Version bump to fix security issue, bug #225105, thank Matthias Geerdsen and Robert Buchholz for report.

(Portage version: 2.1.4.4)

2 files changed, 205 insertions, 1 deletions

diff --git a/net-analyzer/net-snmp/ChangeLog b/net-analyzer/net-snmp/ChangeLog
index 64350f135675..e66dca147bd4 100644
--- a/net-analyzer/net-snmp/ChangeLog
+++ b/net-analyzer/net-snmp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-analyzer/net-snmp
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/ChangeLog,v 1.169 2008/06/07 14:54:11 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/ChangeLog,v 1.170 2008/06/16 13:48:22 pva Exp $
+
+*net-snmp-5.4.1.1 (16 Jun 2008)
+
+  16 Jun 2008; Peter Volkov <pva@gentoo.org> +net-snmp-5.4.1.1.ebuild:
+  Version bump to fix security issue, bug #225105, thank Matthias Geerdsen
+  and Robert Buchholz for report.
 
   07 Jun 2008; Diego Pettenò <flameeyes@gentoo.org>
   +files/net-snmp-5.4.1-perl-asneeded.patch, net-snmp-5.4.1-r4.ebuild:
diff --git a/net-analyzer/net-snmp/net-snmp-5.4.1.1.ebuild b/net-analyzer/net-snmp/net-snmp-5.4.1.1.ebuild
new file mode 100644
index 000000000000..d26e3476a811
--- /dev/null
+++ b/net-analyzer/net-snmp/net-snmp-5.4.1.1.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/net-snmp-5.4.1.1.ebuild,v 1.1 2008/06/16 13:48:22 pva Exp $
+
+inherit fixheadtails flag-o-matic perl-module python autotools
+
+DESCRIPTION="Software for generating and retrieving SNMP data"
+HOMEPAGE="http://net-snmp.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="as-is BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="diskio doc elf ipv6 lm_sensors mfd-rewrites minimal perl python rpm selinux smux ssl tcpd X sendmail extensible"
+
+DEPEND="ssl? ( >=dev-libs/openssl-0.9.6d )
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	rpm? (
+		app-arch/rpm
+		dev-libs/popt
+		app-arch/bzip2
+		>=sys-libs/zlib-1.1.4
+	)
+	elf? ( dev-libs/elfutils )
+	lm_sensors? ( sys-apps/lm_sensors )
+	python? ( dev-python/setuptools )"
+
+RDEPEND="${DEPEND}
+	perl? (
+		X? ( dev-perl/perl-tk )
+		!minimal? ( dev-perl/TermReadKey )
+	)
+	selinux? ( sec-policy/selinux-snmpd )"
+
+DEPEND="${DEPEND}
+	>=sys-apps/sed-4
+	doc? ( app-doc/doxygen )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# fix access violation in make check
+	sed -i -e 's/\(snmpd.*\)-Lf/\1-l/' testing/eval_tools.sh || \
+		die "sed eval_tools.sh failed"
+	# fix path in fixproc
+	sed -i -e 's|\(database_file =.*\)/local\(.*\)$|\1\2|' local/fixproc || \
+		die "sed fixproc failed"
+
+	if use python ; then
+		python_version
+		PYTHON_MODNAME="netsnmp"
+		PYTHON_DIR=/usr/$(get_libdir)/python${PYVER}/site-packages
+		sed -i -e "s:\(install --basedir=\$\$dir\):\1 --root='${D}':" Makefile.in || die "sed python failed"
+	fi
+
+	# snmpd crashes when snmpd.conf contains more than one "exec shelltest" line
+	epatch "${FILESDIR}"/${PN}-5.4-exec-crash.patch
+	# agent: suppress annoying "registration != duplicate" warning for root oids
+	epatch "${FILESDIR}"/${PN}-5.4.1-suppresssuppress-annoying.patch
+	# Crash when more then one interface have the same IP, bug 203127
+	epatch "${FILESDIR}"/${PN}-5.4.1-ipAddressTable-crash-with-double-free.patch
+	# snmpconf generates config files with proper selinux context
+	use selinux && epatch "${FILESDIR}"/${PN}-5.1.2-snmpconf-selinux.patch
+	epatch "${FILESDIR}"/${PN}-5.4.1-clientaddr-fix.patch #180266
+	epatch "${FILESDIR}"/${PN}-5.4.1-CVE-2008-2292.patch #222265
+	epatch "${FILESDIR}"/${PN}-5.4.1-process-count-race.patch #213415
+	epatch "${FILESDIR}"/${PN}-5.4.1-incorrect-hrFSStorageIndex.patch #211660
+	epatch "${FILESDIR}"/${PN}-5.4.1-perl-asneeded.patch #224251
