[Pkg-net-snmp-commits] [SCM] Git repository for pkg-net-snmp branch, master, updated. edfdd032767b89aa50b401b9fdb73fd5e022ab72

Hideki Yamane henrich at debian.org
Thu Apr 11 01:24:05 UTC 2013


The following commit has been merged in the master branch:
commit 821d78cce0c0127c4540d1d3c4505f59ce71bb33
Author: Luk Claes <luk at debian.org>
Date:   Sun May 27 17:22:01 2012 +0200

    Imported Debian patch 5.4.3~dfsg-2.5

diff --git a/debian/changelog b/debian/changelog
index 5dde9e0..f16b294 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+net-snmp (5.4.3~dfsg-2.5) unstable; urgency=medium
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2012-2141 by using Ubuntu's patch (Closes: #672492).
+  * Do not ship *.la files (Closes: #633166).
+  * Enable hardened build flags and fix missing format strings 
+    (Closes: #657519).
+  * Source debconf before doing work in postinst (Closes: #626312).
+  * Fix check for existing snmp group in postinst (Closes: #609430).
+  * Use *-any architecture qualifiers (Closes: #634735).
+  * Add Indonesian debconf translation (Closes: #654166).
+  * Add Polish debconf translation (Closes: #661252).
+
+ -- Luk Claes <luk at debian.org>  Sun, 27 May 2012 17:22:01 +0200
+
 net-snmp (5.4.3~dfsg-2.4) unstable; urgency=low
 
   * Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 5084b73..fc7266f 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: net
 Priority: optional
 Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel at lists.alioth.debian.org>
 Uploaders: Jochen Friedrich <jochen at scram.de>, Thomas Anders <tanders at users.sourceforge.net>, Noah Meyerhans <noahm at debian.org>
-Build-Depends: debhelper (>= 7.0.50~), libtool, libwrap0-dev, libssl-dev (>> 0.9.8), perl (>=5.8), libperl-dev, python-all-dev (>= 2.5.4-1~), python-central (>=0.5.6), python (>=2.3.5-7), python-setuptools (>=0.6b3), autoconf, automake1.9, autotools-dev, debianutils (>=1.13.1), bash (>=2.05), findutils (>=4.1.20), procps, libbsd-dev [kfreebsd-i386 kfreebsd-amd64], libkvm-dev [kfreebsd-i386 kfreebsd-amd64], libsensors4-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
+Build-Depends: debhelper (>= 7.0.50~), libtool, libwrap0-dev, libssl-dev (>> 0.9.8), perl (>=5.8), libperl-dev, python-all-dev (>= 2.5.4-1~), python-central (>=0.5.6), python (>=2.3.5-7), python-setuptools (>=0.6b3), autoconf, automake1.9, autotools-dev, debianutils (>=1.13.1), bash (>=2.05), findutils (>=4.1.20), procps, libbsd-dev [kfreebsd-any], libkvm-dev [kfreebsd-any], libsensors4-dev [linux-any]
 Standards-Version: 3.8.4
 Vcs-Svn: svn://svn.debian.org/pkg-net-snmp/
 Vcs-Browser: http://svn.debian.org/wsvn/pkg-net-snmp/
diff --git a/debian/libsnmp-dev.install b/debian/libsnmp-dev.install
index 83e6f15..8093fee 100644
--- a/debian/libsnmp-dev.install
+++ b/debian/libsnmp-dev.install
@@ -4,7 +4,6 @@ debian/tmp/usr/bin/mib2c-update
 debian/tmp/usr/include
 debian/tmp/usr/lib/lib*.a
 debian/tmp/usr/lib/lib*.so
-debian/tmp/usr/lib/lib*.la
 debian/tmp/usr/share/man/man1/mib2c.1
 debian/tmp/usr/share/man/man1/mib2c-update.1
 debian/tmp/usr/share/man/man3/*
diff --git a/debian/patches/65_CVE-2012-2141.patch b/debian/patches/65_CVE-2012-2141.patch
new file mode 100644
index 0000000..3a90767
--- /dev/null
+++ b/debian/patches/65_CVE-2012-2141.patch
@@ -0,0 +1,31 @@
+Description: fix denial of service via SNMP GET with non-existent
+ extension table entry
+Bug: http://sourceforge.net/tracker/index.php?func=detail&aid=3526549&group_id=12694&atid=112694
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672492
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=815813
+Origin: upstream, http://net-snmp.git.sourceforge.net/git/gitweb.cgi?p=net-snmp/net-snmp;a=commit;h=4c5633f1603e4bd03ed05c37d782ec8911759c47
+
+Index: net-snmp-5.4.3~dfsg/agent/mibgroup/agent/extend.c
+===================================================================
+--- net-snmp-5.4.3~dfsg.orig/agent/mibgroup/agent/extend.c	2009-04-22 19:49:21.000000000 -0400
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/agent/extend.c	2012-05-22 16:30:35.596256644 -0400
+@@ -1124,7 +1124,7 @@
+              * ...and check the line requested is valid
+              */
+             line_idx = *table_info->indexes->next_variable->val.integer;
+-            if (eptr->numlines < line_idx)
++            if (line_idx < 1 || line_idx > eptr->numlines)
+                 return NULL;
+         }
+         return eptr;
+@@ -1297,6 +1297,10 @@
+                  * Determine which line we've been asked for....
+                  */
+                 line_idx = *table_info->indexes->next_variable->val.integer;
++                if (line_idx < 1 || line_idx > extension->numlines) {
++                    netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE);
++                    continue;
++                }
+                 cp  = extension->lines[line_idx-1];
+ 
+                 /* 
diff --git a/debian/patches/66_formatstrings.patch b/debian/patches/66_formatstrings.patch
new file mode 100644
index 0000000..fa0c859
--- /dev/null
+++ b/debian/patches/66_formatstrings.patch
@@ -0,0 +1,76 @@
+diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_swinst.c net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_swinst.c
+--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_swinst.c	2010-01-26 10:27:30.000000000 +0100
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_swinst.c	2012-01-26 20:08:43.000000000 +0100
+@@ -695,7 +695,7 @@
+         swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
+     }
+ #else
+-    snprintf(swi->swi_name, sizeof(swi->swi_name), swi->swi_dep->d_name);
++    snprintf(swi->swi_name, sizeof(swi->swi_name), "%s", swi->swi_dep->d_name);
+     swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
+ #endif
+     return 0;
+diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/ucd-snmp/versioninfo.c net-snmp-5.4.3~dfsg/agent/mibgroup/ucd-snmp/versioninfo.c
+--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/ucd-snmp/versioninfo.c	2006-09-15 02:48:50.000000000 +0200
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/ucd-snmp/versioninfo.c	2012-01-26 20:10:34.000000000 +0100
+@@ -109,7 +109,7 @@
+         long_ret = name[8];
+         return ((u_char *) (&long_ret));
+     case VERTAG:
+-        sprintf(errmsg, netsnmp_get_version());
++        sprintf(errmsg, "%s", netsnmp_get_version());
+         *var_len = strlen(errmsg);
+         return ((u_char *) errmsg);
+     case VERDATE:
+@@ -119,7 +119,7 @@
+     case VERCDATE:
+         curtime = time(NULL);
+         cptr = ctime(&curtime);
+-        sprintf(errmsg, cptr);
