Sat Apr 8 17:34:36 2017 UTC ()
Pullup ticket #5246 - requested by sevan
sysutils/collectd: security update

Revisions pulled up:
- sysutils/collectd/Makefile                                    1.21
- sysutils/collectd/distinfo                                    1.35
- sysutils/collectd/patches/patch-src_network.c                 1.5

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Thu Apr  6 09:12:02 UTC 2017

   Modified Files:
           pkgsrc/sysutils/collectd: Makefile distinfo
   Added Files:
           pkgsrc/sysutils/collectd/patches: patch-src_network.c

   Log Message:
   Backport fix for CVE-2017-7401. Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.20 -r1.21 pkgsrc/sysutils/collectd/Makefile
   cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/collectd/distinfo
   cvs rdiff -u -r0 -r1.5 pkgsrc/sysutils/collectd/patches/patch-src_network.c


(spz)
diff -r1.20 -r1.20.2.1 pkgsrc/sysutils/collectd/Makefile
diff -r1.34 -r1.34.2.1 pkgsrc/sysutils/collectd/distinfo
diff -r0 -r1.5.2.2 pkgsrc/sysutils/collectd/patches/patch-src_network.c
cvs diff -r1.20 -r1.20.2.1 pkgsrc/sysutils/collectd/Makefile (expand / switch to unified diff)

--- pkgsrc/sysutils/collectd/Makefile 2017/01/25 14:10:18 1.20
+++ pkgsrc/sysutils/collectd/Makefile 2017/04/08 17:34:36 1.20.2.1
@@ -1,17 +1,18 @@ @@ -1,17 +1,18 @@
1# $NetBSD: Makefile,v 1.20 2017/01/25 14:10:18 fhajny Exp $ 1# $NetBSD: Makefile,v 1.20.2.1 2017/04/08 17:34:36 spz Exp $
2 2
3.include "../../sysutils/collectd/Makefile.common" 3.include "../../sysutils/collectd/Makefile.common"
4 4
 5PKGREVISION= 1
5COMMENT= Statistics collection daemon base 6COMMENT= Statistics collection daemon base
6 7
7RCD_SCRIPTS= collectd 8RCD_SCRIPTS= collectd
8 9
9.include "../../mk/bsd.prefs.mk" 10.include "../../mk/bsd.prefs.mk"
10 11
11# Simple plugins that have no dependencies 12# Simple plugins that have no dependencies
12DEFAULT_PLUGINS+= aggregation apcups csv email exec filecount \ 13DEFAULT_PLUGINS+= aggregation apcups csv email exec filecount \
13 hddtemp logfile match_empty_counter match_hashed\ 14 hddtemp logfile match_empty_counter match_hashed\
14 match_regex match_timediff match_value mbmon \ 15 match_regex match_timediff match_value mbmon \
15 ntpd olsrd openvpn powerdns statsd table tail \ 16 ntpd olsrd openvpn powerdns statsd table tail \
16 tail_csv target_notification target_replace \ 17 tail_csv target_notification target_replace \
17 target_scale target_set target_v5upgrade \ 18 target_scale target_set target_v5upgrade \
cvs diff -r1.34 -r1.34.2.1 pkgsrc/sysutils/collectd/distinfo (expand / switch to unified diff)

