 's/\(snmpd.*\)-Lf/\1-l/' testing/eval_tools.sh || \ + die "sed eval_tools.sh failed" + # fix path in fixproc + sed -i -e 's|\(database_file =.*\)/local\(.*\)$|\1\2|' local/fixproc || \ + die "sed fixproc failed" + + if use python ; then + python_version + PYTHON_MODNAME="netsnmp" + PYTHON_DIR=/usr/$(get_libdir)/python${PYVER}/site-packages + sed -i -e "s:\(install --basedir=\$\$dir\):\1 --root='${D}':" Makefile.in || die "sed python failed" + fi + + # snmpconf generates config files with proper selinux context + use selinux && epatch "${FILESDIR}"/${PN}-5.1.2-snmpconf-selinux.patch + + # Fix version number: + sed -i -e "s:NetSnmpVersionInfo = \".*\":NetSnmpVersionInfo = \"${PV}\":" snmplib/snmp_version.c + + eautoreconf + + ht_fix_all +} + +src_compile() { + local mibs + + strip-flags + + mibs="host ucd-snmp/dlmod" + use smux && mibs="${mibs} smux" + use sendmail && mibs="${mibs} mibII/mta_sendmail" + use lm_sensors && mibs="${mibs} ucd-snmp/lmSensors" + use diskio && mibs="${mibs} ucd-snmp/diskio" + use extensible && mibs="${mibs} ucd-snmp/extensible" + + econf \ + --with-install-prefix="${D}" \ + --with-sys-location="Unknown" \ + --with-sys-contact="root@Unknown" \ + --with-default-snmp-version="3" \ + --with-mib-modules="${mibs}" \ + --with-logfile="/var/log/net-snmpd.log" \ + --with-persistent-directory="/var/lib/net-snmp" \ + --enable-ucd-snmp-compatibility \ + --enable-shared \ + --enable-as-needed \ + $(use_enable mfd-rewrites) \ + $(use_enable perl embedded-perl) \ + $(use_enable ipv6) \ + $(use_enable !ssl internal-md5) \ + $(use_with ssl openssl) \ + $(use_with tcpd libwrap) \ + $(use_with rpm) \ + $(use_with rpm bzip2) \ + $(use_with rpm zlib) \ + $(use_with elf) \ + $(use_with python python-modules) \ + || die "econf failed" + + emake -j1 || die "emake failed" + + if use perl ; then + emake perlmodules || die "compile perl modules problem" + fi + + if use python ; then + emake pythonmodules || die "compile python modules problem" + fi + + if use doc ; then + einfo "Building HTML Documentation" + make docsdox || die "failed to build docs" + fi +} + +src_test() { + cd testing + if ! make test ; then + echo + einfo "Don't be alarmed if a few tests FAIL." + einfo "This could happen for several reasons:" + einfo " - You don't already have a working configuration." + einfo " - Your ethernet interface isn't properly configured." + echo + fi +} + +src_install () { + make DESTDIR="${D}" install || die "make install failed" + + if use perl ; then + make DESTDIR="${D}" perlinstall || die "make perlinstall failed" + fixlocalpod + + use X || rm -f "${D}/usr/bin/tkmib" + else + rm -f "${D}/usr/bin/mib2c" "${D}/usr/bin/tkmib" "${D}/usr/bin/snmpcheck" + fi + + if use python ; then + mkdir -p "${D}/${PYTHON_DIR}" || die "Couldn't make $PYTHON_DIR" + make pythoninstall || die "make pythoninstall failed" + fi + + dodoc AGENT.txt ChangeLog FAQ INSTALL NEWS PORTING README* TODO + newdoc EXAMPLE.conf.def EXAMPLE.conf + + use doc && dohtml docs/html/* + + keepdir /etc/snmp /var/lib/net-snmp + + newinitd "${FILESDIR}"/snmpd.rc7 snmpd + newconfd "${FILESDIR}"/snmpd.conf snmpd + + newinitd "${FILESDIR}"/snmptrapd.rc7 snmptrapd + newconfd "${FILESDIR}"/snmptrapd.conf snmptrapd + + # Remove everything, keeping only the snmpd, snmptrapd, MIBs, libs, and includes. + if use minimal; then + elog "USE=minimal is set. Cleaning up excess cruft for a embedded/minimal/server only install." + rm -rf + "${D}"/usr/bin/{encode_keychange,snmp{get,getnext,set,usm,walk,bulkwalk,table,trap,bulkget,translate,status,delta,test,df,vacm,netstat,inform,snmpcheck}} + rm -rf "${D}"/usr/share/snmp/snmpconf-data "${D}"/usr/share/snmp/*.conf + rm -rf "${D}"/usr/bin/{fixproc,traptoemail} "${D}"/usr/bin/snmpc{heck,onf} + find "${D}" -name '*.pl' -exec rm -f '{}' \; + use ipv6 || rm -rf "${D}"/usr/share/snmp/mibs/IPV6* + fi + + # bug 113788, install example config + insinto /etc/snmp + newins "${S}"/EXAMPLE.conf snmpd.conf.example +} + +pkg_postrm() { + if use python ; then + python_mod_cleanup + fi +} + +pkg_postinst() { + elog "An example configuration file has been installed in" + elog "/etc/snmp/snmpd.conf.example." +} |