pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/net-snmp Replace "fixproc" script with version fro...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/4c95f17dabdf
branches:  trunk
changeset: 494553:4c95f17dabdf
user:      tron <tron%pkgsrc.org@localhost>
date:      Wed May 25 13:49:10 2005 +0000

description:
Replace "fixproc" script with version from "net-snmp" CVS respository.
This fixes the security problem documented in SA15471. Bump package
revision because of this change.

diffstat:

 net/net-snmp/Makefile         |    3 +-
 net/net-snmp/distinfo         |    3 +-
 net/net-snmp/patches/patch-ab |  180 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 184 insertions(+), 2 deletions(-)

diffs (211 lines):

diff -r 76354cc5c3b4 -r 4c95f17dabdf net/net-snmp/Makefile
--- a/net/net-snmp/Makefile     Wed May 25 13:45:36 2005 +0000
+++ b/net/net-snmp/Makefile     Wed May 25 13:49:10 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.29 2005/04/11 21:46:51 tv Exp $
+# $NetBSD: Makefile,v 1.30 2005/05/25 13:49:10 tron Exp $
 
 DISTNAME=      net-snmp-5.2.1
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=net-snmp/} \
                ftp://ftp.net-smnp.org/pub/sourceforge/net-snmp/
diff -r 76354cc5c3b4 -r 4c95f17dabdf net/net-snmp/distinfo
--- a/net/net-snmp/distinfo     Wed May 25 13:45:36 2005 +0000
+++ b/net/net-snmp/distinfo     Wed May 25 13:49:10 2005 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.14 2005/03/30 12:10:58 adam Exp $
+$NetBSD: distinfo,v 1.15 2005/05/25 13:49:10 tron Exp $
 
