From 78337da25b32a7a63d451e04e134958f848f6227 Mon Sep 17 00:00:00 2001 From: Peter Volkov Date: Fri, 6 Jun 2008 20:06:33 +0000 Subject: Incorporated patches from upstream to fix different issues: bug #203127 - error on subcontainer, followed by crash, thank Andrew Belousoff for report and Thomas Anders for the fix; bug #21660 - hrFSStorageIndex incorrect, thank for report Dominique PRUNIER; bug #213415 - process checking bug, reported by David Bosso; security bug #222265 - perl/python module buffer overflow (CVE-2008-2292), thank Robert Buchholz for report. (Portage version: 2.1.4.4) --- net-analyzer/net-snmp/ChangeLog | 18 +- .../files/net-snmp-5.1.2-snmpconf-selinux.patch | 12 + .../net-snmp/files/net-snmp-5.4-exec-crash.patch | 14 + .../files/net-snmp-5.4.1-CVE-2008-2292.patch | 192 ++++++++ ...net-snmp-5.4.1-incorrect-hrFSStorageIndex.patch | 538 +++++++++++++++++++++ ...4.1-ipAddressTable-crash-with-double-free.patch | 134 +++++ .../files/net-snmp-5.4.1-process-count-race.patch | 52 ++ net-analyzer/net-snmp/net-snmp-5.4.1-r4.ebuild | 199 ++++++++ 8 files changed, 1158 insertions(+), 1 deletion(-) create mode 100644 net-analyzer/net-snmp/files/net-snmp-5.1.2-snmpconf-selinux.patch create mode 100644 net-analyzer/net-snmp/files/net-snmp-5.4-exec-crash.patch create mode 100644 net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch create mode 100644 net-analyzer/net-snmp/files/net-snmp-5.4.1-incorrect-hrFSStorageIndex.patch create mode 100644 net-analyzer/net-snmp/files/net-snmp-5.4.1-ipAddressTable-crash-with-double-free.patch create mode 100644 net-analyzer/net-snmp/files/net-snmp-5.4.1-process-count-race.patch create mode 100644 net-analyzer/net-snmp/net-snmp-5.4.1-r4.ebuild (limited to 'net-analyzer') diff --git a/net-analyzer/net-snmp/ChangeLog b/net-analyzer/net-snmp/ChangeLog index 65d5d5754aa2..fad8fb06a412 100644 --- a/net-analyzer/net-snmp/ChangeLog +++ b/net-analyzer/net-snmp/ChangeLog @@ -1,6 +1,22 @@ # ChangeLog for net-analyzer/net-snmp # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/ChangeLog,v 1.167 2008/03/31 05:26:17 ricmm Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/ChangeLog,v 1.168 2008/06/06 20:06:33 pva Exp $ + +*net-snmp-5.4.1-r4 (06 Jun 2008) + + 06 Jun 2008; Peter Volkov + +files/net-snmp-5.1.2-snmpconf-selinux.patch, + +files/net-snmp-5.4.1-CVE-2008-2292.patch, + +files/net-snmp-5.4.1-incorrect-hrFSStorageIndex.patch, + +files/net-snmp-5.4.1-ipAddressTable-crash-with-double-free.patch, + +files/net-snmp-5.4.1-process-count-race.patch, + +files/net-snmp-5.4-exec-crash.patch, +net-snmp-5.4.1-r4.ebuild: + Incorporated patches from upstream to fix different issues: bug #203127 - + error on subcontainer, followed by crash, thank Andrew Belousoff for + report and Thomas Anders for the fix; bug #21660 - hrFSStorageIndex + incorrect, thank for report Dominique PRUNIER; bug #213415 - process + checking bug, reported by David Bosso; security bug #222265 - perl/python + module buffer overflow (CVE-2008-2292), thank Robert Buchholz for report. 31 Mar 2008; net-snmp-5.4.ebuild: Drop to ~mips due to unstable deps diff --git a/net-analyzer/net-snmp/files/net-snmp-5.1.2-snmpconf-selinux.patch b/net-analyzer/net-snmp/files/net-snmp-5.1.2-snmpconf-selinux.patch new file mode 100644 index 000000000000..9171b6936da7 --- /dev/null +++ b/net-analyzer/net-snmp/files/net-snmp-5.1.2-snmpconf-selinux.patch @@ -0,0 +1,12 @@ +https://bugzilla.redhat.com/show_bug.cgi?id=248329 + +--- net-snmp-5.1.2/local/snmpconf.orig 2004-04-20 16:20:51.000000000 +0200 ++++ net-snmp-5.1.2/local/snmpconf 2007-07-09 15:34:48.000000000 +0200 +@@ -585,6 +585,7 @@ + } + } + close(O); ++ system("restorecon $outputf"); + } + } + diff --git a/net-analyzer/net-snmp/files/net-snmp-5.4-exec-crash.patch b/net-analyzer/net-snmp/files/net-snmp-5.4-exec-crash.patch new file mode 100644 index 000000000000..6dae95a32db3 --- /dev/null +++ b/net-analyzer/net-snmp/files/net-snmp-5.4-exec-crash.patch @@ -0,0 +1,14 @@ +https://bugzilla.redhat.com/show_bug.cgi?id=243536 + +--- net-snmp-5.4/agent/mibgroup/agent/extend.c.orig 2006-10-18 21:07:35.000000000 +0200 ++++ net-snmp-5.4/agent/mibgroup/agent/extend.c 2007-06-27 14:30:08.000000000 +0200 +@@ -448,6 +448,9 @@ + extension->command = strdup( exec_command ); + if (cptr) + extension->args = strdup( cptr ); ++ } else { ++ snmp_log(LOG_ERR, "Duplicate MIBOID '%s' detected in exec statement, only the first one will be used.