rpms/net-snmp/F-10 net-snmp-5.4.1-libwrap.patch, NONE, 1.1 net-snmp.spec, 1.164, 1.165

Jan Šafránek jsafrane at fedoraproject.org
Mon Feb 16 11:13:07 UTC 2009 

Author: jsafrane

Update of /cvs/pkgs/rpms/net-snmp/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv801

Modified Files:
	net-snmp.spec 
Added Files:
	net-snmp-5.4.1-libwrap.patch 
Log Message:
fix tcp_wrappers integration
Resolves: CVE-2008-6123

net-snmp-5.4.1-libwrap.patch:

--- NEW FILE net-snmp-5.4.1-libwrap.patch ---
CVE-2008-6123: snmp queries allowed from each remote host regardless of
/etc/hosts.allow configuration

Source: upstream, SVN rev. 17367

diff -up net-snmp-5.4.2.1/snmplib/snmpUDPDomain.c.libwrap net-snmp-5.4.2.1/snmplib/snmpUDPDomain.c
--- net-snmp-5.4.2.1/snmplib/snmpUDPDomain.c.libwrap	2007-10-11 22:46:30.000000000 +0200
+++ net-snmp-5.4.2.1/snmplib/snmpUDPDomain.c	2009-02-16 11:57:19.000000000 +0100
@@ -104,12 +104,12 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t
 	char tmp[64];
         to = (struct sockaddr_in *) &(addr_pair->remote_addr);
         if (to == NULL) {
-            sprintf(tmp, "UDP: [%s]->unknown",
+            sprintf(tmp, "UDP: unknown->[%s]",
                     inet_ntoa(addr_pair->local_addr));
         } else {
-            sprintf(tmp, "UDP: [%s]->", inet_ntoa(addr_pair->local_addr));
-            sprintf(tmp + strlen(tmp), "[%s]:%hd",
-                    inet_ntoa(to->sin_addr), ntohs(to->sin_port));
+            sprintf(tmp, "UDP: [%s]:%hu->",
+                inet_ntoa(to->sin_addr), ntohs(to->sin_port));
+            sprintf(tmp + strlen(tmp), "[%s]", inet_ntoa(addr_pair->local_addr));
         }
         return strdup(tmp);
     }


Index: net-snmp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/net-snmp/F-10/net-snmp.spec,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -r1.164 -r1.165
--- net-snmp.spec	1 Dec 2008 11:11:01 -0000	1.164
+++ net-snmp.spec	16 Feb 2009 11:12:36 -0000	1.165
@@ -8,7 +8,7 @@
 Summary: A collection of SNMP protocol tools and libraries
 Name: net-snmp
 Version: %{major_ver}
-Release: 2%{?dist}
+Release: 3%{?dist}
 Epoch: 1
 
 License: BSD and MIT
@@ -36,6 +36,7 @@
 Patch10: net-snmp-5.4.1-shared-ip.patch
 Patch11: net-snmp-5.4.1-sensors3.patch
 Patch12: net-snmp-5.4.1-xen-crash.patch
+Patch13: net-snmp-5.4.1-libwrap.patch
 
 Requires(pre): chkconfig
 Requires(post): chkconfig
@@ -175,6 +176,7 @@
 %patch10 -p1 -b .shared-ip
 %patch11 -p1 -b .sensors
 %patch12 -p1 -b .xen-crash
+%patch13 -p1 -b .libwrap
 
 # Do this patch with a perl hack...
 perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
@@ -414,6 +416,9 @@
 %{_datadir}/snmp/mibs
 
 %changelog
+* Mon Feb 16 2009 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-3
+- fix tcp_wrappers integration (CVE-2008-6123)
+
 * Mon Dec  1 2008 Jan Safranek <jsafranek at redhat.com> 5.4.2.1-2
 - rebuild for fixed rpm (#473420)

More information about the fedora-extras-commits mailing list