[Pkg-net-snmp-commits] [SCM] Git repository for pkg-net-snmp branch, master, updated. edfdd032767b89aa50b401b9fdb73fd5e022ab72
Hideki Yamane
henrich at debian.org
Thu Apr 11 01:24:05 UTC 2013
The following commit has been merged in the master branch:
commit 821d78cce0c0127c4540d1d3c4505f59ce71bb33
Author: Luk Claes <luk at debian.org>
Date: Sun May 27 17:22:01 2012 +0200
Imported Debian patch 5.4.3~dfsg-2.5
diff --git a/debian/changelog b/debian/changelog
index 5dde9e0..f16b294 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+net-snmp (5.4.3~dfsg-2.5) unstable; urgency=medium
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2012-2141 by using Ubuntu's patch (Closes: #672492).
+ * Do not ship *.la files (Closes: #633166).
+ * Enable hardened build flags and fix missing format strings
+ (Closes: #657519).
+ * Source debconf before doing work in postinst (Closes: #626312).
+ * Fix check for existing snmp group in postinst (Closes: #609430).
+ * Use *-any architecture qualifiers (Closes: #634735).
+ * Add Indonesian debconf translation (Closes: #654166).
+ * Add Polish debconf translation (Closes: #661252).
+
+ -- Luk Claes <luk at debian.org> Sun, 27 May 2012 17:22:01 +0200
+
net-snmp (5.4.3~dfsg-2.4) unstable; urgency=low
* Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 5084b73..fc7266f 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: net
Priority: optional
Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel at lists.alioth.debian.org>
Uploaders: Jochen Friedrich <jochen at scram.de>, Thomas Anders <tanders at users.sourceforge.net>, Noah Meyerhans <noahm at debian.org>
-Build-Depends: debhelper (>= 7.0.50~), libtool, libwrap0-dev, libssl-dev (>> 0.9.8), perl (>=5.8), libperl-dev, python-all-dev (>= 2.5.4-1~), python-central (>=0.5.6), python (>=2.3.5-7), python-setuptools (>=0.6b3), autoconf, automake1.9, autotools-dev, debianutils (>=1.13.1), bash (>=2.05), findutils (>=4.1.20), procps, libbsd-dev [kfreebsd-i386 kfreebsd-amd64], libkvm-dev [kfreebsd-i386 kfreebsd-amd64], libsensors4-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
+Build-Depends: debhelper (>= 7.0.50~), libtool, libwrap0-dev, libssl-dev (>> 0.9.8), perl (>=5.8), libperl-dev, python-all-dev (>= 2.5.4-1~), python-central (>=0.5.6), python (>=2.3.5-7), python-setuptools (>=0.6b3), autoconf, automake1.9, autotools-dev, debianutils (>=1.13.1), bash (>=2.05), findutils (>=4.1.20), procps, libbsd-dev [kfreebsd-any], libkvm-dev [kfreebsd-any], libsensors4-dev [linux-any]
Standards-Version: 3.8.4
Vcs-Svn: svn://svn.debian.org/pkg-net-snmp/
Vcs-Browser: http://svn.debian.org/wsvn/pkg-net-snmp/
diff --git a/debian/libsnmp-dev.install b/debian/libsnmp-dev.install
index 83e6f15..8093fee 100644
--- a/debian/libsnmp-dev.install
+++ b/debian/libsnmp-dev.install
@@ -4,7 +4,6 @@ debian/tmp/usr/bin/mib2c-update
debian/tmp/usr/include
debian/tmp/usr/lib/lib*.a
debian/tmp/usr/lib/lib*.so
-debian/tmp/usr/lib/lib*.la
debian/tmp/usr/share/man/man1/mib2c.1
debian/tmp/usr/share/man/man1/mib2c-update.1
debian/tmp/usr/share/man/man3/*
diff --git a/debian/patches/65_CVE-2012-2141.patch b/debian/patches/65_CVE-2012-2141.patch
new file mode 100644
index 0000000..3a90767
--- /dev/null
+++ b/debian/patches/65_CVE-2012-2141.patch
@@ -0,0 +1,31 @@
+Description: fix denial of service via SNMP GET with non-existent
+ extension table entry
+Bug: http://sourceforge.net/tracker/index.php?func=detail&aid=3526549&group_id=12694&atid=112694
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672492
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=815813
+Origin: upstream, http://net-snmp.git.sourceforge.net/git/gitweb.cgi?p=net-snmp/net-snmp;a=commit;h=4c5633f1603e4bd03ed05c37d782ec8911759c47
+
+Index: net-snmp-5.4.3~dfsg/agent/mibgroup/agent/extend.c
+===================================================================
+--- net-snmp-5.4.3~dfsg.orig/agent/mibgroup/agent/extend.c 2009-04-22 19:49:21.000000000 -0400
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/agent/extend.c 2012-05-22 16:30:35.596256644 -0400
+@@ -1124,7 +1124,7 @@
+ * ...and check the line requested is valid
+ */
+ line_idx = *table_info->indexes->next_variable->val.integer;
+- if (eptr->numlines < line_idx)
++ if (line_idx < 1 || line_idx > eptr->numlines)
+ return NULL;
+ }
+ return eptr;
+@@ -1297,6 +1297,10 @@
+ * Determine which line we've been asked for....