\n", exec_name); ++ return; + } + + #ifndef USING_UCD_SNMP_EXTENSIBLE_MODULE diff --git a/net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch b/net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch new file mode 100644 index 000000000000..125ccf22b6c7 --- /dev/null +++ b/net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch @@ -0,0 +1,192 @@ +r16770 | dts12 | 2007-12-22 22:22:44 +0300 (Сбт, 22 Дек 2007) | 2 lines + +CHANGES: perl: BUG: 1826174: Check for buffer overflow when printing values. + +CHANGES: python: BUG: 1826174: Check for buffer overflow when printing values. +Addresses CVE-2008-2292 + +--- perl/SNMP/SNMP.xs (revision 16769) ++++ perl/SNMP/SNMP.xs (revision 16770) +@@ -470,14 +470,16 @@ + if (flag == USE_ENUMS) { + for(ep = tp->enums; ep; ep = ep->next) { + if (ep->value == *var->val.integer) { +- strcpy(buf, ep->label); ++ strncpy(buf, ep->label, buf_len); ++ buf[buf_len-1] = '\0'; + len = strlen(buf); + break; + } + } + } + if (!len) { +- sprintf(buf,"%ld", *var->val.integer); ++ snprintf(buf, buf_len, "%ld", *var->val.integer); ++ buf[buf_len-1] = '\0'; + len = strlen(buf); + } + break; +@@ -486,21 +488,25 @@ + case ASN_COUNTER: + case ASN_TIMETICKS: + case ASN_UINTEGER: +- sprintf(buf,"%lu", (unsigned long) *var->val.integer); ++ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer); ++ buf[buf_len-1] = '\0'; + len = strlen(buf); + break; + + case ASN_OCTET_STR: + case ASN_OPAQUE: +- memcpy(buf, (char*)var->val.string, var->val_len); + len = var->val_len; ++ if ( len > buf_len ) ++ len = buf_len; ++ memcpy(buf, (char*)var->val.string, len); + break; + + case ASN_IPADDRESS: +- ip = (u_char*)var->val.string; +- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); +- len = strlen(buf); +- break; ++ ip = (u_char*)var->val.string; ++ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); ++ buf[buf_len-1] = '\0'; ++ len = strlen(buf); ++ break; + + case ASN_NULL: + break; +@@ -512,14 +518,14 @@ + break; + + case SNMP_ENDOFMIBVIEW: +- sprintf(buf,"%s", "ENDOFMIBVIEW"); +- break; ++ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW"); ++ break; + case SNMP_NOSUCHOBJECT: +- sprintf(buf,"%s", "NOSUCHOBJECT"); +- break; ++ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT"); ++ break; + case SNMP_NOSUCHINSTANCE: +- sprintf(buf,"%s", "NOSUCHINSTANCE"); +- break; ++ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE"); ++ break; + + case ASN_COUNTER64: + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES +@@ -538,19 +544,19 @@ + #endif + + case ASN_BIT_STR: +- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL); ++ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL); + len = strlen(buf); + break; + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case ASN_OPAQUE_FLOAT: +- if (var->val.floatVal) +- sprintf(buf,"%f", *var->val.floatVal); +- break; ++ if (var->val.floatVal) ++ snprintf(buf, buf_len, "%f", *var->val.floatVal); ++ break; + + case ASN_OPAQUE_DOUBLE: +- if (var->val.doubleVal) +- sprintf(buf,"%f", *var->val.doubleVal); +- break; ++ if (var->val.doubleVal) ++ snprintf(buf, buf_len, "%f", *var->val.doubleVal); ++ break; + #endif + + case ASN_NSAP: +--- python/netsnmp/client_intf.c (revision 16961) ++++ python/netsnmp/client_intf.c (revision 16962) +@@ -330,14 +330,15 @@ + if (flag == USE_ENUMS) { + for(ep = tp->enums; ep; ep = ep->next) { + if (ep->value == *var->val.integer) { +- strcpy(buf, ep->label); ++ strncpy(buf, ep->label, buf_len); ++ buf[buf_len -1] = 0; + len = STRLEN(buf); + break; + } + } + } + if (!len) { +- sprintf(buf,"%ld", *var->val.integer); ++ snprintf(buf,"%ld", buf_len, *var->val.integer); + len = STRLEN(buf); + } + break; +@@ -346,19 +347,21 @@ + case ASN_COUNTER: + case ASN_TIMETICKS: + case ASN_UINTEGER: +- sprintf(buf,"%lu", (unsigned long) *var->val.integer); ++ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer); + len = STRLEN(buf); + break; + + case ASN_OCTET_STR: + case ASN_OPAQUE: +- memcpy(buf, (char*)var->val.string, var->val_len); + len = var->val_len; ++ if (len > buf_len) ++ len = buf_len; ++ memcpy(buf, (char*)var->val.string, len); + break; + + case ASN_IPADDRESS: + ip = (u_char*)var->val.string; +- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); ++ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + len = STRLEN(buf); + break; + +@@ -372,13 +375,13 @@ + break; + + case SNMP_ENDOFMIBVIEW: +- sprintf(buf,"%s", "ENDOFMIBVIEW"); ++ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW"); + break; + case SNMP_NOSUCHOBJECT: +- sprintf(buf,"%s", "NOSUCHOBJECT"); ++ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT"); + break; + case SNMP_NOSUCHINSTANCE: +- sprintf(buf,"%s", "NOSUCHINSTANCE"); ++ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE"); + break; + + case