+
+	# Fix version number to report 5.4.1.1:
+	sed -i -e 's:NetSnmpVersionInfo = "5.4.1":NetSnmpVersionInfo = "5.4.1.1":' snmplib/snmp_version.c
+
+	eautoreconf
+
+	ht_fix_all
+}
+
+src_compile() {
+	local mibs
+
+	strip-flags
+
+	mibs="host ucd-snmp/dlmod"
+	use smux && mibs="${mibs} smux"
+	use sendmail && mibs="${mibs} mibII/mta_sendmail"
+	use lm_sensors && mibs="${mibs} ucd-snmp/lmSensors"
+	use diskio && mibs="${mibs} ucd-snmp/diskio"
+	use extensible && mibs="${mibs} ucd-snmp/extensible"
+
+	econf \
+		--with-install-prefix="${D}" \
+		--with-sys-location="Unknown" \
+		--with-sys-contact="root@Unknown" \
+		--with-default-snmp-version="3" \
+		--with-mib-modules="${mibs}" \
+		--with-logfile="/var/log/net-snmpd.log" \
+		--with-persistent-directory="/var/lib/net-snmp" \
+		--enable-ucd-snmp-compatibility \
+		--enable-shared \
+		--enable-as-needed \
+		$(use_enable mfd-rewrites) \
+		$(use_enable perl embedded-perl) \
+		$(use_enable ipv6) \
+		$(use_enable !ssl internal-md5) \
+		$(use_with ssl openssl) \
+		$(use_with tcpd libwrap) \
+		$(use_with rpm) \
+		$(use_with rpm bzip2) \
+		$(use_with rpm zlib) \
+		$(use_with elf) \
+		$(use_with python python-modules) \
+		|| die "econf failed"
+
+	emake -j1 || die "emake failed"
+
+	if use perl ; then
+		emake perlmodules || die "compile perl modules problem"
+	fi
+
+	if use python ; then
+		emake pythonmodules || die "compile python modules problem"
+	fi
+
+	if use doc ; then
+		einfo "Building HTML Documentation"
+		make docsdox || die "failed to build docs"
+	fi
+}
+
+src_test() {
+	cd testing
+	if ! make test ; then
+		echo
+		einfo "Don't be alarmed if a few tests FAIL."
+		einfo "This could happen for several reasons:"
+		einfo "    - You don't already have a working configuration."
+		einfo "    - Your ethernet interface isn't properly configured."
+		echo
+	fi
+}
+
+src_install () {
+	make DESTDIR="${D}" install || die "make install failed"
+
+	if use perl ; then
+		make DESTDIR="${D}" perlinstall || die "make perlinstall failed"
+		fixlocalpod
+
+		use X || rm -f "${D}/usr/bin/tkmib"
+	else
+		rm -f "${D}/usr/bin/mib2c" "${D}/usr/bin/tkmib" "${D}/usr/bin/snmpcheck"
+	fi
+
+	if use python ; then
+		mkdir -p "${D}/${PYTHON_DIR}" || die "Couldn't make $PYTHON_DIR"
+		make pythoninstall || die "make pythoninstall failed"
+	fi
+
+	dodoc AGENT.txt ChangeLog FAQ INSTALL NEWS PORTING README* TODO
+	newdoc EXAMPLE.conf.def EXAMPLE.conf
+
+	use doc && dohtml docs/html/*
+
+	keepdir /etc/snmp /var/lib/net-snmp
+
+	newinitd "${FILESDIR}"/snmpd.rc7 snmpd
+	newconfd "${FILESDIR}"/snmpd.conf snmpd
+
+	newinitd "${FILESDIR}"/snmptrapd.rc7 snmptrapd
+	newconfd "${FILESDIR}"/snmptrapd.conf snmptrapd
+
+	# Remove everything, keeping only the snmpd, snmptrapd, MIBs, libs, and includes.
+	if use minimal; then
+		elog "USE=minimal is set. Cleaning up excess cruft for a embedded/minimal/server only install."
+		rm -rf
+		"${D}"/usr/bin/{encode_keychange,snmp{get,getnext,set,usm,walk,bulkwalk,table,trap,bulkget,translate,status,delta,test,df,vacm,netstat,inform,snmpcheck}}
+		rm -rf "${D}"/usr/share/snmp/snmpconf-data "${D}"/usr/share/snmp/*.conf
+		rm -rf "${D}"/usr/bin/{fixproc,traptoemail} "${D}"/usr/bin/snmpc{heck,onf}
+		find "${D}" -name '*.pl' -exec rm -f '{}' \;
+		use ipv6 || rm -rf "${D}"/usr/share/snmp/mibs/IPV6*
+	fi
+
+	# bug 113788, install example config
+	insinto /etc/snmp
+	newins "${S}"/EXAMPLE.conf snmpd.conf.example
+}
+
+pkg_postrm() {
+	if use python ; then
+		python_mod_cleanup
+	fi
+}
+
+pkg_postinst() {
+	elog "An example configuration file has been installed in"
+	elog "/etc/snmp/snmpd.conf.example."
+}