+ */
+ line_idx = *table_info->indexes->next_variable->val.integer;
++ if (line_idx < 1 || line_idx > extension->numlines) {
++ netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE);
++ continue;
++ }
+ cp = extension->lines[line_idx-1];
+
+ /*
diff --git a/debian/patches/66_formatstrings.patch b/debian/patches/66_formatstrings.patch
new file mode 100644
index 0000000..fa0c859
--- /dev/null
+++ b/debian/patches/66_formatstrings.patch
@@ -0,0 +1,76 @@
+diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_swinst.c net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_swinst.c
+--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_swinst.c 2010-01-26 10:27:30.000000000 +0100
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_swinst.c 2012-01-26 20:08:43.000000000 +0100
+@@ -695,7 +695,7 @@
+ swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
+ }
+ #else
+- snprintf(swi->swi_name, sizeof(swi->swi_name), swi->swi_dep->d_name);
++ snprintf(swi->swi_name, sizeof(swi->swi_name), "%s", swi->swi_dep->d_name);
+ swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
+ #endif
+ return 0;
+diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/ucd-snmp/versioninfo.c net-snmp-5.4.3~dfsg/agent/mibgroup/ucd-snmp/versioninfo.c
+--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/ucd-snmp/versioninfo.c 2006-09-15 02:48:50.000000000 +0200
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/ucd-snmp/versioninfo.c 2012-01-26 20:10:34.000000000 +0100
+@@ -109,7 +109,7 @@
+ long_ret = name[8];
+ return ((u_char *) (&long_ret));
+ case VERTAG:
+- sprintf(errmsg, netsnmp_get_version());
++ sprintf(errmsg, "%s", netsnmp_get_version());
+ *var_len = strlen(errmsg);
+ return ((u_char *) errmsg);
+ case VERDATE:
+@@ -119,7 +119,7 @@
+ case VERCDATE:
+ curtime = time(NULL);
+ cptr = ctime(&curtime);
+- sprintf(errmsg, cptr);
++ sprintf(errmsg, "%s", cptr);
+ *var_len = strlen(errmsg) - 1;
+ return ((u_char *) errmsg);
+ case VERIDENT:
+diff -aur net-snmp-5.4.3~dfsg.harden/perl/agent/agent.xs net-snmp-5.4.3~dfsg/perl/agent/agent.xs
+--- net-snmp-5.4.3~dfsg.harden/perl/agent/agent.xs 2010-05-11 19:26:56.000000000 +0200
++++ net-snmp-5.4.3~dfsg/perl/agent/agent.xs 2012-01-26 20:14:42.000000000 +0100
+@@ -489,7 +489,7 @@
+ CODE:
+ {
+ stringptr = SvPV(value, stringlen);
+- snmp_log(LOG_ERR, stringptr );
++ snmp_log(LOG_ERR, "%s", stringptr );
+ }
+
+
+diff -aur net-snmp-5.4.3~dfsg.harden/perl/SNMP/SNMP.xs net-snmp-5.4.3~dfsg/perl/SNMP/SNMP.xs
+--- net-snmp-5.4.3~dfsg.harden/perl/SNMP/SNMP.xs 2009-12-05 18:42:24.000000000 +0100
++++ net-snmp-5.4.3~dfsg/perl/SNMP/SNMP.xs 2012-01-26 20:15:55.000000000 +0100
+@@ -3987,7 +3987,7 @@
+ if (context->req_oids == NULL) {
+ sprintf(str_buf, "Newz(req_oids) failed (%s)", strerror(errno));
+ if (verbose)
+- warn(str_buf);
++ warn("%s", str_buf);
+ sv_setpv(*err_str_svp, str_buf);
+ sv_setiv(*err_num_svp, SNMPERR_MALLOC);
+ goto err;
+diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_filesys.c net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_filesys.c
+--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_filesys.c 2009-04-24 00:16:22.000000000 +0200
