![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | Marc Fournier <marc@bl.uem.li> | |
| Tue, 9 Aug 2016 21:06:16 +0000 (23:06 +0200) | ||
| committer | Marc Fournier <marc@bl.uem.li> | |
| Tue, 9 Aug 2016 21:06:16 +0000 (23:06 +0200) |
| debian/changelog | patch | blob | history | |
| debian/collectd.conf | patch | blob | history | |
| debian/control | patch | blob | history | |
| debian/patches/bts832577-gcry-control.patch | [new file with mode: 0644] | patch | blob |
| debian/patches/gcc6.patch | [new file with mode: 0644] | patch | blob |
| debian/patches/series | patch | blob | history | |
| debian/rules | patch | blob | history |
diff --git a/debian/changelog b/debian/changelog
index da3ef6f782f65fbf182bf2192ee9c81894092015..b079ef50be4b10f47f1936fb9188f09ab9b7a6f4 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
+collectd (5.5.2-1) unstable; urgency=high
+
+ * New upstream release.
+ - Fix heap overflow in the network plugin. Emilien Gaspar has identified a
+ heap overflow in parse_packet(), the function used by the network plugin
+ to parse incoming network packets. Thanks to Florian Forster for
+ reporting the bug in Debian. (Closes: #832507, CVE-2016-6254)
+ - Fix improper usage of gcry_control. A team of security researchers at
+ Columbia University and the University of Virginia discovered that
+ GCrypt's gcry_control is sometimes called without checking its return
+ value for an error. This may cause the program to be initialized without
+ the desired, secure settings. (Closes: #832577)
+ * debian/patches:
+ - bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new
+ upstream release, except for: Don't abort() if gcrypt initialization
+ failed.
+ - Drop bts823012_librrd8.patch; merged upstream.
+ * Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to
+ accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for
+ reporting this (Closes: #829634).
+
+ -- Sebastian Harl <tokkee@debian.org> Fri, 29 Jul 2016 00:02:11 +0200
+
+collectd (5.5.1-5) unstable; urgency=low
+
+ * debian/control, debian/rules:
+ - Disable the sigrok plugin on non-Linux; restrict build dependency to
+ linux-any; thanks to Andreas Beckmann for reporting this
+ (Closes: #825606).
+ * debian/rules:
+ - Fix failure to build twice in a row introduced by dh_autoreconf_clean;
+ drop the separate config.status target and, hence, a dependency on the
+ configure script.
+ * debian/patches/:
+ - Added gcc6.patch: Fix FTBFS with GCC 6; thanks to Lucas Nussbaum for
+ reporting this (Closes: #831194).
+
+ -- Sebastian Harl <tokkee@debian.org> Sun, 17 Jul 2016 23:30:33 +0200
+
+collectd (5.5.1-4) unstable; urgency=medium
+
+ * debian/control:
+ - Add dh-autoreconf to Build-Depends.
+ - Update standards-version to 3.9.8 (no changes).
+
+ -- Marc Fournier <marc@bl.uem.li> Tue, 31 May 2016 18:16:43 +0200
+
+collectd (5.5.1-3) unstable; urgency=medium
+
+ * Re-enable gmond plugin. Thanks to Michael Tautschnig and Jean-Michel
+ Vourgère for fixing #812462.
+ * debian/patches:
+ - Add bts823012_librrd8.patch. Properly detect thread safety with librrd8.
+ Thanks to Jean-Michel Vourgère for the patch (Closes: #823012).
+ * debian/collectd.conf:
+ - Add missing example blocks in main configuration file (Closes: #806196).
+
+ -- Marc Fournier <marc@bl.uem.li> Wed, 25 May 2016 23:14:14 +0200
+
+collectd (5.5.1-2) unstable; urgency=medium
+
+ * Disable the gmond plugin for now. Ganglia is not available in testing
+ (cf. #812462). Thanks to Santiago Vila for reporting this
+ (Closes: #819241).
+ * Update standards-version to 3.9.7 (no changes).
+
+ -- Sebastian Harl <tokkee@debian.org> Sat, 02 Apr 2016 11:02:49 +0200
+
collectd (5.5.1-1ubuntu0~ppa14.04.1) trusty; urgency=medium
* Rebuild for trusty PPA.
-- Marc Fournier <marc.fournier@camptocamp.com> Fri, 21 Aug 2015 13:29:17 +0200
+collectd (5.4.1-6+deb8u1) jessie-security; urgency=high
+
+ * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+ plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+ the function used by the network plugin to parse incoming network packets.
+ Thanks to Florian Forster for reporting the bug in Debian.
+ (Closes: #832507, CVE-2016-6254)
+ * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+ gcry_control. A team of security researchers at Columbia University and
+ the University of Virginia discovered that GCrypt's gcry_control is
+ sometimes called without checking its return value for an error. This may
+ cause the program to be initialized without the desired, secure settings.