--- pkgsrc/sysutils/collectd/distinfo 2017/02/14 21:23:13 1.34
+++ pkgsrc/sysutils/collectd/distinfo 2017/04/08 17:34:36 1.34.2.1
@@ -1,25 +1,26 @@ @@ -1,25 +1,26 @@
1$NetBSD: distinfo,v 1.34 2017/02/14 21:23:13 joerg Exp $ 1$NetBSD: distinfo,v 1.34.2.1 2017/04/08 17:34:36 spz Exp $
2 2
3SHA1 (collectd-5.7.1.tar.bz2) = bc77d2493b26e5c38e167a8a44fedfe287742c09 3SHA1 (collectd-5.7.1.tar.bz2) = bc77d2493b26e5c38e167a8a44fedfe287742c09
4RMD160 (collectd-5.7.1.tar.bz2) = f743ebb21313ac0bae6a3ba78456e5c16f0d15cc 4RMD160 (collectd-5.7.1.tar.bz2) = f743ebb21313ac0bae6a3ba78456e5c16f0d15cc
5SHA512 (collectd-5.7.1.tar.bz2) = f2edf4ecf3bbf5f4e10c797614a7ae39c18678601038574cec4f2ea6a8773444af4592e2872ed75a5afe5f746adaff2449df51443d98d2560a23722e46bef164 5SHA512 (collectd-5.7.1.tar.bz2) = f2edf4ecf3bbf5f4e10c797614a7ae39c18678601038574cec4f2ea6a8773444af4592e2872ed75a5afe5f746adaff2449df51443d98d2560a23722e46bef164
6Size (collectd-5.7.1.tar.bz2) = 1797725 bytes 6Size (collectd-5.7.1.tar.bz2) = 1797725 bytes
7SHA1 (patch-Makefile.am) = ed45b75293a4ea2dd577d04eeb3b9017b8f47319 7SHA1 (patch-Makefile.am) = ed45b75293a4ea2dd577d04eeb3b9017b8f47319
8SHA1 (patch-configure.ac) = f450d6b00e5c7c37214b4d90ca057c515ed08fa1 8SHA1 (patch-configure.ac) = f450d6b00e5c7c37214b4d90ca057c515ed08fa1
9SHA1 (patch-src_Makefile.am) = 1d5cc2f58ce776df04feab2afc937f12ee7b0765 9SHA1 (patch-src_Makefile.am) = 1d5cc2f58ce776df04feab2afc937f12ee7b0765
10SHA1 (patch-src_collectd.conf.in) = f0b35085cf0ddfd766e140b145177ab1f1326f5f 10SHA1 (patch-src_collectd.conf.in) = f0b35085cf0ddfd766e140b145177ab1f1326f5f
11SHA1 (patch-src_cpu.c) = e645ae6b05c051c3c878f88a493fbbd7d548bb66 11SHA1 (patch-src_cpu.c) = e645ae6b05c051c3c878f88a493fbbd7d548bb66
12SHA1 (patch-src_daemon_Makefile.am) = e38d465faf8bdd750fd9cb7f0bd9f041fcc8f83c 12SHA1 (patch-src_daemon_Makefile.am) = e38d465faf8bdd750fd9cb7f0bd9f041fcc8f83c
13SHA1 (patch-src_df.c) = 5c6549cd9ec72efed5cdb7d8dd9297c50491426e 13SHA1 (patch-src_df.c) = 5c6549cd9ec72efed5cdb7d8dd9297c50491426e
14SHA1 (patch-src_disk.c) = 1d458db9753be9c8ad1ae5edb3468acf7419a66b 14SHA1 (patch-src_disk.c) = 1d458db9753be9c8ad1ae5edb3468acf7419a66b
15SHA1 (patch-src_entropy.c) = 293e7105866b9b7c3eb5058dc314eaa510899843 15SHA1 (patch-src_entropy.c) = 293e7105866b9b7c3eb5058dc314eaa510899843
16SHA1 (patch-src_irq.c) = 78f1757ff2ed6db9fb1d0e773c2a01eb190d53a0 16SHA1 (patch-src_irq.c) = 78f1757ff2ed6db9fb1d0e773c2a01eb190d53a0
17SHA1 (patch-src_libcollectclient_network__buffer.c) = 62924943831e6d0585b103e567888f9af5c46f9e 17SHA1 (patch-src_libcollectclient_network__buffer.c) = 62924943831e6d0585b103e567888f9af5c46f9e
18SHA1 (patch-src_memory.c) = 2934cd50e454fc14d0ec952854c88b0a830fa9a7 18SHA1 (patch-src_memory.c) = 2934cd50e454fc14d0ec952854c88b0a830fa9a7
19SHA1 (patch-src_netstat__udp.c) = 30cb12d25f56c60959658dbd181783212e00cc61 19SHA1 (patch-src_netstat__udp.c) = 30cb12d25f56c60959658dbd181783212e00cc61
 20SHA1 (patch-src_network.c) = 38a537d4b5deef2162bb06c672f936a8aa443daf
20SHA1 (patch-src_processes.c) = 1a75fdaa42f37eef1a968d299c3549e640fb68b2 21SHA1 (patch-src_processes.c) = 1a75fdaa42f37eef1a968d299c3549e640fb68b2
21SHA1 (patch-src_statsd.c) = 35f4349d2d2c9bddc0f4770344f969157cd012f6 22SHA1 (patch-src_statsd.c) = 35f4349d2d2c9bddc0f4770344f969157cd012f6
22SHA1 (patch-src_swap.c) = 24da6e04e3006639311e8111f26f72e4fab4054a 23SHA1 (patch-src_swap.c) = 24da6e04e3006639311e8111f26f72e4fab4054a
23SHA1 (patch-src_tcpconns.c) = b85de1d0eb03989df12d9688b38d61733a13c028 24SHA1 (patch-src_tcpconns.c) = b85de1d0eb03989df12d9688b38d61733a13c028
24SHA1 (patch-src_utils__dns.c) = 138a3168dc109d785412ffd068edab3b4dacca36 25SHA1 (patch-src_utils__dns.c) = 138a3168dc109d785412ffd068edab3b4dacca36
25SHA1 (patch-src_utils__format__kairosdb.c) = 2f7bde47682d2b877f9bd2d2c794a21c297aa9e5 26SHA1 (patch-src_utils__format__kairosdb.c) = 2f7bde47682d2b877f9bd2d2c794a21c297aa9e5
File Added: pkgsrc/sysutils/collectd/patches/Attic/patch-src_network.c
$NetBSD: patch-src_network.c,v 1.5.2.2 2017/04/08 17:34:36 spz Exp $

Backport fix for CVE-2017-7401.
https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211

--- src/network.c.orig	2017-01-23 07:53:57.716449156 +0000
+++ src/network.c
@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(socken
   buffer_len = *ret_buffer_len;
   buffer_offset = 0;
 
-  if (se->data.server.userdb == NULL) {
-    c_complain(
-        LOG_NOTICE, &complain_no_users,
-        "network plugin: Received signed network packet but can't verify it "
-        "because no user DB has been configured. Will accept it.");
-    return (0);
-  }
-
   /* Check if the buffer has enough data for this structure. */
   if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
     return (-ENOMEM);
@@ -1027,6 +1019,18 @@ static int parse_part_sign_sha256(socken
     return (-1);
   }
 
+  if (se->data.server.userdb == NULL) {
+    c_complain(
+        LOG_NOTICE, &complain_no_users,
+        "network plugin: Received signed network packet but can't verify it "
+        "because no user DB has been configured. Will accept it.");
+
+    *ret_buffer = buffer + pss_head_length;
+    *ret_buffer_len -= pss_head_length;
+
+    return (0);
+  }
+
   /* Copy the hash. */
   BUFFER_READ(pss.hash, sizeof(pss.hash));