diff options
author | Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 2014-03-16 17:09:56 +0100 |
---|---|---|
committer | Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 2014-03-16 17:09:56 +0100 |
commit | 86d6c2992ffe207d79fa3601770fca9c446ec590 (patch) | |
tree | c753722091f3079e1df3f04345563f4436f220aa | |
parent | 133948cdd0b748fcfb806fdc050fdef363240128 (diff) | |
download | aports-86d6c2992ffe207d79fa3601770fca9c446ec590.tar.bz2 aports-86d6c2992ffe207d79fa3601770fca9c446ec590.tar.xz |
main/net-snmp: security upgrade to 5.7.2.1 (CVE-2014-2285, CVE-2014-2284)
-rw-r--r-- | main/net-snmp/APKBUILD | 77 | ||||
-rw-r--r-- | main/net-snmp/fix-includes.patch | 10 | ||||
-rw-r--r-- | main/net-snmp/snmpd.initd | 28 |
3 files changed, 66 insertions, 49 deletions
diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD index 4a92e932a1..9ff355c48d 100644 --- a/main/net-snmp/APKBUILD +++ b/main/net-snmp/APKBUILD @@ -1,25 +1,26 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=net-snmp -pkgver=5.7.1 -pkgrel=4 +pkgver=5.7.2.1 +pkgrel=0 pkgdesc="Simple Network Management Protocol" url="http://www.net-snmp.org/" arch="all" license="GPL" depends= depends_dev="openssl-dev" -makedepends="perl-dev openssl-dev" +# we need perl-net-snmp in make depends for bootstrapping issues +# net-snmp-gui subpackage has perl-net-snmp as depends +makedepends="file perl-dev openssl-dev perl-net-snmp" subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-agent-libs:alibs $pkgname-perl:pl $pkgname-gui $pkgname-tools" source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz - netsnmp-arp-netlink-fix.patch netsnmp-swinst-crash.patch + fix-includes.patch snmpd.initd snmpd.confd snmptrapd.initd snmptrapd.confd - CVE-2012-6151.patch " _builddir="$srcdir/$pkgname-$pkgver" @@ -27,7 +28,7 @@ _builddir="$srcdir/$pkgname-$pkgver" prepare() { local i cd "$_builddir" - # patches goes here + update_config_sub || return 1 for i in $source; do case $i in *.patch|*.diff) @@ -39,18 +40,21 @@ prepare() { # Allow tmpfs volume size monitoring # Ref #932 - sed -e 's#"tmpfs",#/* "tmpfs", */#g' -i agent/mibgroup/host/hr_filesys.c + sed -e 's#"tmpfs",#/* "tmpfs", */#g' -i agent/mibgroup/host/hr_filesys.c } build() { cd "$_builddir" - + export lt_cv_sys_max_cmd_len=8192 - + #build fails on: libnetsnmpmibs.so: undefined reference to `pthread_create' LDFLAGS="$LDFLAGS -lpthread" - ./configure --prefix=/usr \ + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ @@ -61,20 +65,20 @@ build() { --enable-ucd-snmp-compatibility \ --with-persistent-directory="/var/lib/net-snmp" \ --with-openssl \ + --enable-pic \ --enable-ipv6 \ --enable-shared \ --enable-as-needed \ --with-perl-modules="INSTALLDIRS=vendor" \ - --disable-embedded-perl - # embedded-perl seems to create TEXTREL's + --disable-embedded-perl \ + || return 1 + # embedded-perl seems to create TEXTREL's - # work around parallell build issue - make sedscript && make -j1 -C man || return 1 - make || return 1 + make -j1 || return 1 } package() { - cd "$_builddir" + cd "$_builddir" make -j1 DESTDIR="$pkgdir" install || return 1 # remove things we dont want distribute rm "$pkgdir"/usr/lib/*.la || return 1 @@ -87,13 +91,13 @@ package() { || return 1 ln -s snmptrap "$pkgdir"/usr/bin/snmpinform || return 1 - install -m755 -D "$srcdir"/snmpd.initd "$pkgdir"/etc/init.d/snmpd - install -m644 -D "$srcdir"/snmpd.confd "$pkgdir"/etc/conf.d/snmpd - install -m755 -D "$srcdir"/snmptrapd.initd "$pkgdir"/etc/init.d/snmptrapd - install -m644 -D "$srcdir"/snmptrapd.confd "$pkgdir"/etc/conf.d/snmptrapd - install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf.example - mkdir -p "$pkgdir"/var/lib/net-snmp - find "$pkgdir" -name perllocal.pod -delete + install -m755 -D "$srcdir"/snmpd.initd "$pkgdir"/etc/init.d/snmpd + install -m644 -D "$srcdir"/snmpd.confd "$pkgdir"/etc/conf.d/snmpd + install -m755 -D "$srcdir"/snmptrapd.initd "$pkgdir"/etc/init.d/snmptrapd + install -m644 -D "$srcdir"/snmptrapd.confd "$pkgdir"/etc/conf.d/snmptrapd + install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf.example + mkdir -p "$pkgdir"/var/lib/net-snmp + find "$pkgdir" -name perllocal.pod -delete } libs() { @@ -150,27 +154,24 @@ tools() { } -md5sums="c95d08fd5d93df0c11a2e1bdf0e01e0b net-snmp-5.7.1.tar.gz -58bdd8a68042be16c22d8b4b40d3ec9c netsnmp-arp-netlink-fix.patch +md5sums="7db683faba037249837b226f64d566d4 net-snmp-5.7.2.1.tar.gz bd7dc10ffb5839e35ec37effcc53c2ad netsnmp-swinst-crash.patch -198a4a7b80557fa8112394df5ec9914e snmpd.initd +0fe11859a55f8e2489d5de629971a242 fix-includes.patch +3676e4d2e456e88da0dee8d7204749ba snmpd.initd 96510a2f3bc9f21648b03f7e8d76c0d3 snmpd.confd 7ce3e9e880fc6313ae87eb000bae4bda snmptrapd.initd -363f7728a76bdfc46e29b7e1f5cf4950 snmptrapd.confd -16c10a6412b5c8bf69c1d086c8e7365e CVE-2012-6151.patch" -sha256sums="7c71c9650c65b715356547e20ca2dbe6313944278af8cc19c32a5337f46b181f net-snmp-5.7.1.tar.gz -28448ebc7821d7f79bef0741b687ac40aa6419bc319578b92ed910157bd3a417 netsnmp-arp-netlink-fix.patch +363f7728a76bdfc46e29b7e1f5cf4950 snmptrapd.confd" +sha256sums="35dd20a2b17849f6d5a0a6109b4f52c1a777a3e1a00c79c4a175c520d23f3497 net-snmp-5.7.2.1.tar.gz 377e54bc2b66590c1c5174bf2e2c820adcbecd703d67c68be13c325d04d7d0c4 netsnmp-swinst-crash.patch -2fa0a1ecd5f64827592bf55f0416cb61c6eec114aadd3e9d20aa92ce71c3a09f snmpd.initd +7528f7d368a0a4536915805c065f8496c37cb99dbc74d508bed89831cd5af37e fix-includes.patch +0f36683e3ab9855ab16c6a9e7f5934145b7f65a02c3dd46dc9627b721296119a snmpd.initd 4a8eb647d8b8f25b03858e3815489eaf2cd8fd4932185f97a1d896f8ee2f85e8 snmpd.confd 4baf3ee9950ded78078d93c32833ff657d7e85580d64778cdc9a963cf24bc7ab snmptrapd.initd -095647b0e5be51e2bdd398267d7450da678b7d23cae6273f9b9461a26f89d69f snmptrapd.confd -010b4eeac6b436876890c283ac29385e63684fcd07d44eda93a635a945c63293 CVE-2012-6151.patch" -sha512sums="1e20181ab6c7c6062e0dd2f9b55f27bceb151b83e3174aa86e358e55be99792ef01251edc1401cde1192494599b17f65d390f7286b3571a733c32b12fac46993 net-snmp-5.7.1.tar.gz -c30845a2d9da624bd851cdb1b0534ed21f85a7956c43f9f99f79132d05619dec77e3b71ead942cc90f1418598a9656143cdba56c010318b21a05c8e5af3c28a2 netsnmp-arp-netlink-fix.patch +095647b0e5be51e2bdd398267d7450da678b7d23cae6273f9b9461a26f89d69f snmptrapd.confd" +sha512sums="6c4dadd145cab9572e2559ad99d6794469685086771c6d757d3667da1a061ab86746d53c28d48381c59a90d92b1812b813f3176cff156c41929177fb585299d0 