+ (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 22:25:08 +0200
+
collectd (5.4.1-6) unstable; urgency=medium
* debian/patches:
-- gregor herrmann <gregoa@debian.org> Sun, 26 May 2013 00:52:37 +0200
+collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high
+
+ * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+ plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+ the function used by the network plugin to parse incoming network packets.
+ Thanks to Florian Forster for reporting the bug in Debian.
+ (Closes: #832507, CVE-2016-6254)
+ * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+ gcry_control. A team of security researchers at Columbia University and
+ the University of Virginia discovered that GCrypt's gcry_control is
+ sometimes called without checking its return value for an error. This may
+ cause the program to be initialized without the desired, secure settings.
+ (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 20:52:12 +0200
+
collectd (5.1.0-3) unstable; urgency=low
* debian/patches/migrate-4-5-df.dpatch, debian/collectd-core.postinst:
* Initial release (Closes: #373008).
* Removed upstream's debian/ directory from .orig.tar.gz.
* getifaddrs.dpatch: Patching src/traffic.c to read data from /proc instead
- of using getifaddrs(). getifaddrs() does not seem to work correctly on
+ of using getifaddrs(). getifaddrs() does not seem to work correctly on
AMD64.
-- Sebastian Harl <sh@tokkee.org> Fri, 7 Jul 2006 15:49:42 +0200
diff --git a/debian/collectd.conf b/debian/collectd.conf
index cea1e59202e0b9f0f4f2f0a5555be835596addf3..2c91a5bab94370a2afcdde79f60a20cb7c00c16c 100644 (file)
--- a/debian/collectd.conf
+++ b/debian/collectd.conf
#LoadPlugin numa
#LoadPlugin nut
#LoadPlugin olsrd
+#LoadPlugin onewire
#LoadPlugin openldap
#LoadPlugin openvpn
#LoadPlugin perl
# CollectTopology "Summary"
#</Plugin>
+#<Plugin onewire>
+# Device "-s localhost:4304"
+# Sensor "F10FCA000800"
+# IgnoreSelected false
+#</Plugin>
+
#<Plugin openldap>
# <Instance "localhost">
# URL "ldap://localhost:389"
# </Topic>
#</Plugin>
+#<Plugin write_redis>
+# <Node "example">
+# Host "localhost"
+# Port "6379"
+# Timeout 1000
+# <Node>
+#</Plugin>
+
#<Plugin write_riemann>
# <Node "example">
# Host "localhost"
diff --git a/debian/control b/debian/control
index f57d0b2cd646d4a1a264193424fe6dc8f4f3418a..d2d0ad244684a21b12f03e5767956028f019f97c 100644 (file)
--- a/debian/control
+++ b/debian/control
Priority: optional
Maintainer: Sebastian Harl <tokkee@debian.org>
Uploaders: Marc Fournier <marc@bl.uem.li>
-Build-Depends: debhelper (>= 7.0.50~), dpkg-dev (>= 1.14.10), po-debconf,
+Build-Depends: debhelper (>= 7.0.50~), dpkg-dev (>= 1.14.10), po-debconf, dh-autoreconf,
bison, flex, autotools-dev, libltdl-dev, pkg-config,
iptables-dev (>= 1.4.3.2-2) [linux-any],
javahelper,
librabbitmq-dev,
librrd-dev (>= 1.4~),
libsensors4-dev [linux-any],
- libsigrok-dev (>= 0.2~),
+ libsigrok-dev (>= 0.2~) [linux-any],
# libsnmp-dev (>= 5.4.2.1~dfsg-4~) | (libsnmp-dev & perl (<< 5.10.1~rc2-1~))
libsnmp-dev (>= 5.4.2.1~dfsg-4~) | libsnmp-dev | libsnmp9-dev,
libsnmp-dev (>= 5.4.2.1~dfsg-4~) | perl (<< 5.10.1~rc2-1~),
protobuf-c-compiler,
python-dev
Build-Conflicts: libpthread-dev, libhal-dev
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
Homepage: http://collectd.org/
Vcs-Git: git://git.tokkee.org/pkg-collectd.git
Vcs-Browser: http://git.tokkee.org/?p=pkg-collectd.git
diff --git a/debian/patches/bts832577-gcry-control.patch b/debian/patches/bts832577-gcry-control.patch
--- /dev/null
@@ -0,0 +1,93 @@
+Description: network plugin: Don't abort() if gcrypt initialization failed.
