about summary refs log tree commit diff
path: root/nixpkgs/pkgs/servers/monitoring/net-snmp
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/servers/monitoring/net-snmp')
-rw-r--r--nixpkgs/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch30
-rw-r--r--nixpkgs/pkgs/servers/monitoring/net-snmp/default.nix63
2 files changed, 93 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch b/nixpkgs/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch
new file mode 100644
index 000000000000..c33f7bb03fa8
--- /dev/null
+++ b/nixpkgs/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch
@@ -0,0 +1,30 @@
+commit 7ffb8e25a0db851953155de91f0170e9bf8c457d
+Author: Robert Story <rstory@freesnmp.com>
+Date:   Thu Oct 6 10:43:10 2016 -0400
+
+    CHANGES: BUG: 2743: snmpd crashes when receiving a GetNext PDU with multiple Varbinds
+    
+    skip out-of-range varbinds when calling next handler
+
+diff --git a/agent/helpers/table.c b/agent/helpers/table.c
+index 32a08033a..2666638b5 100644
+--- a/agent/helpers/table.c
++++ b/agent/helpers/table.c
+@@ -340,6 +340,8 @@ table_helper_handler(netsnmp_mib_handler *handler,
+             else if (reqinfo->mode == MODE_GET)
+                 table_helper_cleanup(reqinfo, request,
+                                      SNMP_NOSUCHOBJECT);
++            else
++                request->processed = 1; /* skip if next handler called */
+             continue;
+         }
+ 
+@@ -409,6 +411,8 @@ table_helper_handler(netsnmp_mib_handler *handler,
+                 else if (reqinfo->mode == MODE_GET)
+                     table_helper_cleanup(reqinfo, request,
+                                          SNMP_NOSUCHOBJECT);
++                else
++                    request->processed = 1; /* skip if next handler called */
+                 continue;
+             }
+             /*
diff --git a/nixpkgs/pkgs/servers/monitoring/net-snmp/default.nix b/nixpkgs/pkgs/servers/monitoring/net-snmp/default.nix
new file mode 100644
index 000000000000..d86eac719a60
--- /dev/null
+++ b/nixpkgs/pkgs/servers/monitoring/net-snmp/default.nix
@@ -0,0 +1,63 @@
+{ stdenv, fetchurl, fetchpatch, autoreconfHook, file, openssl, perl, unzip }:
+
+stdenv.mkDerivation rec {
+  name = "net-snmp-5.7.3";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/net-snmp/${name}.zip";
+    sha256 = "0gkss3zclm23zwpqfhddca8278id7pk6qx1mydpimdrrcndwgpz8";
+  };
+
+  patches =
+    let fetchAlpinePatch = name: sha256: fetchpatch {
+      url = "https://git.alpinelinux.org/cgit/aports/plain/main/net-snmp/${name}?id=f25d3fb08341b60b6ccef424399f060dfcf3f1a5";
+      inherit name sha256;
+    };
+  in [
+    (fetchAlpinePatch "CVE-2015-5621.patch" "05098jyvd9ddr5q26z7scbbvk1bk6x4agpjm6pyprvpc1zpi0y09")
+    (fetchAlpinePatch "fix-Makefile-PL.patch" "14ilnkj3cr6mpi242hrmmmv8nv4dj0fdgn42qfk9aa7scwsc0lc7")
+    (fetchAlpinePatch "fix-includes.patch" "0zpkbb6k366qpq4dax5wknwprhwnhighcp402mlm7950d39zfa3m")
+    (fetchAlpinePatch "netsnmp-swinst-crash.patch" "0gh164wy6zfiwiszh58fsvr25k0ns14r3099664qykgpmickkqid")
+    (fetchAlpinePatch "remove-U64-typedef.patch" "1msxyhcqkvhqa03dwb50288g7f6nbrcd9cs036m9xc8jdgjb8k8j")
+    ./CVE-2018-18065.patch
+  ];
+
+  preConfigure =
+    ''
+      perlversion=$(perl -e 'use Config; print $Config{version};')
+      perlarchname=$(perl -e 'use Config; print $Config{archname};')
+      installFlags="INSTALLSITEARCH=$out/lib/perl5/site_perl/$perlversion/$perlarchname INSTALLSITEMAN3DIR=$out/share/man/man3"
+
+      # http://article.gmane.org/gmane.network.net-snmp.user/32434
+      substituteInPlace "man/Makefile.in" --replace 'grep -vE' '@EGREP@ -v'
+    '';
+
+  configureFlags =
+    [ "--with-default-snmp-version=3"
+      "--with-sys-location=Unknown"
+      "--with-sys-contact=root@unknown"
+      "--with-logfile=/var/log/net-snmpd.log"
+      "--with-persistent-directory=/var/lib/net-snmp"
+      "--with-openssl=${openssl.dev}"
+    ] ++ stdenv.lib.optional stdenv.isLinux "--with-mnttab=/proc/mounts";
+
+  nativeBuildInputs = [ autoreconfHook ];
+  buildInputs = [ file perl unzip openssl ];
+
+  enableParallelBuilding = true;
+  doCheck = false; # fails
+
+  postInstall = ''
+    for f in "$out/lib/"*.la $out/bin/net-snmp-config $out/bin/net-snmp-create-v3-user; do
+      sed 's|-L${openssl.dev}|-L${openssl.out}|g' -i $f
+    done
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Clients and server for the SNMP network monitoring protocol";
+    homepage = http://net-snmp.sourceforge.net/;
+    license = licenses.bsd3;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ wkennington ];
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-01 06:15:48 +0000