++++ net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_filesys.c 2012-01-26 20:07:22.000000000 +0100
+@@ -316,13 +316,13 @@
+ long_return = fsys_idx;
+ return (u_char *) & long_return;
+ case HRFSYS_MOUNT:
+- snprintf(string, sizeof(string), HRFS_entry->HRFS_mount);
++ snprintf(string, sizeof(string), "%s", HRFS_entry->HRFS_mount);
+ string[ sizeof(string)-1 ] = 0;
+ *var_len = strlen(string);
+ return (u_char *) string;
+ case HRFSYS_RMOUNT:
+ if (Check_HR_FileSys_NFS()) {
+- snprintf(string, sizeof(string), HRFS_entry->HRFS_name);
++ snprintf(string, sizeof(string), "%s", HRFS_entry->HRFS_name);
+ string[ sizeof(string)-1 ] = 0;
+ } else
+ string[0] = '\0';
diff --git a/debian/patches/series b/debian/patches/series
index b8d00d0..3628693 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,5 @@
62_add_lib_cflags.patch
63_fix_shell.patch
64_missing_lib.patch
+65_CVE-2012-2141.patch
+66_formatstrings.patch
diff --git a/debian/po/id.po b/debian/po/id.po
new file mode 100644
index 0000000..6f25e8e
--- /dev/null
+++ b/debian/po/id.po
@@ -0,0 +1,43 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL at ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: net-snmp 5.4.3~dfsg-2.4\n"
+"Report-Msgid-Bugs-To: net-snmp at packages.debian.org\n"
+"POT-Creation-Date: 2011-12-10 08:44+0100\n"
+"PO-Revision-Date: 2012-01-02 12:55+0700\n"
+"Last-Translator: Mahyuddin Susanto <udienz at ubuntu.com>\n"
+"Language-Team: Debian Indonesia Translator <debian-l10n-indonesian at lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Indonesian\n"
+"X-Poedit-Country: INDONESIA\n"
+
+#. Type: note
+#. Description
+#: ../snmpd.templates:2001
+msgid "Default parameters changed since version 5.2.1"
+msgstr "Parameter bawaan berubah sejak versi 5.2.1"
+
+#. Type: note
+#. Description
+#: ../snmpd.templates:2001
+msgid "The default start parameters of the snmpd agent/daemon have been changed."
+msgstr "Parameter bawaan pemulai dari daemon snmpd agend/daemon telah berubah"
+
+#. Type: note
+#. Description
+#: ../snmpd.templates:2001
+msgid "The daemon is now started as user snmp, binds to localhost only and runs with SNMP multiplexing (SMUX) support disabled. These parameters can all be individually changed in /etc/default/snmpd."
+msgstr "Daemon sekarang dimulai dari pengguna snmp, hanya untuk localhost dengan dukungan SNMP multiplexing diaktifkan. Semua ini dapat diubah di /etc/default/snmpd."
+
+#. Type: note
+#. Description
+#: ../snmpd.templates:2001
+msgid "Please see /usr/share/doc/snmpd/NEWS.Debian.gz for more details."
+msgstr "Mohon lihat /usr/share/doc/snmpd/NEWS.Debian.gz untuk selengkapnya"
+
diff --git a/debian/po/sr at latin.po b/debian/po/pl.po
similarity index 52%
copy from debian/po/sr at latin.po
copy to debian/po/pl.po
index 91c32e6..b3adb44 100644
--- a/debian/po/sr at latin.po
+++ b/debian/po/pl.po
@@ -1,35 +1,36 @@
-# SOME DESCRIPTIVE TITLE.
+# Translation of net-snmp debconf templates to Polish.
# Copyright (C) 2011
# This file is distributed under the same license as the net-snmp package.
-# Zlatan Todoric <zlatan.todoric at gmail.com>, 2011.
