NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netsnmp: security bump to version 5.7.2.1

Browse Source 
Fixes CVE-2014-2284 but not CVE-2014-2285 so add a patch for that one.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2014-03-10 14:13:02 -03:00 committed by Peter Korsgaard
parent df2b2104f4
commit 517c1deebf
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
package/netsnmp/netsnmp-001-CVE-2014-2285.patch Normal file
View File

@ -0,0 +1,31 @@
Fix for CVE-2014-2285 from upstream:
http://sourceforge.net/p/net-snmp/patches/1275/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
--- net-snmp-5.7.3.pre3/perl/TrapReceiver/TrapReceiver.xs.null 2014-02-25 21:50:16.000000000 +0100
+++ net-snmp-5.7.3.pre3/perl/TrapReceiver/TrapReceiver.xs 2014-03-03 18:59:20.261766270 +0100
@@ -81,18 +81,18 @@ int perl_trapd_handler( netsnmp_pdu
STOREPDUi("securitymodel", pdu->securityModel);
STOREPDUi("securitylevel", pdu->securityLevel);
STOREPDU("contextName",
- newSVpv(pdu->contextName, pdu->contextNameLen));
+ newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen));
STOREPDU("contextEngineID",
- newSVpv((char *) pdu->contextEngineID,
+ newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "",
pdu->contextEngineIDLen));
STOREPDU("securityEngineID",
- newSVpv((char *) pdu->securityEngineID,
+ newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "",
pdu->securityEngineIDLen));
STOREPDU("securityName",
- newSVpv((char *) pdu->securityName, pdu->securityNameLen));
+ newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen));
} else {
STOREPDU("community",
- newSVpv((char *) pdu->community, pdu->community_len));
+ newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len));
}
if (transport && transport->f_fmtaddr) {

2
package/netsnmp/netsnmp.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
NETSNMP_VERSION = 5.7.2
NETSNMP_VERSION = 5.7.2.1
NETSNMP_SITE = http://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NETSNMP_VERSION)
NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz
NETSNMP_LICENSE = Various BSD-like