diff --git a/utils/collectd/Makefile b/utils/collectd/Makefile index 45ee35378..d52c9b062 100644 --- a/utils/collectd/Makefile +++ b/utils/collectd/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=collectd -PKG_VERSION:=5.7.1 -PKG_RELEASE:=6 +PKG_VERSION:=5.7.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://collectd.org/files/ \ https://github.com/collectd/collectd/releases/download/collectd-$(PKG_VERSION) -PKG_HASH:=7edd3643c0842215553b2421d5456f4e9a8a58b07e216b40a7e8e91026d8e501 +PKG_HASH:=9d20a0221569a8d6b80bbc52b86e5e84965f5bafdbf5dfc3790e0fed0763e592 PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:=aclocal.m4 libltdl/aclocal.m4 diff --git a/utils/collectd/patches/050-upstream-fix-for-network-plugin-ddos.patch b/utils/collectd/patches/050-upstream-fix-for-network-plugin-ddos.patch deleted file mode 100644 index 62b25deff..000000000 --- a/utils/collectd/patches/050-upstream-fix-for-network-plugin-ddos.patch +++ /dev/null @@ -1,50 +0,0 @@ -From f6be4f9b49b949b379326c3d7002476e6ce4f211 Mon Sep 17 00:00:00 2001 -From: Pavel Rochnyack -Date: Mon, 3 Apr 2017 11:57:09 +0600 -Subject: [PATCH] network plugin: Fix endless loop DOS in parse_packet() - -When correct 'Signature part' is received by Collectd, configured without -AuthFile option, condition for endless loop occurs due to missing increase -of pointer to next unprocessed part. - -Fixes: CVE-2017-7401 - -Signed-off-by: Florian Forster - - ---- a/src/network.c -+++ b/src/network.c -@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(socken - buffer_len = *ret_buffer_len; - buffer_offset = 0; - -- if (se->data.server.userdb == NULL) { -- c_complain( -- LOG_NOTICE, &complain_no_users, -- "network plugin: Received signed network packet but can't verify it " -- "because no user DB has been configured. Will accept it."); -- return (0); -- } -- - /* Check if the buffer has enough data for this structure. */ - if (buffer_len <= PART_SIGNATURE_SHA256_SIZE) - return (-ENOMEM); -@@ -1027,6 +1019,18 @@ static int parse_part_sign_sha256(socken - return (-1); - } - -+ if (se->data.server.userdb == NULL) { -+ c_complain( -+ LOG_NOTICE, &complain_no_users, -+ "network plugin: Received signed network packet but can't verify it " -+ "because no user DB has been configured. Will accept it."); -+ -+ *ret_buffer = buffer + pss_head_length; -+ *ret_buffer_len -= pss_head_length; -+ -+ return (0); -+ } -+ - /* Copy the hash. */ - BUFFER_READ(pss.hash, sizeof(pss.hash)); - diff --git a/utils/collectd/patches/600-fix-libmodbus-detection.patch b/utils/collectd/patches/600-fix-libmodbus-detection.patch index ac65ce79e..1811034ea 100644 --- a/utils/collectd/patches/600-fix-libmodbus-detection.patch +++ b/utils/collectd/patches/600-fix-libmodbus-detection.patch @@ -18,7 +18,7 @@ Reversed patch to be applied: --- a/configure.ac +++ b/configure.ac -@@ -3186,7 +3186,7 @@ then +@@ -3278,7 +3278,7 @@ then SAVE_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $with_libmodbus_cflags" diff --git a/utils/collectd/patches/700-disable-sys-capability-check.patch b/utils/collectd/patches/700-disable-sys-capability-check.patch index 280e50151..348885062 100644 --- a/utils/collectd/patches/700-disable-sys-capability-check.patch +++ b/utils/collectd/patches/700-disable-sys-capability-check.patch @@ -10,5 +10,5 @@ - [have_capability="no ( not found)"]) +have_capability="no" if test "x$have_capability" = "xyes"; then - AC_CHECK_LIB(cap, cap_get_bound, + AC_CHECK_LIB(cap, cap_get_proc, [have_capability="yes"], diff --git a/utils/collectd/patches/900-add-iwinfo-plugin.patch b/utils/collectd/patches/900-add-iwinfo-plugin.patch index 7c2c72012..287bda4b8 100644 --- a/utils/collectd/patches/900-add-iwinfo-plugin.patch +++ b/utils/collectd/patches/900-add-iwinfo-plugin.patch @@ -10,7 +10,7 @@ # For the turbostat plugin have_asm_msrindex_h="no" AC_CHECK_HEADERS(asm/msr-index.h, [have_asm_msrindex_h="yes"]) -@@ -5943,6 +5946,7 @@ plugin_interface="no" +@@ -6035,6 +6038,7 @@ plugin_interface="no" plugin_ipmi="no" plugin_ipvs="no" plugin_irq="no" @@ -18,7 +18,7 @@ plugin_load="no" plugin_log_logstash="no" plugin_memory="no" -@@ -6413,6 +6417,7 @@ AC_PLUGIN([ipmi], [$plugi +@@ -6505,6 +6509,7 @@ AC_PLUGIN([ipmi], [$plugi AC_PLUGIN([iptables], [$with_libiptc], [IPTables rule counters]) AC_PLUGIN([ipvs], [$plugin_ipvs], [IPVS connection statistics]) AC_PLUGIN([irq], [$plugin_irq], [IRQ statistics]) @@ -26,7 +26,7 @@ AC_PLUGIN([java], [$with_java], [Embed the Java Virtual Machine]) AC_PLUGIN([load], [$plugin_load], [System load]) AC_PLUGIN([log_logstash], [$plugin_log_logstash], [Logstash json_event compatible logging]) -@@ -6794,6 +6799,7 @@ AC_MSG_RESULT([ libyajl . . . . . . . +@@ -6886,6 +6891,7 @@ AC_MSG_RESULT([ libyajl . . . . . . . AC_MSG_RESULT([ oracle . . . . . . . $with_oracle]) AC_MSG_RESULT([ protobuf-c . . . . . $have_protoc_c]) AC_MSG_RESULT([ protoc 3 . . . . . . $have_protoc3]) @@ -34,7 +34,7 @@ AC_MSG_RESULT() AC_MSG_RESULT([ Features:]) AC_MSG_RESULT([ daemon mode . . . . . $enable_daemon]) -@@ -6850,6 +6856,7 @@ AC_MSG_RESULT([ ipmi . . . . . . . . +@@ -6942,6 +6948,7 @@ AC_MSG_RESULT([ ipmi . . . . . . . . AC_MSG_RESULT([ iptables . . . . . . $enable_iptables]) AC_MSG_RESULT([ ipvs . . . . . . . . $enable_ipvs]) AC_MSG_RESULT([ irq . . . . . . . . . $enable_irq]) @@ -67,7 +67,7 @@ # JVMArg "-Djava.class.path=@prefix@/share/collectd/java/collectd-api.jar" --- a/src/collectd.conf.pod +++ b/src/collectd.conf.pod -@@ -3127,6 +3127,27 @@ and all other interrupts are collected. +@@ -3143,6 +3143,27 @@ and all other interrupts are collected. =back