ASN_COUNTER64: +@@ -398,18 +401,18 @@ + #endif + + case ASN_BIT_STR: +- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL); ++ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL); + len = STRLEN(buf); + break; + #ifdef OPAQUE_SPECIAL_TYPES + case ASN_OPAQUE_FLOAT: + if (var->val.floatVal) +- sprintf(buf,"%f", *var->val.floatVal); ++ snprintf(buf, buf_len, "%f", *var->val.floatVal); + break; + + case ASN_OPAQUE_DOUBLE: + if (var->val.doubleVal) +- sprintf(buf,"%f", *var->val.doubleVal); ++ snprintf(buf, buf_len, "%f", *var->val.doubleVal); + break; + #endif + diff --git a/net-analyzer/net-snmp/files/net-snmp-5.4.1-incorrect-hrFSStorageIndex.patch b/net-analyzer/net-snmp/files/net-snmp-5.4.1-incorrect-hrFSStorageIndex.patch new file mode 100644 index 000000000000..03af69f9a87c --- /dev/null +++ b/net-analyzer/net-snmp/files/net-snmp-5.4.1-incorrect-hrFSStorageIndex.patch @@ -0,0 +1,538 @@ +r16694 | rstory | 2007-09-14 17:11:59 +0400 (Птн, 14 Сен 2007) | 3 lines + +Apple patches +- add/fix disk/partition tables on darwin + +Also fixes incorrect hrFSStorageIndex + +http://bugs.gentoo.org/show_bug.cgi?id=211660 +http://sourceforge.net/tracker/index.php?func=detail&aid=1696044&group_id=12694&atid=312694 + +--- agent/mibgroup/host/hr_partition.c (revision 16693) ++++ agent/mibgroup/host/hr_partition.c (revision 16694) +@@ -1,8 +1,17 @@ +- + /* + * Host Resources MIB - partition device group implementation - hr_partition.c + * + */ ++/* Portions of this file are subject to the following copyright(s). See ++ * the Net-SNMP's COPYING file for more details and other copyrights ++ * that may apply: ++ */ ++/* ++ * Portions of this file are copyrighted by: ++ * Copyright (C) 2007 Apple, Inc. All rights reserved. ++ * Use is subject to license terms specified in the COPYING file ++ * distributed with the Net-SNMP package. ++ */ + + #include + #include +@@ -35,6 +44,9 @@ + static int HRP_savedDiskIndex; + static int HRP_savedPartIndex; + static char HRP_savedName[1024]; ++#ifdef NETSNMP_CAN_GET_DISK_LABEL ++static char HRP_savedLabel[1024]; ++#endif + + static int HRP_DiskIndex; + +@@ -135,6 +147,7 @@ + (name[HRPART_DISK_NAME_LENGTH] & + ((1 << HRDEV_TYPE_SHIFT) - 1)); + ++ DEBUGMSGTL(("host/hr_partition", "... low index %d\n", LowDiskIndex)); + while (HRP_DiskIndex < LowDiskIndex) { + Init_HR_Partition(); /* moves to next disk */ + if (HRP_DiskIndex == -1) +@@ -144,6 +157,7 @@ + + for (;;) { + part_idx = Get_Next_HR_Partition(); ++ DEBUGMSGTL(("host/hr_partition", "... part index %d\n", part_idx)); + if (part_idx == 0) + break; + newname[HRPART_DISK_NAME_LENGTH] = +@@ -225,8 +239,13 @@ + long_return = part_idx; + return (u_char *) & long_return; + case HRPART_LABEL: ++#ifdef NETSNMP_CAN_GET_DISK_LABEL ++ *var_len = strlen(HRP_savedLabel); ++ return (u_char *) HRP_savedLabel; ++#else + *var_len = strlen(HRP_savedName); + return (u_char *) HRP_savedName; ++#endif + case HRPART_ID: /* Use the device number */ + sprintf(string, "0x%x", (int) stat_buf.st_rdev); + *var_len = strlen(string); +@@ -259,9 +278,11 @@ + static void + Init_HR_Partition(void) + { ++ DEBUGMSGTL(("host/hr_partition", "Init_HR_Partition\n")); + HRP_DiskIndex = Get_Next_HR_Disk(); + if (HRP_DiskIndex != -1) + HRP_DiskIndex &= ((1 << HRDEV_TYPE_SHIFT) - 1); ++ DEBUGMSGTL(("host/hr_partition", "... %d\n",HRP_DiskIndex)); + + HRP_index = -1; + } +@@ -272,6 +293,7 @@ + char string[1024]; + int fd; + ++ DEBUGMSGTL(("host/hr_partition", "Get_Next_HR_Partition %d\n",HRP_DiskIndex)); + if (HRP_DiskIndex == -1) { + return 0; + } +@@ -309,4 +331,7 @@ + HRP_savedDiskIndex = disk_idx; + HRP_savedPartIndex = part_idx; + (void) Get_Next_HR_Disk_Partition(HRP_savedName, sizeof(HRP_savedName), HRP_index); ++#ifdef NETSNMP_CAN_GET_DISK_LABEL ++ (void) Get_HR_Disk_Label(HRP_savedLabel, sizeof(HRP_savedLabel), HRP_savedName); ++#endif + } +Index: agent/mibgroup/host/hr_filesys.c +=================================================================== +--- agent/mibgroup/host/hr_filesys.c (revision 16693) ++++ agent/mibgroup/host/hr_filesys.c (revision 16694) +@@ -2,11 +2,25 @@ + * Host Resources MIB - File System device group implementation - hr_filesys.c + * + */ ++/* Portions of this file are subject to the following copyright(s). See ++ * the Net-SNMP's COPYING file for more details and other copyrights ++ * that may apply: ++ */ ++/* ++ * Portions of this file are copyrighted by: ++ * Copyright (C) 2007 Apple, Inc. All rights reserved. ++ * Use is subject to license terms specified in the COPYING file ++ * distributed with the Net-SNMP package. ++ */ + + #include ++#include ++#include ++#include + #include "host_res.h" + #include "hr_filesys.h" + #include "hr_storage.h" ++#include "hr_disk.h" + #include + + #if HAVE_MNTENT_H +@@ -535,7 +549,7 @@ + long_return = 2; /* others probably aren't */ + return (u_char *) & long_return; + case HRFSYS_STOREIDX: +- long_return = fsys_idx + HRS_TYPE_FIXED_MAX; ++ long_return = fsys_idx + NETSNMP_MEM_TYPE_MAX; + return (u_char *) & long_return; + case HRFSYS_FULLDUMP: + return when_dumped(HRFS_entry->HRFS_name, FULL_DUMP, var_len); +Index: agent/mibgroup/host/hr_disk.c +=================================================================== +--- agent/mibgroup/host/hr_disk.c (revision 16693) ++++ agent/mibgroup/host/hr_disk.c (revision 16694) +@@ -2,6 +2,16 @@ + * Host Resources MIB - disk device group implementation - hr_disk.c + * + */ ++/* Portions of this file are subject to the following copyright(s). See ++ * the Net-SNMP's COPYING file for more details and other copyrights ++ * that may apply: ++ */ ++/* ++ * Portions of this file are copyrighted by: ++ * Copyright (C) 2007 Apple, Inc. All rights reserved. ++ * Use is subject to license terms specified in the COPYING file ++ * distributed with the Net-SNMP package. ++ */ + + #include + #include "host_res.h" +@@ -65,6 +75,15 @@ + #include + #endif + ++#ifdef darwin ++#include ++#include ++#include ++#include ++#include ++#include ++#endif ++ + #ifdef linux + /* + * define BLKGETSIZE from : +@@ -79,6 +98,27 @@ + + #define HRD_MONOTONICALLY_INCREASING + ++/************************************************************* ++ * constants for enums for the MIB node ++ * hrDiskStorageAccess (INTEGER / ASN_INTEGER) ++ */ ++#define HRDISKSTORAGEACCESS_READWRITE 1 ++#define HRDISKSTORAGEACCESS_READONLY 2 ++ ++ ++/************************************************************* ++ * constants for enums for the MIB node ++ * hrDiskStorageMedia (INTEGER / ASN_INTEGER) ++ */ ++#define HRDISKSTORAGEMEDIA_OTHER 1 ++#define HRDISKSTORAGEMEDIA_UNKNOWN 2 ++#define HRDISKSTORAGEMEDIA_HARDDISK 3 ++#define HRDISKSTORAGEMEDIA_FLOPPYDISK 4 ++#define HRDISKSTORAGEMEDIA_OPTICALDISKROM 5 ++#define HRDISKSTORAGEMEDIA_OPTICALDISKWORM 6 ++#define HRDISKSTORAGEMEDIA_OPTICALDISKRW 7 ++#define HRDISKSTORAGEMEDIA_RAMDISK 8 ++ + /********************* + * + * Kernel & interface information, +@@ -132,6 +172,19 @@ + static struct disklabel HRD_info; + #endif + ++#ifdef darwin ++static int64_t HRD_cap; ++static int HRD_access; ++static int HRD_type; ++static int HRD_removeble; ++static char HRD_model[40]; ++static int HRD_saved_access; ++static int HRD_saved_type; ++static int HRD_saved_removeble; ++static int _get_type_from_protocol( const char *prot ); ++static int _get_type_value( const char *str_type ); ++#endif ++ + static void parse_disk_config(const char *, char *); + static void free_disk_config(void); + +@@ -185,6 +238,8 @@ + "/dev/rdsk/c%dt%dd0s0", 0, 7); + Add_HR_Disk_entry("/dev/rdsk/c%dd%ds%d", 0, 7, 0, 15, + "/dev/rdsk/c%dd%ds0", 0, 7); ++#elif defined(darwin) ++ Add_HR_Disk_entry("/dev/disk%ds%d", -1, -1, 0, 32, "/dev/disk%d", 1, 32); + #elif defined(freebsd4) || defined(freebsd5) + Add_HR_Disk_entry("/dev/ad%ds%d%c", 0, 1, 1, 4, "/dev/ad%ds%d", 'a', 'h'); + Add_HR_Disk_entry("/dev/da%ds%d%c", 0, 1, 1, 4, "/dev/da%ds%d", 'a', 'h'); +@@ -484,6 +539,7 @@ + Init_HR_Disk(); + for (;;) { + disk_idx = Get_Next_HR_Disk(); ++ DEBUGMSGTL(("host/hr_disk", "... index %d\n", disk_idx)); + if (disk_idx == -1) + break; + newname[HRDISK_ENTRY_NAME_LENGTH] = disk_idx; +@@ -749,7 +805,13 @@ + HRD_history[iindex] = 0; + return ((HRDEV_DISK << HRDEV_TYPE_SHIFT) + iindex); + } ++ DEBUGMSGTL(("host/hr_disk", ++ "Get_Next_HR_Disk: can't query %s\n", string)); + } ++ else { ++ DEBUGMSGTL(("host/hr_disk", ++ "Get_Next_HR_Disk: can't open %s\n", string)); ++ } + HRD_history[iindex] = now; + HRD_index++; + } +@@ -801,6 +863,66 @@ + return 0; + } + ++#ifdef darwin ++int ++Get_HR_Disk_Label(char *string, size_t str_len, const char *devfull) ++{ ++ DASessionRef sess_ref; ++ DADiskRef disk; ++ CFDictionaryRef desc; ++ CFStringRef str_ref; ++ CFStringEncoding sys_encoding = CFStringGetSystemEncoding(); ++ ++ DEBUGMSGTL(("host/hr_disk", "Disk Label type %s\n", devfull)); ++ ++ sess_ref = DASessionCreate( NULL ); ++ if (NULL == sess_ref) { ++ strncpy(string, devfull, str_len); ++ string[str_len-1] = 0; ++ return -1; ++ } ++ ++ disk = DADiskCreateFromBSDName( NULL, sess_ref, devfull ); ++ if (NULL == disk) { ++ CFRelease(sess_ref); ++ strncpy(string, devfull, str_len); ++ string[str_len-1] = 0; ++ return -1; ++ } ++ ++ desc = DADiskCopyDescription( disk ); ++ if (NULL == desc) { ++ snmp_log(LOG_ERR, ++ "diskmgr: couldn't get disk description for %s, skipping\n", ++ devfull); ++ CFRelease(disk); ++ CFRelease(sess_ref); ++ strncpy(string, devfull, str_len); ++ return -1; ++ } ++ ++ /** model */ ++ str_ref = (CFStringRef) ++ CFDictionaryGetValue(desc, kDADiskDescriptionMediaNameKey); ++ if (str_ref) { ++ strncpy(string, CFStringGetCStringPtr(str_ref, sys_encoding), ++ str_len); ++ string[str_len-1] = 0; ++ DEBUGMSGTL(("verbose:diskmgr:darwin", " name %s\n", string)); ++ } ++ else { ++ strncpy(string, devfull, str_len); ++ string[str_len-1] = 0; ++ } ++ ++ CFRelease(disk); ++ CFRelease(desc); ++ CFRelease(sess_ref); ++ ++ return 0; ++} ++#endif ++ + static void + Save_HR_Disk_Specific(void) + { +@@ -822,6 +944,13 @@ + #ifdef DIOCGDINFO + HRD_savedCapacity = HRD_info.d_secperunit / 2; + #endif ++#ifdef darwin ++ HRD_savedCapacity = HRD_cap / 1024; ++ HRD_saved_access = HRD_access; ++ HRD_saved_type = HRD_type; ++ HRD_saved_removeble = HRD_removeble; ++#endif ++ + } + + static void +@@ -845,6 +974,11 @@ + sizeof(HRD_savedModel)-1); + HRD_savedModel[ sizeof(HRD_savedModel)-1 ] = 0; + #endif ++#ifdef darwin ++ strncpy(HRD_savedModel, HRD_model, ++ sizeof(HRD_savedModel)-1); ++ HRD_savedModel[ sizeof(HRD_savedModel)-1 ] = 0; ++#endif + } + + static const char * +@@ -900,6 +1034,104 @@ + result = ioctl(fd, DIOCGDINFO, &HRD_info); + #endif + ++#ifdef darwin ++ DASessionRef sess_ref; ++ DADiskRef disk; ++ CFDictionaryRef desc; ++ CFStringRef str_ref; ++ CFNumberRef number_ref; ++ CFBooleanRef bool_ref; ++ CFStringEncoding sys_encoding = CFStringGetSystemEncoding(); ++ ++ sess_ref = DASessionCreate( NULL ); ++ if (NULL == sess_ref) ++ return -1; ++ ++ disk = DADiskCreateFromBSDName( NULL, sess_ref, devfull ); ++ if (NULL == disk) { ++ CFRelease(sess_ref); ++ return -1; ++ } ++ ++ desc = DADiskCopyDescription( disk ); ++ if (NULL == desc) { ++ CFRelease(disk); ++ CFRelease(sess_ref); ++ return -1; ++ } ++ ++ number_ref = (CFNumberRef) ++ CFDictionaryGetValue(desc, kDADiskDescriptionMediaSizeKey); ++ if (number_ref) ++ CFNumberGetValue(number_ref, kCFNumberSInt64Type, &HRD_cap); ++ else ++ HRD_cap = 0; ++ DEBUGMSGTL(("verbose:diskmgr:darwin", " size %lld\n", HRD_cap)); ++ ++ /** writable? */ ++ bool_ref = (CFBooleanRef) ++ CFDictionaryGetValue(desc, kDADiskDescriptionMediaWritableKey); ++ if (bool_ref) { ++ HRD_access = CFBooleanGetValue(bool_ref); ++ } ++ else ++ HRD_access = 0; ++ DEBUGMSGTL(("verbose:diskmgr:darwin", " writable %d\n", ++ HRD_access)); ++ ++ /** removable? */ ++ bool_ref = (CFBooleanRef) ++ CFDictionaryGetValue(desc, kDADiskDescriptionMediaRemovableKey); ++ if (bool_ref) { ++ HRD_removeble = CFBooleanGetValue(bool_ref); ++ } ++ else ++ HRD_removeble = 0; ++ DEBUGMSGTL(("verbose:diskmgr:darwin", " removable %d\n", ++ HRD_removeble)); ++ ++ /** get type */ ++ str_ref = (CFStringRef) ++ CFDictionaryGetValue(desc, kDADiskDescriptionMediaTypeKey); ++ if (str_ref) { ++ HRD_type = _get_type_value(CFStringGetCStringPtr(str_ref, ++ sys_encoding)); ++ DEBUGMSGTL(("verbose:diskmgr:darwin", " type %s / %d\n", ++ CFStringGetCStringPtr(str_ref, sys_encoding), ++ HRD_type)); ++ } ++ else { ++ str_ref = (CFStringRef) ++ CFDictionaryGetValue(desc, kDADiskDescriptionDeviceProtocolKey); ++ if (str_ref) { ++ HRD_type = ++ _get_type_from_protocol(CFStringGetCStringPtr(str_ref, ++ sys_encoding)); ++ DEBUGMSGTL(("verbose:diskmgr:darwin", " type %s / %d\n", ++ CFStringGetCStringPtr(str_ref, sys_encoding), ++ HRD_type)); ++ } ++ else ++ HRD_type = HRDISKSTORAGEMEDIA_UNKNOWN; ++ } ++ ++ /** model */ ++ str_ref = (CFStringRef) ++ CFDictionaryGetValue(desc, kDADiskDescriptionDeviceModelKey); ++ if (str_ref) { ++ strncpy(HRD_model, CFStringGetCStringPtr(str_ref, sys_encoding), ++ sizeof(HRD_model)); ++ HRD_savedModel[ sizeof(HRD_savedModel)-1 ] = 0; ++ DEBUGMSGTL(("verbose:diskmgr:darwin", " model %s\n", HRD_model)); ++ } ++ else ++ HRD_model[0] = 0; ++ CFRelease(disk); ++ CFRelease(desc); ++ CFRelease(sess_ref); ++ result = 0; ++#endif ++ + return (result); + } + +@@ -918,6 +1150,11 @@ + return (2); /* read only */ + #endif + ++#ifdef darwin ++ if (!HRD_access) ++ return (2); ++#endif ++ + return (1); /* read-write */ + } + +@@ -990,6 +1227,9 @@ + } + #endif + ++#ifdef darwin ++ return HRD_type; ++#endif + + return (2); /* Unknown */ + } +@@ -1020,5 +1260,63 @@ + return (1); /* true */ + #endif + ++#ifdef darwin ++ if (HRD_removeble) ++ return (1); ++#endif ++ + return (2); /* false */ + } ++ ++#ifdef darwin ++typedef struct type_value_map_s { ++ const char *type; ++ uint32_t value; ++} type_value_map; ++ ++static type_value_map media_type_map[] = { ++ { "CD-ROM", HRDISKSTORAGEMEDIA_OPTICALDISKROM}, ++ { "DVD-R", HRDISKSTORAGEMEDIA_OPTICALDISKWORM}, ++ { "DVD+R", HRDISKSTORAGEMEDIA_OPTICALDISKWORM}, ++}; ++static int media_types = sizeof(media_type_map)/sizeof(media_type_map[0]); ++ ++static int ++_get_type_value( const char *str_type ) ++{ ++ int i, len; ++ ++ if (NULL == str_type) ++ return HRDISKSTORAGEMEDIA_UNKNOWN; ++ ++ len = strlen(str_type); ++ for(i=0; i < media_types; ++i) { ++ if (0 == strcmp(media_type_map[i].type, str_type)) ++ return media_type_map[i].value; ++ } ++ ++ return HRDISKSTORAGEMEDIA_UNKNOWN; ++} ++ ++static type_value_map proto_map[] = { ++ { "ATA", HRDISKSTORAGEMEDIA_HARDDISK}, ++ { "ATAPI", HRDISKSTORAGEMEDIA_OPTICALDISKROM} ++}; ++static int proto_maps = sizeof(proto_map)/sizeof(proto_map[0]); ++ ++static int _get_type_from_protocol( const char *prot ) ++{ ++ int i, len; ++ ++ if (NULL == prot) ++ return TV_FALSE; ++ ++ len = strlen(prot); ++ for(i=0; i < proto_maps; ++i) { ++ if (0 == strcmp(proto_map[i].type, prot)) ++ return proto_map[i].value; ++ } ++ ++ return HRDISKSTORAGEMEDIA_UNKNOWN; ++} ++#endif diff --git a/net-analyzer/net-snmp/files/net-snmp-5.4.1-ipAddressTable-crash-with-double-free.patch b/net-analyzer/net-snmp/files/net-snmp-5.4.1-ipAddressTable-crash-with-double-free.patch new file mode 100644 index 000000000000..900d51d20d08 --- /dev/null +++ b/net-analyzer/net-snmp/files/net-snmp-5.4.1-ipAddressTable-crash-with-double-free.patch @@ -0,0 +1,134 @@ +r16804 | magfr | 2008-02-14 02:37:48 +0300 (Чтв, 14 Фев 2008) | 2 lines + +NEWS: snmplib: Change CONTAINER_INSERT to not do partial inserts in containers with multiple indices when one insert fails. + +http://sourceforge.net/tracker/index.php?func=detail&aid=1733344&group_id=12694&atid=112694 + +http://bugs.gentoo.org/show_bug.cgi?id=203127 + +Index: snmplib/container.c +=================================================================== +--- snmplib/container.c (revision 16803) ++++ snmplib/container.c (revision 16804) +@@ -282,31 +282,41 @@ + * These functions should EXACTLY match the inline version in + * container.h. If you change one, change them both. + */ +-int CONTAINER_INSERT(netsnmp_container *x, const void *k) +-{ +- int rc2, rc = 0; +- +- /** start at first container */ +- while(x->prev) +- x = x->prev; +- for(; x; x = x->next) { +- if ((NULL != x->insert_filter) && +- (x->insert_filter(x,k) == 1)) +- continue; +- rc2 = x->insert(x,k); +- if (rc2) { ++int CONTAINER_INSERT_HELPER(netsnmp_container* x, const void* k) ++{ ++ while(x && x->insert_filter && x->insert_filter(x,k) == 1) ++ x = x->next; ++ if(x) { ++ int rc = x->insert(x,k); ++ if(rc) + snmp_log(LOG_ERR,"error on subcontainer '%s' insert (%d)\n", +- x->container_name ? x->container_name : "", rc2); +- rc = rc2; ++ x->container_name ? x->container_name : "", rc); ++ else { ++ rc = CONTAINER_INSERT_HELPER(x->next, k); ++ if(rc) ++ x->remove(x,k); + } ++ return rc; + } +- return rc; ++ return 0; + } + + /*------------------------------------------------------------------ + * These functions should EXACTLY match the inline version in + * container.h. If you change one, change them both. + */ ++int CONTAINER_INSERT(netsnmp_container* x, const void* k) ++{ ++ /** start at first container */ ++ while(x->prev) ++ x = x->prev; ++ return CONTAINER_INSERT_HELPER(x, k); ++} ++ ++/*------------------------------------------------------------------ ++ * These functions should EXACTLY match the inline version in ++ * container.h. If you change one, change them both. ++ */ + int CONTAINER_REMOVE(netsnmp_container *x, const void *k) + { + int rc2, rc = 0; +Index: include/net-snmp/library/container.h +=================================================================== +--- include/net-snmp/library/container.h (revision 16803) ++++ include/net-snmp/library/container.h (revision 16804) +@@ -364,32 +364,43 @@ + * container.c. If you change one, change them both. + */ + NETSNMP_STATIC_INLINE /* gcc docs recommend static w/inline */ +- int CONTAINER_INSERT(netsnmp_container *x, const void *k) ++ int CONTAINER_INSERT_HELPER(netsnmp_container* x, const void* k) + { +- int rc2, rc = 0; +- +- /** start at first container */ +- while(x->prev) +- x = x->prev; +- for(; x; x = x->next) { +- if ((NULL != x->insert_filter) && +- (x->insert_filter(x,k) == 1)) +- continue; +- rc2 = x->insert(x,k); +- if (rc2) { ++ while(x && x->insert_filter && x->insert_filter(x,k) == 1) ++ x = x->next; ++ if(x) { ++ int rc = x->insert(x,k); ++ if(rc) + snmp_log(LOG_ERR,"error on subcontainer '%s' insert (%d)\n", +- x->container_name ? x->container_name : "", rc2); +- rc = rc2; ++ x->container_name ? x->container_name : "", rc); ++ else { ++ rc = CONTAINER_INSERT_HELPER(x->next, k); ++ if(rc) ++ x->remove(x,k); + } ++ return rc; + } +- return rc; ++ return 0; + } +- ++ + /*------------------------------------------------------------------ + * These functions should EXACTLY match the function version in + * container.c. If you change one, change them both. + */ + NETSNMP_STATIC_INLINE /* gcc docs recommend static w/inline */ ++ int CONTAINER_INSERT(netsnmp_container* x, const void* k) ++ { ++ /** start at first container */ ++ while(x->prev) ++ x = x->prev; ++ return CONTAINER_INSERT_HELPER(x, k); ++ } ++ ++ /*------------------------------------------------------------------ ++ * These functions should EXACTLY match the function version in ++ * container.c. If you change one, change them both. ++ */ ++ NETSNMP_STATIC_INLINE /* gcc docs recommend static w/inline */ + int CONTAINER_REMOVE(netsnmp_container *x, const void *k) + { + int rc2, rc = 0; diff --git a/net-analyzer/net-snmp/files/net-snmp-5.4.1-process-count-race.patch b/net-analyzer/net-snmp/files/net-snmp-5.4.1-process-count-race.patch new file mode 100644 index 000000000000..56defedd8b6e --- /dev/null +++ b/net-analyzer/net-snmp/files/net-snmp-5.4.1-process-count-race.patch @@ -0,0 +1,52 @@ +r16705 | tanders | 2007-09-21 01:55:49 +0400 (Птн, 21 Сен 2007) | 3 lines + +CHANGES: snmpd: PATCH: 1746831: from cunnijd: fix process checking race +condition under Linux and platform #ifdefs + +--- agent/mibgroup/ucd-snmp/proc.c (revision 16704) ++++ agent/mibgroup/ucd-snmp/proc.c (revision 16705) +@@ -427,7 +427,7 @@ + return count; + } + +-#elif OSTYPE == NETSNMP_LINUXID ++#elif NETSNMP_OSTYPE == NETSNMP_LINUXID + + #include + #include +@@ -452,7 +452,7 @@ + #ifdef USE_PROC_CMDLINE /* old method */ + /* read /proc/XX/cmdline */ + sprintf(cmdline,"/proc/%s/cmdline",ent->d_name); +- if((fd = open(cmdline, O_RDONLY)) < 0) break; ++ if((fd = open(cmdline, O_RDONLY)) < 0) continue; + len = read(fd,cmdline,sizeof(cmdline) - 1); + close(fd); + if(len <= 0) continue; +@@ -464,7 +464,7 @@ + /* read /proc/XX/status */ + sprintf(cmdline,"/proc/%s/status",ent->d_name); + if ((status = fopen(cmdline, "r")) == NULL) +- break; ++ continue; + if (fgets(cmdline, sizeof(cmdline), status) == NULL) { + fclose(status); + break; +@@ -507,7 +507,7 @@ + return total; + } + +-#elif OSTYPE == NETSNMP_ULTRIXID ++#elif NETSNMP_OSTYPE == NETSNMP_ULTRIXID + + #define NPROCS 32 /* number of proces to read at once */ + +@@ -688,7 +688,7 @@ + return (0); + return (1); + } +-#elif OSTYPE == NETSNMP_SOLARISID ++#elif NETSNMP_OSTYPE == NETSNMP_SOLARISID + + #ifdef _SLASH_PROC_METHOD_ + diff --git a/net-analyzer/net-snmp/net-snmp-5.4.1-r4.ebuild b/net-analyzer/net-snmp/net-snmp-5.4.1-r4.ebuild new file mode 100644 index 000000000000..247428c3dc6c --- /dev/null +++ b/net-analyzer/net-snmp/net-snmp-5.4.1-r4.ebuild @@ -0,0 +1,199 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/net-snmp-5.4.1-r4.ebuild,v 1.1 2008/06/06 20:06:33 pva Exp $ + +inherit fixheadtails flag-o-matic perl-module python + +DESCRIPTION="Software for generating and retrieving SNMP data" +HOMEPAGE="http://net-snmp.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="as-is BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="diskio doc elf ipv6 lm_sensors mfd-rewrites minimal perl python rpm selinux smux ssl tcpd X sendmail extensible" + +DEPEND="ssl? ( >=dev-libs/openssl-0.9.6d ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + rpm? ( + app-arch/rpm + dev-libs/popt + app-arch/bzip2 + >=sys-libs/zlib-1.1.4 + ) + elf? ( dev-libs/elfutils ) + lm_sensors? ( sys-apps/lm_sensors ) + python? ( dev-python/setuptools )" + +RDEPEND="${DEPEND} + perl? ( + X? ( dev-perl/perl-tk ) + !minimal? ( dev-perl/TermReadKey ) + ) + selinux? ( sec-policy/selinux-snmpd )" + +DEPEND="${DEPEND} + >=sys-apps/sed-4 + doc? ( app-doc/doxygen )" + +src_unpack() { + unpack ${A} + cd "${S}" + + # fix access violation in make check + sed -i -e 's/\(snmpd.*\)-Lf/\1-l/' testing/eval_tools.sh || \ + die "sed eval_tools.sh failed" + # fix path in fixproc + sed -i -e 's|\(database_file =.*\)/local\(.