++        sprintf(errmsg, "%s", cptr);
+         *var_len = strlen(errmsg) - 1;
+         return ((u_char *) errmsg);
+     case VERIDENT:
+diff -aur net-snmp-5.4.3~dfsg.harden/perl/agent/agent.xs net-snmp-5.4.3~dfsg/perl/agent/agent.xs
+--- net-snmp-5.4.3~dfsg.harden/perl/agent/agent.xs	2010-05-11 19:26:56.000000000 +0200
++++ net-snmp-5.4.3~dfsg/perl/agent/agent.xs	2012-01-26 20:14:42.000000000 +0100
+@@ -489,7 +489,7 @@
+     CODE:
+     {
+         stringptr = SvPV(value, stringlen);
+-        snmp_log(LOG_ERR, stringptr );
++        snmp_log(LOG_ERR, "%s", stringptr );
+     }
+ 
+ 
+diff -aur net-snmp-5.4.3~dfsg.harden/perl/SNMP/SNMP.xs net-snmp-5.4.3~dfsg/perl/SNMP/SNMP.xs
+--- net-snmp-5.4.3~dfsg.harden/perl/SNMP/SNMP.xs	2009-12-05 18:42:24.000000000 +0100
++++ net-snmp-5.4.3~dfsg/perl/SNMP/SNMP.xs	2012-01-26 20:15:55.000000000 +0100
+@@ -3987,7 +3987,7 @@
+ 	   if (context->req_oids == NULL) {
+ 	      sprintf(str_buf, "Newz(req_oids) failed (%s)", strerror(errno));
+ 	      if (verbose)
+-	         warn(str_buf);
++	         warn("%s", str_buf);
+ 	      sv_setpv(*err_str_svp, str_buf);
+ 	      sv_setiv(*err_num_svp, SNMPERR_MALLOC);
+ 	      goto err;
+diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_filesys.c net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_filesys.c
+--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_filesys.c	2009-04-24 00:16:22.000000000 +0200
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_filesys.c	2012-01-26 20:07:22.000000000 +0100
+@@ -316,13 +316,13 @@
+         long_return = fsys_idx;
+         return (u_char *) & long_return;
+     case HRFSYS_MOUNT:
+-        snprintf(string, sizeof(string), HRFS_entry->HRFS_mount);
++        snprintf(string, sizeof(string), "%s", HRFS_entry->HRFS_mount);
+         string[ sizeof(string)-1 ] = 0;
+         *var_len = strlen(string);
+         return (u_char *) string;
+     case HRFSYS_RMOUNT:
+         if (Check_HR_FileSys_NFS()) {
+-            snprintf(string, sizeof(string), HRFS_entry->HRFS_name);
++            snprintf(string, sizeof(string), "%s", HRFS_entry->HRFS_name);
+             string[ sizeof(string)-1 ] = 0;
+         } else
+             string[0] = '\0';
diff --git a/debian/patches/series b/debian/patches/series
index b8d00d0..3628693 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,5 @@
 62_add_lib_cflags.patch
 63_fix_shell.patch
 64_missing_lib.patch
+65_CVE-2012-2141.patch
+66_formatstrings.patch
diff --git a/debian/po/id.po b/debian/po/id.po
new file mode 100644
index 0000000..6f25e8e
--- /dev/null
+++ b/debian/po/id.po
@@ -0,0 +1,43 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: net-snmp 5.4.3~dfsg-2.4\n"
+"Report-Msgid-Bugs-To: net-snmp at packages.debian.org\n"
+"POT-Creation-Date: 2011-12-10 08:44+0100\n"
+"PO-Revision-Date: 2012-01-02 12:55+0700\n"
+"Last-Translator: Mahyuddin Susanto <udienz at ubuntu.com>\n"
+"Language-Team: Debian Indonesia Translator <debian-l10n-indonesian at lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Indonesian\n"
+"X-Poedit-Country: INDONESIA\n"
+
+#. Type: note
+#. Description
+#: ../snmpd.templates:2001
+msgid "Default parameters changed since version 5.2.1"
+msgstr "Parameter bawaan berubah sejak versi 5.2.1"
+
+#. Type: note
+#. Description
+#: ../snmpd.templates:2001
+msgid "The default start parameters of the snmpd agent/daemon have been changed."
+msgstr "Parameter bawaan pemulai dari daemon snmpd agend/daemon telah berubah"
+
+#. Type: note
+#. Description
+#: ../snmpd.templates:2001
+msgid "The daemon is now started as user snmp, binds to localhost only and runs with SNMP multiplexing (SMUX) support disabled. These parameters can all be individually changed in /etc/default/snmpd."
+msgstr "Daemon sekarang dimulai dari pengguna snmp, hanya untuk localhost dengan dukungan SNMP multiplexing diaktifkan. Semua ini dapat diubah di /etc/default/snmpd."
+
+#. Type: note
+#. Description
+#: ../snmpd.templates:2001
+msgid "Please see /usr/share/doc/snmpd/NEWS.Debian.gz for more details."
+msgstr "Mohon lihat /usr/share/doc/snmpd/NEWS.Debian.gz untuk selengkapnya"
+
diff --git a/debian/po/sr at latin.po b/debian/po/pl.po
similarity index 52%
copy from debian/po/sr at latin.po
copy to debian/po/pl.po
index 91c32e6..b3adb44 100644
--- a/debian/po/sr at latin.po
+++ b/debian/po/pl.po
@@ -1,35 +1,36 @@
-# SOME DESCRIPTIVE TITLE.
+# Translation of net-snmp debconf templates to Polish.
 # Copyright (C) 2011
 # This file is distributed under the same license as the net-snmp package.
-# Zlatan Todoric <zlatan.todoric at gmail.com>, 2011.
 #
+# Michał Kułach <michal.kulach at gmail.com>, 2012.
 msgid ""
 msgstr ""
-"Project-Id-Version: net-snmp\n"
+"Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: net-snmp at packages.debian.org\n"
 "POT-Creation-Date: 2011-12-10 08:44+0100\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: Zlatan Todoric <zlatan.todoric at gmail.com>\n"
-"Language-Team: LANGUAGE <LL at li.org>\n"
-"Language: \n"
+"PO-Revision-Date: 2012-02-15 18:38+0100\n"
+"Last-Translator: Michał Kułach <michal.kulach at gmail.com>\n"
+"Language-Team: Polish <debian-l10n-polish at lists.debian.org>\n"
+"Language: pl\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.2\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
+"|| n%100>=20) ? 1 : 2);\n"
 