net-snmp-5.7.2.1.tar.gz 78c036f1e6b4e3592cb2a6ff9b22671c930e337e9644298a9f78b6f13af1d9241d9c15dcc996b441b51cb2d551bf2dfe5caf602ff1e17baf7b6532f3dc6ba5bd netsnmp-swinst-crash.patch -ad66fef217ad9884114e9006c20074288656cf79fae19b59941545bbb551adfaaf4ec54cd0802e096a715d35c49a7c94cd4369302f847b8ba2892bd9fb62848c snmpd.initd +87a552bd2e41684bba6e87fbcf6454a85ee912d7a339411fda24cebddf7661f0856729e076a917920a542cf84b687ffd90a091daa15f2c48f0ff64f3a53c0ddb fix-includes.patch +887e84b775cd87a3631deac44aa35645c2df9b13b9346b2b23a80e513e82425304a79a8bf5234937f01638969788602539846e7fb8f9b5a9273c938a6233a175 snmpd.initd 3030ad11dd556569e481f108af69aef620b1fe67be8d8d12016f4aed1f0ffdb6c2ee87c40ed5bc883986568227e097cb7aa958658e01da51576848715bf65472 snmpd.confd e9b29b89d27e88420932ea6ca077a6c807ae5555436cad4d840ec732b5851a498661d0d174f22d308f403904b623d7eadf9d201a539529ff57ced18bc8c58b6f snmptrapd.initd -9cafeece565ca09c2cc85fa9c805d9932a745aca45b999e7511ccd0ffe0a95eddc1441ed231acf52a811db124bc2f797612ebb182b0a8a959ad24506e790a0b1 snmptrapd.confd -f39cad8bb4ed38cfa1e53f58f09e8a83ce8c3272ef8a522422a4f7b759a56c81a4ae31f1ead8da9b800509ea3e9d48892612f27ddcbd2f3853d5f7535b00b0f1 CVE-2012-6151.patch" +9cafeece565ca09c2cc85fa9c805d9932a745aca45b999e7511ccd0ffe0a95eddc1441ed231acf52a811db124bc2f797612ebb182b0a8a959ad24506e790a0b1 snmptrapd.confd" diff --git a/main/net-snmp/fix-includes.patch b/main/net-snmp/fix-includes.patch new file mode 100644 index 0000000000..fa1f181baa --- /dev/null +++ b/main/net-snmp/fix-includes.patch @@ -0,0 +1,10 @@ +--- net-snmp-5.7.2/agent/mibgroup/util_funcs/get_pid_from_inode.c.orig ++++ net-snmp-5.7.2/agent/mibgroup/util_funcs/get_pid_from_inode.c +@@ -4,6 +4,7 @@ + + #include <net-snmp/output_api.h> + ++#include <limits.h> + #include <ctype.h> + #include <stdio.h> + #if HAVE_STDLIB_H diff --git a/main/net-snmp/snmpd.initd b/main/net-snmp/snmpd.initd index f768bb36bf..c4604c98b4 100644 --- a/main/net-snmp/snmpd.initd +++ b/main/net-snmp/snmpd.initd @@ -1,7 +1,15 @@ #!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/files/snmpd.init.2,v 1.3 2012/10/22 02:57:05 flameeyes Exp $ -NAME=snmpd -DAEMON=/usr/sbin/$NAME +SNMPD_PIDFILE="${SNMPD_PIDFILE:-/var/run/snmpd.pid}" + +extra_started_commands="reload" + +command="/usr/sbin/snmpd" +command_args="-p ${SNMPD_PIDFILE} ${SNMPD_FLAGS}" +pidfile="${SNMPD_PIDFILE}" depend() { use logger @@ -11,21 +19,19 @@ depend() { checkconfig() { if [ ! -e /etc/snmp/snmpd.conf ] ; then - eerror "You need an /etc/snmp/snmpd.conf config file to run snmpd" + eerror "${SVCNAME} requires an /etc/snmp/snmpd.conf configuration file" return 1 fi } -start() { +start_pre() { checkconfig || return 1 - ebegin "Starting ${NAME}" - start-stop-daemon --start --quiet --background \ - --exec ${DAEMON} -- -p /var/run/${NAME}.pid ${OPTS} - eend $? } -stop() { - ebegin "Stopping ${NAME}" - start-stop-daemon --stop --quiet --pidfile /var/run/${NAME}.pid +reload() { + checkconfig || return 1 + + ebegin "Reloading ${SVCNAME} configuration" + kill -HUP $(cat ${SNMPD_PIDFILE}) 2>&1 > /dev/null eend $? } |