Package: net-snmp Version: 5.4.3~dfsg-2.4 Severity: normal Tags: patch pending
Dear maintainer, I've prepared an NMU for net-snmp (versioned as 5.4.3~dfsg-2.5) and uploaded it to DELAYED/02. Please feel free to tell me if I should delay it longer. Cheers Luk
diff -Nru net-snmp-5.4.3~dfsg/debian/changelog net-snmp-5.4.3~dfsg/debian/changelog --- net-snmp-5.4.3~dfsg/debian/changelog 2011-12-19 07:51:18.000000000 +0100 +++ net-snmp-5.4.3~dfsg/debian/changelog 2012-05-27 18:14:03.000000000 +0200 @@ -1,3 +1,18 @@ +net-snmp (5.4.3~dfsg-2.5) unstable; urgency=medium + + * Non-maintainer upload by the Security Team. + * Fix CVE-2012-2141 by using Ubuntu's patch (Closes: #672492). + * Do not ship *.la files (Closes: #633166). + * Enable hardened build flags and fix missing format strings + (Closes: #657519). + * Source debconf before doing work in postinst (Closes: #626312). + * Fix check for existing snmp group in postinst (Closes: #609430). + * Use *-any architecture qualifiers (Closes: #634735). + * Add Indonesian debconf translation (Closes: #654166). + * Add Polish debconf translation (Closes: #661252). + + -- Luk Claes <l...@debian.org> Sun, 27 May 2012 17:22:01 +0200 + net-snmp (5.4.3~dfsg-2.4) unstable; urgency=low * Non-maintainer upload. diff -Nru net-snmp-5.4.3~dfsg/debian/control net-snmp-5.4.3~dfsg/debian/control --- net-snmp-5.4.3~dfsg/debian/control 2011-05-09 11:19:06.000000000 +0200 +++ net-snmp-5.4.3~dfsg/debian/control 2012-05-27 18:14:32.000000000 +0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-de...@lists.alioth.debian.org> Uploaders: Jochen Friedrich <joc...@scram.de>, Thomas Anders <tand...@users.sourceforge.net>, Noah Meyerhans <no...@debian.org> -Build-Depends: debhelper (>= 7.0.50~), libtool, libwrap0-dev, libssl-dev (>> 0.9.8), perl (>=5.8), libperl-dev, python-all-dev (>= 2.5.4-1~), python-central (>=0.5.6), python (>=2.3.5-7), python-setuptools (>=0.6b3), autoconf, automake1.9, autotools-dev, debianutils (>=1.13.1), bash (>=2.05), findutils (>=4.1.20), procps, libbsd-dev [kfreebsd-i386 kfreebsd-amd64], libkvm-dev [kfreebsd-i386 kfreebsd-amd64], libsensors4-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64] +Build-Depends: debhelper (>= 7.0.50~), libtool, libwrap0-dev, libssl-dev (>> 0.9.8), perl (>=5.8), libperl-dev, python-all-dev (>= 2.5.4-1~), python-central (>=0.5.6), python (>=2.3.5-7), python-setuptools (>=0.6b3), autoconf, automake1.9, autotools-dev, debianutils (>=1.13.1), bash (>=2.05), findutils (>=4.1.20), procps, libbsd-dev [kfreebsd-any], libkvm-dev [kfreebsd-any], libsensors4-dev [linux-any] Standards-Version: 3.8.4 Vcs-Svn: svn://svn.debian.org/pkg-net-snmp/ Vcs-Browser: http://svn.debian.org/wsvn/pkg-net-snmp/ diff -Nru net-snmp-5.4.3~dfsg/debian/libsnmp-dev.install net-snmp-5.4.3~dfsg/debian/libsnmp-dev.install --- net-snmp-5.4.3~dfsg/debian/libsnmp-dev.install 2011-12-19 07:50:26.000000000 +0100 +++ net-snmp-5.4.3~dfsg/debian/libsnmp-dev.install 2012-05-27 17:24:04.000000000 +0200 @@ -4,7 +4,6 @@ debian/tmp/usr/include debian/tmp/usr/lib/lib*.a debian/tmp/usr/lib/lib*.so -debian/tmp/usr/lib/lib*.la debian/tmp/usr/share/man/man1/mib2c.1 debian/tmp/usr/share/man/man1/mib2c-update.1 debian/tmp/usr/share/man/man3/* diff -Nru net-snmp-5.4.3~dfsg/debian/patches/65_CVE-2012-2141.patch net-snmp-5.4.3~dfsg/debian/patches/65_CVE-2012-2141.patch --- net-snmp-5.4.3~dfsg/debian/patches/65_CVE-2012-2141.patch 1970-01-01 01:00:00.000000000 +0100 +++ net-snmp-5.4.3~dfsg/debian/patches/65_CVE-2012-2141.patch 2012-05-27 17:20:46.000000000 +0200 @@ -0,0 +1,31 @@ +Description: fix denial of service via SNMP GET with non-existent + extension table entry +Bug: http://sourceforge.net/tracker/index.php?func=detail&aid=3526549&group_id=12694&atid=112694 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672492 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=815813 +Origin: upstream, http://net-snmp.git.sourceforge.net/git/gitweb.cgi?p=net-snmp/net-snmp;a=commit;h=4c5633f1603e4bd03ed05c37d782ec8911759c47 + +Index: net-snmp-5.4.3~dfsg/agent/mibgroup/agent/extend.c +=================================================================== +--- net-snmp-5.4.3~dfsg.orig/agent/mibgroup/agent/extend.c 2009-04-22 19:49:21.000000000 -0400 ++++ net-snmp-5.4.3~dfsg/agent/mibgroup/agent/extend.c 2012-05-22 16:30:35.596256644 -0400 +@@ -1124,7 +1124,7 @@ + * ...and check the line requested is valid + */ + line_idx = *table_info->indexes->next_variable->val.integer; +- if (eptr->numlines < line_idx) ++ if (line_idx < 1 || line_idx > eptr->numlines) + return NULL; + } + return eptr; +@@ -1297,6 +1297,10 @@ + * Determine which line we've been asked for.... + */ + line_idx = *table_info->indexes->next_variable->val.integer; ++ if (line_idx < 1 || line_idx > extension->numlines) { ++ netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE); ++ continue; ++ } + cp = extension->lines[line_idx-1]; + + /* diff -Nru net-snmp-5.4.3~dfsg/debian/patches/66_formatstrings.patch net-snmp-5.4.3~dfsg/debian/patches/66_formatstrings.patch --- net-snmp-5.4.3~dfsg/debian/patches/66_formatstrings.patch 1970-01-01 01:00:00.000000000 +0100 +++ net-snmp-5.4.3~dfsg/debian/patches/66_formatstrings.patch 2012-05-27 17:29:31.000000000 +0200 @@ -0,0 +1,76 @@ +diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_swinst.c net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_swinst.c +--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_swinst.c 2010-01-26 10:27:30.000000000 +0100 ++++ net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_swinst.c 2012-01-26 20:08:43.000000000 +0100 +@@ -695,7 +695,7 @@ + swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0; + } + #else +- snprintf(swi->swi_name, sizeof(swi->swi_name), swi->swi_dep->d_name); ++ snprintf(swi->swi_name, sizeof(swi->swi_name), "%s", swi->swi_dep->d_name); + swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0; + #endif + return 0; +diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/ucd-snmp/versioninfo.c net-snmp-5.4.3~dfsg/agent/mibgroup/ucd-snmp/versioninfo.c +--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/ucd-snmp/versioninfo.c 2006-09-15 02:48:50.000000000 +0200 ++++ net-snmp-5.4.3~dfsg/agent/mibgroup/ucd-snmp/versioninfo.c 2012-01-26 20:10:34.000000000 +0100 +@@ -109,7 +109,7 @@ + long_ret = name[8]; + return ((u_char *) (&long_ret)); + case VERTAG: +- sprintf(errmsg, netsnmp_get_version()); ++ sprintf(errmsg, "%s", netsnmp_get_version()); + *var_len = strlen(errmsg); + return ((u_char *) errmsg); + case VERDATE: +@@ -119,7 +119,7 @@ + case VERCDATE: + curtime = time(NULL); + cptr = ctime(&curtime); +- sprintf(errmsg, cptr); ++ sprintf(errmsg, "%s", cptr); + *var_len = strlen(errmsg) - 1; + return ((u_char *) errmsg); + case VERIDENT: +diff -aur net-snmp-5.4.3~dfsg.harden/perl/agent/agent.xs net-snmp-5.4.3~dfsg/perl/agent/agent.xs +--- net-snmp-5.4.3~dfsg.harden/perl/agent/agent.xs 2010-05-11 19:26:56.000000000 +0200 ++++ net-snmp-5.4.3~dfsg/perl/agent/agent.xs 2012-01-26 20:14:42.000000000 +0100 +@@ -489,7 +489,7 @@ + CODE: + { + stringptr = SvPV(value, stringlen); +- snmp_log(LOG_ERR, stringptr ); ++ snmp_log(LOG_ERR, "%s", stringptr ); + } + + +diff -aur net-snmp-5.4.3~dfsg.harden/perl/SNMP/SNMP.xs net-snmp-5.4.3~dfsg/perl/SNMP/SNMP.xs +--- net-snmp-5.4.3~dfsg.harden/perl/SNMP/SNMP.xs 2009-12-05 18:42:24.000000000 +0100 ++++ net-snmp-5.4.3~dfsg/perl/SNMP/SNMP.xs 2012-01-26 20:15:55.000000000 +0100 +@@ -3987,7 +3987,7 @@ + if (context->req_oids == NULL) { + sprintf(str_buf, "Newz(req_oids) failed (%s)", strerror(errno)); + if (verbose) +- warn(str_buf); ++ warn("%s", str_buf); + sv_setpv(*err_str_svp, str_buf); + sv_setiv(*err_num_svp, SNMPERR_MALLOC); + goto err; +diff -aur net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_filesys.c net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_filesys.c +--- net-snmp-5.4.3~dfsg.harden/agent/mibgroup/host/hr_filesys.c 2009-04-24 00:16:22.000000000 +0200 ++++ net-snmp-5.4.3~dfsg/agent/mibgroup/host/hr_filesys.c 2012-01-26 20:07:22.000000000 +0100 +@@ -316,13 +316,13 @@ + long_return = fsys_idx; + return (u_char *) & long_return; + case HRFSYS_MOUNT: +- snprintf(string, sizeof(string), HRFS_entry->HRFS_mount); ++ snprintf(string, sizeof(string), "%s", HRFS_entry->HRFS_mount); + string[ sizeof(string)-1 ] = 0; + *var_len = strlen(string); + return (u_char *) string; + case HRFSYS_RMOUNT: + if (Check_HR_FileSys_NFS()) { +- snprintf(string, sizeof(string), HRFS_entry->HRFS_name); ++ snprintf(string, sizeof(string), "%s", HRFS_entry->HRFS_name); + string[ sizeof(string)-1 ] = 0; + } else + string[0] = '\0'; diff -Nru net-snmp-5.4.3~dfsg/debian/patches/series net-snmp-5.4.3~dfsg/debian/patches/series --- net-snmp-5.4.3~dfsg/debian/patches/series 2011-05-07 12:24:41.000000000 +0200 +++ net-snmp-5.4.3~dfsg/debian/patches/series 2012-05-27 17:29:54.000000000 +0200 @@ -14,3 +14,5 @@ 62_add_lib_cflags.patch 63_fix_shell.patch 64_missing_lib.patch +65_CVE-2012-2141.patch +66_formatstrings.patch diff -Nru net-snmp-5.4.3~dfsg/debian/po/id.po net-snmp-5.4.3~dfsg/debian/po/id.po --- net-snmp-5.4.3~dfsg/debian/po/id.po 1970-01-01 01:00:00.000000000 +0100 +++ net-snmp-5.4.3~dfsg/debian/po/id.po 2012-05-27 17:47:08.000000000 +0200 @@ -0,0 +1,43 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: net-snmp 5.4.3~dfsg-2.4\n" +"Report-Msgid-Bugs-To: net-s...@packages.debian.org\n" +"POT-Creation-Date: 2011-12-10 08:44+0100\n" +"PO-Revision-Date: 2012-01-02 12:55+0700\n" +"Last-Translator: Mahyuddin Susanto <udi...@ubuntu.com>\n" +"Language-Team: Debian Indonesia Translator <debian-l10n-indones...@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Indonesian\n" +"X-Poedit-Country: INDONESIA\n" + +#. Type: note +#. Description +#: ../snmpd.templates:2001 +msgid "Default parameters changed since version 5.2.1" +msgstr "Parameter bawaan berubah sejak versi 5.2.1" + +#. Type: note +#. Description +#: ../snmpd.templates:2001 +msgid "The default start parameters of the snmpd agent/daemon have been changed." +msgstr "Parameter bawaan pemulai dari daemon snmpd agend/daemon telah berubah" + +#. Type: note +#. Description +#: ../snmpd.templates:2001 +msgid "The daemon is now started as user snmp, binds to localhost only and runs with SNMP multiplexing (SMUX) support disabled. These parameters can all be individually changed in /etc/default/snmpd." +msgstr "Daemon sekarang dimulai dari pengguna snmp, hanya untuk localhost dengan dukungan SNMP multiplexing diaktifkan. Semua ini dapat diubah di /etc/default/snmpd." + +#. Type: note +#. Description +#: ../snmpd.templates:2001 +msgid "Please see /usr/share/doc/snmpd/NEWS.Debian.gz for more details." +msgstr "Mohon lihat /usr/share/doc/snmpd/NEWS.Debian.gz untuk selengkapnya" + diff -Nru net-snmp-5.4.3~dfsg/debian/po/pl.po net-snmp-5.4.3~dfsg/debian/po/pl.po --- net-snmp-5.4.3~dfsg/debian/po/pl.po 1970-01-01 01:00:00.000000000 +0100 +++ net-snmp-5.4.3~dfsg/debian/po/pl.po 2012-05-27 17:47:52.000000000 +0200 @@ -0,0 +1,54 @@ +# Translation of net-snmp debconf templates to Polish. +# Copyright (C) 2011 +# This file is distributed under the same license as the net-snmp package. +# +# Michał Kułach <michal.kul...