#
+# Michał Kułach <michal.kulach at gmail.com>, 2012.
msgid ""
msgstr ""
-"Project-Id-Version: net-snmp\n"
+"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: net-snmp at packages.debian.org\n"
"POT-Creation-Date: 2011-12-10 08:44+0100\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: Zlatan Todoric <zlatan.todoric at gmail.com>\n"
-"Language-Team: LANGUAGE <LL at li.org>\n"
-"Language: \n"
+"PO-Revision-Date: 2012-02-15 18:38+0100\n"
+"Last-Translator: Michał Kułach <michal.kulach at gmail.com>\n"
+"Language-Team: Polish <debian-l10n-polish at lists.debian.org>\n"
+"Language: pl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.2\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
+"|| n%100>=20) ? 1 : 2);\n"
#. Type: note
#. Description
#: ../snmpd.templates:2001
msgid "Default parameters changed since version 5.2.1"
-msgstr "Podrazumijevani parametri su promijenjeni sa verzijom 5.2.1"
+msgstr "Domyślne parametry zmieniły się od wersji 5.2.1"
#. Type: note
#. Description
#: ../snmpd.templates:2001
msgid ""
"The default start parameters of the snmpd agent/daemon have been changed."
-msgstr ""
-"Podrazumijevani početni parametri (snmpd) agenta/pozadinskog procesa su "
-"promijenjeni."
+msgstr "Domyślne parametry startowe agenta/demona snmpd zmieniły się."
#. Type: note
#. Description
@@ -39,13 +40,15 @@ msgid ""
"with SNMP multiplexing (SMUX) support disabled. These parameters can all be "
"individually changed in /etc/default/snmpd."
msgstr ""
-"Pozadinski proces je sada pokrenut kao korisnik (snmp), vezuje se samo "
-"lokalno i pokreće se sa isključenom (SNMP multiplexing (SMUX)) podrškom. Ovi "
-"parametri mogubiti pojedinačno promijenjeni u /etc/default/snmpd."
+"Demon jest teraz uruchamiany jako użytkownik snmp, powiązany jedynie z "
+"localhost oraz działa z wyłączonym multipleksowaniem SNMP (SMUX). Parametry "
+"te mogą być zmienione w pliku /etc/default/snmpd."
#. Type: note
#. Description
#: ../snmpd.templates:2001
msgid "Please see /usr/share/doc/snmpd/NEWS.Debian.gz for more details."
msgstr ""
-"Molimo vas pogledajte /usr/share/doc/snmpd/NEWS.Debian.gz za više detalja."
+"Proszę zapoznać się z /usr/share/doc/snmpd/NEWS.Debian.gz, aby uzyskać więcej "
+"szczegółów."
+
diff --git a/debian/rules b/debian/rules
index 0f8606a..facff93 100755
--- a/debian/rules
+++ b/debian/rules
@@ -29,6 +29,8 @@ else
MIB_MODULES += host
endif
+DEB_CFLAGS_MAINT_APPEND=-DNETSNMP_USE_INLINE
+
%:
dh --with python-central $@
@@ -43,7 +45,7 @@ override_dh_auto_configure:
dh_auto_configure -- --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man \
--with-persistent-directory=/var/lib/snmp \
--enable-ucd-snmp-compatibility \
- --enable-shared --with-cflags="$(CFLAGS) -DNETSNMP_USE_INLINE" \
+ --enable-shared $(shell dpkg-buildflags --export=configure) \
--with-perl-modules="INSTALLDIRS=vendor" --enable-as-needed \
$(IPV6) --with-logfile=none \
--without-rpm --with-libwrap --with-openssl \
diff --git a/debian/snmpd.postinst b/debian/snmpd.postinst
index 2be79eb..c98fbeb 100644
--- a/debian/snmpd.postinst
+++ b/debian/snmpd.postinst
@@ -2,17 +2,17 @@
set -e
+. /usr/share/debconf/confmodule
+db_version 2.0
+
if [ "x$1" = xconfigure ]; then
- if [ ! `getent group snmp >/dev/null` ]; then
+ if ! getent group snmp >/dev/null ; then
deluser --quiet --system snmp
fi
adduser --quiet --system --group --no-create-home --home /var/lib/snmp snmp
chown -R snmp:snmp /var/lib/snmp
fi
-. /usr/share/debconf/confmodule
-db_version 2.0
-
#DEBHELPER#
exit 0
--
Git repository for pkg-net-snmp
More information about the Pkg-net-snmp-commits
mailing list