+Author: Sebastian Harl <sh@tokkee.org>
+Origin: upstream,
+ commit:a3000cbe3a12163148a28c818269bbdabda1cf5c
+Bug-Debian: https://bugs.debian.org/832577
+Last-Update: 2016-07-28
+
+diff a/src/network.c b/src/network.c
+--- a/src/network.c
++++ b/src/network.c
+@@ -498,7 +498,7 @@
+ } /* }}} int network_dispatch_notification */
+
+ #if HAVE_LIBGCRYPT
+-static void network_init_gcrypt (void) /* {{{ */
++static int network_init_gcrypt (void) /* {{{ */
+ {
+ gcry_error_t err;
+
+@@ -506,7 +506,7 @@
+ * Because you can't know in a library whether another library has
+ * already initialized the library */
+ if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
+- return;
++ return (0);
+
+ /* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html
+ * To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS
+@@ -520,7 +520,7 @@
+ if (err)
+ {
+ ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
+- abort ();
++ return (-1);
+ }
+ # endif
+
+@@ -530,11 +530,12 @@
+ if (err)
+ {
+ ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
+- abort ();
++ return (-1);
+ }
+
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
+-} /* }}} void network_init_gcrypt */
++ return (0);
++} /* }}} int network_init_gcrypt */
+
+ static gcry_cipher_hd_t network_get_aes256_cypher (sockent_t *se, /* {{{ */
+ const void *iv, size_t iv_size, const char *username)
+@@ -2077,7 +2078,12 @@
+ {
+ if (se->data.client.security_level > SECURITY_LEVEL_NONE)
+ {
+- network_init_gcrypt ();
++ if (network_init_gcrypt () < 0)
++ {
++ ERROR ("network plugin: Cannot configure client socket with "
++ "security: Failed to initialize crypto library.");
++ return (-1);
++ }
+
+ if ((se->data.client.username == NULL)
+ || (se->data.client.password == NULL))
+@@ -2097,7 +2103,12 @@
+ {
+ if (se->data.server.security_level > SECURITY_LEVEL_NONE)
+ {
+- network_init_gcrypt ();
++ if (network_init_gcrypt () < 0)
++ {
++ ERROR ("network plugin: Cannot configure server socket with "
++ "security: Failed to initialize crypto library.");
++ return (-1);
++ }
+
+ if (se->data.server.auth_file == NULL)
+ {
+@@ -3548,7 +3559,11 @@
+ have_init = 1;
+
+ #if HAVE_LIBGCRYPT
+- network_init_gcrypt ();
++ if (network_init_gcrypt () < 0)
++ {
++ ERROR ("network plugin: Failed to initialize crypto library.");
++ return (-1);
++ }
+ #endif
+
+ if (network_config_stats != 0)
diff --git a/debian/patches/gcc6.patch b/debian/patches/gcc6.patch
--- /dev/null
@@ -0,0 +1,13 @@
+Author: Sebastian Harl <tokkee@debian.org>
+Description: Fix GCC 6 issues.
+--- a/src/write_kafka.c
++++ b/src/write_kafka.c
+@@ -472,7 +472,7 @@
+ }
+ if (conf != NULL)
+ rd_kafka_conf_destroy(conf);
+- return (0);
++ return (0);
+ errout:
+ if (conf != NULL)
+ rd_kafka_conf_destroy(conf);
diff --git a/debian/patches/series b/debian/patches/series
index 5e9e15a6b55248a10a406eaf960766283ff29e20..596420ab80697d2c2c0082eba03e6af1e0bbd63a 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
+bts832577-gcry-control.patch
rrd_filter_path.patch
collection_conf_path.patch
myplugin_includes.patch
+gcc6.patch
diff --git a/debian/rules b/debian/rules
index 36786a5e7708c51090e90883c47ec69057963f2f..18fe5ba8d76524e4202829a7e9c0754c68654261 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
--disable-numa \
--disable-sensors \
--disable-vserver
+ # libsigrok >= 0.2.0 is required for the sigrok plugin,
+ # only available on Linux.
+ confflags += \
+ --disable-sigrok
endif
# This plugin is FreeBSD-specific.
confflags += --disable-java
endif
-config.status: configure
+build: build-arch build-indep
+build-arch: build-stamp
+build-indep: build-stamp
+
+build-stamp:
dh_testdir
+ dh_autoreconf
+
# This is a work-around for #474087 (broken openipmi .pc files).
mkdir debian/pkgconfig
sed -re 's/^(Requires:.*) pthread(.*)$$/\1\2/' \
JAVA_LDFLAGS="$(JAVA_LDFLAGS)" \
|| ( status=$$?; cat config.log; exit $$status )
-build: build-arch build-indep
-build-arch: build-stamp
-build-indep: build-stamp
-
-build-stamp: config.status
- dh_testdir
-
$(MAKE)
perl ./debian/bin/check_plugins.pl
rm -rf debian/pkgconfig
+ dh_autoreconf_clean
dh_clean
debconf-updatepo