@gmail.com>, 2012. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: net-s...@packages.debian.org\n" +"POT-Creation-Date: 2011-12-10 08:44+0100\n" +"PO-Revision-Date: 2012-02-15 18:38+0100\n" +"Last-Translator: Michał Kułach <michal.kul...@gmail.com>\n" +"Language-Team: Polish <debian-l10n-pol...@lists.debian.org>\n" +"Language: pl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " +"|| n%100>=20) ? 1 : 2);\n" + +#. Type: note +#. Description +#: ../snmpd.templates:2001 +msgid "Default parameters changed since version 5.2.1" +msgstr "Domyślne parametry zmieniły się od wersji 5.2.1" + +#. Type: note +#. Description +#: ../snmpd.templates:2001 +msgid "" +"The default start parameters of the snmpd agent/daemon have been changed." +msgstr "Domyślne parametry startowe agenta/demona snmpd zmieniły się." + +#. Type: note +#. Description +#: ../snmpd.templates:2001 +msgid "" +"The daemon is now started as user snmp, binds to localhost only and runs " +"with SNMP multiplexing (SMUX) support disabled. These parameters can all be " +"individually changed in /etc/default/snmpd." +msgstr "" +"Demon jest teraz uruchamiany jako użytkownik snmp, powiązany jedynie z " +"localhost oraz działa z wyłączonym multipleksowaniem SNMP (SMUX). Parametry " +"te mogą być zmienione w pliku /etc/default/snmpd." + +#. Type: note +#. Description +#: ../snmpd.templates:2001 +msgid "Please see /usr/share/doc/snmpd/NEWS.Debian.gz for more details." +msgstr "" +"Proszę zapoznać się z /usr/share/doc/snmpd/NEWS.Debian.gz, aby uzyskać więcej " +"szczegółów." + diff -Nru net-snmp-5.4.3~dfsg/debian/rules net-snmp-5.4.3~dfsg/debian/rules --- net-snmp-5.4.3~dfsg/debian/rules 2011-01-05 13:12:04.000000000 +0100 +++ net-snmp-5.4.3~dfsg/debian/rules 2012-05-27 18:13:55.000000000 +0200 @@ -29,6 +29,8 @@ MIB_MODULES += host endif +DEB_CFLAGS_MAINT_APPEND=-DNETSNMP_USE_INLINE + %: dh --with python-central $@ @@ -43,7 +45,7 @@ dh_auto_configure -- --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man \ --with-persistent-directory=/var/lib/snmp \ --enable-ucd-snmp-compatibility \ - --enable-shared --with-cflags="$(CFLAGS) -DNETSNMP_USE_INLINE" \ + --enable-shared $(shell dpkg-buildflags --export=configure) \ --with-perl-modules="INSTALLDIRS=vendor" --enable-as-needed \ $(IPV6) --with-logfile=none \ --without-rpm --with-libwrap --with-openssl \ diff -Nru net-snmp-5.4.3~dfsg/debian/snmpd.postinst net-snmp-5.4.3~dfsg/debian/snmpd.postinst --- net-snmp-5.4.3~dfsg/debian/snmpd.postinst 2011-01-05 13:12:04.000000000 +0100 +++ net-snmp-5.4.3~dfsg/debian/snmpd.postinst 2012-05-27 17:41:23.000000000 +0200 @@ -2,17 +2,17 @@ set -e +. /usr/share/debconf/confmodule +db_version 2.0 + if [ "x$1" = xconfigure ]; then - if [ ! `getent group snmp >/dev/null` ]; then + if ! getent group snmp >/dev/null ; then deluser --quiet --system snmp fi adduser --quiet --system --group --no-create-home --home /var/lib/snmp snmp chown -R snmp:snmp /var/lib/snmp fi -. /usr/share/debconf/confmodule -db_version 2.0 - #DEBHELPER# exit 0