 SHA1 (net-snmp-5.2.1.tar.gz) = f8ec23b4d2706bef50cbc2d37ad9d292e107b0fb
 RMD160 (net-snmp-5.2.1.tar.gz) = ad7a57cfe0552a71a6dadb263ac300c84d98b541
 Size (net-snmp-5.2.1.tar.gz) = 3971320 bytes
 SHA1 (patch-aa) = df9bcea942743e9bcd843724612b7d82ea364eca
+SHA1 (patch-ab) = 7e0fc7f52e3947d589bed850e847bd89e8daec1d
 SHA1 (patch-ac) = 43dbf5519feac2a13b893f659090fa24de773ee8
 SHA1 (patch-ad) = 9703dc9451f3fa7a61bae9c8d13b916aa52c0a6b
 SHA1 (patch-ae) = 750412088b9ccd5fb50bd6e7fc049903f6113a39
diff -r 76354cc5c3b4 -r 4c95f17dabdf net/net-snmp/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/net-snmp/patches/patch-ab     Wed May 25 13:49:10 2005 +0000
@@ -0,0 +1,180 @@
+$NetBSD: patch-ab,v 1.5 2005/05/25 13:49:10 tron Exp $
+
+--- local/fixproc.orig 2002-04-20 08:30:13.000000000 +0100
++++ local/fixproc      2005-05-25 14:36:18.000000000 +0100
+@@ -129,6 +129,8 @@
+ #
+ # Timothy Kong                3/1995
+ 
++use File::Temp qw(tempfile);
++
+ $database_file = '/local/etc/fixproc.conf';
+ 
+ $debug = 0;                   # specify debug level using -dN
+@@ -191,20 +193,19 @@
+ sub create_sh_script
+ {
+   local ($file) = pop (@_);
++  local ($fh) = pop (@_);
+   local ($i) = pop (@_);
+ 
+-  printf (stderr "create_sh_script\n") if ($debug > 0);
++  printf (STDERR "create_sh_script\n") if ($debug > 0);
+ 
+   $! = $fixproc_error;
+-  open (file, ">"."$file") || die "$0: cannot open $file\n";
+   while ( $shell_lines[$i] ne $shell_end_marker )
+     {
+-      printf (file "%s", $shell_lines[$i]);
++      printf ($fh "%s", $shell_lines[$i]);
+       $i++;
+     }
+-  close (file);
+-  system "chmod +x $file";
+-  return file;
++  close ($fh);
++  chmod 0755, $file;
+ }
+ 
+ 
+@@ -212,7 +213,7 @@
+ {
+   local ($proc) = pop(@_);
+ 
+-  printf (stderr "do_fix\n") if ($debug > 0);
++  printf (STDERR "do_fix\n") if ($debug > 0);
+ 
+   if ($fix{$proc} eq '')
+     {
+@@ -230,14 +231,13 @@
+   else
+     {
+       # it must be "shell", so execute the shell script defined in database
++      local ($tmpfh, $tmpfile) = tempfile("fix_XXXXXXXX", DIR => "/tmp");
+ 
+-      local ($tmpfile) = "/tmp/fix_$$";
+-
+-      &create_sh_script ($fix{$proc}, $tmpfile);
++      &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile);
+ 
+               # return code is number divided by 256
+       $error_code = (system "$tmpfile") / 256;
+-      system "rm $tmpfile";
++      unlink($tmpfile);
+       return ($fix_failed_error) if ($error_code != 0);
+         # sleep needed here?
+       return &do_exist ($proc);
+@@ -249,7 +249,7 @@
+ {
+   local ($proc) = pop(@_);
+ 
+-  printf (stderr "do_check\n") if ($debug > 0);
++  printf (STDERR "do_check\n") if ($debug > 0);
+ 
+   if ($check{$proc} eq '')
+     {
+@@ -262,13 +262,13 @@
+       # if not "exist", then it must be "shell", so execute the shell script
+       # defined in database
+ 
+-      local ($tmpfile) = "/tmp/check_$$";
++      local ($tmpfh, $tmpfile) = tempfile("check_XXXXXXXX", DIR => "/tmp");
+ 
+-      &create_sh_script ($check{$proc}, $tmpfile);
++      &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile);
+ 
+               # return code is number divided by 256
+       $error_code = (system "$tmpfile") / 256;
+-      system "rm $tmpfile";
++      unlink($tmpfile);
+       return ($check_failed_error) if ($error_code != 0);
+ 
+       # check passed, continue
+@@ -281,13 +281,13 @@
+ {
+   local ($proc) = pop(@_);
+ 
+-  printf (stderr "do_exist\n") if ($debug > 0);
++  printf (STDERR "do_exist\n") if ($debug > 0);
+ 
+   # do ps, check to see if min <= no. of processes <= max
+   $! = $fixproc_error;
+-  open (command, "/bin/ps -e | /bin/grep $proc | /bin/wc -l |")
++  open (COMMAND, "/bin/ps -e | /bin/grep $proc | /bin/wc -l |")
+     || die "$0: can't run ps-grep-wc command\n";
+-  $proc_count = <command>;
++  $proc_count = <COMMAND>;
+   if (($proc_count < $min{$proc}) || ($proc_count > $max{$proc}))
+     {
+       return $check_failed_error;
+@@ -301,13 +301,13 @@
+   local ($proc) = pop(@_);
+   local ($second_kill_needed);
+ 
+-  printf (stderr "do_kill\n") if ($debug > 0);
++  printf (STDERR "do_kill\n") if ($debug > 0);
+ 
+   # first try kill
+   $! = $fixproc_error;
+-  open (command, "/bin/ps -e | /bin/grep $proc |")
++  open (COMMAND, "/bin/ps -e | /bin/grep $proc |")
+     || die "$0: can't run ps-grep-awk command\n";
+-  while (<command>)
++  while (<COMMAND>)
+     {
+       # match the first field of ps -e
+       $! = $fixproc_error;
+@@ -318,10 +318,10 @@
+   # if process still exist, try kill -9
+   sleep 2;
+   $! = $fixproc_error;
+-  open (command, "/bin/ps -e | /bin/grep $proc |")
++  open (COMMAND, "/bin/ps -e | /bin/grep $proc |")
+     || die "$0: can't run ps-grep-awk command\n";
+   $second_kill_needed = 0;
+-  while (<command>)
++  while (<COMMAND>)
+     {
+       # match the first field of ps -e
+       $! = $fixproc_error;
+@@ -334,9 +334,9 @@
+   # see if kill -9 worked
+   sleep 2;
+   $! = $fixproc_error;
+-  open (command, "/bin/ps -e | /bin/grep $proc |")
++  open (COMMAND, "/bin/ps -e | /bin/grep $proc |")
+     || die "$0: can't run ps-grep-awk command\n";
+-  while (<command>)
++  while (<COMMAND>)
+     {                         # a process still exist, return error
+       return $cannot_kill_error;
+     }
+@@ -349,7 +349,7 @@
+   local ($proc) = pop(@_);
+   local ($error_code);
+ 
+-  printf (stderr "do_restart\n") if ($debug > 0);
++  printf (STDERR "do_restart\n") if ($debug > 0);
+ 
+   $error_code = &do_kill ($proc);
+   return $error_code if ($error_code != $no_error);
+@@ -369,7 +369,7 @@
+   local ($proc) = pop(@_);
+   local ($error_code);
+ 
+-  printf (stderr "work_on_proc\n") if ($debug > 0);
++  printf (STDERR "work_on_proc\n") if ($debug > 0);
+ 
+   if ($cmd_line_action eq '')
+     {
+@@ -475,8 +475,8 @@
+   local ($str2);
+ 
+   $! = $fixproc_error;
+-  open (db, $database_file) || die 'cannot open database file $database_file\n';
+-  while (<db>)
++  open (DB, $database_file) || die 'cannot open database file $database_file\n';
++  while (<DB>)
+     {
+       if ((! /\S/) || (/^[ \t]*#.*$/))
+       {



Home | Main Index | Thread Index | Old Index