diff options
Diffstat (limited to 'app-admin/collectd/files')
-rw-r--r-- | app-admin/collectd/files/collectd-5.6.2-CVE-2017-7401.patch | 56 | ||||
-rw-r--r-- | app-admin/collectd/files/collectd-5.6.2-issue2303.patch | 44 | ||||
-rw-r--r-- | app-admin/collectd/files/collectd.confd-r1 | 45 | ||||
-rw-r--r-- | app-admin/collectd/files/collectd.initd-r1 | 78 |
4 files changed, 0 insertions, 223 deletions
diff --git a/app-admin/collectd/files/collectd-5.6.2-CVE-2017-7401.patch b/app-admin/collectd/files/collectd-5.6.2-CVE-2017-7401.patch deleted file mode 100644 index 7c23ac18d8f8..000000000000 --- a/app-admin/collectd/files/collectd-5.6.2-CVE-2017-7401.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f6be4f9b49b949b379326c3d7002476e6ce4f211 Mon Sep 17 00:00:00 2001 -From: Pavel Rochnyack <pavel2000@ngs.ru> -Date: Mon, 3 Apr 2017 11:57:09 +0600 -Subject: [PATCH] network plugin: Fix endless loop DOS in parse_packet() - -When correct 'Signature part' is received by Collectd, configured without -AuthFile option, condition for endless loop occurs due to missing increase -of pointer to next unprocessed part. - -This is a forward-port of #2233. - -Fixes: CVE-2017-7401 -Closes: #2174 -Signed-off-by: Florian Forster <octo@collectd.org> ---- - src/network.c | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -diff --git a/src/network.c b/src/network.c -index be4c3ba..2ff09af 100644 ---- a/src/network.c -+++ b/src/network.c -@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(sockent_t *se, /* {{{ */ - buffer_len = *ret_buffer_len; - buffer_offset = 0; - -- if (se->data.server.userdb == NULL) { -- c_complain( -- LOG_NOTICE, &complain_no_users, -- "network plugin: Received signed network packet but can't verify it " -- "because no user DB has been configured. Will accept it."); -- return (0); -- } -- - /* Check if the buffer has enough data for this structure. */ - if (buffer_len <= PART_SIGNATURE_SHA256_SIZE) - return (-ENOMEM); -@@ -1027,6 +1019,18 @@ static int parse_part_sign_sha256(sockent_t *se, /* {{{ */ - return (-1); - } - -+ if (se->data.server.userdb == NULL) { -+ c_complain( -+ LOG_NOTICE, &complain_no_users, -+ "network plugin: Received signed network packet but can't verify it " -+ "because no user DB has been configured. Will accept it."); -+ -+ *ret_buffer = buffer + pss_head_length; -+ *ret_buffer_len -= pss_head_length; -+ -+ return (0); -+ } -+ - /* Copy the hash. */ - BUFFER_READ(pss.hash, sizeof(pss.hash)); - diff --git a/app-admin/collectd/files/collectd-5.6.2-issue2303.patch b/app-admin/collectd/files/collectd-5.6.2-issue2303.patch deleted file mode 100644 index 0fffcd6b9224..000000000000 --- a/app-admin/collectd/files/collectd-5.6.2-issue2303.patch +++ /dev/null @@ -1,44 +0,0 @@ -From fd01cdd0546ccbbda7f4cf5db2d0ae28e1e770cd Mon Sep 17 00:00:00 2001 -From: Ruben Kerkhof <ruben@rubenkerkhof.com> -Date: Tue, 30 May 2017 17:25:17 +0200 -Subject: [PATCH] Bind plugin: plug a few leaks - -Fixes: #2303 ---- - src/bind.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/bind.c b/src/bind.c -index 4860f1b604..853b9c26a3 100644 ---- a/src/bind.c -+++ b/src/bind.c -@@ -526,8 +526,10 @@ static int bind_parse_generic_name_value(const char *xpath_expression, /* {{{ */ - status = bind_xml_read_gauge(doc, counter, &value.gauge); - else - status = bind_xml_read_derive(doc, counter, &value.derive); -- if (status != 0) -+ if (status != 0) { -+ xmlFree(name); - continue; -+ } - - status = (*list_callback)(name, value, current_time, user_data); - if (status == 0) -@@ -659,12 +661,16 @@ static int bind_parse_generic_name_attr_value_list( - status = bind_xml_read_gauge(doc, child, &value.gauge); - else - status = bind_xml_read_derive(doc, child, &value.derive); -- if (status != 0) -+ if (status != 0) { -+ xmlFree(attr_name); - continue; -+ } - - status = (*list_callback)(attr_name, value, current_time, user_data); - if (status == 0) - num_entries++; -+ -+ xmlFree(attr_name); - } - } - diff --git a/app-admin/collectd/files/collectd.confd-r1 b/app-admin/collectd/files/collectd.confd-r1 deleted file mode 100644 index 1ad78f839d8a..000000000000 --- a/app-admin/collectd/files/collectd.confd-r1 +++ /dev/null @@ -1,45 +0,0 @@ -# Distributed under the terms of the GNU General Public License v2 - -# Nice value used to launch collectd, to change priority of the process. As -# you usually we want to run it in background, a default of 5 is used. -# -#COLLECTD_NICELEVEL=5 - -# Location of configuration file. Modify if you don't like the standard -# one. -# -#COLLECTD_CONFIGFILE="/etc/collectd.conf" - -# File used to store the PID file. Usually you won't need to touch it. -# -#COLLECTD_PIDFILE="/run/collectd/collectd.pid" - -# User to run collectd as (default is collectd, change to root or give -# collectd user appropriate privileges if you use one of the plugins that -# require it, as e.g. ping or iptables plugins) -# -#COLLECTD_USER="collectd" - -# The group is only important if you are using collectd's UNIX socket -# in the default location (/run/collectd) because we will chown the -# default location to COLLECTD_USER:COLLECTD_GROUP. The default value -# is "collectd". -#COLLECTD_GROUP="collectd" - -# You can use this configuration option to pass additional options to the -# start-stop-daemon, see start-stop-daemon(8) for more details. -# Per default we wait 1000ms after we have started the service to ensure -# that the daemon is really up and running. -#COLLECTD_SSDARGS="--wait 1000" - -# The termination timeout (start-stop-daemon parameter "retry") ensures -# that the service will be terminated within a given time (25 + 5 seconds -# per default) when you are stopping the service. -#COLLECTD_TERMTIMEOUT="TERM/25/KILL/5" - -# Options to collectd -# See collectd(8) for more details -# Notes: -# * Do not specify another PIDFILE but use the variable above to change the location -# * Do not specify another CONFIGFILE but use the variable above to change the location -#COLLECTD_OPTS="" diff --git a/app-admin/collectd/files/collectd.initd-r1 b/app-admin/collectd/files/collectd.initd-r1 deleted file mode 100644 index e65f85a7bcbf..000000000000 --- a/app-admin/collectd/files/collectd.initd-r1 +++ /dev/null @@ -1,78 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -COLLECTD_CONFIGFILE=${COLLECTD_CONFIGFILE:-"/etc/collectd.conf"} -COLLECTD_PIDFILE=${COLLECTD_PIDFILE:-"/run/collectd/collectd.pid"} -COLLECTD_NICELEVEL=${COLLECTD_NICELEVEL:-5} -COLLECTD_USER=${COLLECTD_USER:-"collectd"} -COLLECTD_GROUP=${COLLECTD_GROUP:-"collectd"} -COLLECTD_SSDARGS=${COLLECTD_SSDARGS:-"--wait 1000"} -COLLECTD_TERMTIMEOUT=${COLLECTD_TERMTIMEOUT:-"TERM/25/KILL/5"} -COLLECTD_OPTS=${COLLECTD_OPTS:-""} - -command="/usr/sbin/collectd" -command_args="${COLLECTD_OPTS} -C \"${COLLECTD_CONFIGFILE}\" -P \"${COLLECTD_PIDFILE}\"" -start_stop_daemon_args="${COLLECTD_SSDARGS} --nice ${COLLECTD_NICELEVEL} --user ${COLLECTD_USER}:${COLLECTD_GROUP}" -pidfile="${COLLECTD_PIDFILE}" -retry="${COLLECTD_TERMTIMEOUT}" - -extra_commands="configtest" -description_configtest="Run collectd's internal config check." - -required_files="\"${COLLECTD_CONFIGFILE}\"" - -depend() { - use dns -} - -_checkconfig() { - if [ $(sed '/^$\|^#/d' "${COLLECTD_CONFIGFILE}" | grep 'LoadPlugin[[:space:]]\+oracle' | wc -l) -ge 1 ] ; then - if [ -e /etc/env.d/50oracle-instantclient-basic ] ; then - . /etc/env.d/50oracle-instantclient-basic - export ORACLE_HOME - export TNS_ADMIN - else - ewarn "Unable to set Oracle environment, Oracle plugin wont work" - fi - fi - - local test_command="${command} -t -C \"${COLLECTD_CONFIGFILE}\"" - - eval ${test_command} 1>/dev/null 2>&1 - ret=$? - if [ $ret -ne 0 ]; then - eerror "${SVCNAME} has detected an error in your configuration:" - eval ${test_command} - fi - - return $ret -} - -configtest() { - ebegin "Checking ${SVCNAME} configuration" - _checkconfig - eend $? -} - -start_pre() { - if [ "${RC_CMD}" != "restart" ]; then - configtest || return 1 - fi - - checkpath --directory --mode 0770 --owner ${COLLECTD_USER}:${COLLECTD_GROUP} "$(dirname "${COLLECTD_PIDFILE}")" -} - -stop_pre() { - if [ "${RC_CMD}" = "restart" ]; then - configtest || return 1 - fi -} - -stop_post() { - if [ -f "${COLLECTD_PIDFILE}" ]; then - vebegin "Removing stale PID file" - rm --force "${COLLECTD_PIDFILE}" - veend $? - fi -} |