diff options
Diffstat (limited to 'app-admin/collectd/files')
-rw-r--r-- | app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch | 39 | ||||
-rw-r--r-- | app-admin/collectd/files/collectd.confd-r2 | 49 | ||||
-rw-r--r-- | app-admin/collectd/files/collectd.initd-r2 | 70 | ||||
-rw-r--r-- | app-admin/collectd/files/collectd.tmpfile | 1 |
4 files changed, 159 insertions, 0 deletions
diff --git a/app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch b/app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch new file mode 100644 index 000000000000..0090f2940bf6 --- /dev/null +++ b/app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch @@ -0,0 +1,39 @@ +CVE-2017-16820: Fix double free of request PDU + +https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47 + +--- a/src/snmp.c ++++ b/src/snmp.c +@@ -1357,11 +1357,13 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) { + if (oid_list_todo_num == 0) { + /* The request is still empty - so we are finished */ + DEBUG("snmp plugin: all variables have left their subtree"); ++ snmp_free_pdu(req); + status = 0; + break; + } + + res = NULL; ++ /* snmp_sess_synch_response always frees our req PDU */ + status = snmp_sess_synch_response(host->sess_handle, req, &res); + if ((status != STAT_SUCCESS) || (res == NULL)) { + char *errstr = NULL; +@@ -1376,8 +1378,6 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) { + snmp_free_pdu(res); + res = NULL; + +- /* snmp_synch_response already freed our PDU */ +- req = NULL; + sfree(errstr); + csnmp_host_close_session(host); + +@@ -1492,9 +1492,6 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) { + snmp_free_pdu(res); + res = NULL; + +- if (req != NULL) +- snmp_free_pdu(req); +- req = NULL; + + if (status == 0) + csnmp_dispatch_table(host, data, instance_list_head, value_list_head); diff --git a/app-admin/collectd/files/collectd.confd-r2 b/app-admin/collectd/files/collectd.confd-r2 new file mode 100644 index 000000000000..835936d5bce2 --- /dev/null +++ b/app-admin/collectd/files/collectd.confd-r2 @@ -0,0 +1,49 @@ +# Distributed under the terms of the GNU General Public License v2 + +# Nice value used to launch collectd, to change priority of the process. As +# you usually we want to run it in background, a default of 5 is used. +# +#COLLECTD_NICELEVEL=5 + +# Location of configuration file. Modify if you don't like the standard +# one. +# +#COLLECTD_CONFIGFILE="/etc/collectd.conf" + +# File used to store the PID file. Usually you won't need to touch it. +# If you are going to change PID file location make sure that *only* +# root is allowed to write into that directory. +# +#COLLECTD_PIDFILE="/run/collectd.pid" + +# User to run collectd as (default is collectd, change to root or give +# collectd user appropriate privileges if you use one of the plugins that +# require it, as e.g. ping or iptables plugins) +# +#COLLECTD_USER="collectd" + +# The default collectd UNIX socket location in /run/collectd is now +# maintained via tmpfiles service. Therefore, the COLLECTD_GROUP setting +# isn't used anymore. +# If you are going to change UNIX socket location or change COLLECTD_USER +# setting above, make sure you overwrite /usr/lib/tmpfiles.d/collectd.conf +# via copy in /etc/tmpfiles.d/collectd.conf to match your setup. +#COLLECTD_GROUP="collectd" + +# You can use this configuration option to pass additional options to the +# start-stop-daemon, see start-stop-daemon(8) for more details. +# Per default we wait 1000ms after we have started the service to ensure +# that the daemon is really up and running. +#COLLECTD_SSDARGS="--wait 1000" + +# The termination timeout (start-stop-daemon parameter "retry") ensures +# that the service will be terminated within a given time (25 + 5 seconds +# per default) when you are stopping the service. +#COLLECTD_TERMTIMEOUT="TERM/25/KILL/5" + +# Options to collectd +# See collectd(8) for more details +# Notes: +# * Do not specify another PIDFILE but use the variable above to change the location +# * Do not specify another CONFIGFILE but use the variable above to change the location +#COLLECTD_OPTS="" diff --git a/app-admin/collectd/files/collectd.initd-r2 b/app-admin/collectd/files/collectd.initd-r2 new file mode 100644 index 000000000000..0a4ca71494f6 --- /dev/null +++ b/app-admin/collectd/files/collectd.initd-r2 @@ -0,0 +1,70 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +COLLECTD_CONFIGFILE=${COLLECTD_CONFIGFILE:-"/etc/collectd.conf"} +COLLECTD_PIDFILE=${COLLECTD_PIDFILE:-"/run/collectd.pid"} +COLLECTD_NICELEVEL=${COLLECTD_NICELEVEL:-5} +COLLECTD_USER=${COLLECTD_USER:-"collectd"} +COLLECTD_GROUP=${COLLECTD_GROUP:-"collectd"} +COLLECTD_SSDARGS=${COLLECTD_SSDARGS:-"--wait 1000"} +COLLECTD_TERMTIMEOUT=${COLLECTD_TERMTIMEOUT:-"TERM/25/KILL/5"} +COLLECTD_OPTS=${COLLECTD_OPTS:-""} + +command="/usr/sbin/collectd" +command_args="${COLLECTD_OPTS} -C \"${COLLECTD_CONFIGFILE}\" -f" +command_background=true +command_user="${COLLECTD_USER}" +start_stop_daemon_args="${COLLECTD_SSDARGS} --nice ${COLLECTD_NICELEVEL}" +pidfile="${COLLECTD_PIDFILE}" +retry="${COLLECTD_TERMTIMEOUT}" + +extra_commands="configtest" +description_configtest="Run collectd's internal config check." + +required_files="\"${COLLECTD_CONFIGFILE}\"" + +depend() { + use dns +} + +_checkconfig() { + if [ $(sed '/^$\|^#/d' "${COLLECTD_CONFIGFILE}" | grep 'LoadPlugin[[:space:]]\+oracle' | wc -l) -ge 1 ] ; then + if [ -e /etc/env.d/50oracle-instantclient-basic ] ; then + . /etc/env.d/50oracle-instantclient-basic + export ORACLE_HOME + export TNS_ADMIN + else + ewarn "Unable to set Oracle environment, Oracle plugin wont work" + fi + fi + + local test_command="${command} -t -C \"${COLLECTD_CONFIGFILE}\"" + + eval ${test_command} 1>/dev/null 2>&1 + ret=$? + if [ $ret -ne 0 ]; then + eerror "${SVCNAME} has detected an error in your configuration:" + eval ${test_command} + fi + + return $ret +} + +configtest() { + ebegin "Checking ${SVCNAME} configuration" + _checkconfig + eend $? +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ]; then + configtest || return 1 + fi +} + +stop_pre() { + if [ "${RC_CMD}" = "restart" ]; then + configtest || return 1 + fi +} diff --git a/app-admin/collectd/files/collectd.tmpfile b/app-admin/collectd/files/collectd.tmpfile new file mode 100644 index 000000000000..4524a56ec183 --- /dev/null +++ b/app-admin/collectd/files/collectd.tmpfile @@ -0,0 +1 @@ +d /run/collectd 0770 collectd collectd |