netsnmp: security bump to version 5.7.2.1

author Gustavo Zacarias <gustavo@zacarias.com.ar>

Mon, 10 Mar 2014 17:13:02 +0000 (14:13 -0300)

committer Peter Korsgaard <peter@korsgaard.com>

Tue, 11 Mar 2014 10:50:12 +0000 (11:50 +0100)
author Gustavo Zacarias <gustavo@zacarias.com.ar>
Mon, 10 Mar 2014 17:13:02 +0000 (14:13 -0300)
committer Peter Korsgaard <peter@korsgaard.com>
Tue, 11 Mar 2014 10:50:12 +0000 (11:50 +0100)
diff --git a/package/netsnmp/netsnmp-001-CVE-2014-2285.patch b/package/netsnmp/netsnmp-001-CVE-2014-2285.patch

new file mode 100644 (file)

index 0000000..d7a3057
--- /dev/null
+++ b/package/netsnmp/netsnmp-001-CVE-2014-2285.patch
@@ -0,0 +1,31 @@
+Fix for CVE-2014-2285 from upstream:
+http://sourceforge.net/p/net-snmp/patches/1275/
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+--- net-snmp-5.7.3.pre3/perl/TrapReceiver/TrapReceiver.xs.null 2014-02-25 21:50:16.000000000 +0100
++++ net-snmp-5.7.3.pre3/perl/TrapReceiver/TrapReceiver.xs      2014-03-03 18:59:20.261766270 +0100
+@@ -81,18 +81,18 @@ int   perl_trapd_handler( netsnmp_pdu
+         STOREPDUi("securitymodel", pdu->securityModel);
+         STOREPDUi("securitylevel", pdu->securityLevel);
+         STOREPDU("contextName",
+-                 newSVpv(pdu->contextName, pdu->contextNameLen));
++                 newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen));
+         STOREPDU("contextEngineID",
+-                 newSVpv((char *) pdu->contextEngineID,
++                 newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "",
+                                     pdu->contextEngineIDLen));
+         STOREPDU("securityEngineID",
+-                 newSVpv((char *) pdu->securityEngineID,
++                 newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "",
+                                     pdu->securityEngineIDLen));
+         STOREPDU("securityName",
+-                 newSVpv((char *) pdu->securityName, pdu->securityNameLen));
++                 newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen));
+     } else {
+         STOREPDU("community",
+-                 newSVpv((char *) pdu->community, pdu->community_len));
++                 newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len));
+     }
+ 
+     if (transport && transport->f_fmtaddr) {
diff --git a/package/netsnmp/netsnmp.mk b/package/netsnmp/netsnmp.mk

index 4830c00e858109db0184d02de546134821f3f958..63ec97a4d3cc72746a337cb5a34ad79b755c5e50 100644 (file)
--- a/package/netsnmp/netsnmp.mk
+++ b/package/netsnmp/netsnmp.mk
@@ -4,7 +4,7 @@
  #
  ################################################################################
  
-NETSNMP_VERSION = 5.7.2
+NETSNMP_VERSION = 5.7.2.1
  NETSNMP_SITE = http://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NETSNMP_VERSION)
  NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz
  NETSNMP_LICENSE = Various BSD-like
author	Gustavo Zacarias <gustavo@zacarias.com.ar>
	Mon, 10 Mar 2014 17:13:02 +0000 (14:13 -0300)
committer	Peter Korsgaard <peter@korsgaard.com>
	Tue, 11 Mar 2014 10:50:12 +0000 (11:50 +0100)
package/netsnmp/netsnmp-001-CVE-2014-2285.patch	[new file with mode: 0644]	patch \| blob
package/netsnmp/netsnmp.mk		patch \| blob \| history