*\)$|\1\2|' local/fixproc || \ + die "sed fixproc failed" + + if use python ; then + python_version + PYTHON_MODNAME="netsnmp" + PYTHON_DIR=/usr/$(get_libdir)/python${PYVER}/site-packages + sed -i -e "s:\(install --basedir=\$\$dir\):\1 --root='${D}':" Makefile.in || die "sed python failed" + fi + + # snmpd crashes when snmpd.conf contains more than one "exec shelltest" line + # https://bugzilla.redhat.com/show_bug.cgi?id=85071 + epatch "${FILESDIR}"/${PN}-5.4-exec-crash.patch + # agent: suppress annoying "registration != duplicate" warning for root oids + epatch "${FILESDIR}"/${P}-suppresssuppress-annoying.patch + # bug 180266 + epatch "${FILESDIR}"/${P}-clientaddr-fix.patch + # Crash when more then one interface have the same IP, bug 203127 + epatch "${FILESDIR}"/${P}-ipAddressTable-crash-with-double-free.patch + # snmpconf generates config files with proper selinux context + # https://bugzilla.redhat.com/show_bug.cgi?id=247462 + use selinux && epatch "${FILESDIR}"/${PN}-5.1.2-snmpconf-selinux.patch + epatch "${FILESDIR}"/${P}-CVE-2008-2292.patch #222265 + epatch "${FILESDIR}"/${P}-process-count-race.patch #213415 + epatch "${FILESDIR}"/${P}-incorrect-hrFSStorageIndex.patch #211660 + ht_fix_all +} + +src_compile() { + local mibs + + strip-flags + + # filter for bug #145960 + # as it seems that the option is not enough + filter-ldflags -Wl,--as-needed + + mibs="host ucd-snmp/dlmod" + use smux && mibs="${mibs} smux" + use sendmail && mibs="${mibs} mibII/mta_sendmail" + use lm_sensors && mibs="${mibs} ucd-snmp/lmSensors" + use diskio && mibs="${mibs} ucd-snmp/diskio" + use extensible && mibs="${mibs} ucd-snmp/extensible" + + econf \ + --with-install-prefix="${D}" \ + --with-sys-location="Unknown" \ + --with-sys-contact="root@Unknown" \ + --with-default-snmp-version="3" \ + --with-mib-modules="${mibs}" \ + --with-logfile="/var/log/net-snmpd.log" \ + --with-persistent-directory="/var/lib/net-snmp" \ + --enable-ucd-snmp-compatibility \ + --enable-shared \ + --enable-as-needed \ + $(use_enable mfd-rewrites) \ + $(use_enable perl embedded-perl) \ + $(use_enable ipv6) \ + $(use_enable !ssl internal-md5) \ + $(use_with ssl openssl) \ + $(use_with tcpd libwrap) \ + $(use_with rpm) \ + $(use_with rpm bzip2) \ + $(use_with rpm zlib) \ + $(use_with elf) \ + $(use_with python python-modules) \ + || die "econf failed" + + emake -j1 || die "emake failed" + + if use perl ; then + emake perlmodules || die "compile perl modules problem" + fi + + if use python ; then + emake pythonmodules || die "compile python modules problem" + fi + + if use doc ; then + einfo "Building HTML Documentation" + make docsdox || die "failed to build docs" + fi +} + +src_test() { + cd testing + if ! make test ; then + echo + einfo "Don't be alarmed if a few tests FAIL." + einfo "This could happen for several reasons:" + einfo " - You don't already have a working configuration." + einfo " - Your ethernet interface isn't properly configured." + echo + fi +} + +src_install () { + + make DESTDIR="${D}" install || die "make install failed" + + if use perl ; then + make DESTDIR="${D}" perlinstall || die "make perlinstall failed" + fixlocalpod + + use X || rm -f "${D}/usr/bin/tkmib" + else + rm -f "${D}/usr/bin/mib2c" "${D}/usr/bin/tkmib" "${D}/usr/bin/snmpcheck" + fi + + if use python ; then + mkdir -p "${D}/${PYTHON_DIR}" || die "Couldn't make $PYTHON_DIR" + make pythoninstall || die "make pythoninstall failed" + fi + + dodoc AGENT.txt ChangeLog FAQ INSTALL NEWS PORTING README* TODO + newdoc EXAMPLE.conf.def EXAMPLE.conf + + use doc && dohtml docs/html/* + + keepdir /etc/snmp /var/lib/net-snmp + + newinitd "${FILESDIR}"/snmpd.rc7 snmpd + newconfd "${FILESDIR}"/snmpd.conf snmpd + + newinitd "${FILESDIR}"/snmptrapd.rc7 snmptrapd + newconfd "${FILESDIR}"/snmptrapd.conf snmptrapd + + # Remove everything, keeping only the snmpd, snmptrapd, MIBs, libs, and includes. + if use minimal; then + elog "USE=minimal is set. Cleaning up excess cruft for a embedded/minimal/server only install." + rm -rf + "${D}"/usr/bin/{encode_keychange,snmp{get,getnext,set,usm,walk,bulkwalk,table,trap,bulkget,translate,status,delta,test,df,vacm,netstat,inform,snmpcheck}} + rm -rf "${D}"/usr/share/snmp/snmpconf-data "${D}"/usr/share/snmp/*.conf + rm -rf "${D}"/usr/bin/{fixproc,traptoemail} "${D}"/usr/bin/snmpc{heck,onf} + find "${D}" -name '*.pl' -exec rm -f '{}' \; + use ipv6 || rm -rf "${D}"/usr/share/snmp/mibs/IPV6* + fi + + # bug 113788, install example config + insinto /etc/snmp + newins "${S}"/EXAMPLE.conf snmpd.conf.example +} + +pkg_postrm() { + if use python ; then + python_mod_cleanup + fi +} + +pkg_postinst() { + elog "An example configuration file has been installed in" + elog "/etc/snmp/snmpd.conf.example." +} -- cgit v1.2.3-65-gdbad