[collectd-changes] collectd, the system statistics collection daemon: Changes to 'collectd-4.10'

Florian Forster octo at verplant.org
Tue Apr 4 10:48:07 CEST 2017


 src/network.c |   68 ++++++++++++++++++++++++++++++++++++------------
 src/perl.c    |   80 +++++++++++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 124 insertions(+), 24 deletions(-)

New commits:
commit 82cb106ff4d0f8f99d6331705b0c602c512a3e4c
Author: Pavel Rochnyack <pavel2000 at ngs.ru>
Date:   Mon Apr 3 11:57:09 2017 +0600

    Fix endless loop DOS in parse_packet()
    When correct 'Signature part' is received by Collectd, configured without
    AuthFile option, condition for endless loop occurs due to missing increase
    of pointer to next unprocessed part.
    
    Fixes: CVE-2017-7401
    Closes: #2174

commit 9df9c6e98ec2acaff9f302a9e9644c68c8d7d09b
Merge: 653ab3d 3a05013
Author: Ruben Kerkhof <ruben at rubenkerkhof.com>
Date:   Thu Jul 28 12:26:18 2016 +0200

    Merge pull request #1815 from rubenk/gcry-fixes-for-4.10
    
    Gcry fixes for 4.10

commit 3a050134b8ba936e75c68eeb6cd8c46a56b3e3aa
Author: Sebastian Harl <sh at tokkee.org>
Date:   Wed Jul 27 09:45:48 2016 +0200

    network plugin: Don't abort() if gcrypt initialization failed.
    
    Instead, report an error and let plugin initialization fail.
    
    (cherry picked from commit a3000cbe3a12163148a28c818269bbdabda1cf5c)

commit 5f0744209517883b1a3b5f8fd269734bbed1efd3
Author: Florian Forster <octo at collectd.org>
Date:   Tue Jul 26 08:54:42 2016 +0200

    network plugin: Fix error message for GCRYCTL_INIT_SECMEM failure.
    
    (cherry picked from commit 262915c450f3a45579069212560ca9715aa5bd4b)

commit 19963420ec2ed9445cd21a009f284032f318aaa5
Author: Florian Forster <octo at collectd.org>
Date:   Mon Jul 25 13:39:37 2016 +0200

    network plugin, libcollectdclient: Check return value of gcry_control().
    
    Fixes: #1665
    (cherry picked from commit 8b4fed9940e02138b7e273e56863df03d1a39ef7)
    
    Conflicts:
    	src/libcollectdclient/network_buffer.c
    	src/network.c

commit 653ab3d8fb89b31f4b6e074d0845bf3ae19c6bda
Merge: 7927ed7 4899e46
Author: Ruben Kerkhof <ruben at rubenkerkhof.com>
Date:   Wed Jul 27 14:42:54 2016 +0200

    Merge pull request #1811 from rubenk/backport-cve-2016-6254-to-4.10
    
    network plugin: Fix heap overflow in parse_packet().

commit 4899e46dc1390e559f0274323d37652f9fc1ab87
Author: Florian Forster <octo at collectd.org>
Date:   Tue Jul 19 10:00:37 2016 +0200

    network plugin: Fix heap overflow in parse_packet().
    
    Emilien Gaspar has identified a heap overflow in parse_packet(), the
    function used by the network plugin to parse incoming network packets.
    
    This is a vulnerability in collectd, though the scope is not clear at
    this point. At the very least specially crafted network packets can be
    used to crash the daemon. We can't rule out a potential remote code
    execution though.
    
    Fixes: CVE-2016-6254
    (cherry picked from commit b589096f907052b3a4da2b9ccc9b0e2e888dfc18)

commit 7927ed79c0c4b597e465739cdf71dada21648cb0
Author: Sebastian Harl <sh at tokkee.org>
Date:   Mon May 30 21:59:46 2016 +0200

    perl plugin: Be more consistent about capitalization.

commit d6aca8d2ca4ada59b6486285727e040f1688ab61
Author: Pavel Rochnyack <pavel2000 at ngs.ru>
Date:   Mon May 30 12:00:38 2016 +0600

    perl plugin: Removed commented code

commit 6330344fe7a91a8d99745346e9d0ff77d46fbd40
Author: Pavel Rochnyack <pavel2000 at ngs.ru>
Date:   Mon May 30 11:52:21 2016 +0600

    perl plugin: Added call_pv_locked() wrapper to handle thread locking flags.

commit 799ef5daf3d87e11efe18922fec943af5e0e6ee2
Author: Pavel Rochnyack <pavel2000 at ngs.ru>
Date:   Mon May 30 11:31:44 2016 +0600

    perl plugin: Switched to PTHREAD_MUTEX_RECURSIVE locking

commit 5c57b2bbd57919ad5d33d2cf4b39163f5db4a524
Author: Pavel Rochnyack <pavel2000 at ngs.ru>
Date:   Fri May 13 19:20:22 2016 +0600

    perl plugin: Fixes for #1706
    * Fix coredump due to destroying interpreter on threads running perl.
    * Fix deadlock when perl_log() is called from perl_init()

commit 82f6ebad0250c0b8cd0cdf7453fe427fd7b38135
Author: Pavel Rochnyack <pavel2000 at ngs.ru>
Date:   Fri May 13 14:50:31 2016 +0600

    perl plugin: lock base thread interpreter in perl_init() too.
    Avoid race conditions with c_ithread_create() called from threads of already-initialized plugins.
    Fix for https://github.com/collectd/collectd/issues/1706.




More information about the collectd-changes mailing list