 #. Type: note
 #. Description
 #: ../snmpd.templates:2001
 msgid "Default parameters changed since version 5.2.1"
-msgstr "Podrazumijevani parametri su promijenjeni sa verzijom 5.2.1"
+msgstr "Domyślne parametry zmieniły się od wersji 5.2.1"
 
 #. Type: note
 #. Description
 #: ../snmpd.templates:2001
 msgid ""
 "The default start parameters of the snmpd agent/daemon have been changed."
-msgstr ""
-"Podrazumijevani početni parametri (snmpd) agenta/pozadinskog procesa su "
-"promijenjeni."
+msgstr "Domyślne parametry startowe agenta/demona snmpd zmieniły się."
 
 #. Type: note
 #. Description
@@ -39,13 +40,15 @@ msgid ""
 "with SNMP multiplexing (SMUX) support disabled. These parameters can all be "
 "individually changed in /etc/default/snmpd."
 msgstr ""
-"Pozadinski proces je sada pokrenut kao korisnik (snmp), vezuje se samo "
-"lokalno i pokreće se sa isključenom (SNMP multiplexing (SMUX)) podrškom. Ovi "
-"parametri mogubiti pojedinačno promijenjeni u /etc/default/snmpd."
+"Demon jest teraz uruchamiany jako użytkownik snmp, powiązany jedynie z "
+"localhost oraz działa z wyłączonym multipleksowaniem SNMP (SMUX). Parametry "
+"te mogą być zmienione w pliku /etc/default/snmpd."
 
 #. Type: note
 #. Description
 #: ../snmpd.templates:2001
 msgid "Please see /usr/share/doc/snmpd/NEWS.Debian.gz for more details."
 msgstr ""
-"Molimo vas pogledajte /usr/share/doc/snmpd/NEWS.Debian.gz za više detalja."
+"Proszę zapoznać się z /usr/share/doc/snmpd/NEWS.Debian.gz, aby uzyskać więcej "
+"szczegółów."
+
diff --git a/debian/rules b/debian/rules
index 0f8606a..facff93 100755
--- a/debian/rules
+++ b/debian/rules
@@ -29,6 +29,8 @@ else
 MIB_MODULES += host
 endif
 
+DEB_CFLAGS_MAINT_APPEND=-DNETSNMP_USE_INLINE
+
 %:
 	dh --with python-central $@
 
@@ -43,7 +45,7 @@ override_dh_auto_configure:
 	dh_auto_configure -- --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man \
 	  --with-persistent-directory=/var/lib/snmp \
 	  --enable-ucd-snmp-compatibility \
-	  --enable-shared --with-cflags="$(CFLAGS) -DNETSNMP_USE_INLINE" \
+	  --enable-shared $(shell dpkg-buildflags --export=configure) \
 	  --with-perl-modules="INSTALLDIRS=vendor" --enable-as-needed \
 	  $(IPV6) --with-logfile=none \
 	  --without-rpm --with-libwrap --with-openssl \
diff --git a/debian/snmpd.postinst b/debian/snmpd.postinst
index 2be79eb..c98fbeb 100644
--- a/debian/snmpd.postinst
+++ b/debian/snmpd.postinst
@@ -2,17 +2,17 @@
 
 set -e
 
+. /usr/share/debconf/confmodule
+db_version 2.0
+
 if [ "x$1" = xconfigure ]; then
-	if [ ! `getent group snmp >/dev/null` ]; then
+	if ! getent group snmp >/dev/null ; then
 		 deluser --quiet --system snmp
 	fi
 	adduser --quiet --system --group --no-create-home --home /var/lib/snmp snmp
 	chown -R snmp:snmp /var/lib/snmp
 fi
 
-. /usr/share/debconf/confmodule
-db_version 2.0
-
 #DEBHELPER#
 
 exit 0

-- 
Git repository for pkg-net-snmp



More information about the Pkg-net-snmp-commits mailing list